搭建DNS服务器
需要准备客户机和服务机,共两台。
1-3为服务机操作;后续为客户机操作
**前提须知:**hosts文件: 只是给本机提供域名解析的服务,不能给其他人提供
windows系统路径:C:\Windows\System32\drivers\etc\hosts
linux路径:/etc/hosts
dns: 可以给全球的人提供域名查询服务
[root@www ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@www ~]# yum provides nslookup
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
- base: [mirrors.163.com](http://mirrors.163.com/)
- extras: [mirrors.aliyun.com](http://mirrors.aliyun.com/)
- updates: [mirrors.aliyun.com](http://mirrors.aliyun.com/)
32:bind-utils-9.11.4-26.P2.el7.x86_64 : Utilities for querying DNS name servers
源 :base
匹配来源:
文件名 :/usr/bin/nslookup
- 准备工作:关闭防火墙服务和selinux
[root@nameserver ~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@nameserver ~]# systemctl disable firewalld
root@nameserver ~]# iptables -L 查看iptables防火墙规则
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@nameserver ~]#
[root@nameserver ~]# getenforce
Disabled
[root@nameserver ~]# cat /etc/selinux/config
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=disabled #修改disabled
SELINUXTYPE= can take one of three values:
targeted - Targeted processes are protected,
minimum - Modification of targeted policy. Only selected processes are protected.
mls - Multi Level Security protection.
SELINUXTYPE=targeted
2.安装bind服务(bind是历史非常悠久,而且性能非常好的dns域名系统的软件)
[root@nameserver ~]#yum install bind* -y
3.设置named服务开机启动,并且立马启动DNS服务
[root@nameserver ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@nameserver ~]#
[root@nameserver ~]# systemctl start named 立马启动named进程
[root@nameserver ~]# ps aux|grep named
named 14474 3.6 5.7 168300 57340 ? Ssl 15:13 0:00 /usr/sbin/named -u named -c /etc/named.conf
root 14481 0.0 0.0 112824 980 pts/0 R+ 15:13 0:00 grep --color=auto named
[root@nameserver ~]#
[root@nameserver ~]# netstat -anplut|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14474/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 14474/named
tcp6 0 0 ::1:53 :::* LISTEN 14474/named
tcp6 0 0 ::1:953 :::* LISTEN 14474/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 14474/named
udp6 0 0 ::1:53 :::* 14474/named
[root@nameserver ~]#
[root@nameserver ~]# vim /etc/resolv.conf
127.0.0.1 ---》loopback 接口 --》用来测试tcp/ip协议在本机是否能正常的运行 --》这个ip地址只是在本机访问
- 修改配置文件,重启服务器允许其他电脑能过来查询dns域名
[root@nameserver ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; 修改
listen-on-v6 port 53 { any; }; 修改
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; 修改
[root@nameserver ~]# service named restart 重启named服务
Redirecting to /bin/systemctl restart named.service
[root@nameserver ~]#
[root@nameserver ~]# netstat -anplut|grep named
tcp 0 0 192.168.0.180:53 0.0.0.0:* LISTEN 16137/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 16137/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 16137/named
tcp6 0 0 :::53 :::* LISTEN 16137/named
tcp6 0 0 ::1:953 :::* LISTEN 16137/named
udp 0 0 192.168.0.180:53 0.0.0.0:* 16137/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 16137/named
udp6 0 0 :::53 :::* 16137/named
[root@nameserver ~]#
- 验证dns服务(客户机)
下列操作皆在客户机上进行
[root@www network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@www network-scripts]# vim ifcfg-ens33
BOOTPROTO="none"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.0.180
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.180
DNS2=114.114.114.114
[root@www network-scripts]# cat /etc/resolv.conf
Generated by NetworkManager
search [feng.com](http://feng.com/)
nameserver 192.168.0.180
nameserver 114.114.114.114
[root@www network-scripts]# cat ifcfg-ens33
BOOTPROTO="none"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.0.180
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.180
DNS2=114.114.114.114
[root@www network-scripts]#
ifcfg-ens33 文件里的dns服务器的ip地址会决定 /etc/resolv.conf 里的nameserver的ip
service network restart 会将ifcfg-ens33 文件里的dns服务器写到/etc/resolv.conf 里
但是用户在查询域名的时候,只看/etc/resolv.conf
[root@www network-scripts]# ping [www.qq.com](http://www.qq.com/)
PING [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/) (121.14.77.221) 56(84) bytes of data.
