DNS服务器搭建-简易版

1.准备

准备两台服务器，一台搭建dns服务器（192.168.10.50），一台作为普通客户端（192.168.10.51）进行dns指定访问

2.实验逻辑

实验逻辑，搭建完成dns服务器后，在dns服务器上做好域名与ip的解析关系，使用普通客户端来配置好dns服务地址，直接ping dns服务器记录的域名，能ping通则dns服务搭建成功。

3.注意点

（1）dns服务器修改三个配置文件；

（2）dns服务器关闭防火墙；

（3）保证两台服务器网络互相可达；

（4）普通客户端网卡配置正确的dns地址。

4.安装步骤

#1 关闭防火墙，否则将导致dns解析不正常
systemctl stop firewalld

#2下载安装dns服务应用（192.168.10.50）
yum install bind-utils -y

#3.修改主配置文件vim  /etc/named.conf，修改完成后如下
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };

#4.修改区域配置文件-用来保存IP 与域名对应关系的文件的所在位置 == 目录  vim /etc/named.rfc1912.zones 修改追加内容完成后如下
#这里是定义一个二级域名，如本列中“yonghai.com”就是一个二级域名
#类型为主域名
#文件为名yonghai.com.zone 这个文件里配置了需要解析的各个子域名，在后边步骤进行添加和修改
vim /etc/named.rfc1912.zones

zone "yonghai.com" IN {
    type master;
    file "yonghai.com.zone";
    allow-update { none; };
};

#5.修改数据配置文件-详细记录IP 与域名的对应关系
#这里修改的是yonghai.com二级域名下子域名的配置，添加子域名和ip的记录，作用是当可达网络环境中的其他设备指定dns服务器地址为本dns的地址时，由本服务器查询访问端所访问的子域名和ip的对应关系，将对应的ip返回给访问端。
#修改后的内容如下注意这里是将模板复制成自己想要的文件名，文件名必须与区域配置文件里的file名称完全一致，否则解析时找不着配置的文件
#cd /var/named
#cp -a /var/named/named.localhost /var/named/yonghai.com.zone

vim /var/named/yonghai.com.zone

#修改完成如下
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       192.168.10.50
        AAAA    ::1
www     A       192.168.10.50
fyh     A       192.168.10.50

#6.保存后启动服务，查看启动的服务为53端口
#systemctl start named

netstat -ntlp
[root@dns-master named]# netstat -ntlp |grep named
tcp        0      0 192.168.10.50:53        0.0.0.0:*               LISTEN      3245/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      3245/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      3245/named          
tcp6       0      0 ::1:53                  :::*                    LISTEN      3245/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN      3245/named

#7.在dns服务器（192.168.10.50）上 ping 添加的域名（www.yonghai.com 或者fyh.yonghai.com）进行测试，检查能否正常解析
ping www.yonghai.com
[root@dns-master named]# ping www.yonghai.com
PING www.yonghai.com (192.168.10.50) 56(84) bytes of data.
64 bytes from dns-master (192.168.10.50): icmp_seq=1 ttl=64 time=0.013 ms
64 bytes from dns-master (192.168.10.50): icmp_seq=2 ttl=64 time=0.031 ms

#8.配置普通客户端（192.168.10.51）dns服务,直接修改网卡信息后重启网卡或者直接修改 /etc/resolv.conf文件皆可
#修改完后ping dns服务做的域名解析验证是否生效。

echo  “nameserver 192.168.10.50” >> /etc/resolv.conf

[root@node2 ~]# cat /etc/resolv.conf 
nameserver 192.168.10.50

[root@node2 ~]# ping www.yonghai.com
PING www.yonghai.com (192.168.10.50) 56(84) bytes of data.
64 bytes from 192.168.10.50 (192.168.10.50): icmp_seq=1 ttl=64 time=0.263 ms
64 bytes from 192.168.10.50 (192.168.10.50): icmp_seq=2 ttl=64 time=3.54 ms
64 bytes from 192.168.10.50 (192.168.10.50): icmp_seq=3 ttl=64 time=0.605 ms

5.补充1（常用命令）

#常用命令
#检查域名解析情况
nslookup www.huya.com 
#检查域名解析通过的服务
#这是一个简单的域名和ip对应关系
dig +trace www.huya.com
dig  www.huya.com


#常用命令的使用
[root@dns-master named]# nslookup fyh.yonghai.com
Server:		192.168.10.50
Address:	192.168.10.50#53

Name:	fyh.yonghai.com
Address: 192.168.10.50


[root@dns-master named]# dig fyh.yonghai.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> fyh.yonghai.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56906
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fyh.yonghai.com.		IN	A

;; ANSWER SECTION:
fyh.yonghai.com.	86400	IN	A	192.168.10.50

;; AUTHORITY SECTION:
yonghai.com.		86400	IN	NS	yonghai.com.

