搭建DNS服务器

需要准备客户机和服务机，共两台。
1-3为服务机操作；后续为客户机操作

**前提须知：**hosts文件： 只是给本机提供域名解析的服务，不能给其他人提供
windows系统路径：C:\Windows\System32\drivers\etc\hosts
linux路径：/etc/hosts
dns： 可以给全球的人提供域名查询服务

[root@www ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

[root@www ~]# yum provides nslookup
已加载插件：fastestmirror
Loading mirror speeds from cached hostfile

- base: [mirrors.163.com](http://mirrors.163.com/)
- extras: [mirrors.aliyun.com](http://mirrors.aliyun.com/)
- updates: [mirrors.aliyun.com](http://mirrors.aliyun.com/)
32:bind-utils-9.11.4-26.P2.el7.x86_64 : Utilities for querying DNS name servers
源 ：base
匹配来源：
文件名 ：/usr/bin/nslookup

1. 准备工作：关闭防火墙服务和selinux

[root@nameserver ~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@nameserver ~]# systemctl disable firewalld
root@nameserver ~]# iptables -L  查看iptables防火墙规则
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@nameserver ~]#
[root@nameserver ~]# getenforce
Disabled
[root@nameserver ~]# cat /etc/selinux/config

This file controls the state of SELinux on the system.

SELINUX= can take one of these three values:

enforcing - SELinux security policy is enforced.

permissive - SELinux prints warnings instead of enforcing.

disabled - No SELinux policy is loaded.

SELINUX=disabled #修改disabled

SELINUXTYPE= can take one of three values:

targeted - Targeted processes are protected,

minimum - Modification of targeted policy. Only selected processes are protected.

mls - Multi Level Security protection.

SELINUXTYPE=targeted

2.安装bind服务（bind是历史非常悠久，而且性能非常好的dns域名系统的软件）

[root@nameserver ~]#yum install bind* -y

3.设置named服务开机启动，并且立马启动DNS服务

[root@nameserver ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@nameserver ~]#
[root@nameserver ~]# systemctl start named  立马启动named进程
[root@nameserver ~]# ps aux|grep named
named    14474  3.6  5.7 168300 57340 ?        Ssl  15:13   0:00 /usr/sbin/named -u named -c /etc/named.conf
root     14481  0.0  0.0 112824   980 pts/0    R+   15:13   0:00 grep --color=auto named
[root@nameserver ~]#

[root@nameserver ~]# netstat -anplut|grep named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      14474/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      14474/named
tcp6       0      0 ::1:53                  :::*                    LISTEN      14474/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      14474/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           14474/named
udp6       0      0 ::1:53                  :::*                                14474/named
[root@nameserver ~]#
[root@nameserver ~]# vim /etc/resolv.conf

127.0.0.1  ---》loopback 接口  --》用来测试tcp/ip协议在本机是否能正常的运行 --》这个ip地址只是在本机访问

3. 修改配置文件，重启服务器允许其他电脑能过来查询dns域名

[root@nameserver ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };  修改
listen-on-v6 port 53 { any; }; 修改
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file  "/var/named/data/named.recursing";
secroots-file   "/var/named/data/named.secroots";
allow-query     { any; }; 修改
[root@nameserver ~]# service named restart 重启named服务
Redirecting to /bin/systemctl restart named.service
[root@nameserver ~]#
[root@nameserver ~]# netstat -anplut|grep named
tcp        0      0 192.168.0.180:53        0.0.0.0:*               LISTEN      16137/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      16137/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      16137/named
tcp6       0      0 :::53                   :::*                    LISTEN      16137/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      16137/named
udp        0      0 192.168.0.180:53        0.0.0.0:*                           16137/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           16137/named
udp6       0      0 :::53                   :::*                                16137/named
[root@nameserver ~]#

4. 验证dns服务（客户机）
   下列操作皆在客户机上进行

 
[root@www network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@www network-scripts]# vim ifcfg-ens33
BOOTPROTO="none"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.0.180
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.180
DNS2=114.114.114.114
[root@www network-scripts]# cat /etc/resolv.conf

