最近想整個DNS服務器玩玩,讓決議網站稍微快一點,之前搞的Windows Server,但是感覺這個太重量級了,簡單是簡單但是占用的資源比較大,而且服務器一般都是Linux系統,這回我就想在CentOS上整一把,雖然CSDN上類似的文章很多,但是很多文章要么就是太舊了,要么就是搞得太復雜,我決定再重寫一篇,盡量言簡意賅,
主要參考:https://www.linuxidc.com/Linux/2019-03/157277.htm
1、安裝DNS服務器——Bind(Berkeley Internet Name Domain)
在root權限下輸入:
yum -y install bind
2、進入/etc下,找到named.conf并編輯(如果沒有vim請自行安裝)
vim /etc/named.conf
需要修改:(左邊是修改好的,右邊是原來的,作用是讓這個DNS服務器讓所有電腦都能使用訪問)
完整配置如下:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
3、定下自己的域名,以及需要系結的IP
我需要系結的IP:192.168.0.211,這里面是一個Nginx服務器,后面用${ip}代替
需要系結的域名是:dctant.com,后面用${domain}來代替,
4、創建.zone檔案
創建一個名為named.${domain}.com.zone這個檔案,我這邊叫named.dctant.com.zone,具體為什么要這么命名,我也是參考網上的,算一個命名規范吧,事實上隨便怎么命名都行,但是最好按規范來,
填入以下內容:
$TTL 1D
@ IN SOA ${domain}. admin.${domain} (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.${domain}.
ns1 IN A ${ip}
www IN A ${ip}這里各個引數的具體含義請看我文章起始處的參考鏈接,里面有說明,這里由于篇幅所限就不介紹了,
注意:這里的${domain}和${ip}替換為自己的域名和IP,建議使用編輯器全域替換,而不是自己一個個改!!
5、上傳這個檔案到/etc目錄下
將這個檔案上傳到/etc目錄下
6、編輯/etc/named.rfc1912.zones這個檔案
在結尾添加一段
zone "${domain}" IN {
type master;
file "/etc/named.${domain}.zone";
allow-update { none; };
};這樣你剛才創建的named.${domain}.com.zone這個檔案就和DNS服務器的組態檔關聯上了,
還是這句話,記得替換${domain}和${ip}為自己的域名和IP!
完整的/etc/named.rfc1912.zones檔案如下:
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "${domain}" IN {
type master;
file "/etc/named.${domain}.zone";
allow-update { none; };
};7、啟動DNS服務器
輸入命令:
systemctl start named.service
查看DNS服務器運行狀態:
systemctl status named.service
8、配置電腦使用該DNS服務器
我這個DNS服務器的IP地址是:192.168.0.201
隨便找個同一個局域網下的電腦,將它的網路配接器的IPV4的DNS改為:
然后保存即可,
9、測驗DNS服務器效果
輸入www.dctant.com,即可連接到192.168.0.211上的Nginx服務器了
10、如果要編輯DNS的組態檔
如果我想把192.168.0.211映射到abc.dctant.com,該怎么做呢?
只需要在named.dctant.com.zone最后加一行
abc IN A 192.168.0.211
即可,
然后重啟DNS服務器:
systemctl restart named.service
11、設定DNS服務開機自啟
輸入命令:
systemctl enable named.service
這樣重啟后DNS服務也會自動啟動,
寫在最后:我發現DNS服務完全不需要搞什么反向決議,照樣可以完成DNS服務器的所有功能,
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/294327.html
標籤:其他
下一篇:用SSH來連接Github