DNS服务器基础
目录
配置DNS服务器(192.168.4.1–dns.zhuhaiyan.cn)
需求一:搭建单区域DNS服务器
为一家公司搭建一台DNS服务器,以便用户以域名的方式访问网站。
搭建思路:
搭建DNS服务器的基本过程
1.安装bind、bind-chroot包
2.建立主配置文件/etc/named.conf
3.建立地址库文件/var/named/….
4.启动named服务
配置及使用DNS客户端的基本过程
1.修改配置文件/etc/resolv.conf ,添加nameserver=DNS服务器地址
2.使用host命令查询,提供目标域名作为参数
配置DNS服务器(192.168.4.1–dns.zhuhaiyan.cn)
[root@dns ~]# vim /etc/hostname
dns.zhuhaiyan.cn
[root@dns ~]# mv /etc/named.conf /etc/named.conf.origin
[root@dns ~]# vim /etc/named.conf
options {
directory ”/var/named”;
};
zone “zhuhaiyan.cn” {
type master;
file “zhuhaiyan.cn.zone”;
};
[root@dns ~]# cd /var/named/
[root@dns named]# cp -p named.localhost zhuhaiyan.cn.zone
[root@dns named]# vim zhuhaiyan.cn.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.zhuhaiyan.cn.
dns A 192.168.4.1
dnsc A 192.168.4.2
www A 192.168.4.3
[root@dns named]# systemctl restart named
[root@dns named]# systemctl enable named
用客户端(192.168.4.2)验证
[root@dnsc ~]# cat /etc/resolv.conf
nameserver 192.168.4.1
[root@dnsc ~]# host dns.zhuhaiyan.cn
dns.zhuhaiyan.cn has address 192.168.4.1
[root@dnsc ~]# host www.zhuhaiyan.cn
www.zhuhaiyan.cn has address 192.168.4.3
[root@dnsc ~]# host dnsc.zhuhaiyan.cn
dnsc.zhuhaiyan.cn has address 192.168.4.2
需求二:配置dns轮询
思路:为某一个站点配DNS轮询解析,三台web服务器节点的IP地址分为:192.168.4.3,192.168.4.3,192.168.6.1
[root@dns named]# vim /var/named/zhuhaiyan.cn.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.
dns A 192.168.4.1
dnsc A 192.168.4.2
www A 192.168.4.3
www A 192.168.4.4
www A 192.168.6.1
[root@dns named]# systemctl restart named
客户端:
[root@dnsc ~]# host www.zhuhaiyan.cn
www.zhuhaiyan.cn has address 192.168.4.3
www.zhuhaiyan.cn has address 192.168.4.4
www.zhuhaiyan.cn has address 192.168.6.1
[root@dnsc ~]# host www.zhuhaiyan.cn
www.zhuhaiyan.cn has address 192.168.6.1
www.zhuhaiyan.cn has address 192.168.4.4
www.zhuhaiyan.cn has address 192.168.4.3
[root@dnsc ~]# host www.zhuhaiyan.cn
www.zhuhaiyan.cn has address 192.168.4.4
www.zhuhaiyan.cn has address 192.168.4.3
www.zhuhaiyan.cn has address 192.168.6.1
需求三:泛域名解析
目标:使得 任意名称.zhuhaiyan.cn 都默认访问201.0.0.1
具体配置:
[root@dns ~]# vim /var/named/zhuhaiyan.cn.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.
dns A 192.168.4.1
dnsc A 192.168.4.2
www A 192.168.4.3
www A 192.168.4.4
www A 192.168.6.1
* A 201.0.0.1
[root@dns ~]# systemctl restart named
客户端测试
[root@dnsc ~]# host www1.zhuhaiyan.cn
www1.zhuhaiyan.cn has address 201.0.0.1
[root@dnsc ~]# host waw1.zhuhaiyan.cn
waw1.zhuhaiyan.cn has address 201.0.0.1
需求四 配置DNS子域授权
目标:使用两台DNS服务器建立父子关联,实现客户机向父的dns服务器查询的时候,如果信息载父服务器查不到,父服务器可以以查询子服务器的内容,看是否父子存在这条域名解析。
构建父dns
这里前面的192.168.4.1 dns.zhuhaiyan.cn,这里就不在举例具体的配置
构建子DNS服务器 192.168.4.2 dnsc.sz.zhuhaiyan.cn
[root@dnsc ~]# vim /etc/hostname
dnsc.sz.zhuhaiyan.cn
[root@dnsc ~]# yum -y install bind bind-chroot
[root@dnsc ~]# mv /etc/named.conf /etc/named.conf.origin
[root@dnsc ~]# vim /etc/named.conf
[root@dnsc named]# vim /etc/named.conf
options {
directory ”/var/named”;
};
zone “sz.zhuhaiyan.cn” {
type master;
file “sz.zhuhaiyan.cn.zone”;
};
[root@dnsc named]# cd /var/named/
[root@dnsc named]# cp -p named.localhost tedu.cn.zone
[root@dnsc named]# vim sz.zhuhaiyan.cn.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dnsc.sz.zhuhaiyan.cn.
