树莓派安装dns服务器
简介
因为最近在完harbor,然后因为不想记ip,所以想着用一台空闲的树莓派做dns缓存服务器,兼dns服务器,实现域名访问harbor
规划
harbor主机地址:192.168.31.150 预实现域名:kevinharbor.com
安装
➜ sudo apt-get install -y bind9
➜ cd bind
➜ sudo vi named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "kevinharbor.com" {
type master;
file "/etc/bind/db.local";
};
zone "150.31.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};然后创建正向解析文件
➜ sudo vi /etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA kevinharbor.com. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS kevinharbor.com.
@ IN A 192.168.31.150
www A 192.168.31.150检查配置文件
➜ named-checkzone kevinharbor.com /etc/bind/db.local
zone kevinharbor.com/IN: loaded serial 2
OK没有报错
创建逆向解析文件
➜ sudo vi /etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA kevinharbor.com. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS kevinharbor.com.
@ A 192.168.31.150
150 IN PTR www.kevinharbor.com检查配置文件
➜ named-checkzone kevinharbor.com /etc/bind/db.127让树莓派做dns缓存服务器,添加上游dns ➜ sudo vi /etc/bind/named.conf.options options { directory “/var/cache/bind”;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
180.153.225.136; //上游dns地址
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-enable no; //添加这一句
dnssec-validation no; //修改auto为no
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};重启bind服务
➜ service bind9 restart然后修改局域网内主机的dns为我树莓派的主机地址,这样就能实现域名访问我的harbor,以及加速dns解析延迟
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2018-11-29,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录