Linux-搭建DNS服务器
-
- [1. 安装软件bind](#1. 安装软件bind)
- 2.修改配置文件
- [3. 在其他机器上测试DNS服务器](#3. 在其他机器上测试DNS服务器)
- [4. 配置本地域名解析](#4. 配置本地域名解析)
- [5. 优化后的zone](#5. 优化后的zone)
1. 安装软件bind
bind是历史非常悠久,而且性能非常好的dns域名系统的软件
root@dns-server \~\]# `yum install bind bind-utils -y`
启动named服务
root@dns-server \~\]# `service named restart` Redirecting to /bin/systemctl restart named.service
设置named服务开机启动
root@dns-server \~\]# `systemctl enable named` Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
查看进程
bash
[root@dns-server ~]# ps aux|grep named
named 14903 0.1 0.9 294348 33448 ? Ssl 11:40 0:00 /usr/sbin/named -u named -c /etc/named.conf
root 14913 0.0 0.0 6636 2304 pts/0 S+ 11:40 0:00 grep --color=auto named查看开放udp 53号端口
bash
[root@dns-server ~]# netstat -anplut|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14125/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 14125/named
tcp6 0 0 ::1:53 :::* LISTEN 14125/named
tcp6 0 0 ::1:953 :::* LISTEN 14125/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 14125/named
udp6 0 0 ::1:53 :::* 14125/named 客户机向dns服务器进行域名查询的时候,访问的是udp的53号端口
从域名服务器和主域名服务器之间复制数据的时候,访问tcp的53号端口
2.修改配置文件
许其他电脑能过来查询dns域名
bash
[root@dns-server ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; # 修改
listen-on-v6 port 53 { any; }; # 修改
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; # 修改重新启动named服务
bash
[root@dns-server ~]# service named restart
Redirecting to /bin/systemctl restart named.service
[root@dns-server ~]# netstat -anplut|grep named
tcp 0 0 192.168.168.139:53 0.0.0.0:* LISTEN 14903/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14903/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 14903/named
tcp6 0 0 fe80::20c:29ff:fe11::53 :::* LISTEN 14903/named
tcp6 0 0 ::1:53 :::* LISTEN 14903/named
tcp6 0 0 ::1:953 :::* LISTEN 14903/named
udp 0 0 192.168.168.139:53 0.0.0.0:* 14903/named
udp 0 0 192.168.168.139:53 0.0.0.0:* 14903/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 14903/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 14903/named
udp6 0 0 ::1:53 :::* 14903/named
udp6 0 0 ::1:53 :::* 14903/named
udp6 0 0 fe80::20c:29ff:fe11::53 :::* 14903/named
udp6 0 0 fe80::20c:29ff:fe11::53 :::* 14903/named 3. 在其他机器上测试DNS服务器
修改网卡配置文件里的dns
root@web-1 \~\]# cat /etc/NetworkManager/system- \[ipv4
addresses1=192.168.168.136/24
dns=192.168.168.139;114.114.114.114
gateway=192.168.168.2
method=manual
修改/etc/resolv.conf里的dns服务器地址
root@web-2 \~\]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.168.139 nameserver 114.114.114.114
使用nslookup和ping、dig命令进行dns域名查询的测试
bash
[root@web-1 ~]# nslookup www.qq.com
Server: 192.168.168.139
Address: 192.168.168.139#53
Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.221
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.201
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:1::5c
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:2::4c
[root@web-1 ~]# dig +trace www.qq.com
; <<>> DiG 9.16.23-RH <<>> +trace www.qq.com
;; global options: +cmd
. 517706 IN NS k.root-servers.net.
. 517706 IN NS l.root-servers.net.
. 517706 IN NS m.root-servers.net.
. 517706 IN NS j.root-servers.net.
. 517706 IN NS g.root-servers.net.
. 517706 IN NS e.root-servers.net.
. 517706 IN NS f.root-servers.net.
. 517706 IN NS a.root-servers.net.
. 517706 IN NS d.root-servers.net.
. 517706 IN NS h.root-servers.net.
. 517706 IN NS b.root-servers.net.
. 517706 IN NS i.root-servers.net.
