主页

ubuntu 22.04 使用 bind9 搭建 DNS服务器

2024-01-17 11:39AM

参考:https://blog.csdn.net/weixin_48611962/article/details/133756636

https://blog.csdn.net/fenghaofhyy/article/details/127306193

1. 安装(-y参数中间不提示,直接安装完成)

meiyi@meiyi-Extensa-2511G:~$ sudo apt-get -y install bind9
[sudo] password for meiyi:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  bind9-utils
Suggested packages:
  bind-doc resolvconf
The following NEW packages will be installed:
  bind9 bind9-utils
0 upgraded, 2 newly installed, 0 to remove and 24 not upgraded.
Need to get 422 kB of archives.
After this operation, 1,663 kB of additional disk space will be used.
Get:1 http://mirrors.aliyun.com/ubuntu jammy-updates/main amd64 bind9-utils amd64 1:9.18.18-0ubuntu0.22.04.1 [161 kB]
Get:2 http://mirrors.aliyun.com/ubuntu jammy-updates/main amd64 bind9 amd64 1:9.18.18-0ubuntu0.22.04.1 [260 kB]
Fetched 422 kB in 1s (541 kB/s)
Selecting previously unselected package bind9-utils.
(Reading database ... 310730 files and directories currently installed.)
Preparing to unpack .../bind9-utils_1%3a9.18.18-0ubuntu0.22.04.1_amd64.deb ...
Unpacking bind9-utils (1:9.18.18-0ubuntu0.22.04.1) ...
Selecting previously unselected package bind9.
Preparing to unpack .../bind9_1%3a9.18.18-0ubuntu0.22.04.1_amd64.deb ...
Unpacking bind9 (1:9.18.18-0ubuntu0.22.04.1) ...
Setting up bind9-utils (1:9.18.18-0ubuntu0.22.04.1) ...
Setting up bind9 (1:9.18.18-0ubuntu0.22.04.1) ...
Adding group `bind' (GID 141) ...
Done.
Adding system user `bind' (UID 132) ...
Adding new user `bind' (UID 132) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
named-resolvconf.service is a disabled or a static unit, not starting it.
Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service.
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service.
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for ufw (0.36.1-4ubuntu0.1) ...
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Translations (main/i18n/Translation-en_GB) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Translations (main/i18n/Translation-zh_CN) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Packages (restricted/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Packages (restricted/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Packages (restricted/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Translations (restricted/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Translations (restricted/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Translations (restricted/i18n/Translation-en_GB) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target Translations (restricted/i18n/Translation-zh_CN) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11 (restricted/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11 (restricted/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11-icons-small (restricted/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11-icons (restricted/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target DEP-11-icons-hidpi (restricted/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target CNF (restricted/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50
W: Target CNF (restricted/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list:36 and /etc/apt/sources.list:50

 2. 查看服务状态,是否处于运行中

meiyi@meiyi-Extensa-2511G:~$ systemctl status bind9
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-01-17 09:43:41 CST; 1min 5s ago
       Docs: man:named(8)
    Process: 2757417 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 2757418 (named)
      Tasks: 10 (limit: 18996)
     Memory: 8.2M
        CPU: 67ms
     CGroup: /system.slice/named.service
             └─2757418 /usr/sbin/named -u bind

1月 17 09:43:41 meiyi-Extensa-2511G named[2757418]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
1月 17 09:43:41 meiyi-Extensa-2511G named[2757418]: network unreachable resolving './NS/IN': 2001:500:200::b#53
1月 17 09:43:42 meiyi-Extensa-2511G named[2757418]: network unreachable resolving './DNSKEY/IN': 2801:1b8:10::b#53
1月 17 09:43:42 meiyi-Extensa-2511G named[2757418]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
1月 17 09:43:42 meiyi-Extensa-2511G named[2757418]: managed-keys-zone: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 20326 is now trusted, waiving the normal 30-day waiting period.
1月 17 09:43:42 meiyi-Extensa-2511G named[2757418]: resolver priming query complete: success
1月 17 09:43:42 meiyi-Extensa-2511G named[2757418]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
1月 17 09:43:42 meiyi-Extensa-2511G named[2757418]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
1月 17 09:43:42 meiyi-Extensa-2511G named[2757418]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
1月 17 09:43:42 meiyi-Extensa-2511G named[2757418]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

