DNS 服务器搭建

发表于 | 阅读次数 |

搭建公司内部DNS服务器

平常有很多时候可能会通过改hosts文件的方式来访问自定义的某个域名,但仅限于单机而已。如果能用dns解析的方式来统一管理那将会很方便。

搭建 DNS 服务器

实验基于centos7实践。切换到root用户(以下所有操作都在root下执行):

  1. 安装软件:

我们使用dns软件 bind9 系列安装包。

yum -y install bind*

安装后的部分日志:

1
2
3
4
5
6
7
8
9
10
11
12
Installed:
  bind.x86_64 32:9.9.4-61.el7               bind-chroot.x86_64 32:9.9.4-61.el7        bind-devel.x86_64 32:9.9.4-61.el7       
  bind-dyndb-ldap.x86_64 0:11.1-4.el7       bind-libs.x86_64 32:9.9.4-61.el7          bind-lite-devel.x86_64 32:9.9.4-61.el7  
  bind-pkcs11.x86_64 32:9.9.4-61.el7        bind-pkcs11-devel.x86_64 32:9.9.4-61.el7  bind-pkcs11-libs.x86_64 32:9.9.4-61.el7 
  bind-pkcs11-utils.x86_64 32:9.9.4-61.el7  bind-sdb.x86_64 32:9.9.4-61.el7           bind-sdb-chroot.x86_64 32:9.9.4-61.el7  
  bind-utils.x86_64 32:9.9.4-61.el7        

Dependency Installed:
  postgresql-libs.x86_64 0:9.2.23-3.el7_4                                                                                      

Updated:
  bind-libs-lite.x86_64 32:9.9.4-61.el7                           bind-license.noarch 32:9.9.4-61.el7
  1. 备份主配置文件:

cp /etc/named.conf /etc/name.conf.bak.$(date '+%Y-%m-%d')

  1. 修改主配置文件:vi /etc/named.conf

修改两处为any

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
  options {
	listen-on port 53 { any; }; // 修改此处为any
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { any; }; //修改此处为any
	//forwarders {
		
	//}

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation no; //修改这里ping通外网

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

自定义域名配置

现在安装后基本的dns服务器之后,我们就开始自定义个域名来进行解析:

vi named.rfc1912.zones

增加一个需要解析的主域名比如:cococzj.com;(公网肯定没有这个域名)

增加下面的文件到文件named.rfc1912.zones的最后

1
2
3
4
zone "cococzj.com" IN {
        type master;
        file "cococzj.com.zone";
};

增加域名配置

上面定义了cococzj.com.zone的文件,现在增加配置:vi /var/named/cococzj.com.zone

增加下面的内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14

$TTL 86400
@       IN SOA          ns.cococzj.com. root (
                                        1       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        0 )     ; minimum  

@       IN      NS      ns.cococzj.com.
ns      IN      A       10.62.12.24
www     IN      A       10.62.14.80
ttt     IN      A       10.62.12.3

ns 对应的ip地址必须为dns服务器搭建的IP地址,也就是dns安装的机器的ip地址。

ns IN A 10.62.12.24 ==> ns IN A your_dns_server_ip

www IN A 10.62.14.80 代表将www.cococzj.com解析到10.62.14.80服务器上。

修改zone文件权限

chown .named /var/named/cococzj.com.zone

检查配置文件

named-checkconf 检查主配置文件是否配置正确,没有输出表明是正确的:

named-checkzone 检查zone文件配置:

1
2
3
4
5
named-checkzone "cococzj.com" /var/named/cococzj.com.zone

result:
zone cococzj.com/IN: loaded serial 1
OK

重启服务

可以先ping一下服务域名再重启:
systemctl restart named.service

测试:

  1. 先ping试一下:
1
2
[root@k8s-dev-yw-1 etc]# ping www.cococzj.com
ping: www.cococzj.com: Name or service not known
  1. 增加dns服务地址;vi /etc/resolv.conf,在文件中新建:

nameserver 10.62.12.2

再一次ping:

1
2
3
4
5
6
7
8
9
10
[root@k8s-dev-yw-1 etc]# vi /etc/resolv.conf
[root@k8s-dev-yw-1 etc]# ping www.cococzj.com
PING www.cococzj.com (10.62.14.80) 56(84) bytes of data.
64 bytes from 10.62.14.80 (10.62.14.80): icmp_seq=1 ttl=63 time=0.501 ms
64 bytes from 10.62.14.80 (10.62.14.80): icmp_seq=2 ttl=63 time=0.466 ms
64 bytes from 10.62.14.80 (10.62.14.80): icmp_seq=3 ttl=63 time=0.509 ms
^C
--- www.cococzj.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.466/0.492/0.509/0.018 ms

