共计 9703 个字符,预计需要花费 25 分钟才能阅读完成。
DNS(Domain Name System),是运行在 UDP 协议 53 号端口服务,简单来说就是将域名解析成 ip,从而实现主机定位。
DNS 解析流程图
1 2 3 4 5 6 7 | BIND: 4 和 9 连个版本 4 早期比较安全 CentOS 默认 9 协议:DNS 软件:BIND 进程名:named 安装 [root@marvin ~]# yum install bind -y |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | 实验环境: marvin.com 192.168.1. www 192.168.1.220 www 192.168.1.221 mail 192.168.1.223 pop --> mail ftp --> www dns: 192.168.1.220 主配置文件:定义区域, /etc/named.conf 至少有三个区域:根、localhost、127.0.0.1 区域数据文件:/var/named/ named: 用户:named 组:named |
根域名服务器查找:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | [root@marvin ~]# dig -t NS . [@dnsServer 指定服务器查找] ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36810 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 276268 IN NS c.root-servers.net. . 276268 IN NS l.root-servers.net. . 276268 IN NS f.root-servers.net. . 276268 IN NS m.root-servers.net. . 276268 IN NS d.root-servers.net. . 276268 IN NS a.root-servers.net. . 276268 IN NS e.root-servers.net. . 276268 IN NS g.root-servers.net. . 276268 IN NS i.root-servers.net. . 276268 IN NS k.root-servers.net. . 276268 IN NS j.root-servers.net. . 276268 IN NS b.root-servers.net. . 276268 IN NS h.root-servers.net. ;; Query time: 69 msec ;; SERVER: 114.114.114.114#53(114.114.114.114) ;; WHEN: Sun Jun 5 10:42:33 2016 ;; MSG SIZE rcvd: 228 |
主配置文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | [root@marvin ~]# mv /etc/named.conf /etc/named.conf.bak [root@marvin ~]# vim /etc/named.conf options {# 全局配置 // listen-on port 53 {127.0.0.1; 192.168.1.220;} ; # 缓存服务器端口监听 不给就是监听所有地址 // listen-on-v6 port 53 {::1;}; #ipv6 的监听地址 // dump-file "/var/named/data/cache_dump.db"; #dump 时候 不是重要选项 // statistics-file "/var/named/data/named_stats.txt"; #统计数据 不是重要选项 // memstatistics-file "/var/named/data/named_mem_stats.txt"; # 不是重要选项 // allow-query {localhost;}; # 只允许本地主机 localhost any 或者注释掉就是允许所有主机查询 recursion yes; #是否允许递归 能否让其他客户端指向 yes 能 allow-recursion {192.168.1.0/24 }; # 递归白名单 // dnssec-enable yes; #dnf 安全选项 // dnssec-validation yes; // bindkeys-file "/etc/named.iscdlv.key"; // managed-keys-directory "/var/named/dynamic"; directory "/var/named"; # 固定工作目录 }; zone "." {# 根域配置 type hint; #起始域 根 :hint 主:master 从:slave 转发:forward file "named.ca"; # 根解析文件 } ; zone "localhost." IN { type master; file "named.localhost"; }; zone "1.0.0.127.in-addr.arpa." IN { type master; file "named.loopback"; }; zone "marvin.com." IN { type master; file "marvin.com.zone"; allow-transfer {127.0.0.1;192.168.1.220;}; }; zone "1.168.192.in-addr.arpa." IN { type master; file "192.168.1.zone"; allow-transfer {127.0.0.1;192.168.1.220;}; }; [root@marvin ~]# chown root.named /etc/named.conf [root@marvin ~]# chmod 640 /etc/named.conf |
正向解析数据库文件:
1 | [root@marvin named]# vim marvin.com.zone |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | $TTL 600 @ IN SOA dns.marvin.com. admin.marvin.com. ( 2016060511 2H 10M 7D 1D) @ IN NS dns @ IN MX 10 mail dns IN A 192.168.1.220 mail IN A 192.168.1.223 www IN A 192.168.1.221 pop IN CNAME mail ftp IN CNAME www |
1 2 | [root@marvin named]# chown root.named marvin.com.zone [root@marvin named]# chmod 640 marvin.com.zone |
反向解析数据库文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@marvin named]# vim 192.168.1.zone $TTL 600 @ IN SOA dns.marvin.com. admin.marvin.com. ( 2016060511 2H 10M 7D 1D) @ IN NS dns.marvin.com. 220 IN PTR dns.marvin.com. 223 IN PTR mail.marvin.com. 221 IN PTR www.marvin.com. |
1 2 | [root@marvin named]# chown root.named 192.168.1.zone [root@marvin named]# chmod 640 192.168.1.zone |
语法检测:
1 2 3 4 5 6 7 8 | [root@marvin ~]# /etc/init.d/named configtest zone localhost/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 [root@marvin ~]# named-checkconf [root@marvin named]# named-checkzone "marvin.com" /var/named/marvin.com.zone zone marvin.com/IN: loaded serial 2016060511 OK |
启动:
1 2 3 | [root@marvin ~]# /etc/init.d/named start Generating /etc/rndc.key: [OK] Starting named: [OK] |
1 2 3 4 | [root@marvin named]# vim /etc/resolv.conf search localdomain #nameserver 114.114.114.114 nameserver 192.168.1.220 |
正向解析测试:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@marvin named]# dig -t A www.marvin.com @marvin ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.marvin.com @marvin ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10468 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.marvin.com. IN A ;; ANSWER SECTION: www.marvin.com. 600 IN A 192.168.1.221 ;; AUTHORITY SECTION: marvin.com. 600 IN NS dns.marvin.com. ;; ADDITIONAL SECTION: dns.marvin.com. 600 IN A 192.168.1.220 ;; Query time: 0 msec ;; SERVER: 192.168.1.220#53(192.168.1.220) ;; WHEN: Sun Jun 5 11:43:06 2016 ;; MSG SIZE rcvd: 82 |
