linux 搭建DNS 正向解析、反向解析、区域传送、批量解析详解

DNS
一、 概念
Domain Name Server 域名解析服务
1.1域名与主机名
例如
对于www.baidu.com www.google.com
域名(domain name)为www.google 主机名为.google.com .baidu.com
www.ksu.edu.tw(昆山科大服务器)
对于.gov.tw
domain name: .tw hostname: dov
对于.ksu.edu.tw
domain name: .edu.tw. hostname:ksu
对于www.ksu.edu.tw
domain name: .ksu.edu.tw hostname: www

二、 实验
2.1正向解析（从主机名查询到IP）
2.1.1 安装bind，开启服务named
[root@localhost ~]# yum install bind –y
[root@localhost ~]# systemctl restart named

2.1.2 编辑配置文件/etc/named.conf
注意：ip必须为自动获取到的ip
[root@localhost ~]# vim /etc/named.conf
内容为:
options {
listen-on port 53 { 192.168.233.128; };
directory “/var/named”;
};
zone “baidu.com.” IN {
type master;
file “baidu.com.zone”;
};

解释
；代表批注符号
查看
[root@localhost ~]# cd /var/named
[root@localhost named]# ll
总用量 16
drwxrwx—. 2 named named 23 8月 2 21:28 data
drwxrwx—. 2 named named 60 8月 2 21:28 dynamic
-rw-r-----. 1 root named 2281 5月 22 2017 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx—. 2 named named 6 5月 22 2017 slaves

2.1.3编辑配置文件/etc/named/ baidu.com.zone
[root@localhost named]# vim baidu.com.zone
$TTL 1D
@ IN SOA @ admin.baidu.com. (
0
1D
1H
1W
3H )
IN NS ns.baidu.com.
IN MX 10 mail.baidu.com.
ns IN A 192.168.233.128
mail IN A 192.168.233.1
www IN A 192.168.233.2
www IN A 192.168.233.3
ftp IN CNAME www

解释
$TTL 缓存记忆时间
@：代表zone(域的记录)
SOA:start of Authority 开始验证
NS:NameServer 后面记录的数据是dns服务器的意思
A:Address
0 序号
1D 更新频率
1H 失败重新尝试时间
1W 失效时间
3H 缓存时间

2.1.4.重启服务named并查看状态
[root@localhost named]# systemctl restart named
[root@localhost named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2018-08-02 21:49:25 CST; 8s ago

2.1.5发送域名查询信息包到域名服务器
[root@localhost named]# dig -t A www.baidu.com @192.168.233.128

[root@localhost named]# dig -t MX www.baidu.com @192.168.233.128

[root@localhost named]# dig -t MS www.baidu.com @192.168.233.128

[root@localhost named]# dig -t NS www.baidu.com @192.168.233.128

[root@localhost named]# dig -t CNMAE ftp.baidu.com @192.168.233.128

显示网络连接，路由表，接口状态，伪装连接，网络链路信息和
组播成员组
[root@localhost ~]# netstat -lntup | grep named
[root@localhost ~]# ps aux | grep named
[root@localhost ~]# ps -ef | grep named

2.2反向解析（从ip查询到主机名）

2.2.1 编辑配置文件/etc/named.conf
注意：地址反向写，文件写对
[root@localhost ~]# vim /etc/named.conf
内容为:

options {
listen-on port 53 { 192.168.233.134; };
directory “/var/named”;
};
zone “baidu.com.” IN {
type master;
file “baidu.com.zone”;
};
zone “233.168.192.in-addr.arpa” IN {
type master;
file “fanxiang.zone”;
};

2.2.2编辑配置文件/etc/named/ fanxiang.zone(fanxiang.zone是自己建的文件)
[root@localhost named]# vim fanxiang.zone
$TTL 1D
@ IN SOA ns.baidu.com. admin.baidu.com. (
0 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H );minimum
IN NS ns.baidu.com.
200 IN PTR ns.baidu.com.
128 IN PTR www.baidu.com.