新增一个域名

  1. vi named.rfc1912.zones在文件中新增:
1
2
3
4
zone "your_website.com" IN {
        type master;
        file "your_website.com.zone";
};

  1. 复制一份之前配置好的配置cp /var/named/cococzj.com.zone /var/named/your_website.com.zone

  2. 编辑配置文件 vi /var/named/your_website.com.zonecococzj改为your_website,然后修改相应的ip和

  3. 检查配置文件:

1
2
3
4
5
[root@k8s-dev-yw-1 etc]# named-checkzone "cmrrancher.com" /var/named/chenzhijunrancher.com.zone
zone cmrrancher.com/IN: loaded serial 1
OK
[root@k8s-dev-yw-1 etc]# named-checkconf
[root@k8s-dev-yw-1 etc]#

  1. 重载服务
    systemctl reload named.service

  2. 测试:ping www.chenzhijunrancher.com

附录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
[root@qianyi-monitor-3 etc]# yum install -y bind*
Loaded plugins: fastestmirror
http://10.0.0.5/centos/7/cloud/x86_64/openstack-newton/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article 

https://access.redhat.com/articles/1320623

If above article doesn't help to resolve this issue please create a bug on https://bugs.centos.org/

http://10.0.0.5/centos/7/docker/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
dockerrepo                                                                                                                                          | 2.9 kB  00:00:00     
http://10.0.0.5/centos/7/latest/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-61.el7 will be installed
--> Processing Dependency: libGeoIP.so.1()(64bit) for package: 32:bind-9.9.4-61.el7.x86_64
---> Package bind-chroot.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-devel.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-dyndb-ldap.x86_64 0:11.1-4.el7 will be installed
---> Package bind-libs.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-libs-lite.x86_64 32:9.9.4-29.el7 will be updated
---> Package bind-libs-lite.x86_64 32:9.9.4-61.el7 will be an update
---> Package bind-license.noarch 32:9.9.4-29.el7 will be updated
---> Package bind-license.noarch 32:9.9.4-61.el7 will be an update
---> Package bind-lite-devel.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-pkcs11.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-pkcs11-devel.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-pkcs11-libs.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-pkcs11-utils.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-sdb.x86_64 32:9.9.4-61.el7 will be installed
--> Processing Dependency: libpq.so.5()(64bit) for package: 32:bind-sdb-9.9.4-61.el7.x86_64
---> Package bind-sdb-chroot.x86_64 32:9.9.4-61.el7 will be installed
---> Package bind-utils.x86_64 32:9.9.4-61.el7 will be installed
--> Running transaction check
---> Package GeoIP.x86_64 0:1.5.0-11.el7 will be installed
---> Package postgresql-libs.x86_64 0:9.2.23-3.el7_4 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================================================
 Package                                        Arch                                Version                                        Repository                         Size
===========================================================================================================================================================================
Installing:
 bind                                           x86_64                              32:9.9.4-61.el7                                base                              1.8 M
 bind-chroot                                    x86_64                              32:9.9.4-61.el7                                base                               87 k
 bind-devel                                     x86_64                              32:9.9.4-61.el7                                base                              399 k
 bind-dyndb-ldap                                x86_64                              11.1-4.el7                                     base                              122 k
 bind-libs                                      x86_64                              32:9.9.4-61.el7                                base                              1.0 M
 bind-lite-devel                                x86_64                              32:9.9.4-61.el7                                base                              308 k
 bind-pkcs11                                    x86_64                              32:9.9.4-61.el7                                base                              298 k
 bind-pkcs11-devel                              x86_64                              32:9.9.4-61.el7                                base                              105 k
 bind-pkcs11-libs                               x86_64                              32:9.9.4-61.el7                                base                              1.1 M
 bind-pkcs11-utils                              x86_64                              32:9.9.4-61.el7                                base                              198 k
 bind-sdb                                       x86_64                              32:9.9.4-61.el7                                base                              353 k
 bind-sdb-chroot                                x86_64                              32:9.9.4-61.el7                                base                               87 k
 bind-utils                                     x86_64                              32:9.9.4-61.el7                                base                              204 k
Updating:
 bind-libs-lite                                 x86_64                              32:9.9.4-61.el7                                base                              734 k
 bind-license                                   noarch                              32:9.9.4-61.el7                                base                               85 k
Installing for dependencies:
 GeoIP                                          x86_64                              1.5.0-11.el7                                   base                              1.1 M
 postgresql-libs                                x86_64                              9.2.23-3.el7_4                                 base                              234 k