Generated by NetworkManager

search [feng.com](http://feng.com/)
nameserver 192.168.0.180
nameserver 114.114.114.114
[root@www network-scripts]# cat ifcfg-ens33
BOOTPROTO="none"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.0.180
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.180
DNS2=114.114.114.114
[root@www network-scripts]#
ifcfg-ens33  文件里的dns服务器的ip地址会决定  /etc/resolv.conf  里的nameserver的ip
service network restart 会将ifcfg-ens33  文件里的dns服务器写到/etc/resolv.conf  里
但是用户在查询域名的时候，只看/etc/resolv.conf
[root@www network-scripts]# ping [www.qq.com](http://www.qq.com/)
PING [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/) (121.14.77.221) 56(84) bytes of data.
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=3 ttl=53 time=23.7 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=4 ttl=53 time=23.4 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=5 ttl=53 time=95.3 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=6 ttl=53 time=23.4 ms
^C
--- [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/) ping statistics ---
6 packets transmitted, 4 received, 33% packet loss, time 5190ms
rtt min/avg/max/mdev = 23.440/41.488/95.348/31.096 ms
[root@www network-scripts]# nslookup [www.qq.com](http://www.qq.com/)
Server:		192.168.0.180
Address:	192.168.0.180#53

Non-authoritative answer:
[www.qq.com](http://www.qq.com/)	canonical name = [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/).
Name:	[ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/)
Address: 121.14.77.221
Name:	[ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/)
Address: 121.14.77.201
Name:	[ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/)
Address: 2402:4e00:1020:1404:0:9227:71a3:83d2
Name:	[ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/)
Address: 2402:4e00:1020:1404:0:9227:71ab:2b74

如何给自己域名数据库解析

服务及操作：
1.修改配置文件，告诉named为xx.com提供域名解析

[root@nameserver named]# vim /etc/named.rfc1912.zones
zone "[xx.com](http://xx.com/)" IN {
type master;
file "xx.com.zone";
allow-update { none; };
};

2./var/named/ 存放dns域名解析的数据文件的 --》创建xx.com的数据文件

[root@nameserver named]# pwd
/var/named
[root@nameserver named]# ls
chroot  chroot_sdb  data  dynamic  dyndb-ldap  [named.ca](http://named.ca/)  named.empty  named.localhost  named.loopback  slaves
[root@nameserver named]#
[named.ca](http://named.ca/) 存放13台根服务器的ip地址
[root@nameserver named]# cp named.localhost xx.com.zone  复制产生一个sc.com的数据文件
[root@nameserver named]# ls
chroot  chroot_sdb  data  dynamic  dyndb-ldap  [named.ca](http://named.ca/)  named.empty  named.localhost  named.loopback  xx.com.zone  slaves
[root@nameserver named]#
[root@nameserver named]# cat xx.com.zone
$TTL 1D
@	IN SOA	@ rname.invalid. (
0	; serial
1D	; refresh
1H	; retry
1W	; expire
3H )	; minimum
NS	@
A	192.168.0.163
www A 192.168.0.180
www A 192.168.0.181
git A 192.168.0.99
luogan A 192.168.0.188
lg CNAME luogan
[root@nameserver named]# ll
总用量 20
drwxr-x--- 7 root named 61 6月 5 16:29 chroot
drwxr-x--- 7 root named 61 6月 5 16:29 chroot_sdb
drwxrwx--- 2 named named 23 6月 5 16:29 data
drwxrwx--- 2 named named 60 6月 5 16:33 dynamic
drwxrwx--- 2 root named 6 4月 1 2020 dyndb-ldap
-rw-r----- 1 root named 2253 4月 5 2018 [named.ca](http://named.ca/)
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
-rw-r----- 1 root root 244 6月 5 17:12 xx.com.zone
drwxrwx--- 2 named named 6 4月 29 22:05 slaves
[root@nameserver named]# chown root:named xx.com.zone 修改拥有者和组
[root@nameserver named]# service named restart 重启服务
Redirecting to /bin/systemctl restart named.service
[root@nameserver named]# netstat -anplut|grep named
tcp 0 0 192.168.0.163:53 0.0.0.0:* LISTEN 18691/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 18691/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 18691/named
tcp6 0 0 :::53 :::* LISTEN 18691/named
tcp6 0 0 ::1:953 :::* LISTEN 18691/named
udp 0 0 192.168.0.163:53 0.0.0.0:* 18691/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 18691/named
udp6 0 0 :::53 :::* 18691/named
[root@nameserver named]#

3.验证（需要去客户机上验证）

[root@www network-scripts]# nslookup  www.xx.com