内网DNS服务器搭建说明

搭建目标

1. 内外网均可访问
2. 支持自定义域名

技术选型

主要备选方案为小米开源的SmartDNS和云原生毕业的CoreDNS。经过多方考量，最终选用云原生出品的CoreDNS，

github地址：https://github.com/coredns/coredns

官方网站：https://coredns.io/

本次主要使用的插件：https://coredns.io/plugins/hosts/

部署过程

1、挑机器

选用一台性能较好的服务器，最好CPU和内存高点的。建议配置：8C/8G/200G （CPU/内存/磁盘）

2、下载安装包

从Github上下载服务器系统类型对应的二进制安装包，具体链接地址为：https://github.com/coredns/coredns/releases/tag/v1.8.4

这里演示使用的Centos7.9，所以下载的是：coredns_1.8.4_linux_amd64.tgz

3、释放安装包

# 上传安装包coredns_1.8.4_linux_amd64.tgz 到服务器的/root目录下

# 新建目录
mkdir -p /usr/local/coredns  

# 新建用户
useradd coredns -s /sbin/nologin

# 释放安装包
tar -xvf coredns_1.8.4_linux_amd64.tgz -C /usr/local/coredns

4、添加转发规则配置

规则说明：

local:53，所有请求域名以“ local ”结尾的去找/usr/local/coredns/hosts 文件做解析

.:53，除了上面两个规则外的其他所有请求被转发到公网的DNS去做解析

vim /usr/local/coredns/Corefile
# 新增
local:53 {
    hosts /usr/local/coredns/hosts
    log
}

.:53 {
    forward . 8.8.8.8:53 114.114.114.114:53 1.1.1.1:53 223.5.5.5:53 223.6.6.6:53 
    log
}

5、添加本地域名映射文件

vim /usr/local/coredns/hosts
# 新增
10.3.1.1     dev.gis4.local
10.3.1.48    dev.gis7.local
10.3.1.40    test.gis4.local
10.3.1.47    prod.gis4.local

6、添加开机自启配置

vim /etc/systemd/system/coredns.service
# 新增

[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
ExecStart=/usr/local/coredns/coredns -conf=/usr/local/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target

7、启动服务

systemctl start  coredns
systemctl enable coredns
systemctl status coredns

8、测试域名

若机器上无法使用dig命令，可以yum安装下：yum -y install bind-utils

dig命令用法：https://man.linuxde.net/dig

# 先在内网DNS服务器的做本地测试
[root@localhost coredns]# dig @localhost a dev.gis7.local

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> @localhost a dev.gis7.local
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29437
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dev.gis7.local.                        IN      A

;; ANSWER SECTION:
dev.gis7.local.         3600    IN      A       10.3.1.48  # 可以看到这里能解析出来

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Jul 15 11:39:27 CST 2021
;; MSG SIZE  rcvd: 73

[root@localhost coredns]# dig @localhost a baidu.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> @localhost a baidu.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22204
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com.                     IN      A

;; ANSWER SECTION:
baidu.com.              419     IN      A       39.156.69.79
baidu.com.              419     IN      A       220.181.38.148  # 可以看到这里能解析出来

;; Query time: 15 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Jul 15 11:39:37 CST 2021
;; MSG SIZE  rcvd: 88

[root@localhost coredns]#


# 再到其他服务器或客户端机器上测试
# 1）修改测试机器的DNS
[root@data_service_79 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens192 # 我这里网卡名是ens192，这个名不是固定的，需要写自己的
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens192"
UUID="683fa800-8436-4394-bb39-9974b9a621eb"
DEVICE="ens192"
ONBOOT="yes"
#ARPCHECK="no"
IPADDR="10.0.1.79"
PREFIX="24"
GATEWAY="10.0.1.1"
DNS1="10.1.6.221"     # 这里就是我搭建的内网DNS

# 2）重启网卡
[root@data_service_79 ~]# systemctl restart network  # 如果无法重启成功或生效，就重启机器：sync;reboot

# 3）确认DNS
[root@data_service_79 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.1.6.221  # 可以看到我这里已经生效了，使用的是我新搭建的内网DNS
# 4）ping测试
[root@data_service_79 ~]# ping prod.gis4.local
PING prod.gis4.local (10.3.1.47) 56(84) bytes of data.
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=1 ttl=63 time=0.297 ms
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=2 ttl=63 time=0.267 ms
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=3 ttl=63 time=0.410 ms
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=4 ttl=63 time=0.267 ms
^C
--- prod.gis4.local ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.267/0.310/0.410/0.060 ms
[root@data_service_79 ~]#
# 5）dig 测试
[root@data_service_79 ~]# dig @10.1.6.221 a baidu.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> @10.1.6.221 a baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16514
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com.                     IN      A

