最近公司局域网服务器换了硬件重装系统升级到22.04 lts版本,公司需要搭建一个内部的完整开发环境,模拟线上环境,考虑到端口模拟可能会存在其他情况;综合之前搭建DNS服务器的经验,搭建了一个可以再不影响公司网络正常访问情况下支持泛域名解析的DNS服务器,经测试正常网络访问基本不会收影响。
一 安装
apt install bind9 dnsutilsubuntu22.04 以后可以直接 apt 不需要 apt-get也可以
二 配置
2.1 全局配置
vim /etc/bind/named.conf.optionsoptions { directory "/var/cache/bind"; listen-on port 53 { any;}; //监听所有IP //listen-on port 53 { 192.168.10.3;};//监听某个ip allow-query {any;}; //设置允许DNS查询的客户端地址 // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. //DNS转发器。用于设定该DNS解析服务器无法进行当前域名解析的情况下,进行转发解析的DNS地址 forwarders { 223.5.5.5; 223.6.6.6; //114.114.114.114; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto;//设置是否启用DNSSEC确认,默认值为yes,可以选择 aut auth-nxdomain no;// //listen-on-v6 { any; }; //include "/etc/rndc.key"; };
vim /etc/bind/named.conf.local// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "demo.com" { //正向解析 type master; file "/etc/bind/db.demo.com"; //解析区域对应的配置文件 }; // 反向解析 . zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.168.192"; };
2.2 正向解析配置
#复制正向解析配置 cp db.0 db.demo.comvim db.demo.com# 修改配置文件 ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA demo.com. root.demo.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 192.168.10.10 ;@ IN AAAA ::1 * IN A 192.168.10.10 ;泛解析
2.2 反向解析配置
cp db.127 db.168.192vim db.168.192; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA demo.com. root.demo.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 1.0.0 IN PTR localhost. 10 IN PTR demo.com ;反向解析
三 测试
3.1 检查正向解析
named-checkzone demo.com /etc/bind/db.demo.com
3.2 检查反向解析
named-checkzone 168.192.in-addr.arpa /etc/bind/db.168.192
3.3 测试泛域名解析
# 重启bind服务 service bind9 restart
#linux测试
vim /etc/resolv.conf #配置dns解析为当前服务器# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8). # Do not edit. # # This file might be symlinked as /etc/resolv.conf. If you're looking at # /etc/resolv.conf and seeing this text, you have followed the symlink. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "resolvectl status" to see details about the uplink DNS servers # currently in use. # # Third party programs should typically not access this file directly, but only # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a # different way, replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. #nameserver 127.0.0.53 nameserver 192.168.10.10 options edns0 trust-ad search demo# 测试命令 dig www.demo.com # 因为是泛解析可以是任意 二级域名 a.demo.com b.demo.com 都可以
#windows 测试
设置dns解析地址为域名服务器地址,此处忽略,能看这篇文章的应该没人会不懂
nslookup a.demo.com
1612
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
