搭建DNS服务器
环境:CentOS 7.5
防火墙状态:已关闭
安装bind
1 | yum -y install bind* |
- 修改主配置文件
1 | $ vim /etc/named.conf |
2 | ------------------- |
3 | options { |
4 | # listen-on port 53 { 127.0.0.1; }; |
5 | listen-on port 53 { any; }; //修改为any |
6 | listen-on-v6 port 53 { ::1; }; |
7 | directory "/var/named"; |
8 | dump-file "/var/named/data/cache_dump.db"; |
9 | statistics-file "/var/named/data/named_stats.txt"; |
10 | memstatistics-file "/var/named/data/named_mem_stats.txt"; |
11 | recursing-file "/var/named/data/named.recursing"; |
12 | secroots-file "/var/named/data/named.secroots"; |
13 | # allow-query { localhost; }; |
14 | allow-query { any; }; //修改为any |
15 | |
16 | /* |
17 | - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. |
18 | - If you are building a RECURSIVE (caching) DNS server, you need to enable |
19 | recursion. |
20 | - If your recursive DNS server has a public IP address, you MUST enable access |
21 | control to limit queries to your legitimate users. Failing to do so will |
22 | cause your server to become part of large scale DNS amplification |
23 | attacks. Implementing BCP38 within your network would greatly |
24 | reduce such attack surface |
25 | */ |
26 | recursion yes; |
27 | |
28 | dnssec-enable yes; |
29 | dnssec-validation yes; |
30 | |
31 | /* Path to ISC DLV key */ |
32 | bindkeys-file "/etc/named.iscdlv.key"; |
33 | |
34 | managed-keys-directory "/var/named/dynamic"; |
35 | |
36 | pid-file "/run/named/named.pid"; |
37 | session-keyfile "/run/named/session.key"; |
38 | }; |
39 | |
40 | logging { |
41 | channel default_debug { |
42 | file "data/named.run"; |
43 | severity dynamic; |
44 | }; |
45 | }; |
46 | |
47 | zone "." IN { |
48 | type hint; |
49 | file "named.ca"; |
50 | }; |
51 | |
52 | include "/etc/named.rfc1912.zones"; |
53 | include "/etc/named.root.key"; |
- 修改区域文件 /etc/named.rfc1912.zones,在这个文件里面最后面添加正向解析域和反向解析域,在文件末尾加入以下代码,设置一个域名为luprivate.com的正向解析域,dns类型为master,文件名为luprivate.com.zone,不允许自动更新。设置反向解析域,dns类型为master,文件名为192.168.56.11.arpa,不允许自动更新。
1 | vim /etc/named.rfc1912.zones |
2 | ---------------------------- |
3 | zone "localhost.localdomain" IN { |
4 | type master; |
5 | file "named.localhost"; |
6 | allow-update { none; }; |
7 | }; |
8 | |
9 | zone "localhost" IN { |
10 | type master; |
11 | file "named.localhost"; |
12 | allow-update { none; }; |
13 | }; |
14 | |
15 | zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { |
16 | type master; |
17 | file "named.loopback"; |
18 | allow-update { none; }; |
19 | }; |
20 | |
21 | zone "1.0.0.127.in-addr.arpa" IN { |
22 | type master; |
23 | file "named.loopback"; |
24 | allow-update { none; }; |
25 | }; |
26 | |
27 | zone "0.in-addr.arpa" IN { |
28 | type master; |
29 | file "named.empty"; |
30 | allow-update { none; }; |
31 | }; |
32 | |
33 | zone "luprivate.com" IN { |
34 | type master; |
35 | file "luprivate.com.zone"; |
36 | allow-update { none; }; |
37 | }; |
38 | |
39 | zone "11.56.168.192.in-addr.arpa" IN { |
40 | type master; |
41 | file "192.168.56.11.arpa"; |
42 | allow-update { none; }; |
43 | }; |
- 修改解析数据文件
1 | vim /var/named/luprivate.com.zone |
2 | --------------------------------- |
3 | TTL 1D |
4 | @ IN SOA ns.luprivate.com. root ( |
5 | 0 ; serial |
6 | 1D ; refresh |
7 | 1H ; retry |
8 | 1W ; expire |
9 | 3H ) ; minimum |
10 | @ IN NS ns.luprivate.com. |
11 | ns IN A 192.168.56.11 |
12 | www IN A 192.168.56.11 |
1 | vim /var/named/192.168.56.11.arpa |
2 | --------------------------------- |
3 | TTL 1D |
4 | @ IN SOA dns.luprivate.com. admin.luprivate.com. ( |
5 | 0 ; serial |
6 | 1D ; refresh |
7 | 1H ; retry |
8 | 1W ; expire |
9 | 3H ) ; minimum |
10 | @ IN NS ns.luprivate.com. |
11 | 116 IN PTR www.luprivate.com. |
- 修改所有者
1 | chown root:named luprivate.com.zone |
2 | chown root:named 192.168.56.11.arpa |
- 修改/etc/resolv.conf
1 | nameserver 192.168.56.11 |
- 修改/etc/hosts
1 | 192.168.56.11 luprivate.com |
- 重启named服务
1 | systemctl restart named |
- 查看对应端口情况
1 | netstat -anpu |
2 | Active Internet connections (servers and established) |
3 | Proto Recv-Q Send-Q Local Address Foreign Address |
4 | udp 0 0 0.0.0.0:5353 0.0.0.0:* |
5 | udp 0 0 0.0.0.0:36121 0.0.0.0:* |
6 | udp 0 0 0.0.0.0:839 0.0.0.0:* |
7 | udp 0 0 192.168.122.1:53 0.0.0.0:* |
8 | udp 0 0 10.0.3.15:53 0.0.0.0:* |
9 | udp 0 0 192.168.56.11:53 0.0.0.0:* |
10 | udp 0 0 127.0.0.1:53 0.0.0.0:* |
11 | udp 0 0 192.168.122.1:53 0.0.0.0:* |
12 | udp 0 0 0.0.0.0:67 0.0.0.0:* |
13 | udp 0 0 0.0.0.0:68 0.0.0.0:* |
14 | udp 0 0 0.0.0.0:111 0.0.0.0:* |
15 | udp6 0 0 :::839 :::* |
16 | udp6 0 0 ::1:53 :::* |
17 | udp6 0 0 :::111 :::* |
- 测试DNS服务器是否搭建成功
1 | linux下测试: |
2 | host www.luprivate.com |
3 | www.luprivate.com has address 192.168.56.11 |
1 | windows下测试:(需在网卡DNS中加入192.168.56.11) |
2 | nslookup |
3 | > www.luprivate.com |
4 | 服务器: UnKnown |
5 | Address: 192.168.56.11 |
6 | |
7 | 名称: www.luprivate.com |
8 | Address: 192.168.56.11 |
- 部署完成