|
|
我们知道相同网段内各网络设备之间是基于mac通信,而跨网络的不同主机之间是基于IP地址通信。随着世界主机数量爆炸式的增长,对于记住数目众多IP和想访问未知对方IP的主机成为一个痛点。通过基于人们熟知的文字访问主机应运而生。 DNS(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。
DNS是一项十分基础服务,今天我们实现在linux下安装bind,DNS主从复制,view视图,转发,子域授权等功能。
安装包
bind-9.8.2-0.37.rc1.el6.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6.x86_64.rpm
可直接使用 yum install -y bind安装自动解决依赖关系或者使用rpm分别安装各个包。
编辑/etc/named.conf配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| [iyunv@test-2 ~]# cp /etc/named.conf /etc/named.conf_bak #先备份
[iyunv@test-2 ~]# vi /etc/named.conf #先简单配置下
options {
listen-on port 53 { 10.0.0.7; }; #监听IP及端口
directory "/var/named";
allow-query { any; }; #允许所有IP查询
recursion yes; #允许递归
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.com" IN { #配置正向解析domain为magedu
type master; #模式为master
file "magedu/magedu.zone"; #区域文件存放地点
};
zone "0.0.10.a.in-addr.arpa" IN { #配置反像解析
type master; #模式为master
file "magedu/10.0.0.zone";
};
#include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[iyunv@test-2 magedu]# named-checkconf #检查配置文件
|
创建目录magedu,用于存放magedu域正向,反向解析文件
1
2
3
4
5
6
| [iyunv@test-2 ~]# cd /var/named/
[iyunv@test-2 named]# mkdir magedu
[iyunv@test-2 named]# chown -R root:named magedu #设置属主和数组
[iyunv@test-2 named]# chmod -R 750 magedu #设置权限为750,否则会提示权限问题
[iyunv@test-2 named]# ls
data dynamic magedu named.ca named.empty named.localhost named.loopback slaves
|
创建正向解析和反向解析文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| [iyunv@test-2 named]# cd magedu/
[iyunv@test-2 magedu]# vi magedu.zone #创建正向解析文件
$TTL 600
@ IN SOA magedu.com. dnsadmin.magedu.com. (
20150915001
3m
3m
3d
1d)
IN NS ns1.magedu.com.
ns1 IN A 10.0.0.7
www IN A 10.0.0.11
bao IN A 10.0.0.12
[iyunv@test-2 magedu]# vi 10.0.0.zone #创建反向解析文件
$TTL 600
@ IN SOA magedu.com. dnsadmin.magedu.com. (
20150915001
3m
3m
3d
1d)
IN NS ns1.magedu.com.
7 IN PTR ns1.magedu.com.
11 IN PTR www.magedu.com.
12 IN PTR bao.magedu.com.
~
[iyunv@test-2 magedu]# chmod 640 10.0.0.zone magedu.zone #设置权限
[iyunv@test-2 magedu]# named-checkzone magedu.com magedu.zone #检查配置文件是否正确
zone magedu.com/IN: loaded serial 2971045817
OK
[iyunv@test-2 magedu]# named-checkzone 0.0.10.a.in-addr.arpa 10.0.0.zone
zone 0.0.10.a.in-addr.arpa/IN: loaded serial 2971045817
OK
|
启动named,验证DNS是否能够正解,反解
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| [iyunv@test-2 magedu]# /etc/init.d/named start #启动配置named
Starting named: [ OK ]
[iyunv@test-2 magedu]# dig -t A www.magedu.com @10.0.0.7 #正解www.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> -t A www.magedu.com @10.0.0.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19681
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 600 IN A 10.0.0.11
;; AUTHORITY SECTION:
magedu.com. 600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 600 IN A 10.0.0.7
;; Query time: 4 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Tue Sep 15 21:06:12 2015
;; MSG SIZE rcvd: 82
[iyunv@test-2 magedu]# dig -x 10.0.0.11 @10.0.0.7 #反解10.0.0.11
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> -x 10.0.0.11 @10.0.0.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9952
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;11.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
11.0.0.10.in-addr.arpa. 600 IN PTR www.magedu.com.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 600 IN A 10.0.0.7
;; Query time: 1 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Tue Sep 15 21:24:41 2015
