centos搭建局域网DNS服务器及单服务器配置多域名
参考:https://www.jianshu.com/p/3d9d41521f82
- 安装bind
yum install -y bind bind-chroot bind-utils
bind:包里主要包含:
- named DNS服务
- named-chkconfig(named.conf文件检查工具)
- named-checkzone(zone文件检车工具)
- rndc(本地和远程dns控制工具)
bind-libs:named DNS服务的库
bind-utils:包含一系列辅助工具来测试
- host
- dig
- nslookup
- nsupdate
bind-chroot:切根程序,用来切换默认目录到另外一个深层的安全的目录/var/named/chroot,类似于前面光盘进入救援模式的那种情况
- 配置
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
vim /etc/named.rfc1912.zones
添加以下内容。
#--------------------------------------
zone "dyw.com" IN {
type master;
file "dyw.com.zone";
};
#--------------------------------------
- 配置zone
cd /var/name/
#-a,保存文件原权限
cp -a named.localhost dyw.com.zone
vim dyw.com.zone
$TTL 1D
@ IN SOA @ dns.dyw.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns
dns A 192.168.0.X
#填你希望设置的内网域名的地址
- 检测配置是否正确
named-checkconf;
named-checkzone dyw.com /var/named/dyw.com.zone;
service named restart;
netstat -tnpl | grep 53;
- 注意防火墙的开放
service firewalld stop;
service firewalld status;
systemctl disable firewalld
#或开放端口
firewall-cmd --zone=public --add-port=53/tcp --permanent
linux配置DNS
vim /etc/resolv.conf
#你的内网DNS服务器地址
nameserver 192.168.0.x;
nameserver 114.114.114.114;
Windows配置DNS
测试域名
- 浏览器访问
dns.dyw.com
网址 ping dns.dyw.com
测试nslookup
测试
为单台服务器上多个应用分别配置域名
http域名需要占用80端口,每台服务器有且仅有一个80端口。当服务器上部署了不止一个网站应用,分别占用不同的端口时,又希望能够为这些应用分别配置域名,可采用DNS+nginx反向代理的方法设置。
以下为测试环境配置
- nginx配置
- named的区域文件配置
dns.dyw.com
cat /var/named/dyw.com.zone;
#############################
$TTL 1D
@ IN SOA @ dns.dyw.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns
dns A 172.16.0.13
dns2 A 172.16.0.13
dns3 A 172.16.0.13
- 达成效果
- 访问http://dns2.dyw.com/
- 访问http://dns3.dyw.com/
- 访问http://dns2.dyw.com/