2021搭建K8S之bind9 DNS 的建立
1.基础环境准备:
[root@localhost ~]# hostnamectl set-hostname msjfkg-110-197.host.com
[root@msjfkg-110-197 ~]# getenforce
Disabled
[root@msjfkg-110-197 ~]# uname -a
Linux msjfkg-110-197.host.com 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@msjfkg-110-197 ~]#
[root@msjfkg-110-197 ~]# systemctl status firewalld
调整yum源
安装epel-release:
[root@msjfkg-110-197 ~]# yum install -y epel-release
安装必要的工具:
[root@msjfkg-110-197 ~]# yum install wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils -y
DNS服务初始化
安装bind9软件
[root@msjfkg-110-197 ~]# yum install -y bind
配置bind [root@hdss7-11 ~]# vi /etc/named.conf # BIND进程的工作属性,区域的定义 13 listen-on port 53 { 192.168.154.11; }; # 监听本机IP 14 listen-on-v6 port 53 { ::1; }; # 删除,不监听IPV6 20 allow-query { any; }; # 允许所有主机查看 21 forwarders { 192.168.154.2; }; # 办公网上一级的DNS 33 recursion yes; # dns采用递归的查询 35 dnssec-enable no; # 关闭,节省资源(生产可能不需要关闭) 36 dnssec-validation no; # 关闭,节省资源,不做互联网认证 检查配置文件是否正确 [root@hdss7-11 ~]# named-checkconf [root@hdss7-11 ~]# echo $? 0 配置区域配置文件 [root@hdss7-11 ~]# vi /etc/named.rfc1912.zones # 最后添加 zone "host.com" IN { type master; file "host.com.zone"; allow-update { 192.168.154.11; }; }; zone "od.com" IN { type master; file "od.com.zone"; allow-update { 192.168.154.11; }; }; 配置区域数据文件 [root@hdss7-11 ~]# vi /var/named/host.com.zone $ORIGIN host.com. $TTL 600 ; 10 minutes # 过期时间2019.12.09+01序号 @ IN SOA dns.host.com. dnsadmin.host.com. ( # 区域授权文件的开始,OSA记录,dnsadmin.host.com为邮箱 2019120901 ; serial # 安装的当天时间 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.host.com. # NS记录 $TTL 60 ; 1 minute dns A 192.168.154.11 # A记录 HDSS7-11 A 192.168.154.11 HDSS7-12 A 192.168.154.12 HDSS7-21 A 192.168.154.21 HDSS7-22 A 192.168.154.22 HDSS7-200 A 192.168.154.200 [root@hdss7-11 ~]# vi /var/named/od.com.zone $ORIGIN od.com. $TTL 600 ; 10 minutes @ IN SOA dns.od.com. dnsadmin.od.com. ( 2019120901 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.od.com. $TTL 60 ; 1 minute dns A 192.168.153.11 检查配置文件是否正确 [root@hdss7-11 ~]# named-checkconf [root@hdss7-11 ~]# echo $? 0 检测区域数据文件 [root@hdss7-11 named]# named-checkzone "host.com" /var/named/host.com.zone zone host.com/IN: loaded serial 2019121001 OK [root@hdss7-11 named]# named-checkzone "od.com" /var/named/od.com.zone zone od.com/IN: loaded serial 2019120901 OK 更改文件的属组,权限 [root@hdss7-11 named]# chown root:named /var/named/host.com.zone [root@hdss7-11 named]# chown root:named /var/named/od.com.zone [root@hdss7-11 named]# chmod 640 /var/named/host.com.zone [root@hdss7-11 named]# chmod 640 /var/named/od.com.zone 启动named [root@hdss7-11 named]# systemctl restart named [root@hdss7-11 named]# systemctl enable named 查看启动端口 [root@hdss7-11 named]# netstat -luntp | grep 53 验证解析 [root@hdss7-11 named]# dig -t A hdss7-21.host.com @192.168.153.11 +short 192.168.153.21 [root@hdss7-11 named]# dig -t A hdss7-200.host.com @192.168.153.11 +short 更改客户端dns [root@hdss7-11 named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 DNS1="192.168.153.11" [root@hdss7-11 named]# systemctl restart network [root@hdss7-11 named]# cat /etc/resolv.conf # Generated by NetworkManager search host.com nameserver 192.168.153.11 [root@hdss7-11 named]# ping hdss7-21.host.com 添加主机域search host.com使用短域名 [root@hdss7-11 named]# cat /etc/resolv.conf # Generated by NetworkManager search host.com [root@hdss7-11 named]# ping hdss7-21 更改所有主机的DNS,重启网卡 # vi /etc/sysconfig/network-scripts/ifcfg-ens33 DNS1="192.168.153.11" # systemctl restart network 将虚拟机的网卡DNS也改成192.168.153.11 IPV4 -- 高级 -- 越点改成20 将本机的网卡DNS也改成192.168.153.11 IPV4 -- 高级 -- 越点改成20
