树莓派安装dns服务器

简介

因为最近在完harbor,然后因为不想记ip,所以想着用一台空闲的树莓派做dns缓存服务器,兼dns服务器,实现域名访问harbor

规划

harbor主机地址:192.168.31.150
预实现域名:kevinharbor.com

安装

➜  sudo apt-get  install -y bind9
➜  cd bind
➜  sudo vi named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "kevinharbor.com" {
    type master;
    file "/etc/bind/db.local";
};

zone "150.31.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};
然后创建正向解析文件
➜  sudo vi /etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL    604800
@    IN    SOA    kevinharbor.com. root.localhost. (
                  2        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    kevinharbor.com.
@    IN    A    192.168.31.150
www     A       192.168.31.150
检查配置文件
➜  named-checkzone kevinharbor.com /etc/bind/db.local 
zone kevinharbor.com/IN: loaded serial 2
OK

没有报错

创建逆向解析文件

➜  sudo vi /etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@    IN    SOA    kevinharbor.com. root.localhost. (
              1        ; Serial
         604800        ; Refresh
          86400        ; Retry
        2419200        ; Expire
         604800 )    ; Negative Cache TTL
;
@    IN    NS    kevinharbor.com.
@    A        192.168.31.150
150    IN    PTR    www.kevinharbor.com

检查配置文件

➜  named-checkzone kevinharbor.com /etc/bind/db.127

让树莓派做dns缓存服务器,添加上游dns
➜ sudo vi /etc/bind/named.conf.options
options {
directory “/var/cache/bind”;

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

    forwarders {
        180.153.225.136;  //上游dns地址
    };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
        dnssec-enable no;  //添加这一句
    dnssec-validation no; //修改auto为no

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

重启bind服务

➜  service bind9 restart

然后修改局域网内主机的dns为我树莓派的主机地址,这样就能实现域名访问我的harbor,以及加速dns解析延迟

文章目录
  1. 1. 简介
  2. 2. 规划
  3. 3. 安装
    1. 3.1. 然后创建正向解析文件
    2. 3.2. 检查配置文件
  4. 4. 创建逆向解析文件
  5. 5. 检查配置文件
  6. 6. 重启bind服务