. 517706 IN NS c.root-servers.net.
. 517706 IN RRSIG NS 8 0 518400 20250907170000 20250825160000 46441 . mY7x+l08DTrEZ0eYA2vEb2JO/0e8IT1FDe1yoA5fUcW5L+zltYWeJAGO b38sXm6G1qr7iV25QdR0L1eIWDKs793lsDytnzjNY364plixi/s6qY7J DPYqwRP/ADlbMBEn6c4CpttJ/FmVm9sTf0+3q7bXQLn3Y5qvq9RMFyzI 0cpqQ+39APVvaTR4AUvEGS5gs1mjyhepB0xk80yVZrTpHXYe7g4bo2Xm JLcX9xPzDuL5cqpirPcH46ZPi3Pf5708ImI9BRtSfOiODNK7DrxtTd+u CRJiFjtLKN6GVebAcJ6tLAvqXyF8X3hxmPavwE7PwBK4b6QdtP/kvWcf wWsrRw==
;; Received 1137 bytes from 192.168.168.139#53(192.168.168.139) in 1 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com. 86400 IN RRSIG DS 8 1 86400 20250907170000 20250825160000 46441 . SU62OxdtF2cFhsGwICOfoGhxXzzt7FpxbiVMpLGHwoRacnEZoxFTpjRe 8cj0GbCyvMvnrwpue4hqNQaQcmZtSWXXk2XcGJH8Vi+8TUOH2tKzBZsf ls0Fk50SE5D8DPLUT8+zttxS7oXHHAZ4WNqypaDOpwVglg9kcO8Fa+Ob BHOQJxpipISPlAJnHhkVeF/M4O5+O2PNMtG1GPvgtY4v9CK5KeY7fgP9 1lNpOx5oqHKZOw5rGiwaA7qaRz1T91Vsed97it0+74Sf6f/hu5RcNz+y bsMtkqZJYtVKQLv8kylZYJrGNCtsnHPs2XUUakhBqk8FWjB6xfDzRkBv 7L7Qlw==
;; Received 1170 bytes from 192.58.128.30#53(j.root-servers.net) in 31 ms
qq.com. 172800 IN NS ns1.qq.com.
qq.com. 172800 IN NS ns2.qq.com.
qq.com. 172800 IN NS ns3.qq.com.
qq.com. 172800 IN NS ns4.qq.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0Q3UDG8CEKKAE7RUKPGCT1DVSSH8LL NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 13 2 900 20250831015158 20250824004158 20545 com. KwEWamEC8pX2daXBOa2BY/AGCUCb+3Khm5Ao6bpOsD8Aj1En1mb2hO00 CtpTsH5JQu5HQD8QFWyb6ss6/vz3Mg==
J976KA284HT3M5K6UPOCJ48OPMNH64L7.com. 900 IN NSEC3 1 1 0 - J976V9IM8597ALLH81MQKOSCKFOC08F5 NS DS RRSIG
J976KA284HT3M5K6UPOCJ48OPMNH64L7.com. 900 IN RRSIG NSEC3 13 2 900 20250901010018 20250824235018 20545 com. J22cVFtGgGQrxVKJhn7ImrWmFzsAjHRwsrLp2PPT3Gbp3Oi/rb1V+O/3 Fx8YOv7RrfzbO2vOMC6UAhF4L22RmQ==
;; Received 812 bytes from 192.48.79.30#53(j.gtld-servers.net) in 185 ms
www.qq.com. 86400 IN NS ns-os1.qq.com.
www.qq.com. 86400 IN NS ns-cmn1.qq.com.
www.qq.com. 86400 IN NS ns-tel1.qq.com.
www.qq.com. 86400 IN NS ns-cnc1.qq.com.
