本地DNS解析

企業搭配本地域名，進行解析

2018年07月23日 09:31:46

閱讀數：2

搭建dns服務器，可以進行域名解析，這樣方便企業項目本地測試。

可以實現，輸入域名訪問本地服務器

 

一、安裝軟件

1、下載bind

yum -y install bind*

2、修改主配置文件

1. cp /etc/named.conf /etc/named.conf.bak  # 修改之前先備份一遍
2. vi /etc/named.conf 

修改為一下文件

1. //
2. //
3. // named.conf
4. //
5. // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
6. // server as a caching only nameserver (as a localhost DNS resolver only).
7. //
8. // See /usr/share/doc/bind*/sample/ for example named configuration files.
9. //

10. // See the BIND Administrator's Reference Manual (ARM) for details about the

11. // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

1. 12.  

13. options {

1. 14.         listen-on port 53 { any; };   //改此處
2. 15.         //listen-on-v6 port 53 { ::1; };   //改此處
3. 16.         directory       "/var/named";
4. 17.         dump-file       "/var/named/data/cache_dump.db";
5. 18.         statistics-file "/var/named/data/named_stats.txt";
6. 19.         memstatistics-file "/var/named/data/named_mem_stats.txt";
7. 20.         allow-query     { any; };  //改此處
8. 21.  
9. 22.         /*
10. 23.          - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
11. 24.          - If you are building a RECURSIVE (caching) DNS server, you need to enable
12. 25.            recursion.
13. 26.          - If your recursive DNS server has a public IP address, you MUST enable access
14. 27.            control to limit queries to your legitimate users. Failing to do so will
15. 28.            cause your server to become part of large scale DNS amplification
16. 29.            attacks. Implementing BCP38 within your network would greatly
17. 30.            reduce such attack surface
18. 31.         */
19. 32.         recursion yes;
20. 33.  
21. 34.         dnssec-enable yes;
22. 35.         dnssec-validation yes;
23. 36.  
24. 37.         /* Path to ISC DLV key */
25. 38.         bindkeys-file "/etc/named.iscdlv.key";
26. 39.  
27. 40.         managed-keys-directory "/var/named/dynamic";
28. 41.  
29. 42.         pid-file "/run/named/named.pid";
30. 43.         session-keyfile "/run/named/session.key";

44. };

1. 45.  

46. logging {

1. 47.         channel default_debug {
2. 48.                 file "data/named.run";
3. 49.                 severity dynamic;
4. 50.         };

51. };

1. 52.  

53. zone "." IN {

1. 54.         type hint;
2. 55.         file "named.ca";

56. };

1. 57.  

58. include "/etc/named.rfc1912.zones";

59. include "/etc/named.root.key";

3、自定義域名解析配置（比如我們要添加abc.com）

 vi /etc/named.rfc1912.zones

1. zone "abc.com" IN {    // 定義要解析主域名
2.         type master;
3.         file "abc.com.zone";  // 具體相關解析的配置文件保存在 /var/named/abc.com.zone 文件中
4.         allow-update { none; };
5. };
6. //可以檢查一下配置是否正確，如果執行沒有返回提示則表示正常
7. named-checkconf

4、自定義abc.com.zone文件

vi /var/named/abc.com.zone

1. $TTL 1D
2. @   IN SOA abc.com. rname.invalid. (
3.                     0   ; serial
4.                     1D  ; refresh
5.                     1H  ; retry
6.                     1W  ; expire
7.                     3H )   ; minimum
8.         NS      @
9.         A       127.0.0.1
10. 10.         AAAA    ::1

11. www     IN    A      192.168.1.100

12. xd      IN    A      192.168.1.101

13. wcn     IN    A      192.168.1.102

14. tl      IN    A      192.168.1.103

15. *       IN    CNAME  www

// 其中   ns.abc.com 代表當前dns服務器名稱。所以  ns.abc.com 一定要解析到自己本身

www     IN      A       192.168.1.100  // 代表 www.abc.com 解析到  192.168.1.100服務器上。其他的類似

//*通用 cname 使*指向www，這樣ajklnjkn.abc.com = www.abc.com

named-checkzone "abc.com" /var/named/abc.com.zone

5、修改權限

chown root:named  /var/named/abc.com.zone

6、更改防火牆

1. firewall-cmd --zone=public --add-port=53/tcp --permanent
2. firewall-cmd --zone=public --add-port=53/udp --permanent
3. firewall-cmd --zone=public --add-port=953/tcp --permanent

7、配置完成之后重啟服務

1. service named restart
2. //開機自啟
3. systemctl enable named

8、測試

nslookup   www.abc.com 服務器ip