准备工作:关闭防火墙和selinux
#关闭防火墙
[root@nameserver ~]# service firewalld stop
[root@nameserver ~]# systemctl disable firewalld
#查看iptables防火墙规则
[root@nameserver ~]# iptables -L
[root@nameserver ~]# getenforce
Disabled
[root@nameserver ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled #修改为disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
1、安装软件bind,bind是历史非常悠久,而且性能非常好的dns域名系统的软件
[root@nameserver ~]# yum install bind* -y
2.设置named服务开机启动,并且立马启动DNS服务
name deamon --》named 提供域名服务的进程的名字
守护进程: 一直在内存里运行的,除非人为的停止
[root@nameserver ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@nameserver ~]#
[root@nameserver ~]# systemctl start named
#立马启动named进程
[root@nameserver ~]# ps aux|grep named
named 14474 3.6 5.7 168300 57340 ? Ssl 15:13 0:00 /usr/sbin/named -u named -c /etc/named.conf
root 14481 0.0 0.0 112824 980 pts/0 R+ 15:13 0:00 grep --color=auto named
[root@nameserver ~]# netstat -anplut|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14474/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 14474/named
tcp6 0 0 ::1:53 :::* LISTEN 14474/named
tcp6 0 0 ::1:953 :::* LISTEN 14474/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 14474/named
udp6 0 0 ::1:53 :::* 14474/named
[root@nameserver ~]# vim /etc/resolv.conf
#127.0.0.1 ---》loopback 接口 --》用来测试tcp/ip协议在本机是否能正常的运行 --》这个ip地址只是在本机访问
3.修改配置文件,重启服务器允许其他电脑能过来查询dns域名
[root@nameserver ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; #修改
listen-on-v6 port 53 { any; }; #修改
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #修改
[root@nameserver ~]# service named restart
#重启named服务
Redirecting to /bin/systemctl restart named.service
[root@nameserver ~]#
[root@nameserver ~]# netstat -anplut|grep named
tcp 0 0 192.168.0.180:53 0.0.0.0:* LISTEN 16137/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 16137/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 16137/named
tcp6 0 0 :::53 :::* LISTEN 16137/named
tcp6 0 0 ::1:953 :::* LISTEN 16137/named
udp 0 0 192.168.0.180:53 0.0.0.0:* 16137/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 16137/named
udp6 0 0 :::53 :::* 16137/named
[root@nameserver ~]#
4.验证dns服务
在客户机上配置dns服务器地址
[root@www network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@www network-scripts]# vim ifcfg-ens33
BOOTPROTO="none"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.0.180
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.180
DNS2=114.114.114.114
[root@www network-scripts]# cat /etc/resolv.conf
# Generated by NetworkManager
search feng.com
nameserver 192.168.0.180
nameserver 114.114.114.114
[root@www network-scripts]# cat ifcfg-ens33
BOOTPROTO="none"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.0.180
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.180
DNS2=114.114.114.114
ifcfg-ens33 文件里的dns服务器的ip地址会决定 /etc/resolv.conf 里的nameserver的ip service network restart 会将ifcfg-ens33 文件里的dns服务器写到/etc/resolv.conf 里
但是用户在查询域名的时候,只看/etc/resolv.conf
[root@www network-scripts]# ping www.qq.com
PING ins-r23tsuuf.ias.tencent-cloud.net (121.14.77.221) 56(84) bytes of data.
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=3 ttl=53 time=23.7 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=4 ttl=53 time=23.4 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=5 ttl=53 time=95.3 ms
64 bytes from 121.14.77.221 (121.14.77.221): icmp_seq=6 ttl=53 time=23.4 ms
^C
--- ins-r23tsuuf.ias.tencent-cloud.net ping statistics ---
6 packets transmitted, 4 received, 33% packet loss, time 5190ms
rtt min/avg/max/mdev = 23.440/41.488/95.348/31.096 ms
[root@www network-scripts]# nslookup www.qq.com
Server: 192.168.0.180
Address: 192.168.0.180#53
Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.221
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.201
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 2402:4e00:1020:1404:0:9227:71a3:83d2
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 2402:4e00:1020:1404:0:9227:71ab:2b74
[root@www network-scripts]#
[root@www network-scripts]# dig www.taobao.com
[root@www network-scripts]# host www.qq.com
www.qq.com is an alias for ins-r23tsuuf.ias.tencent-cloud.net.
ins-r23tsuuf.ias.tencent-cloud.net has address 121.14.77.201
ins-r23tsuuf.ias.tencent-cloud.net has address 121.14.77.221
ins-r23tsuuf.ias.tencent-cloud.net has IPv6 address 2402:4e00:1020:1404:0:9227:71ab:2b74
ins-r23tsuuf.ias.tencent-cloud.net has IPv6 address 2402:4e00:1020:1404:0:9227:71a3:83d2
[root@www network-scripts]#
DNS服务器搭建成功