k8s-部署-02-DNS

k8s-部署-02-DNS

0、部署主机

10.4.7.10

1、bind软件安装

# 1.1、软件安装
yum install -y bind

 

 

2、配置文件修改

# 1.2、配置文件配置
[root@hdss7-11 network-scripts]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { 10.4.7.11; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        forwarders      { 10.4.7.254; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@hdss7-11 network-scripts]# 

# 1.3、named.rfc1912.zones 文件中添加标黄的配置文件
[root@hdss7-11 network-scripts]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

zone "host.com" IN {
        type  master;
        file  "host.com.zone";
        allow-update { 10.4.7.11; };
};

zone "od.com" IN {
        type  master;
        file  "od.com.zone";
        allow-update { 10.4.7.11; };
};


[root@hdss7-11 network-scripts]# 

# 3.4、添加od.com.zone配置文件
[root@hdss7-11 network-scripts]# cat /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@       IN SOA dns.od.com. dnsadmin.od.com. (
                2022040101 ; serial
                10800      ; refresh (3 hours)
                900        ; retry (15 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
                NS   dns.od.com.
$TTL 60 ; 1 minute
dns                A    10.4.7.11
[root@hdss7-11 network-scripts]# 
[root@hdss7-11 network-scripts]# pwd
/etc/sysconfig/network-scripts

 

3、服务启动及验证

# 1、文件检查
named-checkconf

# 2、服务启动
systemctl start named
systemctl status named

# 3、验证
netstat -lntup |grep 53
dig -t A hdss7-21.host.com @10.4.7.11 +short
dig -t A hdss7-200.host.com @10.4.7.11 +short
dig -t A hdss7-22.host.com @10.4.7.11 +short
dig -t A hdss7-12.host.com @10.4.7.11 +short

# 4、修改网卡DNS
[root@hdss7-11 network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=d2971a9a-8e22-455c-8197-3c4ce4ed70f9
DEVICE=ens33
ONBOOT=yes
IPADDR=10.4.7.11
NETMASK=255.255.255.0
GATEWAY=10.4.7.254
DNS1=10.4.7.11

# 5、重启网络
systemctl restart network
ping www.baidu.com

[root@hdss7-11 network-scripts]# cat /etc/resolv.conf
search host.com
nameserver 10.4.7.11


ping hdss7-200
ping hdss7-21
ping hdss7-22
ping hdss7-23
ping hdss7-11
ping hdss7-12
ping hdss7-200

  nslookup www.qq.com
  nslookup www.baidu.com
  nslookup www.jd.com