DNS简介
DNS(Domain Name Server),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串基于C/S架构,监听在UDP/53,tcp/53端口上。通俗一点,就是把一个网站的地址,解析成IP地址。
一级域分为三类
组织域:.com、.org、.mil、.gov、.edu、.net、
国家域:.cn、.hk、.tw、.us、.jp、.ir、.uk
反向域:.in-addr.arpa
DNS服务器类型:
主DNS服务器
辅助DNS服务器
缓存DNS服务器
正向解析:通过域名找ip
反向解析:通过ip找域名
正向解析:
首先配置主配置文件,定义区域、配置文件在/etc/named.confg下、有哪些区域需要定义的、一般主配置文件中通常有三个区域、一个是根、还有本地localhost、以及127.0.0.1的反向区域。
其次我们每个区域要完成解析要有区域数据文件、所以还要定义区域数据库文件、而区域数据文件一般都在/var/named/中、运行named的进程还是named这个用户、组也是、这些区域文件或配置文件都不允许额外的其他用户访问、所以他们的权限通常都为640的。
首先查询是否安装服务
[iyunv@localhost ~]# rpm -qa bind
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
表明已安装,未安装的话,yum install bind
1, 修改主配置文件路径在/etc/named.conf,和/etc/named.rfc1912.zones
options{
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file"/etc/named.iscdlv.key";
//managed-keys-directory"/var/named/dynamic";
};
logging{
channel default_debug {
file"data/named.run";
severity dynamic;
};
}; zone"." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
3为每一个区域提供解析库 zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
}; zone"caoshujia.com" IN{ //自己定义一个zone
type master;
file "caoshujia.com.zone";
};
2, 然后去/var/named目录下,vimcaoshujia.com.zone 文件
$TTL 3600 @ IN SOA ns.caoshujia.com. admin.caoshujia.com. ( 2014080401 2H 10M 7D 1D )
IN NS ns.caoshujia.com. IN MX 10 mail.caoshujia.com. ns.caoshujia.com. IN A 172.16.100.10 mail.caoshujia.com. IN A 172.16.100.11 www.caoshujia.com. IN A 172.16.100.12 pop.caoshujia.com. IN CNAME mail.caoshujia.com.
3, 修改此文件的属组和权限
[iyunv@localhost named]# chgrp namedcaoshujia.com.zone [iyunv@localhost named]# chmod 640caoshujia.com.zone [iyunv@localhost named]# ll total 32 -rw-r----- 1 root named 331 Aug 2 16:40caoshujia.com.zone
4, 检查语法错误
[iyunv@localhost named]# service namedconfigtest zone localhost.localdomain/IN: loadedserial 0 zone localhost/IN: loaded serial 0 zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN:loaded serial 0 zone 0.in-addr.arpa/IN: loaded serial0 zone caoshujia.com/IN: loaded serial2014080401 无语法错误 或者可以手动检查,先检查[iyunv@localhost named]# named-checkconf 主配置文件 然后[iyunv@localhost named]# named-checkzone "caoshujia.com"/var/named/caoshujia.com.zone 检查zone 5, 重新载入一下
[iyunv@localhost named]# service namedreload Reloading named: [ OK ] [iyunv@localhost named]# rndc reload server reload successful
6, 测试是否能解析
[iyunv@localhost ~]# host -t NScaoshujia.com 172.16.249.55 Using domain server: Name: 172.16.249.55 Address: 172.16.249.55#53 Aliases:
caoshujia.com name serverns.caoshujia.com.
[iyunv@localhost ~]# host -t MXcaoshujia.com 172.16.249.55
Using domain server:
Name: 172.16.249.55
Address: 172.16.249.55#53
Aliases:
caoshujia.com mail is handled by 10mail.caoshujia.com.
