|
|
dns:即domain name system,用于实现从域名到IP的转换,在DNS系统出现之前,windows系统通过主机文件(c:\windwos\system32\drivers\etc\hosts)提供域名转换功能,linux通过主机文件(/etc/hosts)提供域名转换功能。
默认情况下,操作系统DNS解析的查找步骤:
主机文件---->DNS缓存---->DNS服务器
在linux系统中,通过调整配置文件(/etc/nsswitch.conf ),可以调整查找步骤
1
2
3
4
| # vim /etc/nsswitch.conf 文件中有一行
hosts: files dns //files表示主机文件,先查找主机文件查找dns服务器
如果改成:
hosts: dns files //这样优先查找dns
|
linux平台的dns软件叫bind,即Berkeley Internet Name Domain,DNS服务器的类型:
1.主DNS服务器
2.辅助DNS服务器
3.缓存DNS服务器
bind的数据库文件叫做区域数据文件,区域数据文件由资源记录组成。
资源记录的类型:
1.SOA:Start Of Authority,起始授权机构
2.NS:Name Server,域名服务器
3.MX:Mail Exchange,邮件交换器
4.A:Address,A记录(从FQDN到IP的转换)
5.PTR: 反向记录(从IP到FQDN的转换)
6.AAAA: IPv6的A记录(从FQDN到IPv6的转换)
7.CNAME: 别名记录
资源记录的格式:
1
2
3
4
| name [ttl] IN RRtype Value
name: 区域名称,简写为@
ttl: DNS缓存时间
value: 主DNS服务器的FQDN
|
SOA:只能有一个
1
2
3
4
5
6
| @ 600 IN SOA ns.py.com. root.py.com. (
2014092201; 序列号
2H; 刷新时间
1H; 重试时间
1D; 过期时间
)
|
NS记录:可以有多条
A记录:只能定义在正向区域数据文件中
1
| www 600 IN A 192.168.57.1
|
MX记录:可以有多条
PTR记录:
CNAME记录:
主DNS服务器的安装配置:
1.安装dns服务器软件
服务器的IP为:192.168.57.23,域名为py.com
2.配置:主配置文件(/etc/named.conf)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| # vim /var/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; #定义named服务侦听的端口和IP地址,默认为侦听 所有IP地址的53号端口。
// listen-on-v6 port 53 { ::1; }; #针对IPv6的侦听端口和IP设置。
directory "/var/named"; #定义工作目录(即区域文件的路径)
allow-query { localhost; }; #此项通常仅用于服务器是缓存名称服务器时,只开 放查询功能给本地客户端;
recursion yes; #定义允许递归查询的IP
zone "." IN {
type hint;
file "named.ca";
};
//以下四行新增加
zone "py.com" IN {
type master;
file "py.com.zone";
};
//以下四行新增加
zone "57.168.192.in-addr.arpa" IN {
type master;
file "named.py.com";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
检查主配置文件语法
# named-checkconf
|
3.配置正向区域:区域配置文件(/var/named/py.com.zone)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| # vim py.com.zone
$TTL 1D
@ IN SOA ns.py.com. root.py.com. (
2014092201 ; serial #序列号
1H ; refresh #每隔多久到主服务器检查一次
5M ; retry #重试时间,应该小于refresh时间
3D ; expire #过期时间
12H ) ; minimum
IN NS ns.py.com.
ns IN A 192.168.57.23
s1 IN A 192.168.57.1
s2 IN A 192.168.57.2
mail IN A 192.168.57.3
mail2 IN A 192.168.57.4
www IN CNAME s1
ftp IN CNAME s2
@ IN MX 10 mail
@ IN MX 20 mail
//修改文件权限
# chown root:named py.com.zone
# chmod 640 py.com.zone
//检查区域配置文件语法
# named-checkzone py.com "/var/named/py.com.zone"
zone py.com/IN: loaded serial 2014092201
OK
|
4.配置正向区域:区域配置文件(/var/named/named.py.com)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| # vim /var/named/named.py.com
$TTL 1D
@ IN SOA ns.py.com. root.py.com. (
2014092201 ; serial
1H ; refresh
5M ; retry
3D ; expire
12H ) ; minimum
IN NS ns.py.com.
