一、DNS简介
DNS(DomainNameSystem,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。通常DNS在查询的时候是以udp这个快速的传输协议来查询的,如果一旦没有办法查询到完整的信息时就会再次以TCP协议来进行重新查询,因此DNS服务在启动的时候会同时开启tcp的53端口和udp的53端口
DNS的主要作用就是将主机名解析成IP地址的过程,通过配置DNS服务器地址,主机不需要知道对应的IP地址就能通过主机名的形式访问互联网。
二、DNS 服务部署
2.1、安装服务
yum install bind*
2.2、配置相关文件
/etc/named.rfc1912.zones DNS的区域配置文件
/etc/named.conf 为DNS的主配置文件
/etc/rc.d/init.d/named DNS的服务脚本
2.3、配置区域数据信息/etc/named.rfc1912.zones
[root@openvpn named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
# 加入以下内容
***zone "test.com" IN {
type master;
file "test.com.zone";
};***
2.4、配置解析数据信息。创建相应的区域数据库文件 可根据模板创建 /var/named/named.localhost
cp /var/named/named.localhost /var/named/test.com.zone
[root@openvpn named]# cat /var/named/test.com.zone
$TTL 1D
@ IN SOA dns1.test.com. 3423554.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1
dns1 A 192.168.122.240 # dns服务器地址
www A 192.168.122.230 # 需要解析域名的地址
三、修改解析库文件的属组并重启服务
chgrp named test.com.zone
systemctl restart named
四、测试 DNS 服务是否可以正常解析,如下图所示解析成功
4.1、在其它服务器配置dns地址 本例使用 192.168.122.239
4.2、添加以下内容
[root@jenkins ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.122.240
4.3、使用dig命令测试
[root@jenkins ~]# dig www.test.com @192.168.122.240
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> www.test.com @192.168.122.240
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10742
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 86400 IN A 192.168.122.230 # 解析后的域名及地址
;; AUTHORITY SECTION:
test.com. 86400 IN NS dns1.test.com.
;; ADDITIONAL SECTION:
dns1.test.com. 86400 IN A 192.168.122.240 # dns服务器地址
;; Query time: 0 msec
;; SERVER: 192.168.122.240#53(192.168.122.240)
;; WHEN: Wed Oct 13 17:56:48 CST 2021
;; MSG SIZE rcvd: 92
4.4、使用ping命令测试
[root@jenkins ~]# ping www.test.com
PING www.test.com (192.168.122.230) 56(84) bytes of data.
64 bytes from 192.168.122.230 (192.168.122.230): icmp_seq=1 ttl=64 time=0.174 ms
64 bytes from 192.168.122.230 (192.168.122.230): icmp_seq=2 ttl=64 time=0.291 ms
64 bytes from 192.168.122.230 (192.168.122.230): icmp_seq=3 ttl=64 time=0.221 ms
五、至此,DNS服务器搭建完成,在其它服务器配置dns服务器地址即可解析本地域名