DNS（Domain Name System，域名系统），万维网上作为域名和IP地址相互映射的一个分布式数据库，能够使用户更方便的访问互联网，而不用去记住能够被机器直接读取的IP数串。通过域名，最终得到该域名对应的IP地址的过程叫做域名解析（或主机名解析）。DNS协议运行在UDP协议之上，使用端口号53。

/etc/resolv.conf它是DNS客户机配置文件，用于设置DNS服务器的IP地址及DNS域名，还包含了主机的域名搜索顺序。该文件是由域名解析 器（resolver，一个根据主机名解析IP地址的库）使用的配置文件。它的格式很简单，每行以一个关键字开头，后接一个或多个由空格隔开的参数。

resolv.conf的关键字主要有四个，分别是：nameserver    //定义DNS服务器的IP地址domain       //定义本地域名search        //定义域名的搜索列表sortlist        //对返回的域名进行排序下面我们给出一个/etc/resolv.conf的示例：domain  51osos.comsearch  www.51osos.com  51osos.comnameserver 202.102.192.68nameserver 202.102.192.69最主要是nameserver关键字，如果没指定nameserver就找不到DNS服务器，其它关键字是可选的。nameserver表示解析域名时使用该地址指定的主机为域名服务器。其中域名服务器是按照文件中出现的顺序来查询的,且只有当第一个nameserver没有反应时才查询下面的nameserver。domain　　　声明主机的域名。很多程序用到它，如邮件系统；当为没有域名的主机进行DNS查询时，也要用到。如果没有域名，主机名将被使用，删除所有在第一个点( .)前面的内容。search　　　它的多个参数指明域名查询顺序。当要查询没有域名的主机，主机将在由search声明的域中分别查找。domain和search不能共存；如果同时存在，后面出现的将会被使用。sortlist　　允许将得到域名结果进行特定的排序。它的参数为网络/掩码对，允许任意的排列顺序。 “search domainname.com”表示当提供了一个不包括完全域名的主机名时，在该主机名后添加domainname.com的后 缀；“nameserver”表示解析域名时使用该地址指定的主机为域名服务器。其中域名服务器是按照文件中出现的顺序来查询的。其中domainname和search可同时存在，也可只有一个；nameserver可指定多个

前提准备：

一台centos7做服务器，两张网卡（桥接and仅主机），一台centos6做客户端，仅主机

A、搭建DNS服务器：

1、[root@centos7 ~]# yum install bind

Loaded plugins: fastestmirror, langpacks

Loading mirror speeds from cached hostfileResolving DependenciesInstalled:bind.x86_64 32:9.9.4-72.el7 Dependency Installed:python-ply.noarch 0:3.4-11.el7 Complete!2、[root@centos7 ~]# rpm -ql bind/etc/logrotate.d/named/etc/named/etc/named.conf/etc/named.iscdlv.key/etc/named.rfc1912.zones/etc/named.root.key/etc/rndc.conf/etc/rndc.key/etc/rwtab.d/named/etc/sysconfig/named/run/named/var/log/named.log/var/named/var/named/data/var/named/dynamic/var/named/named.ca/var/named/named.empty/var/named/named.localhost/var/named/named.loopback/var/named/slaves3、[root@centos7 ~]# rpm -qa "bind*"bind-libs-lite-9.9.4-72.el7.x86_64bind-license-9.9.4-72.el7.noarchbind-9.9.4-72.el7.x86_64bind-libs-9.9.4-72.el7.x86_64bind-utils-9.9.4-72.el7.x86_644、数据库存放于 /var/named 下 ，且系统默认named已安装，5、查看named的状态且启动该服务：[root@centos7 ~]# systemctl status named● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: inactive (dead)[root@centos7 ~]# systemctl start named[root@centos7 ~]# 6、查看IP，有IP即可上网[root@centos7 ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:87:73:17 brd ff:ff:ff:ff:ff:ffinet 192.168.58.254/24 brd 192.168.58.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe87:7317/64 scope link valid_lft forever preferred_lft forever3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:87:73:21 brd ff:ff:ff:ff:ff:ffinet 172.20.119.243/16 brd 172.20.255.255 scope global noprefixroute dynamic ens37valid_lft 83928sec preferred_lft 83928secinet6 fe80::23ec:ee7:326a:3f9c/64 scope link noprefixroute valid_lft forever preferred_lft forever

7、编辑网卡配置文件,添加DNS1=192.168.58.254：

[root@Centos6 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0[root@Centos6 ~]# service network restartShutting down interface eth0: Device state: 3 (disconnected)[ OK ]Shutting down loopback interface: [ OK ]Bringing up loopback interface: [ OK ]Bringing up interface eth0: Active connection state: activatingActive connection path: /org/freedesktop/NetworkManager/ActiveConnection/6state: activatedConnection activated[ OK ]8、我们在客户端查看配置文件，会显示主机IP：[root@Centos6 ~]# cat /etc/resolv.conf