1 IN PTR s1.py.com.
2 IN PTR s2.py.com.
3 IN PTR mail.py.com.
4 IN PTR mail2.py.com.
//修改文件权限
# chown root:named named.py.com
# chmod 640 named.py.com
//检查配置文件
# named-checkzone 57.168.192.in-addr.arpa /var/named/named.py.com
zone 57.168.192.in-addr.arpa/IN: loaded serial 2014092201
OK
|
5.启动named服务
6.排错:可以查看日志文件排错
1
| # tail -f /var/log/messages
|
7.测试:测试工具有dig,host,nslookup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
| //修改服务器的DNS指向本机IP
# vim /etc/resolv.conf
nameserver 192.168.57.23
//host命令格式:
host [-t type] {name} [server]
# host -t A s1.py.com 192.168.57.23
Using domain server:
Name: 192.168.57.23
Address: 192.168.57.23#53
Aliases:
s1.py.com has address 192.168.57.1
# host -t CNAME www.py.com 192.168.57.23
Using domain server:
Name: 192.168.57.23
Address: 192.168.57.23#53
Aliases:
www.py.com is an alias for s1.py.com.
# host -t PTR 1.57.168.192.in-addr.arpa 192.168.57.23
Using domain server:
Name: 192.168.57.23
Address: 192.168.57.23#53
Aliases:
1.57.168.192.in-addr.arpa domain name pointer s1.py.com.
//dig命令格式:
# dig [-t type] [name] [@server] [query options]
常用的query options:
+[no]trace
+[no]recurse
+[no]tcp
# dig -t A s1 @192.168.57.23
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t A s1 @192.168.57.23
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62522
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;s1. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014092200 1800 900 604800 86400
;; Query time: 31 msec
;; SERVER: 192.168.57.23#53(192.168.57.23)
;; WHEN: Mon Sep 22 15:26:24 2014
;; MSG SIZE rcvd: 95
# dig -t CNAME www @192.168.57.23
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t CNAME www @192.168.57.23
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55815
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www. IN CNAME
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014092200 1800 900 604800 86400
;; Query time: 33 msec
;; SERVER: 192.168.57.23#53(192.168.57.23)
;; WHEN: Mon Sep 22 15:26:38 2014
;; MSG SIZE rcvd: 96
//nslookup命令格式:
# nslookup 回车
>server server_ip
>set q=RRtype
>name
# nslookup
> server 192.168.57.23
Default server: 192.168.57.23
Address: 192.168.57.23#53
> set q=A
> s1.py.com
Server: 192.168.57.23
Address: 192.168.57.23#53
Name: s1.py.com
Address: 192.168.57.1
|
辅助(从)DNS服务器的安装配置:
1.安装bind
服务器IP:192.168.57.230,域名:py.com
2.配置:主配置文件(/etc/named.conf)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| # vim /etc/named.conf
//增加以下行
zone "py.com" IN {
type slave;
masters { 192.168.57.23; };
file "slaves/py.com.zone";
};
zone "57.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.57.23; };
file "slaves/named.py.com";
};
//注释下面这一行
recursion yes;
//检查文件
# named-checkconf
|
3.启动named服务
4.查看salves目录
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| # cd /var/named/slaves
# cat py.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
py.com IN SOA ns.py.com. root.py.com. (
2014092201 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
259200 ; expire (3 days)
43200 ; minimum (12 hours)
)
NS ns.py.com.
MX 10 mail.py.com.
MX 20 mail2.py.com.
$ORIGIN py.com.
ftp CNAME s2
mail A 192.168.57.3
mail2 A 192.168.57.4
ns A 192.168.57.23
s1 A 192.168.57.1
s2 A 192.168.57.2
www CNAME s1
# cat named.py.com
$ORIGIN .
