DNS拓扑架构图: 1,主域名服务器配置: ~]# yum install bind –y ~]# systemctl start named.service ~]# systemctl enable named.service 查看named进程关端口号 修改配置文件(仅列出有修改配置) ~]# vim /etc/named.conf options { listen-on port 53 { 127.0.0.1;172.16.100.67; }; // allow-query { localhost; }; dnssec-enable no; dnssec-validation no; 检查配置文件语法错误(默认/etc/named.conf) ~]# named-checkconf 重读配置文件 ~]# rndc reload dig命令 查询www.baidu.com A记录 [root@james ~]# dig -t A www.baidu.com 跟踪解析过程 [root@james ~]# dig +trace -t A www.baidu.com Host命令查询A记录 [root@james ~]# host -t A www.baidu.com 查看NS域名服务器记录 [root@james ~]# host -t NS baidu.com 查询MX邮件服务器记录 [root@james ~]# host -t MX baidu.com Nslookup命令用法 查询A记录 [root@james ~]# nslookup > server 172.16.100.67(指定dns解析) Default server: 172.16.100.67 Address: 172.16.100.67#53 > set q=A(指定查询记录类型) > www.baidu.com(查询内容) Server: 172.16.100.67 Address: 172.16.100.67#53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 14.215.177.38 Name: www.a.shifen.com Address: 14.215.177.39 配置解析一个正向区域: (1) 定义区域 vim /etc/named.rfc1912.zones zone "iecentury.com" IN { type master; file "iecentury.com.zone"; }; 注意:区域名字即为域名; (2) 建立区域数据文件(主要记录为A或AAAA记录,在/var/named目录下建立区域数据文件;) [root@james ~]# vim /var/named/iecentury.com.zone $TTL 3600 $ORIGIN iecentury.com. @ IN SOA ns1.iecentury.com. dnsadmin.iecentury.com. ( 201812031 1H 10M 3D 1D ) IN NS ns1 IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 172.16.100.67 mx1 IN A 172.16.100.68 mx2 IN A 172.16.100.69 www IN A 172.16.100.67 web IN CNAME www 权限及属组修改: # chgrp named /var/named/iecentury.com.zone # chmod o= /var/named/iecentury.com.zone 检查语法错误 ]# named-checkconf ]# named-checkzone iecentury.com /var/named/iecentury.com.zone (3) 让服务器重载配置文件和区域数据文件 # rndc reload 或 # systemctl reload named.service [root@james ~]# rndc status version: 9.9.4-RedHat-9.9.4-61.el7_5.1 <id:8f9657aa> CPUs found: 8 worker threads: 8 UDP listeners per interface: 8 number of zones: 102 成功+1(默认101) debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running 配置解析一个反向区域 (1) 定义区域 (在主配置文件中或主配置文件辅助配置文件中实现); ~]# vim /etc/named.rfc1912.zones zone "100.16.172.in-addr.arpa" IN { type master; file "100.16.172.zone"; }; 注意:反向区域的名字 反写的网段地址.in-addr.arpa 示例:100.16.172.in-addr.arpa (2) 定义区域解析库文件(主要记录为PTR) 在/var/named目录下建立区域数据文件;示例:区域名称为100.16.172.in-addr.arpa;(反过来写IP) [root@james ~]# vim /var/named/100.16.172.zone $TTL 3600 $ORIGIN 100.16.172.in-addr.arpa. @ IN SOA ns1.iecentury.com. nsadmin.iecentury.com. ( 2014100801 1H 10M 3D 12H ) IN NS ns1.iecentury.com. 67 IN PTR ns1.iecentury.com. 68 IN PTR mx1.iecentury.com. 69 IN PTR mx2.iecentury.com. 67 IN PTR www.iecentury.com. 权限及属组修改: ~]# chmod o= /var/named/100.16.172.zone ~]# chgrp named /var/named/100.16.172.zone 检查语法错误: ~]# named-checkzone 100.16.172.zone /var/named/100.16.172.zone ~]# named-checkconf ~]#rndc reload [root@james ~]# rndc status version: 9.9.4-RedHat-9.9.4-61.el7_5.1 <id:8f9657aa> CPUs found: 8 worker threads: 8 UDP listeners per interface: 8 number of zones: 103 成功+1 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running 测试正向解析及反向解析 ~]# dig -t A www.iecentury.com ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A www.iecentury.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45698 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.iecentury.com. IN A ;; ANSWER SECTION: www.iecentury.com. 3600 IN A 172.16.100.67 ;; AUTHORITY SECTION: iecentury.com. 3600 IN NS ns1.iecentury.com. ;; ADDITIONAL SECTION: ns1.iecentury.com. 3600 IN A 172.16.100.67 ;; Query time: 21 msec ;; SERVER: 172.16.100.67#53(172.16.100.67) ;; WHEN: 日 11月 04 00:14:56 CST 2018 ;; MSG SIZE rcvd: 96 ~]# dig -x 172.16.100.67 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -x 172.16.100.67 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56457 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;67.100.16.172.in-addr.arpa. IN PTR ;; ANSWER SECTION: 67.100.16.172.in-addr.arpa. 3600 IN PTR ns1.iecentury.com. 67.100.16.172.in-addr.arpa. 3600 IN PTR www.iecentury.com. ;; AUTHORITY SECTION: 100.16.172.in-addr.arpa. 3600 IN NS ns1.iecentury.com. ;; ADDITIONAL SECTION: ns1.iecentury.com. 3600 IN A 172.16.100.67 ;; Query time: 1 msec ;; SERVER: 172.16.100.67#53(172.16.100.67) ;; WHEN: 日 11月 04 00:15:13 CST 2018 ;; MSG SIZE rcvd: 134