DNS地址解析服务
DNS:domain name server 域名解析服务器
安装与配置
安装软件:bind-9.9.4-29.el7.x86_64.rpm
端口:53
配置文件:
/etc/named.conf #访问控制文件
/etc/named.rfc1912.zones # 定义域名 主机类型
/var/named/ # 域解析文件
启动服务:systemctl restart named
正向解析
1.vim /etc/named.conf(访问控制)
listen-on port 53 { any; }; #监听端口
allow-query { any; }; #允许查询
2.vim /etc/named.rfc1912.zones(定义域名及服务器类型)
zone "tong.com" IN {
type master; #服务器类型
file "tong.com.zone"; #域名解析文件
};
3.touch /var/named/east.com.zone(域解析文件)
[root@localhost ~]# chmod 640 /var/named/tong.com.zone
[root@localhost ~]# chown .named /var/named/tong.com.zone
vim /var/named/tong.com.zone
$TTL 1D
tong.com. IN SOA dns.tong.com. root. (0 1D 1H 1W 3H)
#域名 #其实授权记录 #dns主机名(不需要真实主机名) #邮箱
tong.com. IN NS dns.tong.com.
# 域名 #NameServer #主机地址(不需要真实主机名)
dns.tong.com. IN A 192.168.206.20
# 解析域名 # A记录 ip地址
www.tong.com. IN A 192.168.206.20
也可以简写成
$TTL 1D
@ IN SOA dns.tong.com. root. (0 1D 1H 1W 3H)
IN NS dns.tong.com.
dns IN A 192.168.206.20
www IN A 192.168.206.20
A记录: 将域名指向一个IPv4地址(例如:100.100.100.100),需要增加A记录
NS记录: 域名解析服务器记录,如果要将子域名指定某个域名服务器来解析,需要设置NS记录
SOA记录: SOA叫做起始授权机构记录,NS用于标识多台域名解析服务器,SOA记录用于在众 多NS记录中标记哪一台是主服务器
MX记录: 建立电子邮箱服务,将指向邮件服务器地址,需要设置MX记录。建立邮箱时,一般会 根据邮箱服务商提供的MX记录填写此记录
TXT记录: 可任意填写,可为空。一般做一些验证记录时会使用此项,如:做SPF(反垃圾邮 件)记录
[root@localhost ~]# systemctl restart named
客户端测试:
临时修改DNS
vim /etc/resolv.conf
nameserver 192.168.206.20
永久修改DNS
网卡配置文件
-bash: host: 未找到命令
yum install bind-utils
[root@localhost ~]# host www.tong.com
www.tong.com has address 192.168.206.20
[root@client ~]# nslookup www.east.com
[root@localhost ~]# nslookup www.tong.com
Server: 192.168.206.20
Address: 192.168.206.20#53
Name: www.tong.com
Address: 192.168.206.20
[root@client ~]# dig www.tong.com
各种写法
$TTL 1D
@ IN SOA dns.tong.com. root. (
0 ; serial 版本
1D ; refresh 刷新时间
1H ; retry 重试时间
1W ; expire 过期时间
3H ) ; minimum 最小缓存时间
@ IN NS dns.tong.com.
dns IN A 192.168.206.20
www IN A 192.168.206.20
ww IN A 192.168.206.20
wwww IN A 192.168.206.20
@ IN A 192.168.206.20 #解析域名
web.east.com. IN CNAME www.east.com. # 别名
* IN A 192.168.206.20 #泛解析
IN MX 5 mail.tong.com. #邮件交换记录
mail IN A 192.168.206.20
$GENERATE 1-254 stu$ IN A 192.168.206.$ #连续解析
反向解析:
反向DNS解析,是通过IP地址查询域名。
1.vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
2.vim /etc/named.rfc1912.zones
zone "206.168.192.in-addr.arpa" IN {
type master;
file "192.168.206-arpa.zone";
};
3.