;; ADDITIONAL SECTION:
yonghai.com.		86400	IN	A	192.168.10.50
yonghai.com.		86400	IN	AAAA	::1

;; Query time: 0 msec
;; SERVER: 192.168.10.50#53(192.168.10.50)
;; WHEN: Tue Jul 25 01:11:39 CST 2023
;; MSG SIZE  rcvd: 118

[root@dns-master named]# dig +trace  fyh.yonghai.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> +trace fyh.yonghai.com
;; global options: +cmd
.			518400	IN	NS	m.root-servers.net.
.			518400	IN	NS	k.root-servers.net.
.			518400	IN	NS	b.root-servers.net.
.			518400	IN	NS	e.root-servers.net.
.			518400	IN	NS	i.root-servers.net.
.			518400	IN	NS	j.root-servers.net.
.			518400	IN	NS	f.root-servers.net.
.			518400	IN	NS	a.root-servers.net.
.			518400	IN	NS	d.root-servers.net.
.			518400	IN	NS	c.root-servers.net.
.			518400	IN	NS	g.root-servers.net.
.			518400	IN	NS	h.root-servers.net.
.			518400	IN	NS	l.root-servers.net.
couldn't get address for 'm.root-servers.net': not found
couldn't get address for 'k.root-servers.net': not found
couldn't get address for 'b.root-servers.net': not found
couldn't get address for 'e.root-servers.net': not found
couldn't get address for 'i.root-servers.net': not found
couldn't get address for 'j.root-servers.net': not found
couldn't get address for 'f.root-servers.net': not found
couldn't get address for 'a.root-servers.net': not found
couldn't get address for 'd.root-servers.net': not found
couldn't get address for 'c.root-servers.net': not found
couldn't get address for 'g.root-servers.net': not found
couldn't get address for 'h.root-servers.net': not found
couldn't get address for 'l.root-servers.net': not found
dig: couldn't get address for 'm.root-servers.net': no more

6.补充2（更轻量版搭建-dnsmasq软件）

参考地址：安装配置视屏

#1安装
[root@dns-master named]# yum install dnsmasq -y

#2创建dnsmasq配置文件，设置上游dns服务器地址，设置本地域名解析记录
[root@dns-master named]# vim /etc/dnsmasq.conf
#指定上游dns服务器地址指定一个配置文件即可
#指定运行地址是内网环境
#需要指定你想要添加的本地，域名记录，默认/etc/hosts文件
#

[root@dns-master named]# grep -Ev '^($|#)' /etc/dnsmasq.conf 
resolv-file=/etc/reslv.dnsmasq.conf
listen-address=192.168.10.50
addn-hosts=/etc/hosts.dnsnasq.conf
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig

#3创建对应的数据文件
echo "nameserver 223.5.5.5" > /etc/resolv.dnsmasq.conf

cat >/etc/hosts.dnsnasq.conf<<EOF
192.168.10.52 cs.top
EOF

#4.启动
systemctl start dnsmasq

#5.服务端配置dns为192.168.10.50
[root@dns-master named]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.10.50
ping cs.top
[root@dns-master named]# ping cs.top
PING cs.top (192.168.10.52) 56(84) bytes of data.
64 bytes from cs.top (192.168.10.52): icmp_seq=1 ttl=64 time=0.503 ms
64 bytes from cs.top (192.168.10.52): icmp_seq=2 ttl=64 time=2.18 ms

#6.客户端配置dns为192.168.10.50
ping cs.top
[root@node2 ~]# cat  /etc/resolv.conf 
nameserver 192.168.10.50
[root@node2 ~]# ping cs.top
PING cs.top (192.168.10.52) 56(84) bytes of data.
64 bytes from cs.top (192.168.10.52): icmp_seq=1 ttl=64 time=0.029 ms
64 bytes from cs.top (192.168.10.52): icmp_seq=2 ttl=64 time=0.087 ms

解析流程图参考

至此，dns服务搭建成功，有疑问请留言探讨