关于dns:使用dockerbind搭建DNS服务器

45次阅读

共计 4442 个字符,预计需要花费 12 分钟才能阅读完成。

  • 应用 docker-bind 搭建公有的 DNS 服务器,在整个内网集群中应用域名来治理服务器曾经进行服务配置
  • 以下阐明是基于 Ubuntu20.04 的,如果要构建在树莓派上运行的 docker 镜像,参考文章

配置与装置

本机 DNS 配置

sudo nano /etc/systemd/resolved.conf

# 更改为以下内容
# 假如 docker-bind 所在服务器 IP 地址为 192.168.3.37
[Resolve]
DNS=192.168.3.37
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no
DNSStubListener=no
#ReadEtcHosts=yes

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
  • 参考 怎么开释 systemd-resoved 应用的 53 端口
  • 配置后,此时 /etc/resolv.conf 的内容为

    # This file is managed by man:systemd-resolved(8). Do not edit.
    #
    # This is a dynamic resolv.conf file for connecting local clients directly to
    # all known uplink DNS servers. This file lists all configured search domains.
    #
    # Third party programs must not access this file directly, but only through the
    # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
    # replace this symlink by a static file or a different symlink.
    #
    # See man:systemd-resolved.service(8) for details about the supported modes of
    # operation for /etc/resolv.conf.
    
    nameserver 192.168.3.37
    nameserver 192.168.3.1
    • 第一个是咱们指定的 bind 构建的 dns 服务器
    • 第二个是本地的子网的网管的 dns 服务器
    • 留神先后顺序不能更改,如果内容并非如此的话,能够删除 /etc/resolv.conf 并从新执行sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
    • 如果并没有 /run/systemd/resolve/resolv.conf 文件,阐明执行了 systemctl disable systemd-resolvedservice systemd-resolved stop,因而执行 systemctl enable systemd-resolvedservice systemd-resolved start并重启即可

docker-bind 装置

选定集群中用作搭建 DNS 服务器的服务器执行下列命令

# 在敞开本机解析服务之前拉取镜像
docker pull sameersbn/bind:9.16.1-20200524
# 应用 docker 容器部署 bind 服务
docker run \ 
--name bind \ 
-d \
--restart=always \
--publish 53:53/tcp \
--publish 53:53/udp \ 
--publish 10000:10000/tcp \ 
--volume docker-bind:/data \
sameersbn/bind:9.16.1-20200524

docker-bind 配置

  • 假如服务器 IP 地址为192.168.3.37,本地根域名为dev
  • 拜访 Webmin 治理界面,地址为:https://192.168.3.37:10000/,默认用户名:root,明码:password,相干设置如下:
  1. Servers → BIND DNS Server → Global Server Options → Access Control Lists,增加:

    1. allow-query any
  2. Servers → BIND DNS Server → Global Server Options → Forwarding and Transfers → Global forwarding and zone transfer options,增加转发 dns 服务器 IP 地址:

    1. 8.8.8.8
    2. 8.8.4.4
    3. 临时只增加了 Google 的 DNS。增加其余的一些国内的 DNS(如 AliDNS),反而会有问题(ntp 服务器拜访失败等等)
  3. Servers → BIND DNS Server → Existing DNS Zones → Create Master Zone

    1. Zone type: Forward (Names to Addresses)
    2. Domain name / Network: dev
    3. Master server: a.dev
    4. Email address: admin@dev
  4. Servers → BIND DNS Server → Existing DNS Zones → Create Master Zone

    1. Zone type: Reverse (Addresses to Names)
    2. Domain name / Network: 192.168.3
    3. Master server: a.dev
    4. Email address: admin@dev
  5. Servers → BIND DNS Server → Existing DNS Zones → dev

    1. Address 中增加 DNS 记录

      1. Name: a,Address: 192.168.3.37,点击 Create,会主动增加并更新逆向地址记录
      2. 按需增加其余 DNS 记录

        1. 可能须要重启容器才会是新增加的 DNS 记录失效
    2. Servers → BIND DNS Server → Existing DNS Zones → dev→ Name Server 确认存在域名服务器地址

      1. Zone Name: dev.
      2. Name Server: a.dev.

测试

更新本机 nameservers 设置,设定为服务器 IP 地址,并执行以下命令查看 DNS 服务器工作是否失常

nslookup www.baidu.com
nslookup a.dev
nslookup b.dev
  • 如果呈现 ;; Got recursion not available from 192.168.3.37, trying next server 的问题,执行下述操作(更不便的做法是依照文件的内容 在 dashboard 中进行批改:Servers → BIND DNS Server → Global Server Options → Edit Config File

    docker cp  bind:/etc/bind/named.conf.options ./
    docker cp  bind:/etc/bind/named.conf ./
    
    # 别离对两文件进行批改
    # named.conf
    
    acl trusted {
        192.168.0.0/16;
        10.153.154.0/24;
        localhost;
        localnets;
        };
    // This is the primary configuration file for the BIND DNS server named.
    //
    // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
    // structure of BIND configuration files in Debian, *BEFORE* you customize
    // this configuration file.
    //
    // If you are just adding zones, please do that in /etc/bind/named.conf.local
    
    include "/etc/bind/named.conf.options";
    include "/etc/bind/named.conf.local";
    include "/etc/bind/named.conf.default-zones";
    
    # named.conf.options
    options {
            directory "/var/cache/bind";
    
            // If there is a firewall between you and nameservers you want
            // to talk to, you may need to fix the firewall to allow multiple
            // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
    
            // If your ISP provided one or more IP addresses for stable
            // nameservers, you probably want to use them as forwarders.
            // Uncomment the following block, and insert the addresses replacing
            // the all-0's placeholder.
    
            // forwarders {
            //      0.0.0.0;
            // };
    
            //========================================================================
            // If BIND logs error messages about the root key being expired,
            // you will need to update your keys.  See https://www.isc.org/bind-keys
            //========================================================================
            dnssec-validation auto;
    
            listen-on-v6 {any;};
            forwarders {
                    8.8.8.8;
                    8.8.4.4;
                    };
            allow-query {any;};
            allow-recursion {trusted;};
            allow-query-cache {trusted;};
    };
    
    # 写回到容器中
    docker cp  ./named.conf.options bind:/etc/bind/named.conf.options
    docker cp  ./named.conf bind:/etc/bind/named.conf
    # 重启容器
    docker restart bind
    • 参考 issue

参考

  1. sameersbn / docker-bind
  2. Setup Bind DNS Using Webmin on Debian 10
  3. 在 CentOS 8 上应用 Webmin 配置 BIND DNS 服务器
  4. DNS Forwarder and Transfer using Bind and Webmin
  5. BIND DNS Server
  6. DNS 之 BIND 应用小结(Forward 转发)

正文完
 0