Linux上部署DNS解析服务相对来说比较简单的。安装一个named,然后编辑一下全局配置文件和区域配置文件就可以了。
主要难点都在对DNS服务的了解上。

安装

  1. yum insatll -y named bind

编辑全局配置文件

  1. vim /etc/named.cn
  3. //
  4. // named.conf
  5. //
  6. // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
  7. // server as a caching only nameserver (as a localhost DNS resolver only).
  8. //
  9. // See /usr/share/doc/bind*/sample/ for example named configuration files.
  10. //
  11. // See the BIND Administrator's Reference Manual (ARM) for details about the
  12. // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
  14. options {
  15.         // 监听端口
  16.         listen-on port 53 { any; };
  17.         listen-on-v6 port 53 { ::1; };
  18.         directory       "/var/named";
  19.         dump-file       "/var/named/data/cache_dump.db";
  20.         statistics-file "/var/named/data/named_stats.txt";
  21.         memstatistics-file "/var/named/data/named_mem_stats.txt";
  22.         recursing-file  "/var/named/data/named.recursing";
  23.         secroots-file   "/var/named/data/named.secroots";
  24.         //允许那些网络访问该主机的DNS服务
  25.         allow-query     { any; };
  27.         /* 
  28.          - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
  29.          - If you are building a RECURSIVE (caching) DNS server, you need to enable 
  30.            recursion. 
  31.          - If your recursive DNS server has a public IP address, you MUST enable access 
  32.            control to limit queries to your legitimate users. Failing to do so will
  33.            cause your server to become part of large scale DNS amplification 
  34.            attacks. Implementing BCP38 within your network would greatly
  35.            reduce such attack surface 
  36.         */
  37.         recursion yes;
  39.         dnssec-enable yes;
  40.         dnssec-validation yes;
  42.         /* Path to ISC DLV key */
  43.         bindkeys-file "/etc/named.root.key";
  45.         managed-keys-directory "/var/named/dynamic";
  47.         pid-file "/run/named/named.pid";
  48.         session-keyfile "/run/named/session.key";
  50. };
  52. logging {
  53.         channel default_debug {
  54.                 file "data/named.run";
  55.                 severity dynamic;
  56.         };
  57. };
  59. // 配置根域主机
  60. zone "." IN {
  61.         type hint;
  62.         file "named.ca";
  63. };
  65. //配置我们自己的域
  66. zone "example.com" IN {
  67.         type master;
  68.         // 域文件
  69.         file "/etc/named/example.com.named.zone";
  70. };
  72. include "/etc/named.rfc1912.zones";
  73. include "/etc/named.root.key";

