开发者

关于在Linux下如何搭建DNS服务器

开发者 https://www.devze.com 2023-04-20 09:58 出处:网络 作者: 魔笛Love
目录环境安装修改配置文件主配置文件区域配置文件,添加正向解析配置正向区域数据文件启动DNS服务测试
目录
  • 环境
  • 安装
  • 修改配置文件
    • 主配置文件
    • 区域配置文件,添加正向解析配置
    • 正向区域数据文件
  • 启动DNS服务
    • 测试

      环境

      操作系统:Centos 7

      IP地址:10.27.106.201

      测试域名:aec.testuc.com

      作用:主要提供解析aec.testuc.com域名的服务

      安装

      yum -y install bind

      修改配置文件

      主配置文件

      vim /etc/named.conf

      主要修改以下两个地方

      listen-on port 53 { any; };
      
      allow-query { any; };
      
      //
      // named.conf
      //
      // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
      // server as a caching only nameserver (as a localhost DNS resolver only).
      //
      // See /usr/share/doc/bind*/sample/ for example named configuration files.
      //
      // See the BIND Administrator's Reference Manual (ARM) for details about the
      // configuratiocTnMPHyVn located in /usr/share/doc/bind-{version}/Bv9ARM.html
      
      options {
              listen-on port 53 { any; };
            编程客栈  # listen-on port 53 { 127.0.0.1; };
              listen-on-v6 port 53 { ::1; };
              directory       "/var/named";
              dump-file       "/var/named/data/cache_dump.db";
              statistics-file "/var/named/data/named_stats.txt";
              memstatistics-file "/var/named/data/named_mem_stats.txt";
              recursing-file  "/var/named/data/named.recursing";
              secroots-file   "/var/named/data/named.secroots";
              allow-query     { any; };
              # allow-query     { localhost; };
      
              /* 
               - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
               - If you are building a RECURSIVE (caching) DNS server, you need to enable 
                 recursion. 
               - If your recursive DNS server has a public IP address, you MUST enable Access 
                 control to limit queries to your legitimate users. Failing to do so will
                 cause your server to become part of large scale DNS amplification 
                 attacks. Implementing BCP38 within your network would greatly
                 reduce such attack surface 
              */
              recursion yes;
      
              dnssec-enable yes;
              dnssec-validation yes;
      
              /* Path to ISC DLV key */
              bindkeys-file "/etc/named.root.key";
      
              managed-keys-directory "/var/named/dynamic";
      
              pid-file "/run/named/named.pid";
              session-keyfile "/run/named/session.key";
      };
      
      logging {
              cphphannel default_debug {
                      file "data/named.run";
                      severity dynamic;
              };
      };
      
      zone "." IN {
              type hint;
              file "named.ca";
      };
      
      include "/etc/named.rfc1912.zones";
      include "/etc/named.root.key";
      

      区域配置文件,添加正向解析配置

      vim /etc/named.rfc1912.zones

      末尾添加如下配置:

      zone "aec.starnetuc.com" IN {             #正向解析为"aec.starnetuc.com"
              type master;                      #类型:主缓存为master
              file "aec.starnetuc.com.zone";    #指定区域数据文件为aec.starnetuc.com.zone
              allow-update { none; };
      };
      

      正向区域数据文件

      拷贝其他区域数据文件,保留源文件的权限和属主的属性复制

      cp -a /var/named/named.localhost /var/named/aec.starnetuc.com.zone
      

      修改该文件,结果如下:

      $TTL 1D  	#有效解析记录的生成周期
      @       IN SOA  aec.starnetuc.com. root.aec.starnetuc.com. (
      #@表示当前的DNS区域名表示这个域名  
      #SOA表示授权信息开启 
      # 后面表示邮件地址因为@有特殊含义 所以使用.代替 
                                              0       ; serial  #更新序列号,可以是10以内的整数
                             编程客栈                 1D      ; refresh #刷新时间,重新下载地址数据的间隔
        php                                      1H      ; retry   #重试延迟,下载失败后的重试延迟
                                              1W      ; expire  #失效时间,超过该时间仍无法下载则放弃
                                              3H )    ; minimum #无效解析记录的生存周期
              IN      NS      aec.starnetuc.com. #记录当前区域DNS服务器的名称
              IN      MX 10   aec.starnetuc.com. #MX为邮件服务器 10表示优先级 数字越大优先级越低
              IN      A       10.27.106.214      #记录正向解析域名对应的IP,即将域名与IP绑捆
      

      检查配置是否正确

      named-checkconf -z /etc/named.conf

      仅检查语法不检查逻辑关系。当显示的全为0时表示没有语法错误

      zone localhost.localdomain/IN: loaded serial 0
      zone localhost/IN: loaded serial 0
      zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
      zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
      zone 0.in-addr.arpa/IN: loaded serial 0
      zone aec.starnetuc.com/IN: loaded serial 0
      

      启动DNS服务

      启动前,检查防火墙、SElinux安全模式是否是关闭或允许状态

      启动

      systemctl start named
      systemctl enable named

      查看53号监听端口是否开启

      测试

      将测试系统的DNS改为10.27.106.201,然后去

      ping aec.starnetuc.com
      
      PING aec.starnetuc.com (10.27.106.214) 56(84) bytes of data.
      64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=1 ttl=64 time=1024 ms
      64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=2 ttl=64 开发者_运维工程师time=4.31 ms
      64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=3 ttl=64 time=5.53 ms
      

      表明配置成功。

      到此这篇关于关于在Linux下如何搭建DNS服务器的文章就介绍到这了,更多相关Linux搭建DNS服务器内容请搜索我们以前的文章或继续浏览下面的相关文章希望大家以后多多支持我们!

      0

      精彩评论

      暂无评论...
      验证码 换一张
      取 消