$TTL 86400 ; 1 day
57.168.192.in-addr.arpa IN SOA ns.py.com. root.py.com. (
2014092201 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
259200 ; expire (3 days)
43200 ; minimum (12 hours)
)
NS ns.py.com.
$ORIGIN 57.168.192.in-addr.arpa.
1 PTR s1.py.com.
2 PTR s2.py.com.
3 PTR mail.py.com.
4 PTR mail2.py.com.
|
5.测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| # dig -t CNAME www.py.com @192.168.57.230
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t CNAME www.py.com @192.168.57.230
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42102
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.py.com. IN CNAME
;; ANSWER SECTION:
www.py.com. 86400 IN CNAME s1.py.com.
;; AUTHORITY SECTION:
py.com. 86400 IN NS ns.py.com.
;; ADDITIONAL SECTION:
ns.py.com. 86400 IN A 192.168.57.23
;; Query time: 0 msec
;; SERVER: 192.168.57.230#53(192.168.57.230)
;; WHEN: Mon Sep 22 15:52:04 2014
;; MSG SIZE rcvd: 78
|
子DNS服务器的安装配置:
1.安装bind
服务器IP:192.168.57.230,域名:tech.py.com 2.配置:主配置文件(/etc/named.conf)
1
2
3
4
5
6
7
8
9
10
11
12
13
| //增加下列行
zone "tech.py.com" IN {
type master;
file "tech.py.com";
};
zone "58.168.192.in-addr.arpa" IN {
type master;
file "named.tech.py.com";
};
//检查配置文件
# named-checkconf
|
3.配置父DNS服务器的区域配置文件(/var/named/py.com.zone),授权子域
1
2
3
| //增加下列行
tech.py.com. IN NS ns.tech.py.com.
ns IN A 192.168.57.230
|
4.重启named服务
1
| # service named restart
|
5.在主服务器上测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| # dig -t A www.tech.py.com @192.168.57.230
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t A www.tech.py.com @192.168.57.230
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13703
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.tech.py.com. IN A
;; Query time: 1 msec
;; SERVER: 192.168.57.230#53(192.168.57.230)
;; WHEN: Mon Sep 22 16:25:28 2014
;; MSG SIZE rcvd: 33
|
配置区域转发:
区域转发负责把本机不能解析的请求发往指下的DNS服务器,可以在全局区配置转发,也可以配置特定区域转发。
格式如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| //配置全局转发
# vim /etc/named.conf
options {
forward only|first;
forwarders { IP; }
};
//配置特定区域转发
# vim /var/named/py.com.zone
zone "py.com" IN {
type forward;
forwarders { IP; }
forward only|forward;
};
|
bind配置选项:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
| //用于控制主DNS服务器允许区域复制给辅助DNS服务器的白名单(在主DNS服务器上配置)
allow-transfer { ip; };
//用于服务器是缓存名称服务器时,只开放查询功能给本地客户端
allow-query { ip; };
//定义递归查询白名单(DNS服务器要配置转发的时候,本机的IP必须在对方的递归白名单中)
allow-recursion { ip; };
//为了安全通常是关闭的。
allow-update { none; };
定义ACL,用于上述选项的调用
acl ACL_NAME {
192.168.57.0/24;
10.245.32.0/21;
};
bind的4个内置ACL:
any: 任何主机
none: 无一主机
local: 本机
localnet: 本机所在的网络
//view:(针对不同来源的IP地址,使用不同的DNS区域文件)
acl telecom {
202.96.0.0/16;
};
acl unicom {
61.192.0.0/26;
};
view telecom {
match-clients { telecom; };
zone "py.com" IN {
type master;
file "py.com.telecom";
};
};
view unicom {
match-clients { unicom; };
recursion no;
zone "magelinux.com" IN {
type master;
file "py.com.unicom";
};
};
view default {
match-clients { any; };
zone "py.com" IN {
type master;
file "py.com.unicom";
};
};
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2014-9-23 09:58:31
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