这里介绍如何搭建dns解析服务器
基础环境
- Linux发行版,这里用CentOS7
- bind软件
- 本案例中父域服务器为192.168.250.72
- 子域为74和77
一、父域环境搭建
yum install bind
安装完成后,要对__主配置文件__进行__部分__修改
vim /etc/named.conf
修改两处为any,两处进行注释
options {
listen-on port 53 { any; }; //这里修改为any
//listen-on-v6 port 53 { ::1; }; //用不到ipv6 注释掉
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //这里修改为any
recursion yes; //对子域的地址进行递归查询
dnssec-enable no;
dnssec-validation no;
二、自定义域名配置
现在安装基本的dns服务器之后,我们就开始自定义个域名来进行解析:
vim /etc/named.rfc1912.zones
增加一个需要解析的主域名比如:test.com,增加下面的文件到文件named.rfc1912.zones的最后
zone "test.com" IN {
type master;
file "test.com.zone";
};
三、指定转发器
zone "paas.test.com" IN {
type forward;
forward only;
forwarders { 192.168.250.74;192.168.250.77; };
};
四、增加域名配置(对子域授权)
上面定义了test.com.zone的文件,现在增加配置vim /var/named/test.com.zone
增加下面的内容:
$TTL 600
$ORIGIN test.com.
@ IN SOA ns1.test.com. admin.test.com (
100
1H
5M
7D
1D
)
IN NS ns
ns IN A 192.168.250.72
paas IN NS ns1
paas IN NS ns2
ns1 IN A 192.168.250.74
ns2 IN A 192.168.250.77
ns 对应的ip地址必须为dns服务器搭建的IP地址,也就是dns安装的机器的ip地址。
ns IN A xxx.xxx.xxx.xxx ==> 换成你dns服务器的ip
DNS服务器中的资源类型:
SOA记录:Start Of Authority,起始授权记录;
A记录:internet Address,作用是将全称域名解析成IP地址。
NS记录: Name Server,作用是标明当前区域的DNS服务器。
五、检查配置文件
named-checkconf检查主配置文件是否配置正确,没有输出表明是正确的:
named-checkzone检查zone文件配置:
named-checkzone "test.com" /var/named/test.com.zone
六、重启服务
systemctl restart named.service
rndc reload
到此父域环境搭建完毕
一、子域环境搭建
yum install bind
vim /etc/named.conf
options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion no; //由于这里开始搭建权威服务器应答,软件不建议开启递归查询功能
dnssec-enable no;
dnssec-validation no;
二、定义可解析区域
vim /etc/named.rfc1912.zones
zone "paas.test.com" IN {
type master;
file "paas.test.com.zone";
};
三、编辑资源记录
vim /var/named/paas.test.com.zone
$TTL 600
$ORIGIN paas.test.com.
@ IN SOA ns.paas.test.com. admin.paas.test.com (
101
1H
5M
7D
1D
)
IN NS ns
ns IN A 192.168.250.74
* IN A 192.168.250.74 //这个是泛域名解析
五、检查语法错误
named-checkzone paas.test.com /var/named/paas.test.com.zone
六、重启服务
service named restart
rndc reload
七、给53端口放行(dns端口)
firewall-cmd –permanent –zone=public –add-port=53/tcp firewall-cmd –permanent –zone=public –add-port=53/udp firewall-cmd –reload
八、让dns解析服务开机自启
systemctl enable named.service
另一台备服务器同上配置
测试
首先在要测试的机器上dns配置为父域的ip(macOS/Windows不做阐述)
Linux 平台的配置方法为:
vim /etc/resolv.conf
nameserver 192.168.250.72 //新增一条你父域的ip
PING
ping xxxxx.paas.test.com //ping你要解析的域名
traceroute
这个工具CentOS7最小安装情况下需要自行安装
yum install traceroute
traceroute xxxxx.paas.test.com
traceroute to fjek.paas.test.com (192.168.250.74), 30 hops max, 60 byte packets
1 192.168.250.74 (192.168.250.74) 0.274 ms !X 0.214 ms !X 0.191 ms !X
nslookup
nslookup
> fjke.paas.test.com
Server: 192.168.250.72
Address: 192.168.250.72#53
Non-authoritative answer:
Name: fjke.paas.test.com
Address: 192.168.250.74 //能跳转到你做解析服务的子域服务器上说明搭建成功
dig
dig -t A fkef.paas.test.com @192.168.250.72
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A fkef.paas.test.com @192.168.250.72
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35718
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fkef.paas.test.com. IN A
;; ANSWER SECTION:
fkef.paas.test.com. 600 IN A 192.168.250.74
;; AUTHORITY SECTION:
paas.test.com. 410 IN NS ns.paas.test.com.
;; ADDITIONAL SECTION:
ns.paas.test.com. 410 IN A 192.168.250.74
;; Query time: 1 msec
;; SERVER: 192.168.250.72#53(192.168.250.72)
;; WHEN: 四 12月 27 16:10:07 CST 2018
;; MSG SIZE rcvd: 96
返回信息中应答有值(ANSWER: 1)下述ANSWER SECTION等指向的为你做的解析服务器即配置成功