搭建缓存域名服务器
准备工作:关闭防火墙服务和selinux
- service firewalld stop
- systemctl disable firewalld
- iptables -L 查看iptables防火墙规则
[root@kafka01 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
- 关闭selinux
[root@kafka01 ~]# cd /etc/selinux/
[root@kafka01 selinux]# ls
config semanage.conf targeted
[root@kafka01 selinux]# cat config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled 改为disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
- 安装bind bind是历史非常悠久,而且性能非常好的dns域名系统的软件
- 设置named服务开机启动,并且立马启动DNS服务
systemctl enable named 设置开机自启
systemctl start named 立马启动named进程
- name deaom named 提供域名服务的进程的名字
- 守护进程 :一直在内存里运行的,除非人为的停止
- 127.0.0.1 —》loopback 接口 --》用来测试tcp/ip协议在本机是否能正常的运行 --》这个ip地址只是在本机访问
3.修改配置文件,重启服务器允许其他电脑能过来查询dns域名
vim /etc/named.conf
将花括号里的内容改为any,即允许任何电脑来访问查询
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
service named restart 重启named服务
然后就不再只是127.0.0.1本机访问了
4.验证dns服务
- 在客户机上配置dns服务器地址
vim /etc/sysconfig/network-scripts/ifcfg-ens33
- ifcfg-ens33 文件里的dns服务器的ip地址会决定 /etc/resolv.conf 里的nameserver的ip
- centos7:service network restart ;8:ifup ens33会将ifcfg-ens33 文件里的dns服务器写到/etc/resolv.conf 里
- 但是用户在查询域名的时候,只看/etc/resolv.conf