Transaction Summary
===========================================================================================================================================================================
Install  13 Packages (+2 Dependent packages)
Upgrade   2 Packages

Total download size: 8.1 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/17): bind-9.9.4-61.el7.x86_64.rpm                                                                                                                | 1.8 MB  00:00:00     
(2/17): GeoIP-1.5.0-11.el7.x86_64.rpm                                                                                                               | 1.1 MB  00:00:00     
(3/17): bind-chroot-9.9.4-61.el7.x86_64.rpm                                                                                                         |  87 kB  00:00:00     
(4/17): bind-devel-9.9.4-61.el7.x86_64.rpm                                                                                                          | 399 kB  00:00:00     
(5/17): bind-dyndb-ldap-11.1-4.el7.x86_64.rpm                                                                                                       | 122 kB  00:00:00     
(6/17): bind-libs-lite-9.9.4-61.el7.x86_64.rpm                                                                                                      | 734 kB  00:00:00     
(7/17): bind-libs-9.9.4-61.el7.x86_64.rpm                                                                                                           | 1.0 MB  00:00:00     
(8/17): bind-license-9.9.4-61.el7.noarch.rpm                                                                                                        |  85 kB  00:00:00     
(9/17): bind-lite-devel-9.9.4-61.el7.x86_64.rpm                                                                                                     | 308 kB  00:00:00     
(10/17): bind-pkcs11-9.9.4-61.el7.x86_64.rpm                                                                                                        | 298 kB  00:00:00     
(11/17): bind-pkcs11-devel-9.9.4-61.el7.x86_64.rpm                                                                                                  | 105 kB  00:00:00     
(12/17): bind-pkcs11-utils-9.9.4-61.el7.x86_64.rpm                                                                                                  | 198 kB  00:00:00     
(13/17): bind-pkcs11-libs-9.9.4-61.el7.x86_64.rpm                                                                                                   | 1.1 MB  00:00:00     
(14/17): bind-sdb-9.9.4-61.el7.x86_64.rpm                                                                                                           | 353 kB  00:00:00     
(15/17): bind-sdb-chroot-9.9.4-61.el7.x86_64.rpm                                                                                                    |  87 kB  00:00:00     
(16/17): bind-utils-9.9.4-61.el7.x86_64.rpm                                                                                                         | 204 kB  00:00:00     
(17/17): postgresql-libs-9.2.23-3.el7_4.x86_64.rpm                                                                                                  | 234 kB  00:00:00     
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                       12 MB/s | 8.1 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : GeoIP-1.5.0-11.el7.x86_64                                                                                                                              1/19 
  Updating   : 32:bind-license-9.9.4-61.el7.noarch                                                                                                                    2/19 
  Installing : 32:bind-libs-9.9.4-61.el7.x86_64                                                                                                                       3/19 
  Installing : 32:bind-9.9.4-61.el7.x86_64                                                                                                                            4/19 
  Installing : 32:bind-pkcs11-libs-9.9.4-61.el7.x86_64                                                                                                                5/19 
  Updating   : 32:bind-libs-lite-9.9.4-61.el7.x86_64                                                                                                                  6/19 
  Installing : postgresql-libs-9.2.23-3.el7_4.x86_64                                                                                                                  7/19 
  Installing : 32:bind-sdb-9.9.4-61.el7.x86_64                                                                                                                        8/19 
  Installing : 32:bind-sdb-chroot-9.9.4-61.el7.x86_64                                                                                                                 9/19 
  Installing : 32:bind-lite-devel-9.9.4-61.el7.x86_64                                                                                                                10/19 
  Installing : 32:bind-pkcs11-devel-9.9.4-61.el7.x86_64                                                                                                              11/19 
  Installing : 32:bind-pkcs11-9.9.4-61.el7.x86_64                                                                                                                    12/19 
  Installing : 32:bind-pkcs11-utils-9.9.4-61.el7.x86_64                                                                                                              13/19 
  Installing : 32:bind-chroot-9.9.4-61.el7.x86_64                                                                                                                    14/19 
  Installing : bind-dyndb-ldap-11.1-4.el7.x86_64                                                                                                                     15/19 
Enabling SELinux boolean named_write_master_zones
setsebool:  SELinux is disabled.
  Installing : 32:bind-devel-9.9.4-61.el7.x86_64                                                                                                                     16/19 
  Installing : 32:bind-utils-9.9.4-61.el7.x86_64                                                                                                                     17/19 
  Cleanup    : 32:bind-libs-lite-9.9.4-29.el7.x86_64                                                                                                                 18/19 
  Cleanup    : 32:bind-license-9.9.4-29.el7.noarch                                                                                                                   19/19 
  Verifying  : 32:bind-pkcs11-devel-9.9.4-61.el7.x86_64                                                                                                               1/19 
  Verifying  : 32:bind-pkcs11-9.9.4-61.el7.x86_64                                                                                                                     2/19 
  Verifying  : 32:bind-chroot-9.9.4-61.el7.x86_64                                                                                                                     3/19 
  Verifying  : 32:bind-sdb-9.9.4-61.el7.x86_64                                                                                                                        4/19 
  Verifying  : 32:bind-9.9.4-61.el7.x86_64                                                                                                                            5/19 
  Verifying  : 32:bind-devel-9.9.4-61.el7.x86_64                                                                                                                      6/19 
  Verifying  : GeoIP-1.5.0-11.el7.x86_64                                                                                                                              7/19 
  Verifying  : 32:bind-pkcs11-libs-9.9.4-61.el7.x86_64                                                                                                                8/19 
  Verifying  : 32:bind-lite-devel-9.9.4-61.el7.x86_64                                                                                                                 9/19 
  Verifying  : 32:bind-libs-9.9.4-61.el7.x86_64                                                                                                                      10/19 
  Verifying  : 32:bind-pkcs11-utils-9.9.4-61.el7.x86_64                                                                                                              11/19 
  Verifying  : 32:bind-libs-lite-9.9.4-61.el7.x86_64                                                                                                                 12/19 
  Verifying  : 32:bind-utils-9.9.4-61.el7.x86_64                                                                                                                     13/19 
  Verifying  : bind-dyndb-ldap-11.1-4.el7.x86_64                                                                                                                     14/19 
  Verifying  : 32:bind-license-9.9.4-61.el7.noarch                                                                                                                   15/19 
  Verifying  : postgresql-libs-9.2.23-3.el7_4.x86_64                                                                                                                 16/19 
  Verifying  : 32:bind-sdb-chroot-9.9.4-61.el7.x86_64                                                                                                                17/19 
  Verifying  : 32:bind-libs-lite-9.9.4-29.el7.x86_64                                                                                                                 18/19 
  Verifying  : 32:bind-license-9.9.4-29.el7.noarch                                                                                                                   19/19 

