用pdnsd搭建DNS服务(CentOS环境)

CentOS环境

1. 安装pdnsd服务

wget http://members.home.nl/p.a.rombouts/pdnsd/releases/pdnsd-1.2.9a-par_sl6.x86_64.rpm
yum install pdnsd-1.2.9a-par_sl6.x86_64.rpm
cp /etc/pdnsd.conf.sample /etc/pdnsd.conf

2. 编辑 /etc/pdnsd.conf,粘帖以下内容:

// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
// Read the pdnsd.conf(5) manpage for an explanation of the options.
// Add or remove '#' in front of options you want to disable or enable, respectively.
// Remove '/*' and '*/' to enable complete sections.

global {
perm_cache=4096;
cache_dir="/var/cache/pdnsd";
# pid_file = /var/run/pdnsd.pid;
run_as="pdnsd";
server_ip = any; # Use eth0 here if you want to allow other
# machines on your network to query pdnsd.
server_port=5656; # 搭建的dns服务器查询端口一定要设置成非53,否则还是有可能会被污染
status_ctl = on;
# paranoid=on; # This option reduces the chance of cache poisoning
# but may make pdnsd less efficient, unfortunately.
query_method=tcp_only; # 只支持tcp查询
min_ttl=1d; # Retain cached entries at least 15 minutes.
max_ttl=1w; # One week.
timeout=10; # Global timeout option (10 seconds).
neg_domain_pol=on;
udpbufsize=1024; # Upper limit on the size of UDP messages.
}

# The following section is most appropriate if you have a fixed connection to
# the Internet and an ISP which provides good DNS servers.
server {
label= "googledns";
ip = 8.8.8.8
,8.8.4.4
; # Put your ISP's DNS-server address(es) here.
# proxy_only=on; # Do not query any name servers beside your ISP's.
# This may be necessary if you are behind some
# kind of firewall and cannot receive replies
# from outside name servers.
timeout=4; # Server timeout; this may be much shorter
# that the global timeout option.
uptest=none; # Test if the network interface is active.
purge_cache=off; # Keep stale cache entries in case the ISP's
# DNS servers go offline.
edns_query=no; # Use EDNS for outgoing queries to allow UDP messages
# larger than 512 bytes. May cause trouble with some
# legacy systems.
exclude = .localdomain;
}

/*
# This section is meant for resolving from root servers.
server {
label = "root-servers";
root_server = discover; # Query the name servers listed below
# to obtain a full list of root servers.
randomize_servers = on; # Give every root server an equal chance
# of being queried.
ip = 198.41.0.4, # This list will be expanded to the full
192.228.79.201; # list on start up.
timeout = 5;
uptest = query; # Test availability using empty DNS queries.
# query_test_name = .; # To be used if remote servers ignore empty queries.
interval = 30m; # Test every half hour.
ping_timeout = 300; # Test should time out after 30 seconds.
purge_cache = off;
# edns_query = yes; # Use EDNS for outgoing queries to allow UDP messages
# larger than 512 bytes. May cause trouble with some
# legacy systems.
exclude = .localdomain;
policy = included;
preset = off;
}
*/

source {
owner=localhost;
# serve_aliases=on;
file="/etc/hosts";
}

/*
include {file="/etc/pdnsd.include";} # Read additional definitions from /etc/pdnsd.include.
*/

rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}

/*
neg {
name=doubleclick.net;
types=domain; # This will also block xxx.doubleclick.net, etc.
}
*/

/*
neg {
name=bad.server.com; # Badly behaved server you don't want to connect to.
types=A,AAAA;
}
*/

3. 启用服务,添加开机启动、防火墙命令

service pdnsd start
chkconfig pdnsd on

/sbin/iptables -I INPUT -p tcp --dport 5656 -j ACCEPT
/etc/init.d/iptables save
service iptables restart

4. 检查是否正常运行

yum install bind-utils #centos dig tool
dig @127.0.0.1 -p 5656 youtube.com

opkg update
opkg install bind-dig #openwrt dig tool
dig @yourhost -p 5656 youtube.com