DNS解析及轮询

一、DNS排错


 NOERROR                                                                    ###查询成功
 NXDOMAIN                                                                   ###DNS服务器提示不存在这样的名称
 SERVFAIL                                                                   ###DNS服务器停机或DNSSEC响应验证失败
 REFUSED                                                                    ###DNS服务器拒绝回答

二、高速缓存DNS


虚拟机IP:172.25.254.125(服务器)

selinux iptables off

1、安装DNS

 yum install bind.x86_64 -y 
 systemctl start named                                                      ###启动服务
 cat /etc/rndc.key                                                          ###开始不存在,服务启动建立
 cat /etc/services |grep domain                                             ###查看DNS的端口

2、配置named.conf

 vim /etc/named.conf
 10 options {
 11         listen-on port 53 { any; };                                     ###开启53端口访问
 12         listen-on-v6 port 53 { ::1; };
 13         directory       "/var/named";
 14         dump-file       "/var/named/data/cache_dump.db";
 15         statistics-file "/var/named/data/named_stats.txt";
 16         memstatistics-file "/var/named/data/named_mem_stats.txt";
 17         allow-query     { any; };                                       ###允许所有人访问
 18         forwarders { 172.25.254.250; };                                 ###如果没有就访问172.25.254.250
 19         /* 

 systemctl restart named

3、测试

 虚拟机IP:172.25.254.225
 vim /etc/resolv.conf
 nameserver 172.25.254.125

 虚拟机IP:172.25.254.56
 vim /etc/resolv.conf
 nameserver 172.25.254.125

测试结果:2台分别访问dig www.baidu.com,可以发现第一次慢,第二次快

三、DNS正向解析


原理:将域名转化为IP地址

1、配置named.conf

虚拟机IP:172.25.254.125(服务器)

 vim /etc/named.conf
 10 options {
 11         listen-on port 53 { any; };                                         ###开启53端口访问
 12         listen-on-v6 port 53 { ::1; };
 13         directory       "/var/named";
 14         dump-file       "/var/named/data/cache_dump.db";
 15         statistics-file "/var/named/data/named_stats.txt";
 16         memstatistics-file "/var/named/data/named_mem_stats.txt";
 17         allow-query     { any; };                                           ###允许所有人访问
 18         /* 

2、配置named.rfc1912.zones

 vim /etc/named.rfc1912.zones
 19 zone "localhost" IN {                                                       ###y6y复制,p粘贴
 20         type master;
 21         file "named.localhost";
 22         allow-update { none; };
 23 };
 24 
 25 zone "dream.com" IN {
 26           type master;
 27           file "dream.com.zone";                                            ###访问的文件
 28           allow-update { none; };
 29 };

 cp -p /var/named/named.localhost /var/named/dream.com.zone

3、配置dream.com.zone

  vim /var/named/dream.com.zone                                                 ###结尾加点表示结束,如果没有会补(.dream.com)
  1 $TTL 1D
  2 @       IN SOA  dns.dream.com. root.dream.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.dream.com.                                              ###nameserver:下面指向服务器的IP
  9 dns     A       172.25.254.125
 10 www     A       172.25.254.225                                              ###把www.dream.com解析到172.25.254.225这个IP

4、测试

真机IP:172.25.254.56

 vim /etc/resolv.conf
 nameserver 172.25.254.125
 dig www.dream.com

DNS解析及轮询_第1张图片

四、DNS轮询

注意:此功能DNS自带,在DNS正向解析的条件下!!!

1、配置dream.com.zone

  vim /var/named/dream.com.zone
  1 $TTL 1D
  2 @       IN SOA  dns.dream.com. root.dream.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.dream.com.
  9 dns     A       172.25.254.125
 10 www     CNAME   login.dream.com.
 11 login   A       172.25.254.225
 12 login   A       172.25.254.56

 systemctl restart named

2、测试

真机IP:172.25.254.56

 dig www.dream.com

DNS解析及轮询_第2张图片

DNS解析及轮询_第3张图片

五、DNS反向解析


原理:将IP地址转化为域名
在DNS正向解析的条件下,虚拟机IP:172.25.254.125(服务器)

1、配置named.rfc1912.zones

 vim /etc/named.rfc1912.zones
 43 zone "0.in-addr.arpa" IN {
 44         type master;
 45         file "named.empty";
 46         allow-update { none; };
 47 };
 48 
 49 zone "254.25.172.in-addr.arpa" IN {
 50         type master;
 51         file "dream.com.ptr";
 52         allow-update { none; };
 53 };

 cp -p /var/named/named.loopback /var/named/dream.com.ptr

2、配置dream.com.ptr

 vim /var/named/dream.com.ptr
  1 $TTL 1D
  2 @       IN SOA  dns.dream.com. root.dream.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.dream.com.
  9 dns     A       172.25.254.125
 10 225     PTR     www.dream.com
 11 56      PTR     login.dream.com

 systemctl restart named

3、测试

真机IP:172.25.254.56

 dig -x 172.25.254.56                                                  ###反向解析到login.dream.com            
 dig -x 172.25.254.225                                                 ###反向解析到www.dream.com

DNS解析及轮询_第4张图片

DNS解析及轮询_第5张图片

六、DNS双向解析


运用DNS双向解析,我们可以让内外网访问的网段不同。这里我们以外网访问172.25.254网段,内网访问192.25.254网段为例。

1、配置dream.com.inter

 cp -p /var/named/dream.com.zone /var/named/dream.com.inter

 vim /var/named/dream.com.inter
  1 $TTL 1D
  2 @       IN SOA  dns.dream.com. root.dream.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.dream.com.
  9 dns     A       192.25.254.125
 10 www     CNAME   login.dream.com.
 11 login   A       192.25.254.225
 12 login   A       192.25.254.56

2、配置named.rfc1912.zones.inter

 cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter

 vim /etc/named.rfc1912.zones.inter 
 25 zone "dream.com" IN {
 26         type master;
 27         file "dream.com.inter";
 28         allow-update { none; };
 29 };

3、配置named.conf

 vim /etc/named.conf
 51 #zone "." IN {
 52 #       type hint;
 53 #       file "named.ca";
 54 #};
 55 #
 56 #include "/etc/named.rfc1912.zones";
 57 #include "/etc/named.root.key";
 58 view localnet {
 59         match-clients { 172.25.254.125; };                                  ###这里为了测试方便把125当成内网,其他为外网。应该写localhost 
 60         zone "." IN {
 61         type hint;
 62         file "named.ca";
 63         };
 64 include "/etc/named.rfc1912.zones.inter";
 65 };
 66 view internet {
 67         match-clients { any; };
 68         zone "." IN {
 69         type hint;
 70         file "named.ca";
 71         };
 72 include "/etc/named.rfc1912.zones";
 73 };

 systemctl restart named

4、测试

(1)在IP:172.25.254.125(服务器)中/etc/resolv.conf加入nameserver 172.25.254.125,dig www.dream.com

DNS解析及轮询_第6张图片

(2)在IP:172.25.254.225中dig www.dream.com

DNS解析及轮询_第7张图片

你可能感兴趣的:(运维)