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=3 ttl=53 time=23.7 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=4 ttl=53 time=23.4 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=5 ttl=53 time=95.3 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=6 ttl=53 time=23.4 ms
^C
--- [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/) ping statistics ---
6 packets transmitted, 4 received, 33% packet loss, time 5190ms
rtt min/avg/max/mdev = 23.440/41.488/95.348/31.096 ms
[root@www network-scripts]# nslookup [www.qq.com](http://www.qq.com/)
Server: 192.168.0.180
Address: 192.168.0.180#53
Non-authoritative answer:
[www.qq.com](http://www.qq.com/) canonical name = [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/).
Name: [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/)
Address: 121.14.77.221
Name: [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/)
Address: 121.14.77.201
Name: [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/)
Address: 2402:4e00:1020:1404:0:9227:71a3:83d2
Name: [ins-r23tsuuf.ias.tencent-cloud.net](http://ins-r23tsuuf.ias.tencent-cloud.net/)
Address: 2402:4e00:1020:1404:0:9227:71ab:2b74
如何给自己域名数据库解析
服务及操作:
1.修改配置文件,告诉named为xx.com提供域名解析
[root@nameserver named]# vim /etc/named.rfc1912.zones
zone "[xx.com](http://xx.com/)" IN {
type master;
file "xx.com.zone";
allow-update { none; };
};
2./var/named/ 存放dns域名解析的数据文件的 --》创建xx.com的数据文件
[root@nameserver named]# pwd
/var/named
[root@nameserver named]# ls
chroot chroot_sdb data dynamic dyndb-ldap [named.ca](http://named.ca/) named.empty named.localhost named.loopback slaves
[root@nameserver named]#
[named.ca](http://named.ca/) 存放13台根服务器的ip地址
[root@nameserver named]# cp named.localhost xx.com.zone 复制产生一个sc.com的数据文件
[root@nameserver named]# ls
chroot chroot_sdb data dynamic dyndb-ldap [named.ca](http://named.ca/) named.empty named.localhost named.loopback xx.com.zone slaves
[root@nameserver named]#
[root@nameserver named]# cat xx.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.0.163
www A 192.168.0.180
www A 192.168.0.181
git A 192.168.0.99
luogan A 192.168.0.188
lg CNAME luogan
[root@nameserver named]# ll
总用量 20
drwxr-x--- 7 root named 61 6月 5 16:29 chroot
drwxr-x--- 7 root named 61 6月 5 16:29 chroot_sdb
drwxrwx--- 2 named named 23 6月 5 16:29 data
drwxrwx--- 2 named named 60 6月 5 16:33 dynamic
drwxrwx--- 2 root named 6 4月 1 2020 dyndb-ldap
-rw-r----- 1 root named 2253 4月 5 2018 [named.ca](http://named.ca/)
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
-rw-r----- 1 root root 244 6月 5 17:12 xx.com.zone
drwxrwx--- 2 named named 6 4月 29 22:05 slaves
[root@nameserver named]# chown root:named xx.com.zone 修改拥有者和组
[root@nameserver named]# service named restart 重启服务
Redirecting to /bin/systemctl restart named.service
[root@nameserver named]# netstat -anplut|grep named
tcp 0 0 192.168.0.163:53 0.0.0.0:* LISTEN 18691/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 18691/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 18691/named
tcp6 0 0 :::53 :::* LISTEN 18691/named
tcp6 0 0 ::1:953 :::* LISTEN 18691/named
udp 0 0 192.168.0.163:53 0.0.0.0:* 18691/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 18691/named
udp6 0 0 :::53 :::* 18691/named
[root@nameserver named]#
3.验证(需要去客户机上验证)
[root@www network-scripts]# nslookup www.xx.com