Linux下的DNS服务器搭建

时间:2023-02-11 12:08:26

(Linux下的DNS服务器搭建)

一、DNS介绍

1.dns域名系统

1.域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。DNS使用UDP端口53。当前,对于每一级域名长度的限制是63个字符,域名总长度则不能超过253个字符。

2.域名解析是把域名指向网站空间IP,让人们通过注册的域名可以方便地访问到网站的一种服务。IP地址是网络上标识站点的数字地址,为了方便记忆,采用域名来代替IP地址标识站点地址。域名解析就是域名到IP地址的转换过程。域名的解析工作由DNS服务器完成。

2.正向解析和反向解析

正向解析:根据域名查询IP地址,是DNS最基本也是最常用的功能 反向解析:根据IP地址查询域名

二、检查环境

[root@control ~]# cat /proc/version 
Linux version 4.18.0-80.el8.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com) (gcc version 8.2.1 20180905 (Red Hat 8.2.1-3) (GCC)) #1 SMP Wed Mar 13 12:02:46 UTC 2019

[root@control ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
    link/ether 00:0c:29:e6:30:17 brd ff:ff:ff:ff:ff:ff
3: ens224: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
    link/ether 00:0c:29:e6:30:17 brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0c:29:e6:30:17 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.150/24 brd 192.168.200.255 scope global noprefixroute bond0
       valid_lft forever preferred_lft forever
    inet 192.168.200.151/24 brd 192.168.200.255 scope global secondary noprefixroute bond0
       valid_lft forever preferred_lft forever
    inet6 fe80::d40d:838b:b162:da0c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:68:9e:ab brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:68:9e:ab brd ff:ff:ff:ff:ff:ff

三、搭建主DNS

1.安装dns相关包

[root@control yum.repos.d]# yum -y install bind bind-chroot
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
AppStream                                                                                                      261 kB/s | 3.2 kB     00:00    
BaseOS                                                                                                         227 kB/s | 2.7 kB     00:00    
ansiable                                                                                                       2.9 MB/s | 3.0 kB     00:00    
Dependencies resolved.
===============================================================================================================================================
 Package                          Arch                        Version                                     Repository                      Size
===============================================================================================================================================
Installing:
 bind                             x86_64                      32:9.11.4-16.P2.el8                         AppStream                      2.1 M
 bind-chroot                      x86_64                      32:9.11.4-16.P2.el8                         AppStream                       99 k

Transaction Summary
===============================================================================================================================================
Install  2 Packages

Total size: 2.2 M
Installed size: 4.7 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                       1/1 
  Running scriptlet: bind-32:9.11.4-16.P2.el8.x86_64                                                                                       1/2 
  Installing       : bind-32:9.11.4-16.P2.el8.x86_64                                                                                       1/2 
  Running scriptlet: bind-32:9.11.4-16.P2.el8.x86_64                                                                                       1/2 
  Installing       : bind-chroot-32:9.11.4-16.P2.el8.x86_64                                                                                2/2 
  Running scriptlet: bind-chroot-32:9.11.4-16.P2.el8.x86_64                                                                                2/2 
  Verifying        : bind-32:9.11.4-16.P2.el8.x86_64                                                                                       1/2 
  Verifying        : bind-chroot-32:9.11.4-16.P2.el8.x86_64                                                                                2/2 
Installed products updated.

Installed:
  bind-32:9.11.4-16.P2.el8.x86_64                                    bind-chroot-32:9.11.4-16.P2.el8.x86_64                                   

Complete!

2.设置服务开机自启

[root@control yum.repos.d]# 
[root@control yum.repos.d]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@control yum.repos.d]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-06-23 02:57:21 UTC; 11s ago
  Process: 60709 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 60706 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else ec>
 Main PID: 60711 (named)
    Tasks: 4 (limit: 24900)
   Memory: 54.8M
   CGroup: /system.slice/named.service
           └─60711 /usr/sbin/named -u named -c /etc/named.conf

3.编辑DNS主配置文件

[root@control yum.repos.d]# vim /etc/named.conf 


options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        allow-query     { any; };


4.编辑区域文件

[root@control yum.repos.d]# vim /etc/named.rfc1912.zones 
zone "huaxia.com" IN {
        type master;
        file "named.zx";
        allow-update { none; };
};


zone "200.168.192.in-addr.arpa" IN {
        type master;
        file "named.fx";
        allow-update { none; };
};


5.编辑正向数据库文件

[root@control ~]# vim /var/named/namd.zx
$TTL 1D
@       IN SOA   ns.huaxia.com. root.  (
                                   2021062209           ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@        IN      NS      ns.huaxia.com.
ns      IN      A       192.168.200.150
www     IN      A       192.168.200.150
server0       IN      A       192.168.200.150

6.编辑反向数据库文件

[root@control ~]# vim /var/named/named.fx
$TTL 1D
@       IN SOA   ns.huaxia.com. root.  (
                                   2021062209           ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@             NS      ns.huaxia.com.
ns      IN      A       192.168.200.150
22              PTR      www.huaxia.com.


7.文件授权

[root@control named]# chown named.named *
[root@control named]# pwd
/var/named
[root@control named]# ll
total 24
drwxr-x--- 7 named named   61 Jun 23 10:55 chroot
drwxrwx--- 2 named named   23 Jun 23 10:57 data
drwxrwx--- 2 named named   60 Jun 23 17:28 dynamic
-rw-r----- 1 named named 2253 Apr  5  2018 named.ca
-rw-r----- 1 named named  152 Dec 15  2009 named.empty
-rw-r--r-- 1 named named  513 Jun 23 17:28 named.fx
-rw-r----- 1 named named  152 Jun 23 11:58 named.localhost
-rw-r----- 1 named named  168 Dec 15  2009 named.loopback
-rw-r----- 1 named named  271 Jun 23 14:13 named.zx
drwxrwx--- 2 named named    6 Feb 25  2019 slaves

8.重启服务

[root@control ~]# systemctl restart named

9.放行防火墙

[root@control ~]# firewall-cmd --permanent --add-service=dns
success
[root@control ~]# firewall-cmd --reload 
success

四、测试dns服务

1.客户端上配置dns服务器指向

[root@node1 ~]# vim /etc/resolv.conf 

# Generated by NetworkManager
nameserver 192.168.200.150
domain example.com
search example.com

2.测试A记录解析

[root@node1 ~]# nslookup server0.huaxia.com
Server:		192.168.200.150
Address:	192.168.200.150#53

Name:	server0.huaxia.com
Address: 192.168.200.150

3.反向解析

[root@node1 ~]# nslookup 
> server0.huaxia.com
Server:		192.168.200.150
Address:	192.168.200.150#53

Name:	server0.huaxia.com
Address: 192.168.200.150
> 172.
Server:		192.168.200.150
Address:	192.168.200.150#53

** server can't find 172: NXDOMAIN
> 192.168.200.22
22.200.168.192.in-addr.arpa	name = www.huaxia.com.