-
DNS介绍
1.DNS 是域名系统 (Domain Name System) 的缩写,是一种组织成 域层次结构 的计算机和网络服务命名2.系统,它作为可以将域名和 IP 地址相互映射的一个 分布式数据库 ,能够使人更方便的访问互联网,而 不用去记住能够被机器直接读取的 IP 数串。 -
DNS分类
1 ) 主域名服务器( primary Name Server )主域名服务器是特定域所有信息的权威来源,从域管理员构造的本地文件中加载域信息,该文件包含服 务器具有的部分域结构的最精确信息。主域名服务器需要配置一组完整的文件。2 ) 辅助域名服务器( Second Name Server )辅助域名服务器用来从主域名服务器中转移一整套域信息,它是可选的配置选项。区文件从主域名服务 器转移出来,作为磁盘文件保存在辅助域名服务器中。辅助域名服务器不需要配置本地区文件,只需要 配置主配置文件(named.conf) ,高速缓存初始化文件 (named.ca) 和回送文件 (named.local) 。
一、DNS正向区域配置
安装BIND软件: # yum -y install bind bind-utils bind-chroot bind-libs
Bind:主软件包,提供域名服务的主要程序及相关文件。 Bind-utils:提供 了对DNS服务器的测试工具程序,如nslookup等。 Bind-libs:提供了bind、bind-utils需要使用的库函数。 Bind-chroot:为BIND服务提供一个伪装的根目录,提高安全性
[root@localhost ~]# yum install bind-utils bind-chroot bind-libs
[root@localhost ~]# systemctl start named #启动
[root@localhost ~]# netstat -pltun|grep named #查看bind端口
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1664/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1664/named
tcp6 0 0 ::1:953 :::* LISTEN 1664/named
tcp6 0 0 ::1:53 :::* LISTEN 1664/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1664/named
udp6 0 0 ::1:53 :::*
# DNS默认使用UDP、TCP协议,使用端口为53(客户端查询),953(主从服务器同步)二、DNS主服务器之正向解析
[root@localhost ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; }; //监听端口修改为any (所有主机)
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //允许查询记录修改为any(所有主机)
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
#新整一段zone
zone "hw.com" IN { //定义一个zone zone的名字"hw.com"
type master; //类型为主服务器
file "hw.com.zone"; //自定义的域名到IP的正向解析配置
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
三、创建正向解析文件
[root@localhost ~]# cp -p /var/named/named.loopback /var/named/hw.com.zone
[root@localhost ~]# vim /var/named/hw.com.zone
$TTL 1D
@ IN SOA hw.com rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master
master IN A 192.168.72.160 #地址记录
www IN A 192.168.72.161 #地址记录四、检查语法并重载
[root@localhost ~]# named-checkconf -z
zone hw.com/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
[root@localhost ~]# rndc reload #p配置重载
server reload successful
五、修改本地DNS并测试
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.72.151 #网卡网关一定写自己的IP 这样子才可以正常使用本机提供的DNS服务
nameserver 114.114.114.114
[root@localhost ~]# nslookup master.hw.com
Server: 192.168.72.151
Address: 192.168.72.151#53
Name: master.hw.com
Address: 192.168.72.160
[root@localhost ~]# nslookup master.hw.com
Server: 192.168.72.151
Address: 192.168.72.151#53
Name: master.hw.com
Address: 192.168.72.160六、DNS主服务器之CNAME别名
[root@localhost ~]# vim /var/named/hw.com.zone
$TTL 1D
@ IN SOA hw.com rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master
master IN A 192.168.72.160
www IN A 192.168.72.161
kw IN A 192.168.72.162
aaa IN CNAME kw
bbb IN CNAME kw
[root@localhost ~]# rndc reload #重载
[root@localhost ~]# nslookup bbb.hw.com
Server: 192.168.72.151
Address: 192.168.72.151#53
bbb.hw.com canonical name = kw.hw.com.
Name: kw.hw.com //别名
Address: 192.168.72.162
[root@localhost ~]# nslookup kw.hw.com
Server: 192.168.72.151
Address: 192.168.72.151#53
Name: kw.hw.com ///别名
Address: 192.168.72.162
持续更新,,基础到精通,,谢谢大家