树莓派安装dns服务器

简介

因为最近在完harbor，然后因为不想记ip，所以想着用一台空闲的树莓派做dns缓存服务器，兼dns服务器，实现域名访问harbor

规划

harbor主机地址:192.168.31.150
预实现域名:kevinharbor.com

安装

➜  sudo apt-get  install -y bind9
➜  cd bind
➜  sudo vi named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "kevinharbor.com" {
    type master;
    file "/etc/bind/db.local";
};

zone "150.31.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};

然后创建正向解析文件

➜  sudo vi /etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL    604800
@   IN  SOA kevinharbor.com. root.localhost. (
                  2     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
@   IN  NS  kevinharbor.com.
@   IN  A   192.168.31.150
www     A       192.168.31.150

检查配置文件

➜  named-checkzone kevinharbor.com /etc/bind/db.local 
zone kevinharbor.com/IN: loaded serial 2
OK

没有报错

创建逆向解析文件

➜  sudo vi /etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@   IN  SOA kevinharbor.com. root.localhost. (
              1     ; Serial
         604800     ; Refresh
          86400     ; Retry
        2419200     ; Expire
         604800 )   ; Negative Cache TTL
;
@   IN  NS  kevinharbor.com.
@   A       192.168.31.150
150 IN  PTR www.kevinharbor.com

检查配置文件

➜  named-checkzone kevinharbor.com /etc/bind/db.127

让树莓派做dns缓存服务器，添加上游dns
➜ sudo vi /etc/bind/named.conf.options
options {
directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

    forwarders {
        180.153.225.136;  //上游dns地址
    };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
        dnssec-enable no;  //添加这一句
    dnssec-validation no;　//修改auto为no

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

重启bind服务

➜  service bind9 restart

然后修改局域网内主机的dns为我树莓派的主机地址，这样就能实现域名访问我的harbor,以及加速dns解析延迟