Linux-搭建DNS服務器

- 1. 安裝軟件bind
- 2.修改配置文件
- 3. 在其他機器上測試DNS服務器
- 4. 配置本地域名解析
- 5. 優化后的zone

1. 安裝軟件bind

bind是歷史非常悠久，而且性能非常好的dns域名系統的軟件

[root@dns-server ~]# yum install bind bind-utils -y

啟動named服務

[root@dns-server ~]# service named restart
Redirecting to /bin/systemctl restart named.service

設置named服務開機啟動

[root@dns-server ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

查看進程

[root@dns-server ~]# ps aux|grep named
named      14903  0.1  0.9 294348 33448 ?        Ssl  11:40   0:00 /usr/sbin/named -u named -c /etc/named.conf
root       14913  0.0  0.0   6636  2304 pts/0    S+   11:40   0:00 grep --color=auto named

查看開放udp 53號端口

[root@dns-server ~]# netstat -anplut|grep named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      14125/named         
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      14125/named         
tcp6       0      0 ::1:53                  :::*                    LISTEN      14125/named         
tcp6       0      0 ::1:953                 :::*                    LISTEN      14125/named         
udp        0      0 127.0.0.1:53            0.0.0.0:*                           14125/named         
udp6       0      0 ::1:53                  :::*                                14125/named

客戶機向dns服務器進行域名查詢的時候，訪問的是udp的53號端口
從域名服務器和主域名服務器之間復制數據的時候，訪問tcp的53號端口

2.修改配置文件

許其他電腦能過來查詢dns域名

[root@dns-server ~]# vim /etc/named.conf
options {listen-on port 53 { any; };  # 修改listen-on-v6 port 53 { any; }; # 修改directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { any; };  # 修改

重新啟動named服務

[root@dns-server ~]# service named restart
Redirecting to /bin/systemctl restart named.service[root@dns-server ~]# netstat -anplut|grep named
tcp        0      0 192.168.168.139:53      0.0.0.0:*               LISTEN      14903/named         
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      14903/named         
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      14903/named         
tcp6       0      0 fe80::20c:29ff:fe11::53 :::*                    LISTEN      14903/named         
tcp6       0      0 ::1:53                  :::*                    LISTEN      14903/named         
tcp6       0      0 ::1:953                 :::*                    LISTEN      14903/named         
udp        0      0 192.168.168.139:53      0.0.0.0:*                           14903/named         
udp        0      0 192.168.168.139:53      0.0.0.0:*                           14903/named         
udp        0      0 127.0.0.1:53            0.0.0.0:*                           14903/named         
udp        0      0 127.0.0.1:53            0.0.0.0:*                           14903/named         
udp6       0      0 ::1:53                  :::*                                14903/named         
udp6       0      0 ::1:53                  :::*                                14903/named         
udp6       0      0 fe80::20c:29ff:fe11::53 :::*                                14903/named         
udp6       0      0 fe80::20c:29ff:fe11::53 :::*                                14903/named

3. 在其他機器上測試DNS服務器

修改網卡配置文件里的dns

[root@web-1 ~]# cat /etc/NetworkManager/system-
[ipv4]
addresses1=192.168.168.136/24
dns=192.168.168.139;114.114.114.114
gateway=192.168.168.2
method=manual

修改/etc/resolv.conf里的dns服務器地址

[root@web-2 ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.168.139
nameserver 114.114.114.114

