这里介绍如何搭建dns解析服务器

基础环境

  • Linux发行版,这里用CentOS7
  • bind软件
  • 本案例中父域服务器为192.168.250.72
  • 子域为74和77

一、父域环境搭建

yum install bind  

安装完成后,要对__主配置文件__进行__部分__修改

vim /etc/named.conf

修改两处为any,两处进行注释

options {
listen-on port 53 { any; };     //这里修改为any
//listen-on-v6 port 53 { ::1; };   //用不到ipv6 注释掉
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file  "/var/named/data/named.recursing";
secroots-file   "/var/named/data/named.secroots";
allow-query     { any; };     //这里修改为any
recursion yes;      //对子域的地址进行递归查询

dnssec-enable no;
dnssec-validation no;

二、自定义域名配置

现在安装基本的dns服务器之后,我们就开始自定义个域名来进行解析:

vim /etc/named.rfc1912.zones

增加一个需要解析的主域名比如:test.com,增加下面的文件到文件named.rfc1912.zones的最后

zone "test.com" IN {
type master;
file "test.com.zone";
};

三、指定转发器

zone "paas.test.com" IN {
    type forward;
    forward only;
    forwarders { 192.168.250.74;192.168.250.77; };
};

四、增加域名配置(对子域授权)

上面定义了test.com.zone的文件,现在增加配置vim /var/named/test.com.zone
增加下面的内容:

$TTL 600
$ORIGIN test.com.
@       IN      SOA     ns1.test.com.   admin.test.com (
                        100
                        1H
                        5M
                        7D
                        1D
)
        IN      NS      ns
ns      IN      A       192.168.250.72

paas    IN      NS      ns1
paas    IN      NS      ns2
ns1     IN      A       192.168.250.74
ns2     IN      A       192.168.250.77

ns 对应的ip地址必须为dns服务器搭建的IP地址,也就是dns安装的机器的ip地址。
ns IN A xxx.xxx.xxx.xxx ==> 换成你dns服务器的ip

DNS服务器中的资源类型:
SOA记录:Start Of Authority,起始授权记录;
A记录:internet Address,作用是将全称域名解析成IP地址。
NS记录: Name Server,作用是标明当前区域的DNS服务器。

五、检查配置文件

named-checkconf检查主配置文件是否配置正确,没有输出表明是正确的:
named-checkzone检查zone文件配置:

named-checkzone "test.com" /var/named/test.com.zone

六、重启服务

systemctl restart named.service
rndc reload

到此父域环境搭建完毕

一、子域环境搭建

yum install bind
vim /etc/named.conf
options {
    listen-on port 53 { any; };
    //listen-on-v6 port 53 { ::1; };
    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };
    recursion no;       //由于这里开始搭建权威服务器应答,软件不建议开启递归查询功能

    dnssec-enable no;
    dnssec-validation no;

二、定义可解析区域

vim /etc/named.rfc1912.zones
zone "paas.test.com" IN {
    type master;
    file "paas.test.com.zone";
};

三、编辑资源记录

vim /var/named/paas.test.com.zone
$TTL 600
$ORIGIN paas.test.com.
@       IN      SOA     ns.paas.test.com.       admin.paas.test.com (
                        101
                        1H
                        5M
                        7D
                        1D
)           
        IN      NS      ns
ns      IN      A       192.168.250.74
*       IN      A       192.168.250.74      //这个是泛域名解析

五、检查语法错误

named-checkzone  paas.test.com /var/named/paas.test.com.zone

六、重启服务

service named restart
rndc reload

七、给53端口放行(dns端口)

​ firewall-cmd –permanent –zone=public –add-port=53/tcp
 ​ firewall-cmd –permanent –zone=public –add-port=53/udp ​ firewall-cmd –reload

八、让dns解析服务开机自启

systemctl enable named.service

另一台备服务器同上配置

测试

首先在要测试的机器上dns配置为父域的ip(macOS/Windows不做阐述)
Linux 平台的配置方法为:

vim /etc/resolv.conf
nameserver 192.168.250.72    //新增一条你父域的ip

PING

ping xxxxx.paas.test.com  //ping你要解析的域名

traceroute

这个工具CentOS7最小安装情况下需要自行安装

yum install traceroute
traceroute xxxxx.paas.test.com

traceroute to fjek.paas.test.com (192.168.250.74), 30 hops max, 60 byte packets
1  192.168.250.74 (192.168.250.74)  0.274 ms !X  0.214 ms !X  0.191 ms !X

nslookup

nslookup
> fjke.paas.test.com
Server:		192.168.250.72
Address:	192.168.250.72#53

Non-authoritative answer:
Name:	fjke.paas.test.com
Address: 192.168.250.74     //能跳转到你做解析服务的子域服务器上说明搭建成功

dig

dig -t A fkef.paas.test.com @192.168.250.72

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A fkef.paas.test.com @192.168.250.72
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35718
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2        

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fkef.paas.test.com.		IN	A

;; ANSWER SECTION:
fkef.paas.test.com.	600	IN	A	192.168.250.74

;; AUTHORITY SECTION:
paas.test.com.		410	IN	NS	ns.paas.test.com.

;; ADDITIONAL SECTION:
ns.paas.test.com.	410	IN	A	192.168.250.74

;; Query time: 1 msec
;; SERVER: 192.168.250.72#53(192.168.250.72)
;; WHEN: 四 12月 27 16:10:07 CST 2018
;; MSG SIZE  rcvd: 96

返回信息中应答有值(ANSWER: 1)下述ANSWER SECTION等指向的为你做的解析服务器即配置成功