3. 进入bind文件目录,DNS的配置目录

meiyi@meiyi-Extensa-2511G:~$ cd /etc/bind
meiyi@meiyi-Extensa-2511G:/etc/bind$ ls -l
total 48
-rw-r--r-- 1 root root 2403  9月 21 06:15 bind.keys
-rw-r--r-- 1 root root  237  9月 21 06:15 db.0
-rw-r--r-- 1 root root  271  4月 13  2023 db.127
-rw-r--r-- 1 root root  237  4月 13  2023 db.255
-rw-r--r-- 1 root root  353  4月 13  2023 db.empty
-rw-r--r-- 1 root root  270  4月 13  2023 db.local
-rw-r--r-- 1 root bind  463  9月 21 06:15 named.conf
-rw-r--r-- 1 root bind  498  4月 13  2023 named.conf.default-zones
-rw-r--r-- 1 root bind  165  4月 13  2023 named.conf.local
-rw-r--r-- 1 root bind  846  4月 13  2023 named.conf.options
-rw-r----- 1 bind bind  100  1月 17 09:43 rndc.key
-rw-r--r-- 1 root root 1317  4月 13  2023 zones.rfc1918

4. 全局配置

vim /etc/bind/named.conf.options

 但可以看到这个文件其他用户只有读权限,但没有写或执行权限,需要修改权限

sudo chmod 777 named.conf.options

然后在重新进入文件

vim /etc/bind/named.conf.options

修改配置

options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

  //DNS转发器。用于设定该DNS解析服务器无法进行当前域名解析的情况下,进行转发解析的DNS地址
  forwarders {
    223.5.5.5;
    223.6.6.6;
    //114.114.114.114;
  };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    listen-on-v6 { any; };
};

然后修改 /etc/bind/named.conf.local 文件的配置

vim /etc/bind/named.conf.local

也需要修改权限

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "demo.com" {   //正向解析
  type master;
  file "/etc/bind/db.demo.com";   //解析区域对应的配置文件
};
// 反向解析 .
zone "168.192.in-addr.arpa"  {
  type master;
  file "/etc/bind/db.168.192";
};

5.  正向解析配置

复制正向解析配置

cp db.0 db.demo.com

也需要修改 db.demo.com 文件的权限

vim /etc/bind/db.demo.com

 修改配置

;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@    IN    SOA    localhost. root.localhost. (
                  1        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    localhost.
@       IN      A       192.168.10.5
;@      IN      AAAA    ::1
* IN  A  192.168.10.10   ;泛解析

6. 反向解析配置

复制反向解析配置

cp db.127 db.168.192

 也需要修改 db.168.192 文件的权限

vim /etc/bind/db.168.192

 修改配置

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@    IN    SOA    localhost. root.localhost. (
                  1        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    localhost.
1.0.0    IN    PTR    localhost.
10 IN PTR demo.com   ;反向解析

 7. 测试

1) 检查正向解析

meiyi@meiyi-Extensa-2511G:/etc/bind$ named-checkzone demo.com /etc/bind/db.demo.com
zone demo.com/IN: loaded serial 1
OK

2) 检查反向解析

meiyi@meiyi-Extensa-2511G:/etc/bind$ named-checkzone 168.192.in-addr.arpa /etc/bind/db.168.192
zone 168.192.in-addr.arpa/IN: loaded serial 1
OK

3) 测试泛域名解析 

meiyi@meiyi-Extensa-2511G:/etc/bind$ service bind9 restart

4) linux测试  

meiyi@meiyi-Extensa-2511G:/etc/bind$ vim /etc/resolv.conf  #配置dns解析为当前服务器

也需要修改文件的权限

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

#nameserver 127.0.0.53
nameserver 192.168.10.5
options edns0 trust-ad
#search .
search demo

5)测试命令
因为是泛解析可以是任意 二级域名 a.demo.com b.demo.com 都可以

meiyi@meiyi-Extensa-2511G:/etc/bind$ dig www.demo.com

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> www.demo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49583
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 0ba31b027e340e5a0100000065a73f5e4fdac3358ce9cbe1 (good)
;; QUESTION SECTION:
;www.demo.com.            IN    A

;; ANSWER SECTION:
www.demo.com.        604800    IN    A    192.168.10.10

;; Query time: 4 msec
;; SERVER: 192.168.10.5#53(192.168.10.5) (UDP)
;; WHEN: Wed Jan 17 10:45:50 CST 2024
;; MSG SIZE  rcvd: 85

返回>>

登录

请登录后再发表评论。

评论列表:

目前还没有人发表评论