前言
一、准备工作
1.保证本机是联网状态
2.关闭防火墙服务以及selinux
关闭selinux操作:
关闭防火墙操作:
二、安装相关软件并进行设置
1.安装bind软件
2.设置开机启动
3.设置域名解析的文件
三、验证是否搭建成功
四、修改配置文件,开启对外服务
dns为域名解析系统(domain name system),对域名进行解析,得到对应的ip地址。域名服务器有三种:
1.缓存域名服务器(唯高速缓存服务器):
通过向其他域名服务器查询获得域名 ip地址记录,将域名查询结果缓存到本地,提高重复查询 时的速度。
2.主域名服务器:
特定的dns区域官方服务器,具有唯一性,权威性
负责维护该区域内所有的域名 ip地址映射记录
3.从域名服务器(辅助域名服务器):
其维护的域名 ip地址记录 来源于主域名服务器
本文主要详细讲解如何在linux中搭建缓存域名服务器。
[root@lianyu ~] getenforce #查看selinux的状态
Disabled #已关闭状态
[root@lianyu bin] getenforce
Enforcing #开启状态
#应该修改selinux为关闭状态
[root@lianyu bin] cd /etc/sysconfig
[root@lianyu sysconfig]# vim selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#
SELINUX=disabled #修改为关闭状态
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@lianyu ~] service firewalld stop #临时关闭防火墙
Redirecting to /bin/systemctl stop firewalld.service
[root@lianyu ~] systemctl disable firewalld #开机启动就关闭防火墙
bind软件是性能非常好的dns域名系统软件,其中bind-utils 提供了很多dns域名查询的命令,在此直接使用通配符 * 安装与bind相关的所有软件。
[root@lianyu sysconfig] yum install bind* -y
设置named服务开机启动,并且立马启动dns服务,named(name deamon)是提供域名服务进程的名字。
[root@lianyu sysconfig] service named start #启动named进程
Redirecting to /bin/systemctl start named.service
[root@lianyu sysconfig] systemctl enable named #设置开机启动
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
验证是否启动成功,可通过查看进程和端口号的启动状态。
[root@lianyu sysconfig] ps aux|grep named
named 1702 0.0 3.0 242032 57464 ? Ssl 17:15 0:00 /usr/sbin/named -u named -c /etcnamed.conf
root 1726 0.0 0.0 112824 988 pts/0 S+ 17:17 0:00 grep --color=auto named
[root@lianyu sysconfig] netstat -antplu|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1702/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1702/named
tcp6 0 0 ::1:53 :::* LISTEN 1702/named
tcp6 0 0 ::1:953 :::* LISTEN 1702/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1702/named
udp6 0 0 ::1:53 :::* 1702/named
端口号中显示的127.0.0.1代表本机地址,所有机器都拥有的本地环回地址(loopback接口),用来测试tcp/ip协议在本机是否能正常运行,但该ip地址只能在本机访问。
[root@lianyu sysconfig] vim /etc/resolv.conf
#把dns服务器地址改为本机
#nameserver 114.114.114.114
nameserver 127.0.0.1
[root@lianyu sysconfig] nslookup
> www.qq.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 112.53.42.52
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 112.53.42.114
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 2402:4e00:1020:1404:0:9227:71ab:2b74
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 2402:4e00:1020:1404:0:9227:71a3:83d2
进入nslookup的交互模式,在本机联网的基础上搜索任意域名,若显示为本机的dns服务器地址以及端口号解析的相关域名,则说明搭建成功。
重启服务器,允许其他电脑查询dns域名
[root@lianyu sysconfig] cd /etc/named
[root@lianyu named] ls
[root@lianyu named] vim /etc/named.conf
options {
listen-on port 53 { any; }; #修改
listen-on-v6 port 53 { any; }; #修改
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #修改
[root@lianyu named] service named restart #重启服务
[root@lianyu named] ps aux|grep named
named 1922 0.2 3.1 242552 58288 ? Ssl 23:24 0:00 /usr/sbin/named -u named -c /etcnamed.conf
root 1928 0.0 0.0 112824 988 pts/0 S+ 23:25 0:00 grep --color=auto named
[root@lianyu named] netstat -anplut|grep named
tcp 0 0 192.168.81.128:53 0.0.0.0:* LISTEN 1922/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1922/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1922/named
tcp6 0 0 :::53 :::* LISTEN 1922/named
tcp6 0 0 ::1:953 :::* LISTEN 1922/named
udp 0 0 192.168.81.128:53 0.0.0.0:* 1922/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1922/named
udp6 0 0 :::53 :::* 1922/named
出现192.168.81.128说明可以对外进行服务。