DNS 为Domain Name System 的缩写,中文名域名系统,我的理解是它提供了一种域名查找IP或者反过来使用IP查找域名的服务。在一个网络里(Internet/局域网)域名是唯一、不变的,方便使用者记忆,但是后台提供服务的IP可以是变化的,通过DNS服务就可以将前端的域名和访问需要的IP很好的管理起来。
网络上DNS配置及安装的范文很多,这里也不做赘述。只简单的记录下大致的搭建步骤。下面是搭建一个简单DNS服务的简要步骤:
1、安装bind包,安装好后,查询如下
# rpm -q bind
bind-9.9.4-50.el7.x86_64
2、配置/etc/named.conf中的options段。修改如下
# vi /etc/named.conf
options {
listen-on port 53 { any; }; // 修改为any,监听任意IPV4地址53号端口,也可以配置本机具体的IP
listen-on-v6 port 53 { any; }; // 修改为any,监听任意IPV6地址53号端口
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; // 修改为any,允许任何人查询
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
3、配置 /etc/named.rfc1912.zones,添加正向反向解析域
// 集群使用的是test.com域,所以正向解析域配置使用test.com
zone "test.com" IN {
type master;
file "test.com.zone";
check-names ignore; // 域节点名检测比较严苛,例如带下划线的会检测不过,这时候就需要配置此参数
allow-update { none; };
};
// 集群使用的是192.168.111段IP,所以反向解析域配置使用111.168.192.in-addr.arpa
zone "111.168.192.in-addr.arpa" IN {
type master;
file "111.168.192.arpa";
check-names ignore;
allow-update { none; };
};
4、配置正向反向域解析文件
// 正向域解析文件
# vi /var/named/test.com.zone
$TTL 1D
@ IN SOA ns1.test.com. root. (
20200812 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.test.com.
ns1 IN A 192.168.111.101
www IN A 192.168.111.101
host1 IN A 192.168.111.23
host2 IN A 192.168.111.24
//反向域解析文件
# vi 111.168.192.arpa
$TTL 1D
@ IN SOA ns1.test.com. root.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
101 PTR ns1.test.com.
23 PTR host1.test.com.
24 PTR host2.test.com.
~
5、检测配置有效性
# cd /var/named/ && named-checkconf -z
zone test.com/IN: loaded serial 20200812
zone 111.168.192.in-addr.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
6、配置/etc/resolv.conf,添加DNS服务
# vi /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.111.101
7、重启DNS服务
# systemctl restart named
8、验证
# nslookup 192.168.111.23
23.111.168.192.in-addr.arpa name = host1.test.com.
# nslookup host1.test.com
Server: 192.168.111.101
Address: 192.168.111.101#53
Name: host1.test.com
Address: 192.168.111.23
网友评论