Ubuntu22.04-配置DNS服务器

安装DNS 

       apt-get -y install bind9

-y参数中间不提示,直接安装完成

root@ubuntu:~# apt-get -y install bind9
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  bind-doc resolvconf
The following NEW packages will be installed:
  bind9
0 upgraded, 1 newly installed, 0 to remove and 27 not upgraded.
Need to get 260 kB of archives.
After this operation, 983 kB of additional disk space will be used.
Get:1 http://mirrors.aliyun.com/ubuntu jammy-updates/main amd64 bind9 amd64 1:9.18.12-0ubuntu0.22.04.3 [260 kB]
Fetched 260 kB in 0s (1,147 kB/s)
Selecting previously unselected package bind9.
(Reading database ... 74217 files and directories currently installed.)
Preparing to unpack .../bind9_1%3a9.18.12-0ubuntu0.22.04.3_amd64.deb ...
Unpacking bind9 (1:9.18.12-0ubuntu0.22.04.3) ...
Setting up bind9 (1:9.18.12-0ubuntu0.22.04.3) ...
Adding group `bind' (GID 119) ...
Done.
Adding system user `bind' (UID 114) ...
Adding new user `bind' (UID 114) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
named-resolvconf.service is a disabled or a static unit, not starting it.
Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service.
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service.
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for ufw (0.36.1-4ubuntu0.1) ...
Scanning processes...
Scanning candidates...
Scanning linux images...

Running kernel seems to be up-to-date.

Restarting services...
 systemctl restart packagekit.service

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

查看服务状态,处于运行中

Active: active (running)

root@ubuntu:~# systemctl status bind9
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-10-13 10:31:06 UTC; 2min 19s ago
       Docs: man:named(8)
    Process: 5818 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 5819 (named)
      Tasks: 10 (limit: 9389)
     Memory: 6.4M
        CPU: 51ms
     CGroup: /system.slice/named.service
             └─5819 /usr/sbin/named -u bind

Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
Oct 13 10:31:06 ubuntu systemd[1]: Started BIND Domain Name Server.
Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
Oct 13 10:31:06 ubuntu named[5819]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
Oct 13 10:31:06 ubuntu named[5819]: resolver priming query complete: success

进入bind文件目录,DNS的配置目录

root@ubuntu:~# cd /etc/bind
root@ubuntu:/etc/bind# ls -l
total 48
-rw-r--r-- 1 root root 2403 Sep 19 11:21 bind.keys
-rw-r--r-- 1 root root  237 Mar  8  2023 db.0
-rw-r--r-- 1 root root  271 Aug 25  2020 db.127
-rw-r--r-- 1 root root  237 Aug 25  2020 db.255
-rw-r--r-- 1 root root  353 Aug 25  2020 db.empty
-rw-r--r-- 1 root root  270 Aug 25  2020 db.local
-rw-r--r-- 1 root bind  463 Mar  8  2023 named.conf
-rw-r--r-- 1 root bind  498 Jun 25  2021 named.conf.default-zones
-rw-r--r-- 1 root bind  165 Aug 25  2020 named.conf.local
-rw-r--r-- 1 root bind  846 Jun 25  2021 named.conf.options
-rw-r----- 1 bind bind  100 Oct 13 10:31 rndc.key
-rw-r--r-- 1 root root 1317 Aug 25  2020 zones.rfc1918
root@ubuntu:/etc/bind#

配置DNS解析转发,当本地解析查询不到时,转到别处解析

    forwarders {
                114.114.114.114;
                8.8.8.8;
         };

root@ubuntu:/etc/bind# cp named.conf.options named.conf.options.bak
root@ubuntu:/etc/bind# vi named.conf.options



options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                114.114.114.114;
                8.8.8.8;
         };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };
};

 重启服务

root@ubuntu:~# systemctl restart bind9

此时服务地址可作为DNS解析公网域名 

root@ubuntu:~# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 180.101.50.188
www.a.shifen.com has address 180.101.50.242
www.a.shifen.com has IPv6 address 240e:e9:6002:15c:0:ff:b015:146f
www.a.shifen.com has IPv6 address 240e:e9:6002:15a:0:ff:b05c:1278

配置正向解析

创建一个域,命名的方式都是以___.temporary的后缀。解析此域名时查找的文件路径中的文件。

zone "temporary"{
        type master;
        file "/etc/bind/db.temporary";
};
 

root@ubuntu:/etc/bind# cp named.conf.local named.conf.local.bak
root@ubuntu:/etc/bind# vi named.conf.local


//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "temporary"{
        type master;
        file "/etc/bind/db.temporary";
};

创建解析文件

从db.local 拷贝一份并命名为创建域时指定的文件名

root@ubuntu:/etc/bind# cp db.local db.temporary

在文件最后的位置添加需要解析的域名以及对应的IP地址

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1
service1.temporary. IN A 10.20.0.1
service2.temporary. IN A 10.20.0.2

 重启服务生效配置

root@ubuntu:~# systemctl restart bind9

正向解析可以正常使用

root@ubuntu:/etc/bind# host service1.temporary
service1.temporary has address 10.20.0.1
root@ubuntu:/etc/bind# host service2.temporary
service2.temporary has address 10.20.0.2

配置反向解析

在named.conf.local文件中 添加一个反向域,地址也是从后往前输入,域中的地址是反向解析的一部分,缺少的部分在解析文件中补齐就完成了。

比如一个地址10.20.0.1

把这个地址分成四段10、20、0、1

创建的域中是10.in-addr.arpa只有第一段

在解析文件中的反向补齐1.0.20

root@ubuntu:/etc/bind# vi named.conf.local


zone "10.in-addr.arpa"{
        type master;
        file "/etc/bind/db.10";
};

创建解析文件

从db.127拷贝出文件命名db.10

对应named.conf.local反向解析域指定的文件名

root@ubuntu:/etc/bind# cp db.127 db.10

编辑db.10文件内容

在文件的末尾添加反向解析的地址及对应的域名

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
1.0.20  IN      PTR     service1.temporary.
2.0.20  IN      PTR     service2.temporary.

重启服务

root@ubuntu:~# systemctl restart bind9

 反向解析完成

root@ubuntu:/etc/bind# host 10.20.0.1
1.0.20.10.in-addr.arpa domain name pointer service1.temporary.
root@ubuntu:/etc/bind# host 10.20.0.2
2.0.20.10.in-addr.arpa domain name pointer service2.temporary.

tip:

配置文件发生修改,需要重启bind服务

在本机验证域名系统时,需要修改本机DNS为127.0.0.1

外部访问时检查防火墙是否允许53端口

你可能感兴趣的:(ubuntu,数据库,postgresql)