DNS正向解析与反向解析配置

正向解析

一.客户端
(1)安装bind软件和dig命令

yum install bind bind-utlis -y

（2）修改dns指向

vim /etc/resolv.conf
nameserver  192.168.16.11   #指定dns

二.服务端
（1）安装bind软件和dig命令

yum install bind bind-utlis -y

（2）修改/etc/named.conf

options {
        listen-on port 53 { any; };        #修改为any
        listen-on-v6 port 53 { any; };     #修改为any
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };           #修改为any,任意询问
        forwarders { 192.168.16.11; };       #转发
        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation no;        #修改为no

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

(3)修改/etc/named.rfc1912.zones

vim /etc/named.rfc1912.zones
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { none; };
};

（3）

cd /var/named
cp -p named.localhost westos.com.zone   #制作模板
vim westos.com.zone
@   IN SOA  dns.westos.com. root.westos.com. (
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
    NS  dns.westos.com.
dns     A   192.168.16.11   
www     A   192.168.16.111
bbs     A   192.168.16.222

三.客户端测试

[root@client yum.repos.d]# dig www.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60484  
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.            IN  A

;; ANSWER SECTION:
www.westos.com.     86400   IN  A   192.168.16.111

;; AUTHORITY SECTION:
westos.com.     86400   IN  NS  dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.     86400   IN  A   192.168.16.11

;; Query time: 2 msec
;; SERVER: 192.168.16.11#53(192.168.16.11)
;; WHEN: Wed Aug 30 07:35:48 EDT 2017
;; MSG SIZE  rcvd: 93

注解：

no errror 表示解析正确，查询成功

nxdomain 表示服务器提示不存在这样的名称

servfail 表示服务器停机或者dnssec响应验证失败

refused dns拒绝回答（也许是出于访问控制的原因）

反向解析

一.服务端
（1）配置 vim /etc/named.rfc1912.zones

 vim /etc/named.rfc1912.zones
zone "16.168.192.in-addr.arpa" IN {
        type master;
        file "westos.com.ptr";
        allow-update { none; };
};

（2）新建westos.com.ptr

cd /var/named
cp -p westos.com.zone westos.com.ptr
vim westos.com.ptr
$TTL 1D
@   IN SOA  dns.westos.com. root.westos.com. (
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
    NS  dns.westos.com.
dns     A       192.168.16.11   
111     PTR     www.westos.com.
222     PTR     bbs.westos.com.

(3)重启dns

systemctl restart named

二.客户端

[root@client yum.repos.d]# dig www.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51668
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.            IN  A

;; ANSWER SECTION:
www.westos.com.     86400   IN  A   192.168.16.111

;; AUTHORITY SECTION:
westos.com.     86400   IN  NS  dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.     86400   IN  A   192.168.16.11

;; Query time: 1 msec
;; SERVER: 192.168.16.11#53(192.168.16.11)
;; WHEN: Wed Aug 30 09:23:43 EDT 2017
;; MSG SIZE  rcvd: 93

[root@client yum.repos.d]# dig bbs.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> bbs.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17657
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.westos.com.            IN  A

;; ANSWER SECTION:
bbs.westos.com.     86400   IN  A   192.168.16.222

;; AUTHORITY SECTION:
westos.com.     86400   IN  NS  dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.     86400   IN  A   192.168.16.11

;; Query time: 1 msec
;; SERVER: 192.168.16.11#53(192.168.16.11)
;; WHEN: Wed Aug 30 09:23:53 EDT 2017
;; MSG SIZE  rcvd: 93

注：正向解析——从ip到域名
反向解析——从域名到ip