使用nslookup和ping、dig命令進行dns域名查詢的測試

[root@web-1 ~]# nslookup www.qq.com
Server:		192.168.168.139
Address:	192.168.168.139#53Non-authoritative answer:
www.qq.com	canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name:	ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.221
Name:	ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.201
Name:	ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:1::5c
Name:	ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:2::4c[root@web-1 ~]# dig +trace www.qq.com; <<>> DiG 9.16.23-RH <<>> +trace www.qq.com
;; global options: +cmd
.			517706	IN	NS	k.root-servers.net.
.			517706	IN	NS	l.root-servers.net.
.			517706	IN	NS	m.root-servers.net.
.			517706	IN	NS	j.root-servers.net.
.			517706	IN	NS	g.root-servers.net.
.			517706	IN	NS	e.root-servers.net.
.			517706	IN	NS	f.root-servers.net.
.			517706	IN	NS	a.root-servers.net.
.			517706	IN	NS	d.root-servers.net.
.			517706	IN	NS	h.root-servers.net.
.			517706	IN	NS	b.root-servers.net.
.			517706	IN	NS	i.root-servers.net.
.			517706	IN	NS	c.root-servers.net.
.			517706	IN	RRSIG	NS 8 0 518400 20250907170000 20250825160000 46441 . mY7x+l08DTrEZ0eYA2vEb2JO/0e8IT1FDe1yoA5fUcW5L+zltYWeJAGO b38sXm6G1qr7iV25QdR0L1eIWDKs793lsDytnzjNY364plixi/s6qY7J DPYqwRP/ADlbMBEn6c4CpttJ/FmVm9sTf0+3q7bXQLn3Y5qvq9RMFyzI 0cpqQ+39APVvaTR4AUvEGS5gs1mjyhepB0xk80yVZrTpHXYe7g4bo2Xm JLcX9xPzDuL5cqpirPcH46ZPi3Pf5708ImI9BRtSfOiODNK7DrxtTd+u CRJiFjtLKN6GVebAcJ6tLAvqXyF8X3hxmPavwE7PwBK4b6QdtP/kvWcf wWsrRw==
;; Received 1137 bytes from 192.168.168.139#53(192.168.168.139) in 1 mscom.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			86400	IN	DS	19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com.			86400	IN	RRSIG	DS 8 1 86400 20250907170000 20250825160000 46441 . SU62OxdtF2cFhsGwICOfoGhxXzzt7FpxbiVMpLGHwoRacnEZoxFTpjRe 8cj0GbCyvMvnrwpue4hqNQaQcmZtSWXXk2XcGJH8Vi+8TUOH2tKzBZsf ls0Fk50SE5D8DPLUT8+zttxS7oXHHAZ4WNqypaDOpwVglg9kcO8Fa+Ob BHOQJxpipISPlAJnHhkVeF/M4O5+O2PNMtG1GPvgtY4v9CK5KeY7fgP9 1lNpOx5oqHKZOw5rGiwaA7qaRz1T91Vsed97it0+74Sf6f/hu5RcNz+y bsMtkqZJYtVKQLv8kylZYJrGNCtsnHPs2XUUakhBqk8FWjB6xfDzRkBv 7L7Qlw==
;; Received 1170 bytes from 192.58.128.30#53(j.root-servers.net) in 31 msqq.com.			172800	IN	NS	ns1.qq.com.
qq.com.			172800	IN	NS	ns2.qq.com.
qq.com.			172800	IN	NS	ns3.qq.com.
qq.com.			172800	IN	NS	ns4.qq.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0Q3UDG8CEKKAE7RUKPGCT1DVSSH8LL NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 13 2 900 20250831015158 20250824004158 20545 com. KwEWamEC8pX2daXBOa2BY/AGCUCb+3Khm5Ao6bpOsD8Aj1En1mb2hO00 CtpTsH5JQu5HQD8QFWyb6ss6/vz3Mg==
J976KA284HT3M5K6UPOCJ48OPMNH64L7.com. 900 IN NSEC3 1 1 0 - J976V9IM8597ALLH81MQKOSCKFOC08F5 NS DS RRSIG
J976KA284HT3M5K6UPOCJ48OPMNH64L7.com. 900 IN RRSIG NSEC3 13 2 900 20250901010018 20250824235018 20545 com. J22cVFtGgGQrxVKJhn7ImrWmFzsAjHRwsrLp2PPT3Gbp3Oi/rb1V+O/3 Fx8YOv7RrfzbO2vOMC6UAhF4L22RmQ==
;; Received 812 bytes from 192.48.79.30#53(j.gtld-servers.net) in 185 mswww.qq.com.		86400	IN	NS	ns-os1.qq.com.
www.qq.com.		86400	IN	NS	ns-cmn1.qq.com.
www.qq.com.		86400	IN	NS	ns-tel1.qq.com.
www.qq.com.		86400	IN	NS	ns-cnc1.qq.com.
;; Received 382 bytes from 203.205.220.251#53(ns1.qq.com) in 196 ms;; Received 39 bytes from 43.159.167.133#53(ns-os1.qq.com) in 188 ms

4. 配置本地域名解析

搭建主域名服務器，提供特定域名的解析，如：huang.com

編輯/etc/named.rfc1912.zones文件

[root@dns-server ~]# vim /etc/named.rfc1912.zones 
zone "huang.com" IN {type master;file "huang.com.zone";allow-update { none; };
};