touch /var/named/192.168.206-arpa.zone
chmod 640 /var/named/192.168.206-arpa.zone
chown .named /var/named/192.168.206-arpa.zone
vim /var/named/192.168.206-arpa.zone
$TTL 1D
@ IN SOA dns.tom.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.tom.com.
dns IN A 192.168.206.20
100 IN PTR www.tom.com.
110 IN PTR web.tom.com.
测试
nslookup 192.168.206.100
nslookup 192.168.206.110
转发服务器
vim /etc/named.conf
forward first;
forwarders { 192.168.206.10; };
forward only;
forwarders { 192.168.200.30; };
DNS主从服务器(时间必须同步)
主服务器配置
1.vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
2.vim /etc/named.rfc1912.zones
zone "tong.com" IN {
type master;
file "tong.com.zone";
allow-transfer { 192.168.206.10; };
};
3.
vim /var/named/tong.com.zone
$TTL 1D
@ IN SOA dns.tong.com. root. ( 0 1D 1H 1W 3H )
IN NS dns.tong.com.
dns IN A 192.168.206.20
www IN A 192.168.206.20
@ IN A 192.168.200.20
chown .named /var/named/tong.com.zone
chmod 640 /var/named/tong.com.zone
从服务器
1.vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
2.
zone "tong.com" IN {
type slave;
file "slaves/tong.com.zone";
masters { 192.168.206.20; };
};
同步数据
主服务器:
[root@client named]# vim tom.com.zone
$TTL 1D
@ IN SOA dns1.tong.com. root. (
20170622
1D
1H
1W
3H )
IN NS dns1.tong.com.
IN NS dns2.tong.com.
dns1 IN A 192.168.206.20
dns2 IN A 192.168.206.10
TSIG方式传输
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST 主机名.
主
key robinkey {
algorithm hmac-md5;
secret "YBMMsomw64S8BmK6/JbVaA==";
};
zone "tong.com" IN {
type master;
file "tong.com.zone";
allow-transfer { key robinkey; };
};
从
key robinkey {
algorithm hmac-md5;
secret "YBMMsomw64S8BmK6/JbVaA==";
};
zone "tong.com" IN {
type slave;
file "slaves/tong.com.zone";
masters { 192.168.206.20 key robinkey; };
};
子域授权
父域
1.vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
2.vim /etc/named.rfc1912.zones
zone "jerry.com" IN {
type master;
file "jerry.com.zone";
};
3.vim /var/named/robin.com.zone
$TTL 1D
@ IN SOA dns.jerry.com. root. ( 0 1D 1H 1W 3H )
IN NS dns.jerry.com.
dns IN A 192.168.206.20
music.jerry.com. IN NS dns.music.jerry.com. #授权
dns.music.jerry.com. IN A 192.168.206.20
www IN A 192.168.206.20
@ IN A 192.168.206.20
chmod 640 /var/named/jerry.com.zone
chown .named /var/named/jerry.com.zone
子域
1.vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
2.vim /etc/named.rfc1912.zones
zone "music.jerry.com" IN {
type master;
file "music.jerry.com.zone";
};
3.
chmod 640 /var/named/music.robin.com.zone
chown .named /var/named/music.robin.com.zone
vim /var/named/music.robin.com.zone
$TTL 1D
@ IN SOA dns.music.jerry.com. root. ( 0 1D 1H 1W 3H )
IN NS dns.music.jerry.com.
dns IN A 192.168.206.20
www IN A 192.168.206.20
@ IN A 192.168.206.20
DNS有哪两种域名解析方式,简述这两种方式区别和特点。
1.递归查询:
一般客户机和服务器之间属递归查询,即当客户机向dns服务器发出请求后,若dns服务器本身不能解析,则会向另外的dns服务器发出查询请求,得到结果后转交给客户机;
2.迭代查询(反复查询):
一般dns服务器之间属迭代查询,如:若dns2不能响应dns1的请求,则它会将dns3的ip给dns2,以便其再向dns3发出请求