;; MSG SIZE rcvd: 102
|
经验证,DNS已OK
view视图,可以实现,不同客户端IP解析域名时得到不同解析,而相同IP每次解析IP相同,模拟智能DNS实现区域负载的目的。
下面搭建view视图
修改配置文件/etc/named.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
| options {
listen-on port 53 { 10.0.0.7; }; #由于没有加路由,只有让不同网段使用不同的DNS
listen-on port 53 { 192.168.0.106; };
directory "/var/named";
allow-query { any; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "lan" { #配置一个叫lan的视图
match-clients { 192.168.0.0/24; }; #设置不同网段使用不同的解析文件
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.com" IN {
type master;
file "magedu/magedu.zone";
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "magedu/10.0.0.zone";
};
};
view "wlan" { #配置一个叫wlan的视图
match-clients { 10.0.0.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.com" IN {
type master;
file "magedu/magedu.zone.wlan";
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "magedu/10.0.0.zone.wlan";
};
};
#include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
|
根据/etc/named.conf配置,需要新加magedu.zone.wlan,10.0.0.zone.wlan配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| [iyunv@test-2 magedu] cp 10.0.0.zone 10.0.0.zone.wlan #嘿嘿,偷个懒,然后再修改下里面内容
[iyunv@test-2 magedu] cp magedu.zone magedu.zone.wlan
[iyunv@test-2 magedu] chwon :named magedu.zone.wlan 10.0.0.zone.wlan #修改属组
[iyunv@test-2 magedu] vi 10.0.0.zone.wlan
$TTL 600
@ IN SOA magedu.com. dnsadmin.magedu.com. (
20150915003
3m
3m
3d
1d)
IN NS ns1.magedu.com.
7 IN PTR ns1.magedu.com.
111 #原来的11改成了111 IN PTR www.magedu.com.
122 #原来的12改成了122 IN PTR bao.magedu.com.
[iyunv@test-2 magedu] vi magedu.zone.wlan
$TTL 600
@ IN SOA magedu.com. dnsadmin.magedu.com. (
20150915003
3m
3m
3d
1d)
IN NS ns1.magedu.com.
ns1 IN A 10.0.0.7
www IN A 10.0.0.111 #把原来的11改成了111
bao IN A 10.0.0.122 #把原来的12改成了122
|
根据lan和wlan配置文件,如果是10.0.0.0/24网段的主机去dig -t a www.magedu.com则会返回10.0.0.111。
如果是192.168.0.0/24网段的主机去dig -t a www.magedu.com则会返回10.0.0.11。
下面我们验证是否正确
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4e:f0:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.105/24 brd 192.168.0.255 scope global eth0 #192.168.0.105
inet6 fe80::20c:29ff:fe4e:f01a/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4e:f0:2e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global eth1 #10.0.0.8
inet6 fe80::20c:29ff:fe4e:f02e/64 scope link
valid_lft forever preferred_lft forever
[iyunv@test-3 ~]# dig -t a www.magedu.com @10.0.0.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t a www.magedu.com @10.0.0.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 600 IN A 10.0.0.111
#使用10.0.0.7解析的结果
;; AUTHORITY SECTION:
magedu.com. 600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 600 IN A 10.0.0.7
;; Query time: 8 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Tue Sep 15 22:11:09 2015
;; MSG SIZE rcvd: 82
[iyunv@test-3 ~]# dig -t a www.magedu.com @192.168.0.106
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t a www.magedu.com @192.168.0.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51307
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 600 IN A 10.0.0.11
#使用192.168.0.106的ip解析的结果
;; AUTHORITY SECTION:
magedu.com. 600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 600 IN A 10.0.0.7
;; Query time: 4 msec
;; SERVER: 192.168.0.106#53(192.168.0.106)
;; WHEN: Tue Sep 15 22:16:44 2015
;; MSG SIZE rcvd: 82
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-9-16 08:47:48
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