devbox
很楠不爱3
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

Ubuntu22.04-配置DNS服务器_ubuntu22.04搭建dns服务器

作者:很楠不爱3 | 2024-05-16 18:00:42

ubuntu22.04搭建dns服务器

安装DNS 

       apt-get -y install bind9

-y参数中间不提示,直接安装完成

  1. root@ubuntu:~# apt-get -y install bind9
  2. Reading package lists... Done
  3. Building dependency tree... Done
  4. Reading state information... Done
  5. Suggested packages:
  6.   bind-doc resolvconf
  7. The following NEW packages will be installed:
  8.   bind9
  9. 0 upgraded, 1 newly installed, 0 to remove and 27 not upgraded.
  10. Need to get 260 kB of archives.
  11. After this operation, 983 kB of additional disk space will be used.
  12. Get:1 http://mirrors.aliyun.com/ubuntu jammy-updates/main amd64 bind9 amd64 1:9.18.12-0ubuntu0.22.04.3 [260 kB]
  13. Fetched 260 kB in 0s (1,147 kB/s)
  14. Selecting previously unselected package bind9.
  15. (Reading database ... 74217 files and directories currently installed.)
  16. Preparing to unpack .../bind9_1%3a9.18.12-0ubuntu0.22.04.3_amd64.deb ...
  17. Unpacking bind9 (1:9.18.12-0ubuntu0.22.04.3) ...
  18. Setting up bind9 (1:9.18.12-0ubuntu0.22.04.3) ...
  19. Adding group `bind' (GID 119) ...
  20. Done.
  21. Adding system user `bind' (UID 114) ...
  22. Adding new user `bind' (UID 114) with group `bind' ...
  23. Not creating home directory `/var/cache/bind'.
  24. wrote key file "/etc/bind/rndc.key"
  25. named-resolvconf.service is a disabled or a static unit, not starting it.
  26. Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service.
  27. Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service.
  28. Processing triggers for man-db (2.10.2-1) ...
  29. Processing triggers for ufw (0.36.1-4ubuntu0.1) ...
  30. Scanning processes...
  31. Scanning candidates...
  32. Scanning linux images...
  34. Running kernel seems to be up-to-date.
  36. Restarting services...
  37.  systemctl restart packagekit.service
  39. No containers need to be restarted.
  41. No user sessions are running outdated binaries.
  43. No VM guests are running outdated hypervisor (qemu) binaries on this host.

查看服务状态,处于运行中

Active: active (running)

  1. root@ubuntu:~# systemctl status bind9
  2. ● named.service - BIND Domain Name Server
  3.      Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
  4.      Active: active (running) since Fri 2023-10-13 10:31:06 UTC; 2min 19s ago
  5.        Docs: man:named(8)
  6.     Process: 5818 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
  7.    Main PID: 5819 (named)
  8.       Tasks: 10 (limit: 9389)
  9.      Memory: 6.4M
  10.         CPU: 51ms
  11.      CGroup: /system.slice/named.service
  12.              └─5819 /usr/sbin/named -u bind
  13.  
  14. Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
  15. Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './NS/IN': 2001:500:2::c#53
  16. Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
  17. Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
  18. Oct 13 10:31:06 ubuntu systemd[1]: Started BIND Domain Name Server.
  19. Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
  20. Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
  21. Oct 13 10:31:06 ubuntu named[5819]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
  22. Oct 13 10:31:06 ubuntu named[5819]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
  23. Oct 13 10:31:06 ubuntu named[5819]: resolver priming query complete: success

进入bind文件目录,DNS的配置目录

  1. root@ubuntu:~# cd /etc/bind
  2. root@ubuntu:/etc/bind# ls -l
  3. total 48
  4. -rw-r--r-- 1 root root 2403 Sep 19 11:21 bind.keys
  5. -rw-r--r-- 1 root root  237 Mar  8  2023 db.0
  6. -rw-r--r-- 1 root root  271 Aug 25  2020 db.127
  7. -rw-r--r-- 1 root root  237 Aug 25  2020 db.255
  8. -rw-r--r-- 1 root root  353 Aug 25  2020 db.empty
  9. -rw-r--r-- 1 root root  270 Aug 25  2020 db.local
  10. -rw-r--r-- 1 root bind  463 Mar  8  2023 named.conf
  11. -rw-r--r-- 1 root bind  498 Jun 25  2021 named.conf.default-zones
  12. -rw-r--r-- 1 root bind  165 Aug 25  2020 named.conf.local
  13. -rw-r--r-- 1 root bind  846 Jun 25  2021 named.conf.options
  14. -rw-r----- 1 bind bind  100 Oct 13 10:31 rndc.key
  15. -rw-r--r-- 1 root root 1317 Aug 25  2020 zones.rfc1918
  16. root@ubuntu:/etc/bind#

配置DNS解析转发,当本地解析查询不到时,转到别处解析

    forwarders {
                114.114.114.114;
                8.8.8.8;
         };

