DNS服务搭建

发表于 | 分类于 |   热度
| 字数统计: 732 | 阅读时长 ≈ 3
搬砖场景

公司内部网络有很多日常开发或运维要用内部服务器,每次访问特定的服务时总得在浏览器中输入ip地址或者在本地计算机绑定host,总是显的十分的不方便。并且也不便于日后的维护。于是就有在公司内部搭建一台DNS服务器的必要了,并且还可以作为缓存服务器加速网络的访问,何乐而不为。

开始搬砖

DNS服务搭建,用到了两台服务器,一主一从。配置文件如下

主DNS

options配置/etc/named.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
options { 
  listen-on port 53 { any; }; 
  directory        "/var/named"; 
  dump-file        "/var/named/data/cache_dump.db"; 
  statistics-file        "/var/named/data/named_stats.txt"; 
  memstatistics-file        "/var/named/data/named_mem_stats.txt"; 
  allow-query        { any; }; 
  allow-query-cache        { any; }; 
  allow-transfer  { 192.168.1.12; }; 
  allow-update { none; }; 
  recursion yes; 
  forwarders      { 101.226.1.43; 202.101.172.35; }; 
  dnssec-enable no; 
  dnssec-validation no; 
  dnssec-lookaside auto; 
};

logging配置/etc/named.conf 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
logging { 
  channel default_log{ 
      file "data/bind.log" 
      versions 3 size 256m; 
      #severity warning; 
      print-time yes; 
      print-severity yes; 
      print-category yes; 
  }; 
  category default{ 
    default_log; 
  }; 
  channel query_log{ 
    file "data/query.log" 
    versions 3 
    size 256m; 
    #severity warning; 
    print-time yes; 
    print-severity yes; 
    print-category yes; 
  }; 
  category queries{ 
    query_log; 
  }; 
};

zone配置/etc/named.rfc1912.zones

1
2
3
4
5
6
7
8
9
10
11
12
13
14
zone "hd.com" IN { 
  type master; 
  file "hd.com.zone"; 
  allow-transfer { 192.168.1.12; }; 
  notify yes; 
  also-notify { 192.168.1.12; }; 
}; 
zone "1.168.192.in-addr.arpa" IN { 
  type master; 
  file "192.168.1.zone"; 
  allow-transfer { 192.168.1.12; }; 
  notify yes; 
  also-notify { 192.168.1.12; }; 
};

主DNS的zone文件详细信息 正向解析zone文件/var/named/hd.com.zone

1
2
3
4
5
6
7
8
9
10
11
12
13
14
$TTL 86400 
@       IN SOA  ns1.hd.com. root ( 
            20140220 
            28800   ; refresh 
            14400   ; retry 
            3600000 ; expire 
            86400 ) ; minimum 

@       IN NS   ns1.hd.com. 
@       IN NS   ns2.hd.com. 
ns1     IN A    192.168.1.13 
ns2     IN A    192.168.1.12 
pan     IN A    192.168.1.13 
bbs     IN A    192.168.1.13

反方向解析zone文件/var/named/192.168.1.zone 

1
2
3
4
5
6
7
8
9
10
11
12
$TTL 86400 
@       IN SOA  ns1.hd.com. root ( 
            20140221 
            28800   ; refresh 
            14400   ; retry 
            3600000 ; expire 
            86400 ) ; minimum 
@       IN NS   ns.hd.com. 
13      IN PTR  pan.hd.com. 
13      IN PTR  bbs.hd.com. 
13      IN PTR  ns1.hd.com. 
12      IN PTR  ns2.hd.com.
从DNS配置

option配置/etc/named.conf 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
options { 
  listen-on port 53 { any; }; 
  directory       "/var/named"; 
  dump-file       "/var/named/data/cache_dump.db"; 
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";
  allow-query     { any; }; 
  allow-query-cache { any; }; 
  recursion yes; 
  forwarders      { 101.226.1.43; 202.101.172.35; }; 
  dnssec-enable no; 
  dnssec-validation no; 
  dnssec-lookaside auto; 
};

zone配置/etc/named.rfc1912.zones 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
zone "hd.com" IN { 
  type slave; 
  file "hd.com.zone"; 
  masters { 192.168.1.13; }; 
  notify  yes; 
  allow-notify { 192.168.1.13; }; 
}; 
zone "1.168.192.in-addr.arpa" IN { 
  type slave; 
  file "192.168.1.zone"; 
  masters { 192.168.1.13; }; 
  notify  yes; 
  allow-notify { 192.168.1.13; }; 
};
主从同步

DNSzone文件不需要手动设置,会自动从主DNS上同步下来。如果每次更改主服务器的zone文件后,还要更改zoneID,一般增大就好。在主DNS上执行service named reload从上的zone文件会同步更新。

----------------本文结束 感谢阅读----------------