搭建一个简单的DNS为了更方便清楚的理解DNS的作用,通过搭建一个简单的DNS服务来学习。在设置之前,先简单了解一下DNS的工作原理。客户端将访问的域名传递给DNS服务器a。如果有记录,则将IP传递给客户端。如果DNS服务器a没有记录,就会递归访问其他服务器。先访问根域根域会将匹配的一级域名DNS服务器b地址传给DNS服务器aDNS服务器a再访问DNS服务器b,DNS服务器b再将匹配的二级域名DNS服务器c传递给DNS服务器aDNS服务器a再访问DNS服务器c,重复上述3、4步骤,DNS服务器a获取客户端要访问的域名的ip地址,传给客户端,并留下记录未来的访问。简单模拟一个DNS工作1.准备两个终端,client和server。这里我使用Centos6.9作为客户端,Centos7.3作为服务端。2.在服务端安装bind(提供DNS服务的软件)[root@centos7named]#yum-yinstallbindLoadedplugins:fastestmirror,langpacksLoadingmirrorspeedsfromcachedhostfile*base:mirrors.163.com*extras:mirrors.163.com*updates:mirrors.btte。netResolvingDependencies-->Runningtransactioncheck--->Packagebind.x86_6432:9.9.4-50.el7_3.1willbeinstalled-->FinishedDependencyResolutionDependenciesResolved==================================================================================================PackageArchVersionRepositorySize================================================================================================安装:bindx86_6432:9.9.4-50.el7_3.1updates1.8MTransactionSummary==================================================================================================安装1个包总下载量:1.8M安装量:4.3MDownloadingpackages:bind-9.9.4-50.el7_3.1.x86_64.rpm|1.8MB00:00:01RunningtransactioncheckRunningtransactiontestTransactiontestsucceededRunningtransactionInstalling:32:bind-9.9.4-50.el7_3.1.x86_641/1Verifying:32:bind-9.9.4-50.el7_3.1.x86_641/1Installed:bind.x86_6432:9.9.4-50.el7_3。1完成!`3。关闭linux安全策略和防火墙1).Server–Centos7sed-i's/SELINUX=enforcing/SELINUX=permissive/g'/etc/selinux/configiptables-Fsystemctldisablefirewalldsystemctlstopfirewalld2).Client–Centos6sed-i's/SELINUX=enforcing/SELINUX=permissive/g'/etc/selinux/configchkconfigiptablesoffserviceiptablesstop检查selinux安全策略是否修改为“允许”cat/etc/selinux/config4.启动DNS服务器systemctlstartnamedsystemctlenablenamed,启动后确认端口开放(默认端口号为53)ss-nutl将服务器端口53绑定到所有服务器ipcd-p/etc/named.conf{,.bak}(需要修改附带文件,建议先备份)vim/etc/named.conf修改listen-Onport53{localhost;},把localhost改成any或者0.0.0.0或者把整行vim/etc/sysconfig/network-scripts/ifcfg-ens33注释掉,在最后一行加上DNS1=127.0.0.1重启服务(配置文件生效)systemctlrestartnetwork在客户端(Centos6)配置DNS,指向服务器DNS(Centos7)vim/etc/sysconfig/network-scripts/ifcfg-eth0***加上DNS1=172.16.0.24(DNS)systemctlrestartnetwork在服务器(Centos7)上配置DNS,允许本地以外的地址访问vim/etc/named.conf修改allow-query{localhost;any;};改成any或者0.0.0.0或者在客户端注释整行(Centos6)尝试连接外网[root@centos6~]#digwww.baidu.com;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2<<>>www.baidu.com;;globaloptions:+cmd;;Goanswer:;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:59143;;flags:qrrdra;QUERY:1,ANSWER:3,AUTHORITY:5,ADDITIONAL:5;;问题部分:;www.baidu.com.INA;;答案部分:www.baidu.com.347INCNAMEwww.a.shifen.com.www.a.shifen.com.43INA61.135.169.121www.a.shifen.com.43INA61.135.169.125;;AUTHORITYSECTION:a.shifen.com.254INNSns1.a.shifen.com.a.shifen.com.254INNSns3.a.shifen.com.a.shifen.com.254INNSns5.a.shifen.com.a.shifen.com.254INNSns2.a.shifen.com.a.shifen.com.254INNSns4.a.shifen.com.;;ADDITIONALSECTION:ns1.a.shifen.com.254INA61.135.165.224ns2.a.shifen.com.254INA180.149.133.241ns3.a.shifen.com.254INA61.135.162.215ns4.a.shifen.com.254INA115.239.210.176ns5.a.shifen.com.254INA119.75.222.17;;查询时间:1毫秒;;服务器:172.16.0.1#53(172.16.0.1);;时间:MonJul2414:16:162017;;MSGSIZercvd:260