2.1.3.重启服务named
[root@localhost named]# systemctl restart named

2.2.4 发送ip查询信息包到域名服务器
前面是查询的地址(/etc/named/fanxiang.zone文件的地址)，后面是主机地址
dig -x
[root@localhost named]# dig -x 192.168.233.128 @192.168.233.134

[root@localhost named]# dig -x 192.168.233.200 @192.168.233.134

2.3区域传送
2.3.1 概念
区域传送
将一个区域文件复制到多个DNS服务器的过程。

过程
通过从主服务器上将区域文件的信息复制到辅助服务器来实现,当主服务器的区域有变化时，该变化会通过区域传输机制

完全区域传送
当一个新的DNS服务器添加到区域中并配置为从服务器时，它会执行完全区域传送。

增量区域传送
为了保证数据同步，主域名服务器有更新时也会及时通知辅助域名服务器从而进行更新。

2.3.2 实验
注意：服务及和客户机要先关闭防火墙
[root@localhost named]# systemctl stop firewalld
主服务机ip为192.168.233.134 从服务机ip为192.168.233.131

主服务机配置

1）在配置文件/etc/named.conf加allow-transfer { 192.168.233.131; };加上从服务机ip
[root@localhost ~]# vim /etc/named.conf
内容为：
options {
listen-on port 53 { 192.168.233.134; };
directory “/var/named”;
allow-transfer { 192.168.233.131; };
};
zone “baidu.com” IN {
type master;
file “baidu.com.zone”;
};
zone “233.168.192.in-addr.arpa” IN {
type master;
file “fanxiang.zone”;
};

2）重启服务named,查看服务状态
[root@localhost ~]# systemctl restart named
[root@localhost ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2018-08-04 19:11:31 CST; 12

从服务机配置

1）挂在镜像并安装bind
[root@localhost ~]# mount /dev/sr0 /mnt
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost ~]# yum install bind –y

2）在配置文件/etc/named.conf
注意：在options 里面写从服务机地址，在zone里面写主服务机地址
[root@localhost ~]# vim /etc/named.conf
内容为
options {
listen-on port 53 { 192.168.233.131; };
directory “/var/named”;
};
zone “baidu.com” IN {
type slave;
file “slaves/baidu.com.zone”;
masters { 192.168.233.134; };
};
zone “233.168.192.in-addr.arpa” IN {
type slave;
file “slaves/fanxiang.zone”;
masters { 192.168.233.134; };
};

3）重启服务named,查看服务状态
[root@localhost ~]# systemctl restart named
[root@localhost ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2018-08-04 19:11:31 CST; 12

4）进入 /var/named/slaves/目录下查看文件是否传过来
[root@localhost ~]# cd /var/named/slaves/
[root@localhost slaves]# ll
total 8
-rw-r–r--. 1 named named 384 Aug 4 18:53 baidu.com.zone
-rw-r–r--. 1 named named 318 Aug 4 18:53 fanxiang.zone

2.4批量解析
2.4.1 正向解析

1）编辑配置文件/var/named/ baidu.com.zone
[root@localhost ~]# vim /var/named/baidu.com.zone
内容为：
$TTL 1D
@ IN SOA @ admin.baidu.com. (
0
1D
1H
1W
3H )
IN NS ns.baidu.com.
IN MX 10 mail.baidu.com.
ns IN A 192.168.233.128
mail IN A 192.168.233.1
www IN A 192.168.233.2
www IN A 192.168.233.3
ftp IN CNAME www
$GENERATE 1-10 $ IN PTR $.baidu.com.

2）重启服务，查看状态
[root@localhost ~]# systemctl restart named
[root@localhost ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2018-08-04 20:16:41 CST; 9s ago

3）查询
[root@localhost ~]# dig -t A www.baidu.com @192.168.233.134

2.4.2 反向解析

1）编辑配置文件/var/named/fanxiang.zone，加上
$GENERATE 1-10 $ IN PTR $.baidu.com
[root@localhost ~]# vim /var/named/fanxiang.zone
内容为：
$TTL 1D
@ IN SOA ns.baidu.com. admin.baidu.com. (
0 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H );minimum
IN NS ns.baidu.com.
200 IN PTR ns.baidu.com.
128 IN PTR www.baidu.com.
$GENERATE 1-10 $ IN PTR $.baidu.com

2）重启服务，查看状态
[root@localhost ~]# systemctl restart named
[root@localhost ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2018-08-04 20:16:41 CST; 9s ago

3）查询
[root@localhost ~]# dig -x 192.168.233.1 @192.168.233.134