反向解析测试:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@marvin named]# dig -x 192.168.1.221 @marvin ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 192.168.1.221 @marvin ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33871 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;221.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 221.1.168.192.in-addr.arpa. 600 IN PTR www.marvin.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 600 IN NS dns.marvin.com. ;; ADDITIONAL SECTION: dns.marvin.com. 600 IN A 192.168.1.220 ;; Query time: 0 msec ;; SERVER: 192.168.1.220#53(192.168.1.220) ;; WHEN: Mon Jun 6 09:02:04 2016 ;; MSG SIZE rcvd: 106 |
数据传送:(allow-transfer 有关)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | [root@marvin ~]# dig -t axfr marvin.com @marvin ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t axfr marvin.com @marvin ;; global options: +cmd marvin.com. 600 IN SOA dns.marvin.com. admin.marvin.com. 2016060512 7200 600 604800 86400 marvin.com. 600 IN NS dns.marvin.com. marvin.com. 600 IN NS dns2.marvin.com. marvin.com. 600 IN MX 10 mail.marvin.com. dns.marvin.com. 600 IN A 192.168.1.220 dns2.marvin.com. 600 IN A 192.168.1.221 ftp.marvin.com. 600 IN CNAME www.marvin.com. mail.marvin.com. 600 IN A 192.168.1.223 pop.marvin.com. 600 IN CNAME mail.marvin.com. www.marvin.com. 600 IN A 192.168.1.221 marvin.com. 600 IN SOA dns.marvin.com. admin.marvin.com. 2016060512 7200 600 604800 86400 ;; Query time: 0 msec ;; SERVER: 192.168.1.220#53(192.168.1.220) ;; WHEN: Mon Jun 6 10:56:34 2016 ;; XFR size: 11 records (messages 1, bytes 268) |
主从配置:
主服务器配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | [root@marvin ~]# vim /etc/named.conf options { listen-on port 53 {127.0.0.1; 192.168.1.220;} ; directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost." IN { type master; file "named.localhost"; }; zone "1.0.0.127.in-addr.arpa." IN { type master; file "named.loopback"; }; zone "marvin.com." IN { type master; file "marvin.com.zone"; allow-transfer {127.0.0.1;192.168.1.220;192.168.1.221;}; # 允许同步的 ip }; zone "1.168.192.in-addr.arpa." IN { type master; file "192.168.1.zone"; allow-transfer {127.0.0.1;192.168.1.220;192.168.1.221;};# 允许同步的 ip }; |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | [root@marvin named]# vim marvin.com.zone $TTL 600 @ IN SOA dns.marvin.com. admin.marvin.com. ( 2016060512 #每次修改完成 1 2H 10M 7D 1D) @ IN NS dns # 主 跟 soa 对应 @ IN NS dns2 #从 通知从服务器 @ IN MX 10 mail dns IN A 192.168.1.220 dns2 IN A 192.168.1.221 #从 ip mail IN A 192.168.1.223 www IN A 192.168.1.221 pop IN CNAME mail ftp IN CNAME www |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | [root@marvin named]# vim 192.168.1.zone $TTL 600 @ IN SOA dns.marvin.com. admin.marvin.com. ( 2016060512 #每次修改完成 1 2H 10M 7D 1D) @ IN NS dns.marvin.com. # 主 跟 soa 对应 @ IN NS dns2.marvin.com. #从 通知从服务器 220 IN PTR dns.marvin.com. 221 IN PTR dns2.marvin.com. #从 ip 223 IN PTR mail.marvin.com. 221 IN PTR www.marvin.com. ~ |
从服务器配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [root@sherry ~]# vim /etc/named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost." IN { type master; file "named.localhost"; }; zone "1.0.0.127.in-addr.arpa." IN { type master; file "named.loopback"; }; zone "marvin.com." IN { type slave; masters {192.168.1.220;}; file "slaves/marvin.com.zone"; }; zone "1.168.192.in-addr.arpa." IN { type salve; masters {192.168.1.220;}; file "slaves/192.168.1.zone"; }; |
启动:
1 2 3 4 5 | 从服务器 [root@sherry named]# /etc/init.d/named start 主服务器 [root@marvin named]# /etc/init.d/named reload |
从服务器解析:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | [root@sherry slaves]# dig -t NS marvin.com @sherry ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS marvin.com @sherry ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56301 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;marvin.com. IN NS ;; ANSWER SECTION: marvin.com. 600 IN NS dns2.marvin.com. marvin.com. 600 IN NS dns.marvin.com. ;; ADDITIONAL SECTION: dns.marvin.com. 600 IN A 192.168.1.220 dns2.marvin.com. 600 IN A 192.168.1.221 ;; Query time: 0 msec ;; SERVER: 192.168.1.221#53(192.168.1.221) ;; WHEN: Mon Jun 6 10:38:35 2016 ;; MSG SIZE rcvd: 97 |
本文永久更新链接地址 :http://www.linuxidc.com/Linux/2016-06/132162.htm
正文完
星哥玩云-微信公众号
