DNS正反向解析库配置篇(一)

安装dns程序包:

 yum install -y bind


配置dns主配置文件:

配置文件:/etc/named.conf,named.rfc1912.zones,

解析库文件:/var/named/

1. vi  /etc/named.conf


listen-on port 53 { 192.168.1.10; };


//为了不影响本地解析功能,关闭dns的安全功能:
        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside no; 

2.检查配置文件语法:

named-checkconf

 3.启动DNS服务程序:

systemctl start named

4.查看服务是否成功开启:其中53号端口和953端口

ss -tanp

5.将本机的DNS服务器指向自己

vi /etc/resolv.conf

nameserver 192.168.1.10

6.重载服务

 systemctl reload  named.service

7.测试:

正向解析:即FQDN --- IP

方法一: dig  -t A www.baidu.com

方法二:  ~]# host  -t A www.baidu.com

方法三: [root@localhost ~]# nslookup

> server 192.168.1.10
Default server: 192.168.1.10
Address: 192.168.1.10#53
> set q=A
> www.sina.com
Server: 192.168.1.10
Address: 192.168.1.10#53


Non-authoritative answer:
www.sina.com canonical name = us.sina.com.cn.
us.sina.com.cn canonical name = news.sina.c om.cn.
news.sina.com.cn canonical name = jupiter.sina.com.cn.
jupiter.sina.com.cn canonical name = polaris.sina.com.cn.
Name: polaris.sina.com.cn
Address: 202.108.33.60

反向解析:IP --- FQDN

  dig -x 61.135.162.215


定义zone区域文件:

chown   :named    angrybeans.com

chmod  o=     angrybeans.com

检查语法:

named-checkozone   zone_name   zone_file


  • 配置正向解析库:

 1.配置解析库主配置文件

vim /etc/named.rfc1912.zones

往里面添加需要配置的zone:

zone  "angrybeans.com"  IN {
type master;
file "angrybeans.zone";
};
    

2.添加angrybeans.zone的详细正向解析内容

vim    /var/named/angrybeans.zone

往里面添加如下内容:



$TTL 3600
$ORIGIN angrybeans.com.


@       IN      SOA     ns1     admin (
        20170125
        4H
        2H
        12H
        1D
);


     
     IN      NS      ns1
     
    IN      MX  10  m1
     
     IN      MX  20  m2
ns1     IN      A       192.168.1.10
a      
   IN      A       192.168.1.2
b    
    IN      A       192.168.1.3
flower  IN      A       192.168.1.4
m1    
   IN      A       192.168.1.5
m2    
   IN      A       192.168.1.6
food
     IN      A       192.168.1.7
eat  
   IN      CNAME   food
fish  
    IN      A       192.168.1.10
fish  
    IN      A       192.168.1.20

说明: @表示在/etc/named.rfc1912.zones里面指定的区域名  angrybeans.com  , 要写完整应该写为angrybeans.com. 在开始的第二行定义了宏  $ORIGIN 即表示使用的是angrybeans.com.    但是后面一定要加点,才能表示出完整的格式,而后面IN前面省略了@则是因为可以继承上面的SOA前面的name


3.配置好后检查zone的语法: 

 ~]# named-checkzone angrybeans.com  /var/named/angrybeans.zone 

4.为了安全起见,有必要修改一下zone配置文件的权限

chgrp named /var/named/angrybeans.zon

chmod o= /var/named/angrybeans.zone

5.查看zone数量:为101

[root@localhost ~]# rndc status
version: 9.9.4-RedHat-9.9.4-18.el7
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 1
01

6.重载服务:

方法一: ~]# rndc reload

方法二: ~]# systemctl reload named.service

7.再次查看zone的数量,number of  zones 为102,说明配置成功

[root@localhost ~]# rndc status
version: 9.9.4-RedHat-9.9.4-18.el7
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

8.检测:

 ~]# dig -t CNAME   eat.angrybeans.com

~]# dig -t A  m1.angrybeans.com

现在尝试做反向解析是不可以的,  dig  -x   192.168.1.5


  • 配置反向解析库:

1.  vim   /etc/named.rfc1912.zones 

往里面添加反向解析库的zone:

zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
};

2.vim   /var/named/192.168.1.zone

$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.


@ IN SOAns1.angrybeans.com. admin.angrybeans.com. (
20170125
1H
10M
2H
3H ) 


IN NSns1.angrybeans.com.
10 IN PTRns1.angrybeans.com.
5 IN PTRm1.angrybeans.com.
4 IN PTRflower.angrybeans.com.


3.检查语法:

[root@localhost named]# named-checkzone /etc/named.rfc1912.zones /var/named/192.168.1.zone
/var/named/192.168.1.zone:4: ignoring out-of-zone data (1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:12: ignoring out-of-zone data (10.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:13: ignoring out-of-zone data (5.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:14: ignoring out-of-zone data (4.1.168.192.in-addr.arpa)
zone /etc/named.rfc1912.zones/IN: has 0 SOA records
zone /etc/named.rfc1912.zones/IN: has no NS records
zone /etc/named.rfc1912.zones/IN: not loaded due to errors.


报了一些错误,但是不影响反解析


4.修改权限:

chown  :named /var/named/192.168.1.zone

chmod o= /var/named/192.168.1.zone

5.查看zone的数量,变为103了

rndc  status

6.重载rndc

rndc  reload

7.测试,反向解析成功,再尝试正向解析也是没有问题的

[root@localhost named]# dig -x  192.168.1.4


; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> -x 192.168.1.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62542
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;4.1.168.192.in-addr.arpa. INPTR


;; ANSWER SECTION:
4.1.168.192.in-addr.arpa. 3600 INPTR flower.angrybeans.com.


;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600IN NS ns1.angrybeans.com.


;; ADDITIONAL SECTION:
ns1.angrybeans.com. 3600IN A 192.168.1.10


;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Mon Jan 25 09:45:37 EST 2016
;; MSG SIZE  rcvd: 122




你可能感兴趣的:(DNS正反向解析库配置篇(一))