創建解析記錄文件

[root@dns-server ~]# cd /var/named
[root@dns-server named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@dns-server named]# cp -a named.localhost  huang.com.zone
[root@dns-server named]# ll
總用量 20
drwxrwx--- 2 named named   23  8月 26 11:35 data
drwxrwx--- 2 named named   60  8月 26 11:40 dynamic
-rw-r----- 1 root  named  152  7月 30 03:50 huang.com.zone
-rw-r----- 1 root  named 2112  7月 30 03:50 named.ca
-rw-r----- 1 root  named  152  7月 30 03:50 named.empty
-rw-r----- 1 root  named  152  7月 30 03:50 named.localhost
-rw-r----- 1 root  named  168  7月 30 03:50 named.loopback
drwxrwx--- 2 named named    6  7月 30 03:49 slaves[root@dns-server named]# vim huang.com.zone 
$TTL 1D
@	IN SOA	@ rname.invalid. (1	; serial1D	; refresh1H	; retry1W	; expire3H )	; minimumNS	@A	192.168.168.139AAAA	::1
www  IN A	192.168.168.133
web1 IN A	192.168.168.136
web2 IN A	192.168.168.137
nfs  IN A	192.168.168.139
web IN A CNAME www

檢查配置并啟動服務

[root@dns-server named]# named-checkconf /etc/named.rfc1912.zones
[root@dns-server named]# named-checkzone huang.com /var/named/huang.com.zone
zone huang.com/IN: loaded serial 1
OK
[root@dns-server named]# service named restart
Redirecting to /bin/systemctl restart named.service

用nslookup測試

[root@web-1 ~]# nslookup www.huang.com
Server:		192.168.168.139
Address:	192.168.168.139#53Name:	www.huang.com
Address: 192.168.168.133[root@web-1 ~]# nslookup nfs.huang.com
Server:		192.168.168.139
Address:	192.168.168.139#53Name:	nfs.huang.com
Address: 192.168.168.139[root@web-1 ~]# nslookup web1.huang.com
Server:		192.168.168.139
Address:	192.168.168.139#53Name:	web1.huang.com
Address: 192.168.168.136[root@web-1 ~]# nslookup web.huang.com
Server:		192.168.168.139
Address:	192.168.168.139#53web.huang.com	canonical name = www.huang.com.
Name:	www.huang.com
Address: 192.168.168.133

5. 優化后的zone

增加MX記錄、@、*、NS記錄

[root@dns-server ~]# cat /var/named/huang.com.zone 
$TTL 1D
@	IN SOA	@ rname.invalid. (1	; serial1D	; refresh1H	; retry1W	; expire3H )	; minimum
;域名服務器記錄
@ IN NS  ns1.huang.com.
@ IN NS  ns2.huang.com.
;A記錄
www  IN A	192.168.168.133
www  IN A	192.168.168.134
web1 IN A	192.168.168.136
web2 IN A	192.168.168.137
nfs  IN A	192.168.168.139
;別名記錄
web  IN CNAME   www
;域名服務器記錄的A記錄
ns1 IN A 192.168.168.139
ns2 IN A 192.168.100.140nfs.liu.com  IN  A  192.168.168.139
liu  IN  CNAME nfs.liu.com
;郵件交換記錄--》郵件服務器
@  IN  MX  10  mail1.huang.com.
@  IN  MX  20  mail2.huang.com.
;郵件服務器的A記錄
mail1 IN  A 192.168.168.136
mail2 IN  A 192.168.168.137
;@表示本域
@  IN  A  192.168.168.133
;泛域名解析記錄
* IN  A  192.168.168.133

刷新服務后測試是否生效
使用nslookup交互模式

[root@web-1 ~]# nslookup
> abc.huang.com    
Server:		192.168.168.139
Address:	192.168.168.139#53Name:	abc.huang.com
Address: 192.168.168.133
> web.huang.com
Server:		192.168.168.139
Address:	192.168.168.139#53>web.huang.com	canonical name = www.huang.com.
Name:	www.huang.com
Address: 192.168.168.133
Name:	www.huang.com
Address: 192.168.168.134
> set type=ns
> huang.com
Server:		192.168.168.139
Address:	192.168.168.139#53huang.com	nameserver = huang.com.
> set type=mx 
> huang.com
Server:		192.168.168.139
Address:	192.168.168.139#53huang.com	mail exchanger = 20 mail2.huang.com.
huang.com	mail exchanger = 10 mail1.huang.com.