创建根域文件

首先导入根域,配置文件来自 ICANN 。

  1. tee /etc/named/name.ca <<- 'EOF'
  2. ;       This file holds the information on root name servers needed to 
  3. ;       initialize cache of Internet domain name servers
  4. ;       (e.g. reference this file in the "cache  .  <file>"
  5. ;       configuration file of BIND domain name servers). 
  6. ; 
  7. ;       This file is made available by InterNIC 
  8. ;       under anonymous FTP as
  9. ;           file                /domain/named.cache 
  10. ;           on server           FTP.INTERNIC.NET
  11. ;       -OR-                    RS.INTERNIC.NET
  12. ;
  13. ;       last update:     August 17, 2021
  14. ;       related version of root zone:     2021081701
  15. ; 
  16. ; FORMERLY NS.INTERNIC.NET 
  17. ;
  18. .                        3600000      NS    A.ROOT-SERVERS.NET.
  19. A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
  20. A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
  21. ; 
  22. ; FORMERLY NS1.ISI.EDU 
  23. ;
  24. .                        3600000      NS    B.ROOT-SERVERS.NET.
  25. B.ROOT-SERVERS.NET.      3600000      A     199.9.14.201
  26. B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
  27. ; 
  28. ; FORMERLY C.PSI.NET 
  29. ;
  30. .                        3600000      NS    C.ROOT-SERVERS.NET.
  31. C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
  32. C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
  33. ; 
  34. ; FORMERLY TERP.UMD.EDU 
  35. ;
  36. .                        3600000      NS    D.ROOT-SERVERS.NET.
  37. D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
  38. D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
  39. ; 
  40. ; FORMERLY NS.NASA.GOV
  41. ;
  42. .                        3600000      NS    E.ROOT-SERVERS.NET.
  43. E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
  44. E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
  45. ; 
  46. ; FORMERLY NS.ISC.ORG
  47. ;
  48. .                        3600000      NS    F.ROOT-SERVERS.NET.
  49. F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
  50. F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
  51. ; 
  52. ; FORMERLY NS.NIC.DDN.MIL
  53. ;
  54. .                        3600000      NS    G.ROOT-SERVERS.NET.
  55. G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
  56. G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
  57. ; 
  58. ; FORMERLY AOS.ARL.ARMY.MIL
  59. ;
  60. .                        3600000      NS    H.ROOT-SERVERS.NET.
  61. H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
  62. H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
  63. ; 
  64. ; FORMERLY NIC.NORDU.NET
  65. ;
  66. .                        3600000      NS    I.ROOT-SERVERS.NET.
  67. I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
  68. I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
  69. ; 
  70. ; OPERATED BY VERISIGN, INC.
  71. ;
  72. .                        3600000      NS    J.ROOT-SERVERS.NET.
  73. J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
  74. J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
  75. ; 
  76. ; OPERATED BY RIPE NCC
  77. ;
  78. .                        3600000      NS    K.ROOT-SERVERS.NET.
  79. K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
  80. K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
  81. ; 
  82. ; OPERATED BY ICANN
  83. ;
  84. .                        3600000      NS    L.ROOT-SERVERS.NET.
  85. L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
  86. L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
  87. ; 
  88. ; OPERATED BY WIDE
  89. ;
  90. .                        3600000      NS    M.ROOT-SERVERS.NET.
  91. M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
  92. M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
  93. ; End of file
  94. EOF

创建自定义域名的配置文件

  1. tee /etc/named/example.com.named.zone <<-'EOF'
  2. $TTL    600
  3. @                       IN SOA   dns.example. email.example.com. (
  4.                                  2022032801 3H 15M 1W 1D )
  5. @                       IN NS    dns.example.
  6.                         IN MX 5 mx1.example.com.
  7.                         IN TXT "v=spf1 include:spf.example.com -all"
  10. www     IN A 192.168.10.11
  11. bda     IN A    192.168.10.12
  12. cloud   IN A    192.168.10.13
  13. dap     IN A    192.168.10.14
  14. doc     IN A    192.168.10.15
  15. EOF
TTL time to live 生存时间,默认为秒
@ 当不带任何次级域名,直接访问example.com的时候,会使用@的A记录进行解析。
同时针对该域的一些配置信息也会在这里面。
IN 表示后面的数据使用的是INTERNET标准
SOA 此区域的管理信息
dns.example. 该域的主域名服务器
email.example.com. 管理员邮件地址(这里的邮件地址中的用.来代替常见的邮件地址的@.)
2022032801 serial(d. adams)表示配置文件的修改版本,格式是年月日当日修改的次数,每次修改时都应该修改这个数字,要不然所做修改的不会更新到网上的其它DNS服务器的数据库上,即你所做的更新很可能对于不以你你的所配置的DNS服务器数据库上,即你所做的更新很可能对于不以你的所配置的DNS服务器为DNS服务器的客户端来说就不会反映出你的更新,也就对他们来说你更新是没意义的
3H refresh,定义以单位(M分,H时,W周,默认是秒即不带单位)的刷新频率,即规定从域名服务器多长时间查
询一个主服务器,以服务器的数据的是最新的
15M retry,以30分钟的时间间隔重试,即当从服务器试图在主服务器上查询更新时,而连接失败了,则这个值规定
了从服务器多长时间后重试
1W expire,规定从服务器在向主服务器更新失败之后清除记录的时间
1D minimum TTL,规定缓冲服务器不能与主服务器联系上的清除记录时间
NS net server,表示该主机是域名服务器
TXT 文本记录,一般情况下用来为其他服务提供配置信息
A address,定义了一条A记录,表示该主机名到IP地址的对应记录
MX mail exchange,定义一条邮件记录
CNAME 定义了对应主机的一个别名

添加方法

只要在后面追加记录就可以了

  1. 记录值 IN 记录类型  主机地址
  2. www   IN     A    192.168.10.11
  3. index IN   CNAME  www.example.com

使用以下命令可以让配置的DNS立即生效

  1. rndc reconfig
  2. rndc flush