Installed:
  bind.x86_64 32:9.9.4-61.el7                bind-chroot.x86_64 32:9.9.4-61.el7          bind-devel.x86_64 32:9.9.4-61.el7     bind-dyndb-ldap.x86_64 0:11.1-4.el7        
  bind-libs.x86_64 32:9.9.4-61.el7           bind-lite-devel.x86_64 32:9.9.4-61.el7      bind-pkcs11.x86_64 32:9.9.4-61.el7    bind-pkcs11-devel.x86_64 32:9.9.4-61.el7   
  bind-pkcs11-libs.x86_64 32:9.9.4-61.el7    bind-pkcs11-utils.x86_64 32:9.9.4-61.el7    bind-sdb.x86_64 32:9.9.4-61.el7       bind-sdb-chroot.x86_64 32:9.9.4-61.el7     
  bind-utils.x86_64 32:9.9.4-61.el7         

Dependency Installed:
  GeoIP.x86_64 0:1.5.0-11.el7                                                    postgresql-libs.x86_64 0:9.2.23-3.el7_4                                                   

Updated:
  bind-libs-lite.x86_64 32:9.9.4-61.el7                                                 bind-license.noarch 32:9.9.4-61.el7                                                

Complete!

两个重要的配置文件:

/etc/named.rfc1912.zones : 定义域

/var/named :域的详细配置

之后记得要将文件的权限复制给named这个用户和组。

上面的配置可以连接到本地的定义的域名,但是无法ping通百度等。所以一般需要再配置文件中增加forwarders,当本地没有找到定义的域之后会在forwarders中定义的继续查找。打开forwarders之后记得修改dnssec-validation no;这样之后再ping 外网的域名就可以了。

本文标题:DNS 服务器搭建

文章作者:

发布时间:2018-06-09 15:24:01

原始链接:http://chenzhijun.top/2018/06/09/self-dns-server-install/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

坚持原创技术分享,您的支持将鼓励我继续创作!