在Linux本地搭建DNS服务

1.下载DNS服务软件

节点1：node1
[root@node1 ~]# yum list;
[root@node1 ~]# yum install -y bind-chroot
[root@node1 ~]# yum install -y bind-utils
提示：Complete!

2.配置主配置文件

[root@node1 named]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.100.33; };
…
allow-query { any; };
};

3.配置区域文件

vim /etc/named.rfc1912.zones
//配置正向解析区域
zone “zb.com” IN {
type master;
file “node1.localhost”; //正向解析数据文件相对于目录/var/named
allow-update { none; };
};
//配置反向解析区域，需要注意反向解析区域名中网段的书写是反的
//例如：下面反向解析的网段为10.0.0.0/24
zone “100.168.192.in-addr.arpa” IN {
type master;
file “node1.loopback”; //反向解析数据文件
allow-update { none; };
};

4.配置正向解析数据文件

cd /var/named
cp -a named.localhost node1.localhost
vim node1.localhost

$TTL 1D
@ IN SOA node1.zb.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS node1.zb.com.
node1 A 192.168.100.33
AAAA ::1
~

5.配置反向解析数据文件

拷贝一份反向解析数据文件的模板，然后进行编辑
cd /var/named
cp -a named.loopback node1.loopback
vim node1.loopback
$TTL 1D
@ IN SOA zb.com rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS node1.zb.com.
A 127.0.0.1
AAAA ::1
33 PTR node1.zb.com.

检查node1.localhost和node1.loopback文件的属主和属组为named

[root@node1 named]# ll
total 24
drwxr-x— 7 root named 61 Feb 17 22:46 chroot
drwxrwx— 2 named named 23 Feb 17 23:12 data
drwxrwx— 2 named named 60 Feb 17 23:13 dynamic
-rw-r----- 1 root named 2253 Apr 5 2018 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
-rw-r----- 1 root named 186 Feb 17 23:09 node1.localhost
-rw-r----- 1 root named 195 Feb 17 23:07 node1.loopback
drwxrwx— 2 named named 6 Oct 16 21:26 slaves

6.检查配置文件是否配置正确

[root@node1 named]# named-checkconf -z /etc/named.conf
zone zb.com/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 100.168.192.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
如上输出表示配置文件没问题

7.启动DNS服务

关闭防火墙服务和selinux服务
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config
SELINUX=disabled

启动DNS服务
systemctl start named
systemctl enable named

查看DNS服务监听情况
nestat -lntup | grep 53
[root@node1 named]# netstat -lntup | grep 53
tcp 0 0 192.168.100.33:53 0.0.0.0:* LISTEN 2454/named
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1199/dnsmasq
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2454/named
tcp6 0 0 ::1:53 ::😗 LISTEN 2454/named
tcp6 0 0 ::1:953 ::😗 LISTEN 2454/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 663/avahi-daemon: r
udp 0 0 0.0.0.0:42537 0.0.0.0:* 663/avahi-daemon: r
udp 0 0 192.168.100.33:53 0.0.0.0:* 2454/named
udp 0 0 192.168.122.1:53 0.0.0.0:* 1199/dnsmasq
udp6 0 0 ::1:53 ::😗 2454/named

8.测试进行正向解析和反向解析

配置网卡DNS服务
vim /etc/sysconfig/network-scripts/ifcfg-ens33
DNS1=192.168.100.33
:wq
systemctl restart network

#正向解析
[root@node1 named]# nslookup node1.zb.com
Server: 192.168.100.33
Address: 192.168.100.33#53

Name: node1.zb.com
Address: 192.168.100.33
Name: node1.zb.com
Address: ::1

#反向解析
[root@node1 named]# nslookup 192.168.100.33
33.100.168.192.in-addr.arpa name = node1.zb.com.