碼上快樂

相關內容    簡體    繁體

使用docker-bind搭建DNS服務器

本文轉載自   查看原文   2021-11-10 17:37   1614 

  • 使用docker-bind搭建私有的DNS服務器,在整個內網集群中使用域名來管理服務器已經進行服務配置
  • 以下說明是基於Ubuntu20.04的,如果要構建在樹莓派上運行的docker鏡像,參考文章

配置與安裝

本機DNS配置

sudo nano /etc/systemd/resolved.conf

# 更改為以下內容
# 假設docker-bind所在服務器IP地址為192.168.3.37 [Resolve] DNS=192.168.3.37 #FallbackDNS= #Domains= #LLMNR=no #MulticastDNS=no #DNSSEC=no #DNSOverTLS=no #Cache=no DNSStubListener=no #ReadEtcHosts=yes sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
  • 參考 怎樣釋放systemd-resoved使用的53端口

  • 配置后,此時/etc/resolv.conf的內容為

    # This file is managed by man:systemd-resolved(8). Do not edit.
# # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 192.168.3.37 nameserver 192.168.3.1
    • 第一個是我們指定的bind構建的dns服務器
    • 第二個是本地的子網的網管的dns服務器
    • 注意先后順序不能更改,如果內容並非如此的話,可以刪除/etc/resolv.conf並重新執行sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
    • 如果並沒有/run/systemd/resolve/resolv.conf文件,說明執行了systemctl disable systemd-resolvedservice systemd-resolved stop,因此執行systemctl enable systemd-resolvedservice systemd-resolved start並重啟即可

docker-bind安裝

選定集群中用作搭建DNS服務器的服務器執行下列命令

# 在關閉本機解析服務之前拉取鏡像
docker pull sameersbn/bind:9.16.1-20200524 # 使用docker容器部署bind服務 docker run \ --name bind \ -d \ --restart=always \ --publish 53:53/tcp \ --publish 53:53/udp \ --publish 10000:10000/tcp \ --volume docker-bind:/data \ sameersbn/bind:9.16.1-20200524

docker-bind配置

  • 假設服務器IP地址為192.168.3.37,本地根域名為dev
  • 訪問Webmin管理界面,地址為:https://192.168.3.37:10000/,默認用戶名:root,密碼:password,相關設置如下:

  1. Servers → BIND DNS Server → Global Server Options → Access Control Lists,添加:

    1. allow-query any

  2. Servers → BIND DNS Server → Global Server Options → Forwarding and Transfers → Global forwarding and zone transfer options,添加轉發dns服務器IP地址:

    1. 8.8.8.8
    2. 8.8.4.4
    3. 暫時只添加了Google的DNS。添加其他的一些國內的DNS(如AliDNS),反而會有問題(ntp 服務器訪問失敗等等)

  3. Servers → BIND DNS Server → Existing DNS Zones → Create Master Zone

    1. Zone type: Forward (Names to Addresses)
    2. Domain name / Network: dev
    3. Master server: a.dev
    4. Email address: admin@dev

  4. Servers → BIND DNS Server → Existing DNS Zones → Create Master Zone

    1. Zone type: Reverse (Addresses to Names)
    2. Domain name / Network: 192.168.3
    3. Master server: a.dev
    4. Email address: admin@dev

  5. Servers → BIND DNS Server → Existing DNS Zones → dev

    1. Address中添加DNS記錄

      1. Name: a,Address: 192.168.3.37,點擊Create,會自動添加並更新逆向地址記錄

      2. 按需添加其他DNS記錄

        1. 可能需要重啟容器才會是新添加的DNS記錄生效

    2. Servers → BIND DNS Server → Existing DNS Zones → dev→ Name Server確認存在域名服務器地址

      1. Zone Name: dev.
      2. Name Server: a.dev.

測試

更新本機nameservers設置,設定為服務器IP地址,並執行以下命令檢查DNS服務器工作是否正常

nslookup www.baidu.com
nslookup a.dev
nslookup b.dev

  • 如果出現;; Got recursion not available from 192.168.3.37, trying next server的問題,執行下述操作(更方便的做法是按照文件的內容 在dashboard中進行修改:Servers → BIND DNS Server → Global Server Options → Edit Config File)

      
    docker cp  bind:/etc/bind/named.conf.options ./ docker cp bind:/etc/bind/named.conf ./ # 分別對兩文件進行修改 # named.conf acl trusted { 192.168.0.0/16; 10.153.154.0/24; localhost; localnets; }; // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; # named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; forwarders { 8.8.8.8; 8.8.4.4; }; allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; }; }; # 寫回到容器中 docker cp ./named.conf.options bind:/etc/bind/named.conf.options docker cp ./named.conf bind:/etc/bind/named.conf # 重啟容器 docker restart bind

參考

  1. sameersbn / docker-bind
  2. Setup Bind DNS Using Webmin on Debian 10
  3. 在CentOS 8上使用Webmin配置BIND DNS服務器
  4. DNS Forwarder and Transfer using Bind and Webmin
  5. BIND DNS Server
  6. DNS之BIND使用小結(Forward轉發)


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Centos7.3搭建DNS服務器--BIND 在 CentOS7.0 上搭建 Chroot 的 Bind DNS 服務器 使用Bind搭建DNS服務 docker方式搭建DNS服務器 docker-bind掛載 使用bind實現主從DNS服務器數據同步 docker 使用bind(docker運行DNS服務) (轉)centos6.5 bind-DNS服務器bind的搭建詳解 內建DNS服務器--BIND redhat配置dns服務器bind
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM