本地DNS解析

企业搭配本地域名，进行解析

2018年07月23日 09:31:46

阅读数：2

搭建dns服务器，可以进行域名解析，这样方便企业项目本地测试。

可以实现，输入域名访问本地服务器

一、安装软件

1、下载bind

yum -y install bind*

2、修改主配置文件

1. cp /etc/named.conf /etc/named.conf.bak  # 修改之前先备份一遍
2. vi /etc/named.conf

修改为一下文件

1. //
2. //
3. // named.conf
4. //
5. // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
6. // server as a caching only nameserver (as a localhost DNS resolver only).
7. //
8. // See /usr/share/doc/bind*/sample/ for example named configuration files.
9. //

10. // See the BIND Administrator's Reference Manual (ARM) for details about the

11. // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

1. 12.

13. options {

1. 14.         listen-on port 53 { any; };   //改此处
2. 15.         //listen-on-v6 port 53 { ::1; };   //改此处
3. 16.         directory       "/var/named";
4. 17.         dump-file       "/var/named/data/cache_dump.db";
5. 18.         statistics-file "/var/named/data/named_stats.txt";
6. 19.         memstatistics-file "/var/named/data/named_mem_stats.txt";
7. 20.         allow-query     { any; };  //改此处
8. 21.
9. 22.         /*
10. 23.          - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
11. 24.          - If you are building a RECURSIVE (caching) DNS server, you need to enable
12. 25.            recursion.
13. 26.          - If your recursive DNS server has a public IP address, you MUST enable access
14. 27.            control to limit queries to your legitimate users. Failing to do so will
15. 28.            cause your server to become part of large scale DNS amplification
16. 29.            attacks. Implementing BCP38 within your network would greatly
17. 30.            reduce such attack surface
18. 31.         */
19. 32.         recursion yes;
20. 33.
21. 34.         dnssec-enable yes;
22. 35.         dnssec-validation yes;
23. 36.
24. 37.         /* Path to ISC DLV key */
25. 38.         bindkeys-file "/etc/named.iscdlv.key";
26. 39.
27. 40.         managed-keys-directory "/var/named/dynamic";
28. 41.
29. 42.         pid-file "/run/named/named.pid";
30. 43.         session-keyfile "/run/named/session.key";

44. };

1. 45.

46. logging {

1. 47.         channel default_debug {
2. 48.                 file "data/named.run";
3. 49.                 severity dynamic;
4. 50.         };

51. };

1. 52.

53. zone "." IN {

1. 54.         type hint;
2. 55.         file "named.ca";

56. };

1. 57.

58. include "/etc/named.rfc1912.zones";

59. include "/etc/named.root.key";

3、自定义域名解析配置（比如我们要添加abc.com）

vi /etc/named.rfc1912.zones

1. zone "abc.com" IN {    // 定义要解析主域名
2. type master;
3. file "abc.com.zone";  // 具体相关解析的配置文件保存在 /var/named/abc.com.zone 文件中
4. allow-update { none; };
5. };
6. //可以检查一下配置是否正确，如果执行没有返回提示则表示正常
7. named-checkconf

4、自定义abc.com.zone文件

vi /var/named/abc.com.zone

1. $TTL 1D
2. @   IN SOA abc.com. rname.invalid. (
3. 0   ; serial
4. 1D  ; refresh
5. 1H  ; retry
6. 1W  ; expire
7. 3H )   ; minimum
8. NS      @
9. A       127.0.0.1
10. 10.         AAAA    ::1

11. www     IN    A      192.168.1.100

12. xd      IN    A      192.168.1.101

13. wcn     IN    A      192.168.1.102

14. tl      IN    A      192.168.1.103

15. *       IN    CNAME  www

// 其中   ns.abc.com 代表当前dns服务器名称。所以  ns.abc.com 一定要解析到自己本身

www     IN      A       192.168.1.100  // 代表 www.abc.com 解析到  192.168.1.100服务器上。其他的类似

//*通用 cname 使*指向www，这样ajklnjkn.abc.com = www.abc.com

named-checkzone "abc.com" /var/named/abc.com.zone

5、修改权限

chown root:named  /var/named/abc.com.zone

6、更改防火墙

1. firewall-cmd --zone=public --add-port=53/tcp --permanent
2. firewall-cmd --zone=public --add-port=53/udp --permanent
3. firewall-cmd --zone=public --add-port=953/tcp --permanent

7、配置完成之后重启服务

1. service named restart
2. //开机自启
3. systemctl enable named

8、测试

nslookup   www.abc.com 服务器ip