  1. root@ubuntu:/etc/bind# cp named.conf.options named.conf.options.bak
  2. root@ubuntu:/etc/bind# vi named.conf.options
  3.  
  4.  
  5.  
  6. options {
  7.         directory "/var/cache/bind";
  8.  
  9.         // If there is a firewall between you and nameservers you want
  10.         // to talk to, you may need to fix the firewall to allow multiple
  11.         // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
  12.  
  13.         // If your ISP provided one or more IP addresses for stable
  14.         // nameservers, you probably want to use them as forwarders.
  15.         // Uncomment the following block, and insert the addresses replacing
  16.         // the all-0's placeholder.
  17.  
  18.         forwarders {
  19.                 114.114.114.114;
  20.                 8.8.8.8;
  21.          };
  22.  
  23.         //========================================================================
  24.         // If BIND logs error messages about the root key being expired,
  25.         // you will need to update your keys.  See https://www.isc.org/bind-keys
  26.         //========================================================================
  27.         dnssec-validation auto;
  28.  
  29.         listen-on-v6 { any; };
  30. };

 重启服务

root@ubuntu:~# systemctl restart bind9

此时服务地址可作为DNS解析公网域名 

  1. root@ubuntu:~# host www.baidu.com
  2. www.baidu.com is an alias for www.a.shifen.com.
  3. www.a.shifen.com has address 180.101.50.188
  4. www.a.shifen.com has address 180.101.50.242
  5. www.a.shifen.com has IPv6 address 240e:e9:6002:15c:0:ff:b015:146f
  6. www.a.shifen.com has IPv6 address 240e:e9:6002:15a:0:ff:b05c:1278

配置正向解析

创建一个域,命名的方式都是以___.temporary的后缀。解析此域名时查找的文件路径中的文件。

zone "temporary"{
        type master;
        file "/etc/bind/db.temporary";
};
 

  1. root@ubuntu:/etc/bind# cp named.conf.local named.conf.local.bak
  2. root@ubuntu:/etc/bind# vi named.conf.local
  3.  
  4.  
  5. //
  6. // Do any local configuration here
  7. //
  8.  
  9. // Consider adding the 1918 zones here, if they are not used in your
  10. // organization
  11. //include "/etc/bind/zones.rfc1918";
  12. zone "temporary"{
  13.         type master;
  14.         file "/etc/bind/db.temporary";
  15. };

创建解析文件

从db.local 拷贝一份并命名为创建域时指定的文件名

root@ubuntu:/etc/bind# cp db.local db.temporary

在文件最后的位置添加需要解析的域名以及对应的IP地址

  1. ;
  2. ; BIND data file for local loopback interface
  3. ;
  4. $TTL    604800
  5. @       IN      SOA     localhost. root.localhost. (
  6.                               2         ; Serial
  7.                          604800         ; Refresh
  8.                           86400         ; Retry
  9.                         2419200         ; Expire
  10.                          604800 )       ; Negative Cache TTL
  11. ;
  12. @       IN      NS      localhost.
  13. @       IN      A       127.0.0.1
  14. @       IN      AAAA    ::1
  15. service1.temporary. IN A 10.20.0.1
  16. service2.temporary. IN A 10.20.0.2

 重启服务生效配置

root@ubuntu:~# systemctl restart bind9

正向解析可以正常使用

  1. root@ubuntu:/etc/bind# host service1.temporary
  2. service1.temporary has address 10.20.0.1
  3. root@ubuntu:/etc/bind# host service2.temporary
  4. service2.temporary has address 10.20.0.2

配置反向解析

在named.conf.local文件中 添加一个反向域,地址也是从后往前输入,域中的地址是反向解析的一部分,缺少的部分在解析文件中补齐就完成了。

比如一个地址10.20.0.1

把这个地址分成四段10、20、0、1

创建的域中是10.in-addr.arpa只有第一段

在解析文件中的反向补齐1.0.20

  1. root@ubuntu:/etc/bind# vi named.conf.local
  2.  
  3.  
  4. zone "10.in-addr.arpa"{
  5.         type master;
  6.         file "/etc/bind/db.10";
  7. };
  8.

创建解析文件

从db.127拷贝出文件命名db.10

对应named.conf.local反向解析域指定的文件名

root@ubuntu:/etc/bind# cp db.127 db.10

编辑db.10文件内容

在文件的末尾添加反向解析的地址及对应的域名

  1. ;
  2. ; BIND reverse data file for local loopback interface
  3. ;
  4. $TTL    604800
  5. @       IN      SOA     localhost. root.localhost. (
  6.                               1         ; Serial
  7.                          604800         ; Refresh
  8.                           86400         ; Retry
  9.                         2419200         ; Expire
  10.                          604800 )       ; Negative Cache TTL
  11. ;
  12. @       IN      NS      localhost.
  13. 1.0.20  IN      PTR     service1.temporary.
  14. 2.0.20  IN      PTR     service2.temporary.

重启服务

root@ubuntu:~# systemctl restart bind9

 反向解析完成

  1. root@ubuntu:/etc/bind# host 10.20.0.1
  2. 1.0.20.10.in-addr.arpa domain name pointer service1.temporary.
  3. root@ubuntu:/etc/bind# host 10.20.0.2
  4. 2.0.20.10.in-addr.arpa domain name pointer service2.temporary.

tip:

配置文件发生修改,需要重启bind服务

在本机验证域名系统时,需要修改本机DNS为127.0.0.1

外部访问时检查防火墙是否允许53端口

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/很楠不爱3/article/detail/579911
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号