• 应用docker-bind搭建公有的DNS服务器,在整个内网集群中应用域名来治理服务器曾经进行服务配置
  • 以下阐明是基于Ubuntu20.04的,如果要构建在树莓派上运行的docker镜像,参考文章

配置与装置

本机DNS配置

sudo nano /etc/systemd/resolved.conf# 更改为以下内容# 假如docker-bind所在服务器IP地址为192.168.3.37[Resolve]DNS=192.168.3.37#FallbackDNS=#Domains=#LLMNR=no#MulticastDNS=no#DNSSEC=no#DNSOverTLS=no#Cache=noDNSStubListener=no#ReadEtcHosts=yessudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
  • 参考 怎么开释systemd-resoved应用的53端口

  • 配置后,此时/etc/resolv.conf的内容为

    # This file is managed by man:systemd-resolved(8). Do not edit.## This is a dynamic resolv.conf file for connecting local clients directly to# all known uplink DNS servers. This file lists all configured search domains.## Third party programs must not access this file directly, but only through the# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,# replace this symlink by a static file or a different symlink.## See man:systemd-resolved.service(8) for details about the supported modes of# operation for /etc/resolv.conf.nameserver 192.168.3.37nameserver 192.168.3.1
    • 第一个是咱们指定的bind构建的dns服务器
    • 第二个是本地的子网的网管的dns服务器
    • 留神先后顺序不能更改,如果内容并非如此的话,能够删除/etc/resolv.conf并从新执行sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
    • 如果并没有/run/systemd/resolve/resolv.conf文件,阐明执行了systemctl disable systemd-resolvedservice systemd-resolved stop,因而执行systemctl enable systemd-resolvedservice systemd-resolved start并重启即可

docker-bind装置

选定集群中用作搭建DNS服务器的服务器执行下列命令

# 在敞开本机解析服务之前拉取镜像docker pull sameersbn/bind:9.16.1-20200524# 应用docker容器部署bind服务docker run \ --name bind \ -d \--restart=always \--publish 53:53/tcp \--publish 53:53/udp \ --publish 10000:10000/tcp \ --volume docker-bind:/data \sameersbn/bind:9.16.1-20200524

docker-bind配置

  • 假如服务器IP地址为192.168.3.37,本地根域名为dev
  • 拜访Webmin治理界面,地址为:https://192.168.3.37:10000/,默认用户名:root,明码:password,相干设置如下:

  1. Servers → BIND DNS Server → Global Server Options → Access Control Lists,增加:

    1. allow-query any

  2. Servers → BIND DNS Server → Global Server Options → Forwarding and Transfers → Global forwarding and zone transfer options,增加转发dns服务器IP地址:

    1. 8.8.8.8
    2. 8.8.4.4
    3. 临时只增加了Google的DNS。增加其余的一些国内的DNS(如AliDNS),反而会有问题(ntp 服务器拜访失败等等)

  3. Servers → BIND DNS Server → Existing DNS Zones → Create Master Zone

    1. Zone type: Forward (Names to Addresses)
    2. Domain name / Network: dev
    3. Master server: a.dev
    4. Email address: admin@dev

  4. Servers → BIND DNS Server → Existing DNS Zones → Create Master Zone

    1. Zone type: Reverse (Addresses to Names)
    2. Domain name / Network: 192.168.3
    3. Master server: a.dev
    4. Email address: admin@dev

  5. Servers → BIND DNS Server → Existing DNS Zones → dev

    1. Address中增加DNS记录

      1. Name: a,Address: 192.168.3.37,点击Create,会主动增加并更新逆向地址记录

      2. 按需增加其余DNS记录

        1. 可能须要重启容器才会是新增加的DNS记录失效

    2. Servers → BIND DNS Server → Existing DNS Zones → dev→ Name Server确认存在域名服务器地址

      1. Zone Name: dev.
      2. Name Server: a.dev.

测试

更新本机nameservers设置,设定为服务器IP地址,并执行以下命令查看DNS服务器工作是否失常

nslookup www.baidu.comnslookup a.devnslookup b.dev

  • 如果呈现;; Got recursion not available from 192.168.3.37, trying next server的问题,执行下述操作(更不便的做法是依照文件的内容 在dashboard中进行批改:Servers → BIND DNS Server → Global Server Options → Edit Config File

    docker cp  bind:/etc/bind/named.conf.options ./docker cp  bind:/etc/bind/named.conf ./# 别离对两文件进行批改# named.confacl trusted {    192.168.0.0/16;    10.153.154.0/24;    localhost;    localnets;    };// This is the primary configuration file for the BIND DNS server named.//// Please read /usr/share/doc/bind9/README.Debian.gz for information on the// structure of BIND configuration files in Debian, *BEFORE* you customize// this configuration file.//// If you are just adding zones, please do that in /etc/bind/named.conf.localinclude "/etc/bind/named.conf.options";include "/etc/bind/named.conf.local";include "/etc/bind/named.conf.default-zones";# named.conf.optionsoptions {        directory "/var/cache/bind";        // If there is a firewall between you and nameservers you want        // to talk to, you may need to fix the firewall to allow multiple        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113        // If your ISP provided one or more IP addresses for stable        // nameservers, you probably want to use them as forwarders.        // Uncomment the following block, and insert the addresses replacing        // the all-0's placeholder.        // forwarders {        //      0.0.0.0;        // };        //========================================================================        // If BIND logs error messages about the root key being expired,        // you will need to update your keys.  See https://www.isc.org/bind-keys        //========================================================================        dnssec-validation auto;        listen-on-v6 { any; };        forwarders {                8.8.8.8;                8.8.4.4;                };        allow-query { any; };        allow-recursion { trusted; };        allow-query-cache { trusted; };};# 写回到容器中docker cp  ./named.conf.options bind:/etc/bind/named.conf.optionsdocker cp  ./named.conf bind:/etc/bind/named.conf# 重启容器docker restart bind
    • 参考 issue

参考

  1. sameersbn / docker-bind
  2. Setup Bind DNS Using Webmin on Debian 10
  3. 在CentOS 8上应用Webmin配置BIND DNS服务器
  4. DNS Forwarder and Transfer using Bind and Webmin
  5. BIND DNS Server
  6. DNS之BIND应用小结(Forward转发)