(1). 概述

在某些场景下,想要实现对某一域名的拦截和处理,所以,需要对DNS的深入学习下.

(2). CoreDNS安装

[root@nfs-server ~]# wget https://github.com/coredns/coredns/releases/download/v1.9.0/coredns_1.9.0_linux_amd64.tgz
[root@nfs-server ~]# tar -zxvf coredns_1.9.0_linux_amd64.tgz

# 解压后就直接是一个二进制文件.
[root@nfs-server ~]# ll
-rwxr-xr-x 1   33 tape 49258496 Feb 10 03:27 coredns
-rw-r--r-- 1 root root 13852703 Feb 10 03:30 coredns_1.9.0_linux_amd64.tgz

(3). CoreDNS配置域名解析

[root@nfs-server ~]# cat  >> Corefile  << EOF
.:53 {
  # 绑定interface ip
  bind 172.30.50.20
  # 先走本机的hosts
  # https://coredns.io/plugins/hosts/
  hosts {
    # 自定义lixin.help 的解析
    # 因为解析的域名少我们这里直接用hosts插件即可完成需求
    # 如果有大量自定义域名解析那么建议用file插件使用 符合RFC 1035规范的DNS解析配置文件
    172.30.50.10 lixin.help
    # ttl
    ttl 60
    # 重载hosts配置
    reload 1m
    # 继续执行
    fallthrough
  }
  
  # file enables serving zone data from an RFC 1035-style master file.
  # https://coredns.io/plugins/file/
  # file service.signed service
  # 最后所有的都转发到系统配置的上游dns服务器去解析
  forward . /etc/resolv.conf
  # 缓存时间ttl
  cache 120
  # 自动加载配置文件的间隔时间
  reload 6s
  # 输出日志
  log
  # 输出错误
  errors
}
EOF

(4). 启动CoreDNS解析

[root@nfs-server ~]# ./coredns -conf Corefile
.:53 on 172.30.50.20
[INFO] plugin/reload: Running configuration MD5 = d622aef969b0650c7b3e053f244da092
CoreDNS-1.9.0
linux/amd64, go1.17.6, ace3dcb

(5). 测试(用另一台机器来做测试)

# 1. 换一台机器,修改dns解析为:172.30.50.20(coredns所在的机器)
[root@vpn-server ~]# vi /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.30.50.20
# nameserver 114.114.114.114

# 2. 测试ping
[root@vpn-server ~]# ping lixin.help
PING lixin.help (172.30.50.10) 56(84) bytes of data.
64 bytes from lixin.help (172.30.50.10): icmp_seq=1 ttl=64 time=0.030 ms


# 1. 安装dig命令
[root@vpn-server ~]# yum -y install bind-utils
# 2. dig测试
[root@vpn-server ~]# dig lixin.help
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> lixin.help
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55705
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lixin.help.                    IN      A

;; ANSWER SECTION:
lixin.help.             60      IN      A       172.30.50.10

;; Query time: 0 msec
;; SERVER: 172.30.50.20#53(172.30.50.20)
;; WHEN: Fri Feb 18 21:59:08 EST 2022
;; MSG SIZE  rcvd: 65

(6). 总结