为了将来可能做DNS负载均衡、或故障转移等,先快速建一个简单的DNS服务,本次安装OS为Centos 7
步骤:先建立三台VM、其中一台是DNS SERVER,起初只能用ip找寻到其他主机,有了DNS SERVER之後,能用hostname找寻。
vm1: 10.10.0.100 (将使用这一台当作DNS SERVER)
vm2: 10.10.0.101
vm3: 10.10.0.102 (比照vm1只是IPADDR=10.10.0.102)
vm1修改网路部分
vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static # 设为静态IP
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=9537f42b-e1fc-4aa4-8852-4cdc856ec5ea
DEVICE=ens33
ONBOOT=yes
IPADDR=10.10.0.100 # 固定IP
GATEWAY=10.10.0.2 # VM设定的GATEWAY,可在VM NETWORK中查看
NETMASK=255.255.255.0 # MASK
DNS1=8.8.8.8 # 一开始先设定8.8.8.8 之後会改成自己的DNS SERVER IP
vm2 vm3 比照vm1只是IPADDR=10.10.0.101以及IPADDR=10.10.0.102
记得systemctl restart network 让设定生效
vm1、vm2、vm3分别设定 # 记住这就要先加域名host.com # 这里范例域名为host.com
hostnamectl set-hostname jgnr68-100.host.com
hostnamectl set-hostname jgnr68-101.host.com
hostnamectl set-hostname jgnr68-102.host.com
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
firewall-cmd --add-port=53/udp --permanent firewall-cmd --reload
yum install -y bind bind-utils
rpm -qa bind
bind-9.11.4-26.P2.el7_9.3.x86_64 (本次安装版本)
vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 10.10.0.100;};
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
forwarders { 8.8.8.8;};
allow-query { localhost; any;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
主要在listen-on port 53加入自己,并且把listen v6的的设定拿掉,否则启动可能会失败。forwarders是指当本DNS解析不了的域名,要转给谁来解析的意思,通常转给再上一层,也就是外网本身的DNS,简单来说可直接使用8.8.8.8,并添加allow-query any;,让集群内的网段都能来使用。
vi /etc/named.rfc1912.zones
zone "host.com" IN {
type master;
file "host.com.zone";
allow-update { 10.10.0.100;};
};
添加一个zone,并设定type为主节点、档案路径file为host.com.zone(自订,只要/var/named这个路径下能找到该档案即可),allow-update设定自己的ip (这个不太确定用途是甚麽)
vi /var/named/host.com.zone
$ORIGIN host.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.host.com. dnsadmin.host.com. (
2021012101 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.host.com.
$TTL 60 ; 1 minute
; 下方添加域名对照
dns A 10.10.0.100
jgnr68-100 A 10.10.0.100
jgnr68-101 A 10.10.0.101
jgnr68-102 A 10.10.0.102
systemctl restart named
dig -t A jgnr68-101.host.com @10.10.0.100 +short
使用dig问自己 jgnr68-101.host.com的位置在哪,回传对照表中IP表示正确解析
10.10.0.101
vi /etc/sysconfig/network-scripts/ifcfg-ens33
DNS1="10.10.0.100"
将原本的8.8.8.8改成10.10.0.100
systemctl restart network
ping jgnr68-101.host.com
ping www.google.com
已能透过hostname搜寻到其他主机,而其他外网的还是会forward给8.8.8.8做正确的解析。
<<: Bluehost WordPress 教学 – 详细图文教你如何从购买主机到安装 WordPress 网站 Bluehost 中文教学
>>: 什麽是业务模型画布 (Business Model Canvas)?
Stimulus 可以说是 ㄧ种 Rails 专属的『轻量级』 JavaScript 框架。大概是因...
地理资讯系统(英语:Geographic Information System,缩写:GIS) 这是...
这次有幸能藉由铁人赛重新认识及学习Arm的相关技术, 以下为这次参赛的课题以及时程(会再陆续更新完成...
这是我们今天要聊的内容,老样的,如果你已经可以轻松看懂,欢迎直接左转去看同事 Kyle 的精彩文章...
先 po 文.. Call by Value 传值 Call by Reterence 传参照 Ca...