ICode9

精准搜索请尝试: 精确搜索
首页 > 其他分享> 文章详细

内网DNS服务器搭建说明

2021-07-15 12:33:49  阅读:503  来源: 互联网

标签:P2 DNS 内网 53 https coredns 服务器 local


内网DNS服务器搭建说明

搭建目标

  1. 内外网均可访问
  2. 支持自定义域名

技术选型

主要备选方案为小米开源的SmartDNS和云原生毕业的CoreDNS。经过多方考量,最终选用云原生出品的CoreDNS,

github地址:https://github.com/coredns/coredns

官方网站:https://coredns.io/

本次主要使用的插件:https://coredns.io/plugins/hosts/

部署过程

1、挑机器

选用一台性能较好的服务器,最好CPU和内存高点的。建议配置:8C/8G/200G (CPU/内存/磁盘)

2、下载安装包

从Github上下载服务器系统类型对应的二进制安装包,具体链接地址为:https://github.com/coredns/coredns/releases/tag/v1.8.4

这里演示使用的Centos7.9,所以下载的是:coredns_1.8.4_linux_amd64.tgz

3、释放安装包

# 上传安装包coredns_1.8.4_linux_amd64.tgz 到服务器的/root目录下

# 新建目录
mkdir -p /usr/local/coredns  

# 新建用户
useradd coredns -s /sbin/nologin

# 释放安装包
tar -xvf coredns_1.8.4_linux_amd64.tgz -C /usr/local/coredns

4、添加转发规则配置

规则说明:

local:53,所有请求域名以“ local ”结尾的去找/usr/local/coredns/hosts 文件做解析

.:53,除了上面两个规则外的其他所有请求被转发到公网的DNS去做解析

vim /usr/local/coredns/Corefile
# 新增
local:53 {
    hosts /usr/local/coredns/hosts
    log
}

.:53 {
    forward . 8.8.8.8:53 114.114.114.114:53 1.1.1.1:53 223.5.5.5:53 223.6.6.6:53 
    log
}

5、添加本地域名映射文件

vim /usr/local/coredns/hosts
# 新增
10.3.1.1     dev.gis4.local
10.3.1.48    dev.gis7.local
10.3.1.40    test.gis4.local
10.3.1.47    prod.gis4.local

6、添加开机自启配置

vim /etc/systemd/system/coredns.service
# 新增

[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
ExecStart=/usr/local/coredns/coredns -conf=/usr/local/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target

7、启动服务

systemctl start  coredns
systemctl enable coredns
systemctl status coredns

8、测试域名

若机器上无法使用dig命令,可以yum安装下:yum -y install bind-utils

dig命令用法:https://man.linuxde.net/dig

# 先在内网DNS服务器的做本地测试
[root@localhost coredns]# dig @localhost a dev.gis7.local

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> @localhost a dev.gis7.local
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29437
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dev.gis7.local.                        IN      A

;; ANSWER SECTION:
dev.gis7.local.         3600    IN      A       10.3.1.48  # 可以看到这里能解析出来

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Jul 15 11:39:27 CST 2021
;; MSG SIZE  rcvd: 73

[root@localhost coredns]# dig @localhost a baidu.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> @localhost a baidu.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22204
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com.                     IN      A

;; ANSWER SECTION:
baidu.com.              419     IN      A       39.156.69.79
baidu.com.              419     IN      A       220.181.38.148  # 可以看到这里能解析出来

;; Query time: 15 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Jul 15 11:39:37 CST 2021
;; MSG SIZE  rcvd: 88

[root@localhost coredns]#


# 再到其他服务器或客户端机器上测试
# 1)修改测试机器的DNS
[root@data_service_79 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens192 # 我这里网卡名是ens192,这个名不是固定的,需要写自己的
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens192"
UUID="683fa800-8436-4394-bb39-9974b9a621eb"
DEVICE="ens192"
ONBOOT="yes"
#ARPCHECK="no"
IPADDR="10.0.1.79"
PREFIX="24"
GATEWAY="10.0.1.1"
DNS1="10.1.6.221"     # 这里就是我搭建的内网DNS

# 2)重启网卡
[root@data_service_79 ~]# systemctl restart network  # 如果无法重启成功或生效,就重启机器:sync;reboot

# 3)确认DNS
[root@data_service_79 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.1.6.221  # 可以看到我这里已经生效了,使用的是我新搭建的内网DNS
# 4)ping测试
[root@data_service_79 ~]# ping prod.gis4.local
PING prod.gis4.local (10.3.1.47) 56(84) bytes of data.
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=1 ttl=63 time=0.297 ms
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=2 ttl=63 time=0.267 ms
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=3 ttl=63 time=0.410 ms
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=4 ttl=63 time=0.267 ms
^C
--- prod.gis4.local ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.267/0.310/0.410/0.060 ms
[root@data_service_79 ~]#
# 5)dig 测试
[root@data_service_79 ~]# dig @10.1.6.221 a baidu.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> @10.1.6.221 a baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16514
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com.                     IN      A