[iyunv@localhost ~]# host -t SOAcaoshujia.com 172.16.249.55
Using domain server:
Name: 172.16.249.55
Address: 172.16.249.55#53
Aliases:
caoshujia.com has SOA recordns.caoshujia.com. admin.caoshujia.com. 2014080401 7200 600 604800 86400
7, 添加反向zone,区域名称解析为逆向网络地址加.in-addr.arpa后缀
[iyunv@localhost~]# vim /etc/named.conf
//allow-query { localhost; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.iscdlv.key";
//managed-keys-directory"/var/named/dynamic";
};
logging{
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone"." IN {
type hint;
file "named.ca";
};
zone"100.16.172.in-addr.arpa." IN {
type master;
file "172.16.100.zone";
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
9然后去编辑etc/named.rfc1912.zones
zone "100.16.172.in-addr.arpa."IN {
type master;
file "172.16.100.zone";
};
10,检查语法named-checkconf
11,然后[iyunv@localhostnamed]# cp -p caoshujia.com.zone 172.16.100.zone
这样就不用在新建,而且还保持原属性,直接在里面修改就行。 $TTL 3600
@ IN SOA ns.caoshujia.com. admin.caoshujia.com. (
2014080401
2H
10M
7D
1D)
IN NS ns.caoshujia.com.
10 IN PTR ns.caoshujia.com.
11 IN PTR mail.caoshujia.com.
12 IN PTR www.caoshujia.com.
~
11,检测
[iyunv@localhostnamed]# host -t PTR 172.16.100.10 172.16.249.55
Usingdomain server:
Name:172.16.249.55
Address:172.16.249.55#53
Aliases:
- 100.16.172.in-addr.arpadomain name pointer ns.caoshujia.com.
[iyunv@localhostnamed]# host -t PTR 172.16.100.11 172.16.249.55
Usingdomain server:
Name:172.16.249.55
Address:172.16.249.55#53
Aliases:
此次的正反向解析完成,然后接着上个去完成主从复制。
1、向区域中添加从服务器的关键两步: 1)、在上级获得授权
2)、在区域数据文件中为从服务器添加一条NS记录和对应的A或PTR记录。
2、向从区域中添加区域,但不需要自己创建数据文件,因为要从主DNS服务器上做区域传送,为了安全,要放在/var/named/slaves目录下,这也是系统专门为从服务器准备的存放区域数据文件的路径。
1, 首先在A的主配置文件中增加从ns记录
$TTL 3600 $ORIGIN caoshujia.com. @ IN SOA ns.caoshujia.com. admin.caoshujia.com. ( 2014080401 2H 10M 7D 1D )
IN NS ns IN NS ns2 IN MX 10 mail ns IN A 172.16.100.10 ns2 IN A 172.16.249.198 mail IN A 172.16.100.11 www IN A 172.16.100.12 pop IN CNAME mail 2, 在B中配置/etc/named.conf文件,不过要首先ntpdateNTP_server一下,调整一下时间,A中已经用过,关于ntpdate是为了更新时间一致,能够做主从复制。
options { // listen-onport 53 { 127.0.0.1; }; // listen-on-v6port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; recursionyes;
// dnssec-enableyes; // dnssec-validation yes; // dnssec-lookaside auto;
/* Path toISC DLV key */ // bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic"; };
logging { channeldefault_debug { file"data/named.run"; severity dynamic; }; }; 其实和A中的文件是一样的。 3, B中配置vim /etc/named.rfc1912.zones文件
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
}; zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "caoshujia.com"IN {
type slave;
file"slaves/caoshujia.com.zone";
masters { 172.16.249.114; };
}; 并检查语法是否正确 named-checkconf 4, 检测是否检测出数据
;;QUESTION SECTION:
;www.caoshujia.com. IN A
;; ANSWERSECTION:
www.caoshujia.com. 3600 IN A 172.16.100.12
www.caoshujia.com. 3600 IN A 172.16.249.198 ;;AUTHORITY SECTION:
caoshujia.com. 3600 IN NS ns.caoshujia.com.
caoshujia.com. 3600 IN NS ns2.caoshujia.com.