;; Received 382 bytes from 203.205.220.251#53(ns1.qq.com) in 196 ms
;; Received 39 bytes from 43.159.167.133#53(ns-os1.qq.com) in 188 ms4. 配置本地域名解析
搭建主域名服务器,提供特定域名的解析,如:huang.com
编辑/etc/named.rfc1912.zones文件
bash
[root@dns-server ~]# vim /etc/named.rfc1912.zones
zone "huang.com" IN {
type master;
file "huang.com.zone";
allow-update { none; };
};创建解析记录文件
bash
[root@dns-server ~]# cd /var/named
[root@dns-server named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@dns-server named]# cp -a named.localhost huang.com.zone
[root@dns-server named]# ll
总用量 20
drwxrwx--- 2 named named 23 8月 26 11:35 data
drwxrwx--- 2 named named 60 8月 26 11:40 dynamic
-rw-r----- 1 root named 152 7月 30 03:50 huang.com.zone
-rw-r----- 1 root named 2112 7月 30 03:50 named.ca
-rw-r----- 1 root named 152 7月 30 03:50 named.empty
-rw-r----- 1 root named 152 7月 30 03:50 named.localhost
-rw-r----- 1 root named 168 7月 30 03:50 named.loopback
drwxrwx--- 2 named named 6 7月 30 03:49 slaves
[root@dns-server named]# vim huang.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.168.139
AAAA ::1
www IN A 192.168.168.133
web1 IN A 192.168.168.136
web2 IN A 192.168.168.137
nfs IN A 192.168.168.139
web IN A CNAME www检查配置并启动服务
root@dns-server named\]# `named-checkconf /etc/named.rfc1912.zones ` \[root@dns-server named\]# `named-checkzone huang.com /var/named/huang.com.zone` zone huang.com/IN: loaded serial 1 OK \[root@dns-server named\]# service named restart Redirecting to /bin/systemctl restart named.service
用nslookup测试
bash
[root@web-1 ~]# nslookup www.huang.com
Server: 192.168.168.139
Address: 192.168.168.139#53
Name: www.huang.com
Address: 192.168.168.133
[root@web-1 ~]# nslookup nfs.huang.com
Server: 192.168.168.139
Address: 192.168.168.139#53
Name: nfs.huang.com
Address: 192.168.168.139
[root@web-1 ~]# nslookup web1.huang.com
Server: 192.168.168.139
Address: 192.168.168.139#53
Name: web1.huang.com
Address: 192.168.168.136
[root@web-1 ~]# nslookup web.huang.com
Server: 192.168.168.139
Address: 192.168.168.139#53
web.huang.com canonical name = www.huang.com.
Name: www.huang.com
Address: 192.168.168.1335. 优化后的zone
增加MX记录、@、*、NS记录
bash
[root@dns-server ~]# cat /var/named/huang.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
;域名服务器记录
@ IN NS ns1.huang.com.
@ IN NS ns2.huang.com.
;A记录
www IN A 192.168.168.133
www IN A 192.168.168.134
web1 IN A 192.168.168.136
web2 IN A 192.168.168.137
nfs IN A 192.168.168.139
;别名记录
web IN CNAME www
;域名服务器记录的A记录
ns1 IN A 192.168.168.139
ns2 IN A 192.168.100.140
nfs.liu.com IN A 192.168.168.139
liu IN CNAME nfs.liu.com
;邮件交换记录--》邮件服务器
@ IN MX 10 mail1.huang.com.
@ IN MX 20 mail2.huang.com.
;邮件服务器的A记录
mail1 IN A 192.168.168.136
mail2 IN A 192.168.168.137
;@表示本域
@ IN A 192.168.168.133
;泛域名解析记录
* IN A 192.168.168.133刷新服务后测试是否生效
使用nslookup交互模式
bash
[root@web-1 ~]# nslookup
> abc.huang.com
Server: 192.168.168.139
Address: 192.168.168.139#53
Name: abc.huang.com
Address: 192.168.168.133
> web.huang.com
Server: 192.168.168.139
Address: 192.168.168.139#53
>web.huang.com canonical name = www.huang.com.
Name: www.huang.com
Address: 192.168.168.133
Name: www.huang.com
Address: 192.168.168.134
> set type=ns
> huang.com
Server: 192.168.168.139
Address: 192.168.168.139#53
huang.com nameserver = huang.com.
> set type=mx
> huang.com
Server: 192.168.168.139
Address: 192.168.168.139#53
huang.com mail exchanger = 20 mail2.huang.com.
huang.com mail exchanger = 10 mail1.huang.com.