;; ANSWER SECTION:
baidu.com.              475     IN      A       39.156.69.79
baidu.com.              475     IN      A       220.181.38.148 # 可以看到这里是能正常解析出来的

;; Query time: 160 msec
;; SERVER: 10.1.6.221#53(10.1.6.221)
;; WHEN: Thu Jul 15 11:51:59 CST 2021
;; MSG SIZE  rcvd: 88

[root@data_service_79 ~]# dig @10.1.6.221 a prod.gis4.local 

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> @10.1.6.221 a prod.gis4.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26422
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;prod.gis4.local.               IN      A

;; ANSWER SECTION:
prod.gis4.local.        3600    IN      A       10.3.1.47  # 可以看到这里是能正常解析出来的

;; Query time: 3 msec
;; SERVER: 10.1.6.221#53(10.1.6.221)
;; WHEN: Thu Jul 15 11:52:13 CST 2021
;; MSG SIZE  rcvd: 75

[root@data_service_79 ~]#
# 6)停掉coredns服务,再做测试

# 内网DNS服务器上操作
[root@localhost coredns]# systemctl stop coredns
[root@localhost coredns]# systemctl status coredns
● coredns.service - CoreDNS DNS server
   Loaded: loaded (/etc/systemd/system/coredns.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2021-07-15 11:53:52 CST; 7s ago
     Docs: https://coredns.io
  Process: 38375 ExecStart=/usr/local/coredns/coredns -conf=/usr/local/coredns/Corefile (code=exited, status=0/SUCCESS)
 Main PID: 38375 (code=exited, status=0/SUCCESS)

Jul 15 11:52:36 localhost coredns[38375]: [INFO] 10.0.1.79:52526 - 48115 "A IN data_service_79. udp 33 false 512" NXDOMAIN qr,aa,rd,ra 108 0.004676304s
Jul 15 11:52:36 localhost coredns[38375]: [INFO] 10.0.1.79:52526 - 11505 "AAAA IN data_service_79. udp 33 false 512" NXDOMAIN qr,rd,ra 108 0.042498846s
Jul 15 11:52:55 localhost coredns[38375]: [INFO] 10.0.1.79:37312 - 26245 "PTR IN 79.1.0.10.in-addr.arpa. udp 40 false 512" NXDOMAIN qr,rd,ra 135 0.081115373s
Jul 15 11:52:56 localhost coredns[38375]: [INFO] 10.0.1.79:42550 - 491 "AAAA IN data_service_79.localdomain. udp 45 false 512" NXDOMAIN qr,rd,ra 120 0.026442575s
Jul 15 11:52:56 localhost coredns[38375]: [INFO] 10.0.1.79:42550 - 26354 "A IN data_service_79.localdomain. udp 45 false 512" NXDOMAIN qr,rd,ra 120 0.03522113s
Jul 15 11:52:56 localhost coredns[38375]: [INFO] 10.0.1.79:55391 - 34553 "AAAA IN data_service_79. udp 33 false 512" NXDOMAIN qr,rd,ra 108 0.008096419s
Jul 15 11:52:56 localhost coredns[38375]: [INFO] 10.0.1.79:55391 - 41700 "A IN data_service_79. udp 33 false 512" NXDOMAIN qr,rd,ra 108 0.060995755s
Jul 15 11:53:04 localhost coredns[38375]: [INFO] 10.0.1.79:51629 - 50457 "PTR IN 79.1.0.10.in-addr.arpa. udp 40 false 512" NXDOMAIN qr,aa,rd,ra 105 2.031695577s
Jul 15 11:53:52 localhost systemd[1]: Stopping CoreDNS DNS server...
Jul 15 11:53:52 localhost systemd[1]: Stopped CoreDNS DNS server.

# 测试机器上操作
[root@data_service_79 ~]# dig @10.1.6.221 a prod.gis4.local  # 可以看到卡住不动,没法解析了


^C[root@data_service_79 ~]# ping prod.gis4.local  # 也卡住几秒后就说没法解析
ping: prod.gis4.local: Name or service not known
[root@data_service_79 ~]#

# 再启动coredns服务,再测
[root@localhost coredns]# systemctl start  coredns
[root@data_service_79 ~]# ping prod.gis4.local  # 可以看到马上就好了
PING prod.gis4.local (10.3.1.47) 56(84) bytes of data.
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=1 ttl=63 time=0.261 ms
64 bytes from 10.3.1.47 (10.3.1.47): icmp_seq=2 ttl=63 time=0.392 ms
^C
--- prod.gis4.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.261/0.326/0.392/0.067 ms

参考资料

https://coredns.io/plugins/hosts/

https://github.com/coredns/coredns

https://zh.codeprj.com/blog/b1ea7c1.html

https://blog.csdn.net/wu_weijie/article/details/104781887

https://guiyunweb.com/archives/%E6%90%AD%E5%BB%BA%E5%86%85%E7%BD%91dns%E6%9C%8D%E5%8A%A1%E5%99%A8

标签:P2,DNS,内网,53,https,coredns,服务器,local
来源: https://blog.csdn.net/weixin_39805802/article/details/118756613

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有