(1). 概述
在某些场景下,想要实现对某一域名的拦截和处理,所以,需要对DNS的深入学习下.
(2). CoreDNS安装
[root@nfs-server ~]# wget https://github.com/coredns/coredns/releases/download/v1.9.0/coredns_1.9.0_linux_amd64.tgz
[root@nfs-server ~]# tar -zxvf coredns_1.9.0_linux_amd64.tgz
# 解压后就直接是一个二进制文件.
[root@nfs-server ~]# ll
-rwxr-xr-x 1 33 tape 49258496 Feb 10 03:27 coredns
-rw-r--r-- 1 root root 13852703 Feb 10 03:30 coredns_1.9.0_linux_amd64.tgz
(3). CoreDNS配置域名解析
[root@nfs-server ~]# cat >> Corefile << EOF
.:53 {
# 绑定interface ip
bind 172.30.50.20
# 先走本机的hosts
# https://coredns.io/plugins/hosts/
hosts {
# 自定义lixin.help 的解析
# 因为解析的域名少我们这里直接用hosts插件即可完成需求
# 如果有大量自定义域名解析那么建议用file插件使用 符合RFC 1035规范的DNS解析配置文件
172.30.50.10 lixin.help
# ttl
ttl 60
# 重载hosts配置
reload 1m
# 继续执行
fallthrough
}
# file enables serving zone data from an RFC 1035-style master file.
# https://coredns.io/plugins/file/
# file service.signed service
# 最后所有的都转发到系统配置的上游dns服务器去解析
forward . /etc/resolv.conf
# 缓存时间ttl
cache 120
# 自动加载配置文件的间隔时间
reload 6s
# 输出日志
log
# 输出错误
errors
}
EOF
(4). 启动CoreDNS解析
[root@nfs-server ~]# ./coredns -conf Corefile
.:53 on 172.30.50.20
[INFO] plugin/reload: Running configuration MD5 = d622aef969b0650c7b3e053f244da092
CoreDNS-1.9.0
linux/amd64, go1.17.6, ace3dcb
(5). 测试(用另一台机器来做测试)
# 1. 换一台机器,修改dns解析为:172.30.50.20(coredns所在的机器)
[root@vpn-server ~]# vi /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.30.50.20
# nameserver 114.114.114.114
# 2. 测试ping
[root@vpn-server ~]# ping lixin.help
PING lixin.help (172.30.50.10) 56(84) bytes of data.
64 bytes from lixin.help (172.30.50.10): icmp_seq=1 ttl=64 time=0.030 ms
# 1. 安装dig命令
[root@vpn-server ~]# yum -y install bind-utils
# 2. dig测试
[root@vpn-server ~]# dig lixin.help
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> lixin.help
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55705
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lixin.help. IN A
;; ANSWER SECTION:
lixin.help. 60 IN A 172.30.50.10
;; Query time: 0 msec
;; SERVER: 172.30.50.20#53(172.30.50.20)
;; WHEN: Fri Feb 18 21:59:08 EST 2022
;; MSG SIZE rcvd: 65