devbox
小丑西瓜9
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

ubuntu 22.04 lts bind9 局域网DNS服务器搭建 泛域名配置_ubuntu bind9配置

作者:小丑西瓜9 | 2024-05-16 17:37:01

ubuntu bind9配置

     最近公司局域网服务器换了硬件重装系统升级到22.04 lts版本,公司需要搭建一个内部的完整开发环境,模拟线上环境,考虑到端口模拟可能会存在其他情况;综合之前搭建DNS服务器的经验,搭建了一个可以再不影响公司网络正常访问情况下支持泛域名解析的DNS服务器,经测试正常网络访问基本不会收影响。

一 安装

 apt install bind9 dnsutils

ubuntu22.04 以后可以直接 apt 不需要 apt-get也可以 

二 配置

2.1 全局配置

vim /etc/bind/named.conf.options
  1. options {
  2.         directory "/var/cache/bind";
  3.         listen-on port 53 { any;}; //监听所有IP 
  4.         //listen-on port 53 { 192.168.10.3;};//监听某个ip
  5.         allow-query {any;}; //设置允许DNS查询的客户端地址
  6.         // If there is a firewall between you and nameservers you want
  7.         // to talk to, you may need to fix the firewall to allow multiple
  8.         // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
  9.  
  10.         // If your ISP provided one or more IP addresses for stable
  11.         // nameservers, you probably want to use them as forwarders.
  12.         // Uncomment the following block, and insert the addresses replacing
  13.         // the all-0's placeholder.
  15.          //DNS转发器。用于设定该DNS解析服务器无法进行当前域名解析的情况下,进行转发解析的DNS地址
  16.          forwarders {
  17.                 223.5.5.5;
  18.                 223.6.6.6;
  19.                 //114.114.114.114;
  20.          };
  22.         //========================================================================
  23.         // If BIND logs error messages about the root key being expired,
  24.         // you will need to update your keys.  See https://www.isc.org/bind-keys
  25.         //========================================================================
  26.         dnssec-validation auto;//设置是否启用DNSSEC确认,默认值为yes,可以选择 aut
  27.         auth-nxdomain no;//
  28.         //listen-on-v6 { any; };
  29.         //include "/etc/rndc.key";
  30. };

vim /etc/bind/named.conf.local
  1. //
  2. // Do any local configuration here
  3. //
  4.  
  5. // Consider adding the 1918 zones here, if they are not used in your
  6. // organization
  7. //include "/etc/bind/zones.rfc1918";
  8. zone "demo.com" {   //正向解析
  9.         type master;
  10.         file "/etc/bind/db.demo.com";   //解析区域对应的配置文件
  11. };
  12. // 反向解析 .
  13. zone "168.192.in-addr.arpa"  {
  14.     type master;
  15.     file "/etc/bind/db.168.192";
  16. };

2.2 正向解析配置

 

  1. #复制正向解析配置
  2. cp db.0 db.demo.com
vim db.demo.com

  1. # 修改配置文件
  2. ;
  3. ; BIND data file for local loopback interface
  4. ;
  5. $TTL    604800
  6. @       IN      SOA     demo.com. root.demo.com. (
  7.                               2         ; Serial
  8.                          604800         ; Refresh
  9.                           86400         ; Retry
  10.                         2419200         ; Expire
  11.                          604800 )       ; Negative Cache TTL
  12. ;
  13. @       IN      NS      localhost.
  14. @       IN      A       192.168.10.10
  15. ;@      IN      AAAA    ::1
  16. * IN  A  192.168.10.10   ;泛解析

2.2 反向解析配置

cp db.127 db.168.192
vim db.168.192
  1. ;
  2. ; BIND reverse data file for local loopback interface
  3. ;
  4. $TTL    604800
  5. @       IN      SOA     demo.com. root.demo.com. (
  6.                               1         ; Serial
  7.                          604800         ; Refresh
  8.                           86400         ; Retry
  9.                         2419200         ; Expire
  10.                          604800 )       ; Negative Cache TTL
  11. ;
  12. @       IN      NS      localhost.
  13. 1.0.0   IN      PTR     localhost.
  14. 10 IN PTR demo.com   ;反向解析

三 测试

3.1 检查正向解析

named-checkzone demo.com /etc/bind/db.demo.com

3.2 检查反向解析

named-checkzone 168.192.in-addr.arpa /etc/bind/db.168.192

3.3 测试泛域名解析

  1. # 重启bind服务
  2.  
  3. service bind9 restart

#linux测试 

  1.  
  2. vim /etc/resolv.conf   #配置dns解析为当前服务器 
  1. # This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
  2. # Do not edit.
  3. #
  4. # This file might be symlinked as /etc/resolv.conf. If you're looking at
  5. # /etc/resolv.conf and seeing this text, you have followed the symlink.
  6. #
  7. # This is a dynamic resolv.conf file for connecting local clients to the
  8. # internal DNS stub resolver of systemd-resolved. This file lists all
  9. # configured search domains.
  10. #
  11. # Run "resolvectl status" to see details about the uplink DNS servers
  12. # currently in use.
  13. #
  14. # Third party programs should typically not access this file directly, but only
  15. # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
  16. # different way, replace this symlink by a static file or a different symlink.
  17. #
  18. # See man:systemd-resolved.service(8) for details about the supported modes of
  19. # operation for /etc/resolv.conf.
  20.  
  21. #nameserver 127.0.0.53
  22. nameserver 192.168.10.10
  23. options edns0 trust-ad
  24. search demo
  1. # 测试命令
  2. dig www.demo.com   # 因为是泛解析可以是任意 二级域名 a.demo.com b.demo.com 都可以

#windows 测试

设置dns解析地址为域名服务器地址,此处忽略,能看这篇文章的应该没人会不懂

nslookup a.demo.com

声明:本文内容由网友自发贡献,转载请注明出处:【wpsshop博客】
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号