DNS入门搭建
一、环境介绍
配置根据自己的电脑配置,设置
| 系统说明 | 服务器/Linux | 测试客户端win |
|---|---|---|
| 系统版本 | Centos7.8 | window10专业版 |
| 配置 | 2G,4cpu | 4G,2 vcpu |
二、配置搭建环境
1.配置网络镜像源
//备份镜像源
[root@xiaozhang ~]# mv /etc/yum.repos.d/CentOS-* /opt/
//下载阿里云网络镜像源
[root@xiaozhang ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
//清除缓存安装包
[root@xiaozhang ~]# yum clena all
//刷新网络镜像源
[root@xiaozhang ~]# yum repolist2.检查是否关闭Selinux
检查关闭,如果没有关闭,请关闭Selinx
[root@xiaozhang ~]# getenforce
Disabled如何关闭Selinux
//更改配置文件
[root@xiaozhang ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
//关机重启
[root@xiaozhang ~]# reboot3.放行DNS端口53
//查看防火墙是否启动
[root@xiaozhang ~]# firewall-cmd --state
running
//如果不是防火墙没有启动,无需执行下面的的命令
[root@xiaozhang ~]# firewall-cmd --zone=public --add-port=53/tcp --permanent
success
[root@xiaozhang ~]# firewall-cmd --zone=public --add-port=53/udp --permanent
success
[root@xiaozhang ~]# firewall-cmd --reload
success
[root@xiaozhang ~]# firewall-cmd --zone=public --list-ports
53/tcp 53/udp三、搭建DNS服务
1.安装DNS软件
[root@xiaozhang ~]# yum install bind-* -y2.配置文件修改
//打开文件/etc/named.conf
vim /etc/named.conf
options {
listen-on port 53 { any; }; //更改了监听的IP地址,any表示允许任何IP地址连接
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //更改了允许查询的IP地址,any表示允许任何IP地址查询
recursion yes; //开启了递归查询
forwarders {
114.114.114.114;
223.5.5.5;
}; //增加转发域名DNS服务器
dnssec-enable no; //禁用了DNSSEC功能
dnssec-validation no; //禁用了DNSSEC验证
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";3.配置解析的域名
解析域名
vim /etc/named.rfc1912.zones
……
//正向解析
zone "skillzhang.com" IN {
type master;
file "skillzhang.com.zone";
allow-update { none; };
};
//反向解析
zone "127.168.192.in-addr.arpa" IN {
type master;
file "192.168.127.arpa";
allow-update { none; };
};
//正向解析文件
vim skillzhang.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.127.100
www IN A 192.168.127.100
//反向解析文件
vim 192.168.127.arpa
$TTL 1D
@ IN SOA skillzhang.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS skillzhang.com.
A 192.168.127.100
100 IN PTR skillzhang.com. //100为ip地址
//启动DNS服务
[root@xiaozhang named]# systemctl restart named
[root@xiaozhang named]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.四、检查验证服务
1.Linux系统测试验证
替换本地DNS服务器地址
//修改本地DNS
[root@xiaozhang named]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=94092393-3b2d-40c4-ac97-e406ba043ad9
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.127.100
PREFIX=24
GATEWAY=192.168.127.2
DNS1=192.168.127.100 //修改
IPV6_PRIVACY=no
ZONE=public
//重新启动网络
[root@xiaozhang ~]# systemctl restart network验证DNS服务解析
[root@xiaozhang named]# nslookup //检查命令
> killbobo.com //域名正向解析检查
Server: 192.168.127.100
Address: 192.168.127.100#53
** server can't find killbobo.com: NXDOMAIN
> 192.168.127.100 //域名反向解析检查
100.127.168.192.in-addr.arpa name = skillzhang.com.
> baidu.com //域名缓存检查
Server: 192.168.127.100
Address: 192.168.127.100#53
Non-authoritative answer:
Name: baidu.com
Address: 39.156.66.10
Name: baidu.com
Address: 110.242.68.66
2.Window系统验证
更改DNS配置
验证DNS服务,打开命令行窗口
赏
支付宝打赏
微信打赏
支付宝打赏
微信打赏
赞赏是不耍流氓的鼓励
评论系统未开启,无法评论!