DNS
域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。DNS使用UDP端口53。当前,对于每一级域名长度的限制是63个字符,域名总长度则不能超过253个字符。
以上介绍摘录百度百科
检查
笔者linux以manjaro为主,ubuntu为辅
- ss 或者 netstat
ss -lnatup | grep 53
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=629,fd=12))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=629,fd=13))
udp UNCONN 0 0 *:53 *:* users:(("coredns",pid=759,fd=10))
tcp LISTEN 0 4096 *:53 *:* users:(("coredns",pid=759,fd=9))
tcp LISTEN 0 4096 *:9153 *:* users:(("coredns",pid=759,fd=8))
tcp ESTAB 0 0 [::ffff:192.168.1.101]:9153 [::ffff:192.168.1.244]:50854 users:(("coredns",pid=759,fd=11))
netstat -lnatup | grep 53
tcp6 0 0 :::53 :::* LISTEN 759/coredns
tcp6 0 0 :::9153 :::* LISTEN 759/coredns
tcp6 0 0 192.168.1.101:9153 192.168.1.244:50854 ESTABLISHED 759/coredns
udp 0 0 0.0.0.0:5353 0.0.0.0:* 629/avahi-daemon: r
udp6 0 0 :::5353 :::* 629/avahi-daemon: r
udp6 0 0 :::53 :::* 759/coredns
如果是ubuntu,一般模式是安装
选择
DNS软件
- coredns: 目前笔者使用为主
- bind
- dnsmasq: 以前在centos 和 openwrt上用的比较多,现在用的比较少了
- systemd-resolve: ubuntu系统默认的
DNS 测试工具
- dig: 笔记目前常用, 例如 dig @127.0.0.1 robot.local
- nslookup:
笔者选择coredns
安装
- 下载
安装coredns,
github.com/coredns/cor…
当前最新的release列表,选择linux amd64
下载linux平台amd64的tgz,并将可执行二进制coredns安装到 /usr/bin/coredns
curl -o /tmp/coredns.tgz "https://github.com/coredns/coredns/releases/download/v1.11.1/coredns_1.11.1_linux_amd64.tgz"
tar -xzvf /tmp/coredns.tgz
chmod +x /tmp/coredns
mv coredns /usr/bin/coredns
/usr/bin/coredns -v
- 待安装文件tree
coredns
├── coredns-log.conf #
├── coredns.service
├── coredns-sysusers.conf
├── coredns-tmpfiles.conf
└── Corefile
- 创建账号
sudo useradd coredns -s /sbin/nologin -c 'coredns running account'
- coredns.service
vi /usr/lib/systemd/system/coredns.service
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=/var/lib/coredns
ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
StandardOutput=append:/var/log/coredns.log
StandardError=append:/var/log/coredns.err.log
[Install]
WantedBy=multi-user.target
- 安装配置文件
mkdir -p /etc/logrotate.d /usr/lib/tmpfiles.d /usr/lib/sysusers.d /etc/coredns
- vi /etc/logrotate.d/coredns-log.conf
/var/log/coredns.log {
rotate 5
size 10M
compress
notifempty
}
/var/log/coredns.err.log {
rotate 5
size 10M
compress
notifempty
}
- vi /usr/lib/tmpfiles.d/coredns-tmpfiles.conf
d /var/lib/coredns 0755 coredns coredns -
- vi /usr/lib/sysusers.d/coredns-sysusers.conf
u coredns - "CoreDNS is a DNS server that chains plugins" /var/lib/coredns
- vi /etc/coredns/Corefile, 注意forward . /etc/resolv.conf使用不当容易造成死循环
.:53 {
bind 0.0.0.0
cache 3600
rewrite stop type AAAA A
loadbalance
hosts /etc/coredns/core.hosts {
fallthrough
}
forward . /etc/resolv.conf {
prefer_udp
}
errors
health
prometheus :9153
reload 30s
log . "{remote} - [{when}] {>id} {type} {class} {name} {proto} {size} {>do} {>bufsize} {rcode} {>rflags} {rsize} {duration}"
loop
}
- vi /etc/coredns/core.hosts
192.168.1.101 robot.local
- 设置默认启用
systemctl daemon-reload
systemctl enable coredns
systemctl start coredns
systemctl status coredns
测试
- 安装测试工具
pacman -Sy dnsutils
dig @127.0.0.1 robot.local # 测试后的 对应的结果为 192.168.1.101
配置docker的dns
- vi /etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "300M",
"max-file": "3"
},
"dns": [ "192.168.1.101" ],
"registry-mirrors":
[
"https://docker.m.daocloud.io",
"https://noohub.ru",
"https://huecker.io",
"https://dockerhub.timeweb.cloud"
],
"experimental": true
}
注意:daemon.json中的dns中的dns,默认端口53
- 生效
systemctl restart docker
测试docker容器
docker run --rm clibing/alpine ping -c 5 robot.local
查看结果显示ip地址为192.168.1.101