Generated by NetworkManager

domain localdomain

search localdomainnameserver 192.168.58.1nameserver 192.168.58.254

（host、dig、nslookup是三个专业测试名字解析的工具）

9、[root@Centos6 ~]# host www.qq.com

;; connection timed out; trying next origin;; connection timed out; no servers could be reached此时，我们去修改配置文件：10、[root@centos7 ~]# vim /etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//// See the BIND Administrator's Reference Manual (ARM) for details about the// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {

listen-on port 53 { localhost; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { any; };

/*      - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.     - If you are building a RECURSIVE (caching) DNS server, you need to enable

"/etc/named.conf" 61L, 1802C

将文件中的127.0.0.1 改为localhost，将allow-query {} 中改为 any ，

11、使其生效：

[root@centos7 ~]# rndc reloadserver reload successful12、此时作为客户端，去访问百度，能通，如下：

[root@Centos6 ~]# dig www.baidu.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.baidu.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60669;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5;; QUESTION SECTION:;www.baidu.com.         IN  A;; ANSWER SECTION:www.baidu.com.      1200    IN  CNAME   www.a.shifen.com.www.a.shifen.com.   300 IN  A   61.135.169.125www.a.shifen.com.   300 IN  A   61.135.169.121;; AUTHORITY SECTION:a.shifen.com.       1200    IN  NS  ns4.a.shifen.com.a.shifen.com.       1200    IN  NS  ns1.a.shifen.com.a.shifen.com.       1200    IN  NS  ns2.a.shifen.com.a.shifen.com.       1200    IN  NS  ns5.a.shifen.com.a.shifen.com.       1200    IN  NS  ns3.a.shifen.com.;; ADDITIONAL SECTION:ns5.a.shifen.com.   1200    IN  A   180.76.76.95ns1.a.shifen.com.   1200    IN  A   61.135.165.224ns3.a.shifen.com.   1200    IN  A   112.80.255.253ns2.a.shifen.com.   1200    IN  A   220.181.57.142ns4.a.shifen.com.   1200    IN  A   14.215.177.229;; Query time: 1018 msec;; SERVER: 192.168.58.254#53(192.168.58.254);; WHEN: Thu Jan 31 19:09:55 2019;; MSG SIZE  rcvd: 260

分析：此时作为客户端尽管无上外网功能，去ping百度可通，当把7的内网关闭，6无法访问外网，却可以访问7访问过的百度，这是7留下了缓存！当把7的缓存rndc flush 清除掉，6就无法再访问外网了，所以，7就叫只缓存服务器，只利用缓存去访问。

接下来，我们的目标是把它变成能有自己的数据库，可以解析数据的域后缀的DNS服务器。

1、查看配置文件：

[root@centos7 ~]# vim /etc/named.conf

其中的 “ include "/etc/named.rfc1912.zones"; ” 专门存放域名的查看：[root@centos7 ~]# vim /etc/named.rfc1912.zoneszone "localhost.localdomain" IN { type master;file "named.localhost";allow-update { none; };};

zone "localhost" IN {

type master;file "named.localhost";allow-update { none; };};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;file "named.loopback";allow-update { none; };};

zone "1.0.0.127.in-addr.arpa" IN {

type master;file "named.loopback";allow-update { none; };};

zone "0.in-addr.arpa" IN {

type master;file "named.empty";allow-update { none; };};

我们把zone "magedu.com" IN {

type master;  file "magedu.com.zones";

}; 添加进去

[root@centos7 ~]# named-checkconf 来检查语法，无错不提示

2、[root@centos7 ~]# cd /var/named

[root@centos7 named]# ls

data dynamic named.ca named.empty named.localhost named.loopback slaves[root@centos7 named]# cp -p named.localhost magedu.com.zone[root@centos7 named]# id nameduid=25(named) gid=25(named) groups=25(named)[root@centos7 named]# vim magedu.com.zone

$TTL 1D

@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA :"magedu.com.zone" 10L, 152C

我们将其文件修改，变成下图所示：

$TTL  1D@      IN   SOA  master   admin.magedu.com.  (                   2019013120               ;  serial                                                        1D       ;   refresh                                                        1H       ;   retry                                                        1W      ;   expire                                                        3H    )   ;   minimun        NS         mastermaster       A            192.168.58.254www          CNAME    websrvwebsrv      A             192.168.58.133blog           A             192.168.58.136@              mx          10  mailsrv1@              mx           20  mailsrv2mailsrv1     A            192.168.58.137mailsrv2     A            192.168.58.138

使用“ named-checkzone ” 来检查语法。

[root@centos7 ~]# rndc reload

server reload successful

[root@Centos6 ~]# cat /etc/resolv.conf

Generated by NetworkManager

domain localdomain

nameserver 192.168.58.254

搜索结果如下：

[root@Centos6 ~]# dig www.magedu.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15911;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 18

;; QUESTION SECTION:

;www.magedu.com. IN A

;; ANSWER SECTION:

www.magedu.com. 600 IN A 101.200.188.230

;; AUTHORITY SECTION:

magedu.com. 172154 IN NS ns2.alidns.com.magedu.com. 172154 IN NS ns1.alidns.com.

我们现在恢复网卡：ifconfig Eth1 up

再添加一个路由：route add default gw 192.168.58.100 (可随便写)ping www.baidu.com 可通但IP每次都不一样，说明DNS服务可以做到均衡负载的功能。