;; ANSWER SECTION:
baidu.com.              475     IN      A       39.156.69.79
baidu.com.              475     IN      A       220.181.38.148 # 可以看到这里是能正常解析出来的

;; Query time: 160 msec
;; SERVER: 10.1.6.221#53(10.1.6.221)
;; WHEN: Thu Jul 15 11:51:59 CST 2021
;; MSG SIZE  rcvd: 88

[root@data_service_79 ~]# dig @10.1.6.221 a prod.gis4.local 

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> @10.1.6.221 a prod.gis4.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26422
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;prod.gis4.local.               IN      A

;; ANSWER SECTION:
prod.gis4.local.        3600    IN      A       10.3.1.47  # 可以看到这里是能正常解析出来的

;; Query time: 3 msec
;; SERVER: 10.1.6.221#53(10.1.6.221)
;; WHEN: Thu Jul 15 11:52:13 CST 2021
;; MSG SIZE  rcvd: 75

[root@data_service_79 ~]#
# 6）停掉coredns服务，再做测试

# 内网DNS服务器上操作
[root@localhost coredns]# systemctl stop coredns
[root@localhost coredns]# systemctl status coredns
● coredns.service - CoreDNS DNS server
   Loaded: loaded (/etc/systemd/system/coredns.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2021-07-15 11:53:52 CST; 7s ago
     Docs: https://coredns.io
  Process: 38375 ExecStart=/usr/local/coredns/coredns -conf=/usr/local/coredns/Corefile (code=exited, status=0/SUCCESS)
 Main PID: 38375 (code=exited, status=0/SUCCESS)

Jul 15 11:52:36 localhost coredns[38375]: [INFO] 10.0.1.79:52526 - 48115 "A IN data_service_79. udp 33 false 512" NXDOMAIN qr,aa,rd,ra 108 0.004676304s
Jul 15 11:52:36 localhost coredns[38375]: [INFO] 10.0.1.79:52526 - 11505 "AAAA IN data_service_79. udp 33 false 512" NXDOMAIN qr,rd,ra 108 0.042498846s
Jul 15 11:52:55 localhost coredns[38375]: [INFO] 10.0.1.79:37312 - 26245 "PTR IN 79.1.0.10.in-addr.arpa. udp 40 false 512" NXDOMAIN qr,rd,ra 135 0.081115373s
Jul 15 11:52:56 localhost coredns[38375]: [INFO] 10.0.1.79:42550 - 491 "AAAA IN data_service_79.localdomain. udp 45 false 512" NXDOMAIN qr,rd,ra 120 0.026442575s
Jul 15 11:52:56 localhost coredns[38375]: [INFO] 10.0.1.79:42550 - 26354 "A IN data_service_79.localdomain. udp 45 false 512" NXDOMAIN qr,rd,ra 120 0.03522113s
Jul 15 11:52:56 localhost coredns[38375]: [INFO] 10.0.1.79:55391 - 34553 "AAAA IN data_service_79. udp 33 false 512" NXDOMAIN qr,rd,ra 108 0.008096419s
Jul 15 11:52:56 localhost coredns[38375]: [INFO] 10.0.1.79:55391 - 41700 "A IN data_service_79. udp 33 false 512" NXDOMAIN qr,rd,ra 108 0.060995755s
Jul 15 11:53:04 localhost coredns[38375]: [INFO] 10.0.1.79:51629 - 50457 "PTR IN 79.1.0.10.in-addr.arpa. udp 40 false 512" NXDOMAIN qr,aa,rd,ra 105 2.031695577s
Jul 15 11:53:52 localhost systemd[1]: Stopping CoreDNS DNS server...
Jul 15 11:53:52 localhost systemd[1]: Stopped CoreDNS DNS server.

# 测试机器上操作
[root@data_service_79 ~]# dig @10.1.6.221 a prod.gis4.local  # 可以看到卡住不动，没法解析了


^C[root@data_service_79 ~]# ping prod.gis4.local  # 也卡住几秒后就说没法解析
ping: prod.gis4.local: Name or service not known
[root@data_service_79 ~]#

# 再启动coredns服务，再测
[root@localhost coredns]# systemctl start  coredns
[root@data_service_79 ~]# ping prod.gis4.local  # 可以看到马上就好了
PING prod.gis4.local (10.3.1.47) 56(84) bytes of data.
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=1 ttl=63 time=0.261 ms
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=2 ttl=63 time=0.392 ms
^C
--- prod.gis4.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.261/0.326/0.392/0.067 ms

参考资料

https://coredns.io/plugins/hosts/

https://github.com/coredns/coredns

https://zh.codeprj.com/blog/b1ea7c1.html

https://blog.csdn.net/wu_weijie/article/details/104781887

https://guiyunweb.com/archives/%E6%90%AD%E5%BB%BA%E5%86%85%E7%BD%91dns%E6%9C%8D%E5%8A%A1%E5%99%A8