Linux - DNS服务器搭建

时间  2019-11-26
标签 linux dns 服务器 搭建 栏目 Linux 繁體版
原文   原文链接

概念术语:

完整主机名(FQDN):Fully Qualified Domain Namebash

正解:从主机名查询到IP的流程服务器

反解:从IP反解析到主机名的流程dom

区域:每一个领域的记录tcp

SOA(Start of Authority):,开始验证测试

NS(NameServer):名称服务器spa

A(Address): 地址.net

 

能够使用dig +trace命令来查看域名查询的整个过程调试

DNS 第一次查询使用UDP端口53来查询,若是第一次失败,则使用TCP端口53查询,因此防火墙须要开启53端口。rest

 

第一步:下载最新的Bind

wget https://www.isc.org/downloads/file/bind-9-11-0/?version=tar-gz --no-check-certificate

 

 

第二步:安装编译环境gcc , perl, openssl, openssl-devel

yum install –y gcc
yum install –y perl
yum install –y openssl
yum install –y openssl-devel

 

第三步:解压至/opt/tmp目录

tar –zxvf bind-9.11.0.tar.gz –C /opt/tmp

 

 

第四步:编译安装

cd /opt/tmp
./configure --prefix=/opt/soft/named --enable-threads --enable-largefile --disable-ipv6 && make && make install

 

 

(1)增长bind用户与组code

groupadd bind
useradd -g bind -d /opt/soft/named -s /sbin/nologin bind

 

 

第五步:创建配置文件

cd /otp/soft/named/
sbin/rndc-confgen > etc/rndc.conf  #生成rndc控制命令的Key文件

#若没法生成,解决方案,手动添加一个random文件
vi /opt/soft/random
asdkfjalsjdflajsldfjlasjdflajsldfjalsjdflajslfjalsjflasjfl

sbin/rndc-confgen -r /opt/soft/random > rndc.key 

#从rndc.conf中提取named.conf用的key
tail -10 etc/rndc.conf | head -9 | sed s/#\ //g > etc/named.conf

 

 

 

第六步:配置named.conf加以下配置文件

vi /opt/soft/named/etc/named.conf

options {

  listen-on port 53 { any; };

  directory "/opt/soft/named/var";

  pid-file "named.pid";

  allow-query { any ;};

  dump-file "/usr/local/named/data/cache_dump.db";

  statistics-file "/usr/local/named/data/named_stats.txt";

  forwarders {202.96.209.5;114.114.114.114;};

  recursion yes;

};


zone "." IN {
        Type hint;
        File "named.root";
};

 

Zone "localhost" IN {
  type master;
  file "localhost.zone";
  allow-update {none;};
};

 

Zone "0.0.127.in-addr.arpa" IN {
  type master;
  file "localhost.rev";
  allow-update {none;};
};

 

zone "eye.com" IN {
      type master;
      file "eye.com.zone";
      allow-update {none;};
};


zone "111.168.192.in-add.arpa" IN {
        type master;
         file "111.168.192.in-add.arpa";
         allow-update {none;};
};

 

 

 

第七步:创建区目录文件 cd /opt/soft/named/var

(1)创建named.root文件

wget  ftp://ftp.rs.internic.net/domain/named.root
或者本身生成
dig @a.root-servers.net . ns > named.root

 

 

(2)创建localhsot.zone文件

$TTL    86400                                                              
$ORIGIN localhost.                                                           
@                       1D IN SOA       @ root (                            
                                        42              ; serial (d. adams)
                                        3H              ; refresh             
                                        15M             ; retry                 
                                        1W              ; expiry             
                                        1D )            ; minimum           
                        1D IN NS        @                                  
                        1D IN A         127.0.0.1

 

 

(3)创建localhost.rev文件

N SOA  localhost.  root.localhost. (  
              1; serial  
              3600; refresh every hour  
              900;  retry every 15 minutes  
              3600000; expire 1000 hours  
              3600); minimun 1 hour  
    IN NS localhost.  
1   IN PTR localhost.

 

 

(4)创建eye.com.zone文件

$TTL 86400  
@        IN        SOA  dns.eye.com.  root.localhost (  
                        2 ; serial  
                        28800 ; refresh  
                        7200 ; retry  
                        604800 ; expire  
                        86400 ; ttl  
                        )  
                  IN      NS     dns.eye.com.  
                  IN      A      192.168.111.111
www               IN      A      192.168.111.111  
ntp               IN      A      192.168.132.191
waffle            IN      A      192.168.132.199
nfs               IN      A      192.168.111.206
ftp.nas           IN      A      192.168.111.207
mongotest         IN      A      192.168.111.113
mongo1            IN      A      192.168.132.190
mongo2            IN      A      192.168.132.189
mongo3            IN      A      192.168.132.188
openldap-a        IN      A      192.168.132.191
dns               IN      A      192.168.111.111

 

 

(5)创建111.168.192.in-add.arpa文件

$TTL    86400
@       IN      SOA     dns.eye.com.  root.eye.com.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
@         IN      NS     dns.eye.com.
111       IN      PTR    www.eye.com.
191       IN      PTR    ntp.eye.com. 
199       IN      PTR    waffle.eye.com.
206       IN      PTR    nfs.eye.com.
207       IN      PTR    ftp.nas.eye.com.
113       IN      PTR    mongotest.eye.com.
190       IN      PTR    mongo1.eye.com.
189       IN      PTR    mongo2.eye.com.  
188       IN      PTR    mongo3.eye.com.
191       IN      PTR    openldap-a.eye.com.

 

 

 

第八步:启动程序且加入调试信息,若是是running, 表示启动成功

/opt/soft/named/sbin/named -gc /opt/soft/named/etc/named.conf -u bind &

 

 

第九步:查看状态

/usr/local/named/sbin/rndc status

#若修改配置信息,以下命令可重启
/opt/soft/named/sbin/rndc reload

 

第十步:修改主机网卡信息

vi /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=192.168.111.111
DNS2=202.96.209.5

 

 

第十一步:配置开机自启,启动脚本 vi /etc/rc.d/init.d/named

#!/bin/bash
# named a network name service.
# chkconfig: 345 35 75
# description: a name server

if [ `id -u` -ne 0 ]
then
    echo "ERROR:For bind to port 53,must run as root."
    exit 1
fi

case "$1" in
    start)
    if [ -x /opt/soft/named/sbin/named ]; then
    /opt/soft/named/sbin/named -c /opt/soft/named/etc/named.conf -u bind && echo . && echo 'BIND9 server started'
  fi 
  ;;
  
  stop)
    kill `cat /opt/soft/named/var/named.pid` && echo . && echo 'BIND9 server stopped'
  ;;

  restart)
    echo .
    echo "Restart BIND9 server"
    $0 stop
    sleep 10
    $0 start
  ;;

  reload)
    /opt/soft/named/sbin/rndc reload
  ;;
  
  status)
    /opt/soft/named/sbin/rndc status
  ;;

  *)
    echo "$0 start | stop | restart |reload |status"
  ;;
esac

 

 

(2)修改权限,增长到服务项

chmod 755 /etc/rc.d/init.d/named
chkconfig --add named
service named start

 

第十步:测试

dig @127.0.0.1 dns.eye.com

 

 

第十一步:配置防火墙

iptables -A INPUT -p udp -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程