dnsc A 192.168.4.2
www A 1.2.3.4
[root@dnsc named]# systemctl restart named
[root@dnsc named]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@dnsc named]# host www.sz.zhuhaiyan.cn 192.168.4.2
Using domain server:
Name: 192.168.4.2
Address: 192.168.4.2#53
Aliases:
www.sz.zhuhaiyan.cn has address 1.2.3.4
在父DNS上配置子域授权
[root@dns ~]# vim /var/named/zhuhaiyan.cn.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.
dns A 192.168.4.1
www A 192.168.4.3
www A 192.168.4.4
www A 192.168.6.1
* A 201.0.0.1
sz.zhuhaiyan.cn. NS dnsc.sz.zhuhaiyan.cn.
dnsc.sz.zhuhaiyan.cn. A 192.168.4.2
[root@dns ~]# systemctl restart named
测试
[root@dnsc named]# host www.sz.zhuhaiyan.cn 192.168.4.1
Using domain server:
Name: 192.168.4.1
Address: 192.168.4.1#53
Aliases:
www.sz.zhuhaiyan.cn has address 1.2.3.4
[root@dnsc named]# host www.sz.zhuhaiyan.cn 192.168.4.2
Using domain server:
Name: 192.168.4.2
Address: 192.168.4.2#53
Aliases:
www.sz.zhuhaiyan.cn has address 1.2.3.4
需求四:搭建缓存DNS
权威/官方DNS服务器的特点:
至少管理一个DNS区域,需要IANA等官方机构授权
典型应用:根域DNS、一级DNS、二级DNS、三级DNS、.. ..
缓存DNS服务器的特点:
不需要管理任何DNS区域,但时能够替客户机查询缓存,复用查询结果来加快响应速度
典型应用:ISP服务商,企业局域网
缓存DNS服务器的解析记录来源:
方式1:全局转发:将请求转发给指定的公共DNS(其他缓存DNS),请求递归服务
方式2:根域迭代:依次向根、一级、二级……域的DNS服务器迭代
具体的配置过程:
使用dnsc.sz.zhuhaiyan.cn 192.168.4.2 配置dns缓存
[root@dnsc ~]# yum -y install bind bind-chroot
[root@dnsc ~]# vim /etc/named.conf
options {
forwarders {192.168.1.1; }; —–配置国内的DNS服务器
};
[root@dnsc ~]# systemctl restart named
[root@dnsc ~]# systemctl enable named
[root@dnsc ~]# host www.baidu.com 192.168.4.2
Using domain server:
Name: 192.168.4.2
Address: 192.168.4.2#53
Aliases:
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 14.215.177.39
www.a.shifen.com has address 14.215.177.38
目录
配置DNS服务器(192.168.4.1–dns.zhuhaiyan.cn)
需求一:搭建单区域DNS服务器
为一家公司搭建一台DNS服务器,以便用户以域名的方式访问网站。
搭建思路:
搭建DNS服务器的基本过程
1.安装bind、bind-chroot包
2.建立主配置文件/etc/named.conf
3.建立地址库文件/var/named/….
4.启动named服务
配置及使用DNS客户端的基本过程
1.修改配置文件/etc/resolv.conf ,添加nameserver=DNS服务器地址
2.使用host命令查询,提供目标域名作为参数
配置DNS服务器(192.168.4.1–dns.zhuhaiyan.cn)
[root@dns ~]# vim /etc/hostname
dns.zhuhaiyan.cn
[root@dns ~]# mv /etc/named.conf /etc/named.conf.origin
[root@dns ~]# vim /etc/named.conf
options {
directory ”/var/named”;
};
zone “zhuhaiyan.cn” {
type master;
file “zhuhaiyan.cn.zone”;
};
[root@dns ~]# cd /var/named/
[root@dns named]# cp -p named.localhost zhuhaiyan.cn.zone
[root@dns named]# vim zhuhaiyan.cn.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.zhuhaiyan.cn.
dns A 192.168.4.1
dnsc A 192.168.4.2
www A 192.168.4.3
[root@dns named]# systemctl restart named
[root@dns named]# systemctl enable named
用客户端(192.168.4.2)验证
[root@dnsc ~]# cat /etc/resolv.conf