Bind是Berkeley Internet Name Domain Service的简写,它是一款实现DNS服务器的开放源码软件。Bind原本是美国DARPA资助伯克利大学(Berkeley)开设的一个研究生课题,后来经过多年的变化发展,已经成为世界上使用最为广泛的DNS服务器软件,目前Internet上半数以上的DNS服务器有都是用Bind来架设的。
环境:windows10 hyper-v centos7 x64
一,介绍
包名:bind
进程:named
协议:dns
使用端口:53(tcp,udp)
相关包:
bind-chroot:将named进程的活动范围限定在chroot目录,保证安全性。
bind-devel:与开发相关的头文件和库文件(编译安装bind时所需)
bind-libs:bind服务器端和客户端都使用到的公共库文件
bind-utils : bind客户端工具
程序文件:/usr/sbin/named
二,安装
yum install -y bind bind-utils
三,修改主配置文件
vim /etc/named.conf
下面是默认示例配置
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
修改默认配置如下
options {
listen-on port 53 { any; }; // 修改;
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; // 修改;
forwarders { 202.102.227.68; 8.8.8.8; }; //新增
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
四,追加域名解析入口
vim /etc/named.rfc1912.zones
下面是默认示例配置:
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
修改为(ip->域名,我用不到,就不配置了)
zone "ahoo.com" IN {
type master;
file "ahoo.com.zone";
allow-update { none; };
};
五,复制并修改域配置文件
[root@localhost ~]# cd /var/named
[root@localhost named]# ll
总用量 16
drwxrwx--- 2 named named 6 11月 25 00:38 data
drwxrwx--- 2 named named 6 11月 25 00:38 dynamic
-rw-r----- 1 root named 2253 4月 5 2018 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 11月 25 00:38 slaves
[root@localhost named]# cp named.localhost ahoo.com.zone
[root@localhost named]# ll
总用量 20
-rw-r----- 1 root root 152 2月 8 18:08 ahoo.com.zone
drwxrwx--- 2 named named 6 11月 25 00:38 data
drwxrwx--- 2 named named 6 11月 25 00:38 dynamic
-rw-r----- 1 root named 2253 4月 5 2018 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 11月 25 00:38 slaves
[root@localhost named]# chown named.named ahoo.com.zone
[root@localhost named]# ll
总用量 20
-rw-r----- 1 named named 152 2月 8 18:08 ahoo.com.zone
drwxrwx--- 2 named named 6 11月 25 00:38 data
drwxrwx--- 2 named named 6 11月 25 00:38 dynamic
-rw-r----- 1 root named 2253 4月 5 2018 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 11月 25 00:38 slaves
打开ahoo.com.zone
默认配置
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
修改为
$TTL 1D
@ IN SOA ns.ahoo.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.ahoo.com.
ns IN A 127.0.0.1
www IN A 172.26.29.103
重启服务
systemctl restart named
防火墙开启UDP 53端口,操作如下
[root@localhost named]# firewall-cmd --permanent --zone=public --add-port=53/udp
success
[root@localhost named]# firewall-cmd --reload
success
[root@localhost named]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports: 53/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
六,验证服务器是否配置成功
在服务器中使用dig命令
方法一:
格式为
dig -t A my-private-domain @dns-server-ip
如下
[root@localhost named]# dig -t A www.ahoo.com @172.26.29.103
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> -t A www.ahoo.com @172.26.29.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ahoo.com. IN A
;; ANSWER SECTION:
www.ahoo.com. 86400 IN A 172.26.29.103
;; AUTHORITY SECTION:
ahoo.com. 86400 IN NS ns.ahoo.com.
;; ADDITIONAL SECTION:
ns.ahoo.com. 86400 IN A 127.0.0.1
;; Query time: 0 msec
;; SERVER: 172.26.29.103#53(172.26.29.103)
;; WHEN: 二 2月 08 18:31:03 CST 2022
;; MSG SIZE rcvd: 90
方法二:
vim /etc/resolv.conf
将默认的nameserver改为自己创建的dns服务器IP
# Generated by NetworkManager
search mshome.net
nameserver 172.26.16.1
再使用查询命令
[root@localhost named]# dig -t NS www.ahoo.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> -t NS www.ahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44187
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ahoo.com. IN NS
;; AUTHORITY SECTION:
ahoo.com. 10800 IN SOA ns.ahoo.com. root.ahoo.com. 0 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.26.29.103#53(172.26.29.103)
;; WHEN: 二 2月 08 18:27:28 CST 2022
;; MSG SIZE rcvd: 85
七,宿主机验证端口是否联通
测试TCP端口连通性可以使用telnet
测试UDP端口连通性可以使用nc(netcat),我的windows10是没有nc命令的,所以需要自己配置,查看安装NC命令教程
接下来执行命令
PS C:\Windows\system32> nc -vuz 172.26.29.103 53
bogon [172.26.29.103] 53 (domain) open
PS C:\Windows\system32>
如果显示open,则表明是连通的
八,设置宿主机端口映射供局域网访问
先了解端口映射的添加,删除及显示列表命令
# 宿主机IP及端口映射到Hyper-v的IP及端口,前面的是宿主机的,后面的是Hyper-v的
netsh interface portproxy add v4tov4 listenport=80 listenaddress=192.168.32.109 connectaddress=172.26.29.103 connectport=80
# 删除端口映射条目,只提供宿主机IP及端口即可
netsh interface portproxy delete v4tov4 listenport=80 listenaddress=192.168.32.109
# 显示已设置的端口映射列表
netsh interface portproxy show v4tov4
或
netsh interface portproxy show all
鼠标右键以管理员身份运行打开PowerShell超级终端
操作如下
PS C:\Windows\system32> netsh interface portproxy add v4tov4 listenport=53 listenaddress=192.168.32.109 connectaddress=172.26.29.103 connectport=53
PS C:\Windows\system32> netsh interface portproxy show v4tov4
侦听 ipv4: 连接到 ipv4:
地址 端口 地址 端口
--------------- ---------- --------------- ----------
192.168.32.109 53 172.26.29.103 53
PS C:\Windows\system32> netsh interface portproxy delete v4tov4 listenport=53 listenaddress=192.168.32.109
PS C:\Windows\system32> netsh interface portproxy show v4tov4
PS C:\Windows\system32>
然后我用本期启动了一个热点,用一台本机电脑连接热点,执行nc命令,udp的53端口是不通的,使用telnet测试53端口通了,说明,上面的操作只转发了tcp的53端口
那么我们只能更换工具了sokit 选择win版本,启动后,该工具可以转发TCP和UDP
九,最后总结
经过测试,最好DNS服务,客户机,nginx最好在一个网关下,上面测试的网络环境比较复杂; (一台PC主机中,网络中有Hyper-v虚拟网关,热点虚拟网关,DNS服务在Hyper-v虚拟网关下,笔记本在虚拟热点网关下)
我最后在hyper-v下建了两个centos7服务器(一个负责dns,一个负责nginx),一个windows7,windows7网络的dns自定义到其中dns服务器地址,dns服务器设置www.ahoo.com 指向另一台nginx服务器,一次性就测试成功了!
