Linux - DNS服務器搭建

概念術語:

完整主機名(FQDN):Fully Qualified Domain Namebash

正解:從主機名查詢到IP的流程服務器

反解:從IP反解析到主機名的流程dom

區域:每一個領域的記錄tcp

SOA(Start of Authority):,開始驗證測試

NS(NameServer):名稱服務器spa

A(Address): 地址.net

 

能夠使用dig +trace命令來查看域名查詢的整個過程調試

DNS 第一次查詢使用UDP端口53來查詢,若是第一次失敗,則使用TCP端口53查詢,因此防火牆須要開啓53端口。rest

 

第一步:下載最新的Bind

wget https://www.isc.org/downloads/file/bind-9-11-0/?version=tar-gz --no-check-certificate

 

 

第二步:安裝編譯環境gcc , perl, openssl, openssl-devel

yum install –y gcc
yum install –y perl
yum install –y openssl
yum install –y openssl-devel

 

第三步:解壓至/opt/tmp目錄

tar –zxvf bind-9.11.0.tar.gz –C /opt/tmp

 

 

第四步:編譯安裝

cd /opt/tmp
./configure --prefix=/opt/soft/named --enable-threads --enable-largefile --disable-ipv6 && make && make install

 

 

(1)增長bind用戶與組code

groupadd bind
useradd -g bind -d /opt/soft/named -s /sbin/nologin bind

 

 

第五步:創建配置文件

cd /otp/soft/named/
sbin/rndc-confgen > etc/rndc.conf  #生成rndc控制命令的Key文件

#若沒法生成,解決方案,手動添加一個random文件
vi /opt/soft/random
asdkfjalsjdflajsldfjlasjdflajsldfjalsjdflajslfjalsjflasjfl

sbin/rndc-confgen -r /opt/soft/random > rndc.key 

#從rndc.conf中提取named.conf用的key
tail -10 etc/rndc.conf | head -9 | sed s/#\ //g > etc/named.conf 

 

 

 

第六步:配置named.conf加以下配置文件

vi /opt/soft/named/etc/named.conf

options {

  listen-on port 53 { any; };

  directory "/opt/soft/named/var";

  pid-file "named.pid";

  allow-query { any ;};

  dump-file "/usr/local/named/data/cache_dump.db";

  statistics-file "/usr/local/named/data/named_stats.txt";

  forwarders {202.96.209.5;114.114.114.114;};

  recursion yes;

};


zone "." IN {
        Type hint;
        File "named.root";
};

 

Zone "localhost" IN {
  type master;
  file "localhost.zone";
  allow-update {none;};
};

 

Zone "0.0.127.in-addr.arpa" IN {
  type master;
  file "localhost.rev";
  allow-update {none;};
};

 

zone "eye.com" IN {
      type master;
      file "eye.com.zone";
      allow-update {none;};
};


zone "111.168.192.in-add.arpa" IN {
        type master;
         file "111.168.192.in-add.arpa";
         allow-update {none;};
};

 

 

 

第七步:創建區目錄文件 cd /opt/soft/named/var

(1)創建named.root文件

wget  ftp://ftp.rs.internic.net/domain/named.root
或者本身生成
dig @a.root-servers.net . ns > named.root

 

 

(2)創建localhsot.zone文件

$TTL    86400                                                              
$ORIGIN localhost.                                                           
@                       1D IN SOA       @ root (                            
                                        42              ; serial (d. adams)
                                        3H              ; refresh             
                                        15M             ; retry                 
                                        1W              ; expiry             
                                        1D )            ; minimum           
                        1D IN NS        @                                  
                        1D IN A         127.0.0.1  

 

 

(3)創建localhost.rev文件

N SOA  localhost.  root.localhost. (  
              1; serial  
              3600; refresh every hour  
              900;  retry every 15 minutes  
              3600000; expire 1000 hours  
              3600); minimun 1 hour  
    IN NS localhost.  
1   IN PTR localhost. 

 

 

(4)創建eye.com.zone文件

$TTL 86400  
@        IN        SOA  dns.eye.com.  root.localhost (  
                        2 ; serial  
                        28800 ; refresh  
                        7200 ; retry  
                        604800 ; expire  
                        86400 ; ttl  
                        )  
                  IN      NS     dns.eye.com.  
                  IN      A      192.168.111.111
www               IN      A      192.168.111.111  
ntp               IN      A      192.168.132.191
waffle            IN      A      192.168.132.199
nfs               IN      A      192.168.111.206
ftp.nas           IN      A      192.168.111.207
mongotest         IN      A      192.168.111.113
mongo1            IN      A      192.168.132.190
mongo2            IN      A      192.168.132.189
mongo3            IN      A      192.168.132.188
openldap-a        IN      A      192.168.132.191
dns               IN      A      192.168.111.111

 

 

(5)創建111.168.192.in-add.arpa文件

$TTL    86400
@       IN      SOA     dns.eye.com.  root.eye.com.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
@         IN      NS     dns.eye.com.
111       IN      PTR    www.eye.com.
191       IN      PTR    ntp.eye.com. 
199       IN      PTR    waffle.eye.com.
206       IN      PTR    nfs.eye.com.
207       IN      PTR    ftp.nas.eye.com.
113       IN      PTR    mongotest.eye.com.
190       IN      PTR    mongo1.eye.com.
189       IN      PTR    mongo2.eye.com.  
188       IN      PTR    mongo3.eye.com.
191       IN      PTR    openldap-a.eye.com.

 

 

 

第八步:啓動程序且加入調試信息,若是是running, 表示啓動成功

/opt/soft/named/sbin/named -gc /opt/soft/named/etc/named.conf -u bind &

 

 

第九步:查看狀態

/usr/local/named/sbin/rndc status

#若修改配置信息,以下命令可重啓
/opt/soft/named/sbin/rndc reload

 

第十步:修改主機網卡信息

vi /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=192.168.111.111
DNS2=202.96.209.5

 

 

第十一步:配置開機自啓,啓動腳本 vi /etc/rc.d/init.d/named

#!/bin/bash
# named a network name service.
# chkconfig: 345 35 75
# description: a name server

if [ `id -u` -ne 0 ]
then
    echo "ERROR:For bind to port 53,must run as root."
    exit 1
fi

case "$1" in
    start)
    if [ -x /opt/soft/named/sbin/named ]; then
    /opt/soft/named/sbin/named -c /opt/soft/named/etc/named.conf -u bind && echo . && echo 'BIND9 server started'
  fi 
  ;;   
  stop)     
kill `cat /opt/soft/named/var/named.pid` && echo . && echo 'BIND9 server stopped'   ;;
  restart)     
echo .     echo "Restart BIND9 server"     $0 stop     sleep 10     $0 start   ;;   reload)     /opt/soft/named/sbin/rndc reload   ;;   
  status)     
/opt/soft/named/sbin/rndc status   ;;
  
*)     echo "$0 start | stop | restart |reload |status"   ;; esac

 

 

(2)修改權限,增長到服務項

chmod 755 /etc/rc.d/init.d/named
chkconfig --add named
service named start

 

第十步:測試

dig @127.0.0.1 dns.eye.com

 

 

第十一步:配置防火牆

iptables -A INPUT -p udp -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
相關文章
相關標籤/搜索