Linux - DNS服務器搭建
概念術語:
完整主機名(FQDN):Fully Qualified Domain Namebash
正解:從主機名查詢到IP的流程服務器
反解:從IP反解析到主機名的流程dom
區域:每一個領域的記錄tcp
SOA(Start of Authority):,開始驗證測試
NS(NameServer):名稱服務器spa
A(Address): 地址.net
能夠使用dig +trace命令來查看域名查詢的整個過程調試
DNS 第一次查詢使用UDP端口53來查詢,若是第一次失敗,則使用TCP端口53查詢,因此防火牆須要開啓53端口。rest
第一步:下載最新的Bind
wget https://www.isc.org/downloads/file/bind-9-11-0/?version=tar-gz --no-check-certificate
第二步:安裝編譯環境gcc , perl, openssl, openssl-devel
yum install –y gcc yum install –y perl yum install –y openssl yum install –y openssl-devel
第三步:解壓至/opt/tmp目錄
tar –zxvf bind-9.11.0.tar.gz –C /opt/tmp
第四步:編譯安裝
cd /opt/tmp ./configure --prefix=/opt/soft/named --enable-threads --enable-largefile --disable-ipv6 && make && make install
(1)增長bind用戶與組code
groupadd bind
useradd -g bind -d /opt/soft/named -s /sbin/nologin bind
第五步:創建配置文件
cd /otp/soft/named/ sbin/rndc-confgen > etc/rndc.conf #生成rndc控制命令的Key文件 #若沒法生成,解決方案,手動添加一個random文件 vi /opt/soft/random asdkfjalsjdflajsldfjlasjdflajsldfjalsjdflajslfjalsjflasjfl sbin/rndc-confgen -r /opt/soft/random > rndc.key #從rndc.conf中提取named.conf用的key tail -10 etc/rndc.conf | head -9 | sed s/#\ //g > etc/named.conf
第六步:配置named.conf加以下配置文件
vi /opt/soft/named/etc/named.conf options { listen-on port 53 { any; }; directory "/opt/soft/named/var"; pid-file "named.pid"; allow-query { any ;}; dump-file "/usr/local/named/data/cache_dump.db"; statistics-file "/usr/local/named/data/named_stats.txt"; forwarders {202.96.209.5;114.114.114.114;}; recursion yes; }; zone "." IN { Type hint; File "named.root"; }; Zone "localhost" IN { type master; file "localhost.zone"; allow-update {none;}; }; Zone "0.0.127.in-addr.arpa" IN { type master; file "localhost.rev"; allow-update {none;}; }; zone "eye.com" IN { type master; file "eye.com.zone"; allow-update {none;}; }; zone "111.168.192.in-add.arpa" IN { type master; file "111.168.192.in-add.arpa"; allow-update {none;}; };
第七步:創建區目錄文件 cd /opt/soft/named/var
(1)創建named.root文件
wget ftp://ftp.rs.internic.net/domain/named.root 或者本身生成 dig @a.root-servers.net . ns > named.root
(2)創建localhsot.zone文件
$TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1
(3)創建localhost.rev文件
N SOA localhost. root.localhost. ( 1; serial 3600; refresh every hour 900; retry every 15 minutes 3600000; expire 1000 hours 3600); minimun 1 hour IN NS localhost. 1 IN PTR localhost.
(4)創建eye.com.zone文件
$TTL 86400 @ IN SOA dns.eye.com. root.localhost ( 2 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) IN NS dns.eye.com. IN A 192.168.111.111 www IN A 192.168.111.111 ntp IN A 192.168.132.191 waffle IN A 192.168.132.199 nfs IN A 192.168.111.206 ftp.nas IN A 192.168.111.207 mongotest IN A 192.168.111.113 mongo1 IN A 192.168.132.190 mongo2 IN A 192.168.132.189 mongo3 IN A 192.168.132.188 openldap-a IN A 192.168.132.191 dns IN A 192.168.111.111
(5)創建111.168.192.in-add.arpa文件
$TTL 86400 @ IN SOA dns.eye.com. root.eye.com. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS dns.eye.com. 111 IN PTR www.eye.com. 191 IN PTR ntp.eye.com. 199 IN PTR waffle.eye.com. 206 IN PTR nfs.eye.com. 207 IN PTR ftp.nas.eye.com. 113 IN PTR mongotest.eye.com. 190 IN PTR mongo1.eye.com. 189 IN PTR mongo2.eye.com. 188 IN PTR mongo3.eye.com. 191 IN PTR openldap-a.eye.com.
第八步:啓動程序且加入調試信息,若是是running, 表示啓動成功
/opt/soft/named/sbin/named -gc /opt/soft/named/etc/named.conf -u bind &
第九步:查看狀態
/usr/local/named/sbin/rndc status
#若修改配置信息,以下命令可重啓
/opt/soft/named/sbin/rndc reload
第十步:修改主機網卡信息
vi /etc/sysconfig/network-scripts/ifcfg-eth0 DNS1=192.168.111.111 DNS2=202.96.209.5
第十一步:配置開機自啓,啓動腳本 vi /etc/rc.d/init.d/named
#!/bin/bash # named a network name service. # chkconfig: 345 35 75 # description: a name server if [ `id -u` -ne 0 ] then echo "ERROR:For bind to port 53,must run as root." exit 1 fi case "$1" in start) if [ -x /opt/soft/named/sbin/named ]; then /opt/soft/named/sbin/named -c /opt/soft/named/etc/named.conf -u bind && echo . && echo 'BIND9 server started' fi
;;
stop) kill `cat /opt/soft/named/var/named.pid` && echo . && echo 'BIND9 server stopped' ;;
restart) echo . echo "Restart BIND9 server" $0 stop sleep 10 $0 start ;; reload) /opt/soft/named/sbin/rndc reload ;;
status) /opt/soft/named/sbin/rndc status ;;
*) echo "$0 start | stop | restart |reload |status" ;; esac
(2)修改權限,增長到服務項
chmod 755 /etc/rc.d/init.d/named chkconfig --add named service named start
第十步:測試
dig @127.0.0.1 dns.eye.com
第十一步:配置防火牆
iptables -A INPUT -p udp -s 0/0 --dport 53 -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
相關文章
- 1. Linux 搭建DNS服務器
- 2. linux 搭建DNS服務器
- 3. Linux—CentOS7.4-DNS一(搭建DNS服務器)
- 4. centos6.5搭建DNS服務器
- 5. dns等服務器搭建
- 6. DNS服務器搭建
- 7. redhat dns服務器搭建
- 8. 搭建DNS服務器
- 9. centos6.5 DNS服務器搭建
- 10. centos7 搭建DNS服務器
- 更多相關文章...
- • Git 服務器搭建 - Git 教程
- • 服務器上的 XML - XML 教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Linux 搭建DNS服務器
- 2. linux 搭建DNS服務器
- 3. Linux—CentOS7.4-DNS一(搭建DNS服務器)
- 4. centos6.5搭建DNS服務器
- 5. dns等服務器搭建
- 6. DNS服務器搭建
- 7. redhat dns服務器搭建
- 8. 搭建DNS服務器
- 9. centos6.5 DNS服務器搭建
- 10. centos7 搭建DNS服務器