;;ADDITIONAL SECTION:
ns.caoshujia.com. 3600 IN A 172.16.100.10
ns2.caoshujia.com. 3600 IN A 172.16.249.198
;; Querytime: 3 msec
;;SERVER: 172.16.249.114#53(172.16.249.114)
;; WHEN:Wed Aug 6 16:10:54 2014
;; MSG SIZE rcvd:118
反向解析 1, 编辑B上文件
[iyunv@localhostslaves]# vim /etc/named.rfc1912.zones zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone"caoshujia.com" IN {
type slave;
file"slaves/caoshujia.com.zone";
masters { 172.16.249.114; };
};
zone"16.172.in-addr.arpa" IN {
type slave;
file "slaves/172.16.zone";
masters { 172.16.249.114; };
}; 2, 然后去A上编辑反向解析文件
Vim /etc/named.conf中 zone"16.172.in-addr.arpa." IN {
type master;
file "172.16.zone";
}; 3, 然后再[iyunv@localhostnamed]# vim /var/named/172.16.zone 这个文件
$TTL 3600 @ IN SOA ns.caoshujia.com. admin.caoshujia.com. ( 2014080402 2H 10M 7D 1D) IN NS ns.caoshujia.com. IN NS ns2.caoshujia.com. 114.249 IN PTR ns.caoshujia.com. 198.249 IN PTR ns2.caoshujia.com. 4, 本地检测一下
[iyunv@localhost named]# dig -x172.16.249.114 @172.16.249.114
; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -x 172.16.249.114@172.16.249.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 52639
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;114.249.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
114.249.16.172.in-addr.arpa. 3600 IN PTR ns.caoshujia.com.
;; AUTHORITY SECTION:
16.172.in-addr.arpa. 3600 IN NS ns.caoshujia.com.
16.172.in-addr.arpa. 3600 IN NS ns2.caoshujia.com.
;; ADDITIONAL SECTION:
ns.caoshujia.com. 3600 IN A 172.16.100.10
ns2.caoshujia.com. 3600 IN A 172.16.249.198
;; Query time: 1 msec
;; SERVER:172.16.249.114#53(172.16.249.114)
;; WHEN: Wed Aug 6 17:11:35 2014
;; MSG SIZE rcvd: 139
[iyunv@localhost named]# dig -t NScaoshujia.com @172.16.249.114
; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -t NS caoshujia.com@172.16.249.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 718
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2,AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;caoshujia.com. IN NS
;; ANSWER SECTION:
caoshujia.com. 3600 IN NS ns.caoshujia.com.
caoshujia.com. 3600 IN NS ns2.caoshujia.com.
;; ADDITIONAL SECTION:
ns.caoshujia.com. 3600 IN A 172.16.100.10
ns2.caoshujia.com. 3600 IN A 172.16.249.198
;; Query time: 0 msec
;; SERVER:172.16.249.114#53(172.16.249.114)
;; WHEN: Wed Aug 6 17:12:11 2014
;; MSG SIZE rcvd: 98
5,去从服务器上检测
[iyunv@localhost slaves]# dig -x172.16.249.110 @172.16.249.198
; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -x 172.16.249.110@172.16.249.198
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 17026
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;110.249.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
110.249.16.172.in-addr.arpa. 3600 IN PTR mail.caoshujia.com.
;; AUTHORITY SECTION:
16.172.in-addr.arpa. 3600 IN NS ns2.caoshujia.com.
16.172.in-addr.arpa. 3600 IN NS ns.caoshujia.com.
;; ADDITIONAL SECTION:
ns.caoshujia.com. 3600 IN A 172.16.100.10
ns2.caoshujia.com. 3600 IN A 172.16.249.198
;; Query time: 2 msec
;; SERVER:172.16.249.198#53(172.16.249.198)
;; WHEN: Wed Aug 6 17:58:18 2014
;; MSG SIZE rcvd: 144
本次的主从同步完成
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2014-8-7 08:38:59
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