DNS服务搭建
一. DNS原理相关
DNS 为Domain Name System(域名系统)的缩写,它是一种将ip地址转换成对应的主机名或将主机名转换成与之相对应ip地址的一种服务机制。
其中通过域名解析出ip地址的叫做正向解析,通过ip地址解析出域名的叫做反向解析。 DNS使用TCP和UDP, 端口号都是53, 但它主要使用UDP,服务器之间备份使用TCP。
全世界只有13台“根”服务器,1个主根服务器放在美国,其他12台为辅根服务器,DNS服务器根据角色可以分为:主DNS, 从DNS, 缓存DNS服务器,DNS转发服务器。
二. 使用bind搭建DNS服务器
1. 安装bind
[root@webserver ~]# yum install -y bind
[root@webserver ~]# cp /etc/named.conf /etc/named.conf.bak //备份DNS配置文件
[root@webserver ~]# >/etc/named.conf
[root@webserver ~]# vim /etc/named.conf //新的配置文件添加以下内容
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
[root@webserver ~]# cd /var/named/
[root@webserver named]# dig -t NS . > named.ca //注意空格
[root@webserver named]# vim localhost.zone //添加以下内容
@ IN SOA localhost. admin.localhost. (
2013081601
1H
10M
7D
1D
)
@ IN NS localhost.
localhost. IN A 127.0.0.1
[root@webserver named]# vim named.local //添加以下内容
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2013081601
1H
10M
7D
1
)
@ IN NS localhost.
1 IN PTR localhost
[root@webserver named]# named-checkconf //检测主配置文件
[root@webserver named]# named-checkzone "localhost" /var/named/localhost.zone //检测正解析
/var/named/localhost.zone:2: no TTL specified; using SOA MINTTL instead
zone localhost/IN: loaded serial 2013081601
OK
[root@webserver named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.local //检测反解析
zone 0.0.127.in-addr.arpa/IN: loaded serial 2013081601
OK
[root@webserver named]# rndc-confgen -r /dev/urandom -a //生成 rndc.key, 如果没有这个key namd 是启动不了的。
wrote key file "/etc/rndc.key"
[root@webserver named]# /etc/init.d/named start
启动 named: [确定]
[root@webserver named]# netstat -lnp |grep named
tcp 0 0 192.168.1.111:53 0.0.0.0:* LISTEN 1613/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1613/named
udp 0 0 192.168.1.111:53 0.0.0.0:* 1613/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1613/named
[root@webserver named]# dig @127.0.0.1 localhost. //测试正向解析
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @127.0.0.1 localhost.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15200
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
localhost. 86400 IN NS localhost.
;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 3 04:38:42 2015
;; MSG SIZE rcvd: 57
[root@webserver named]# dig @127.0.0.1 -x 127.0.0.1 //测试反向解析
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @127.0.0.1 -x 127.0.0.1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36941
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 86400 IN PTR localhost.0.0.127.in-addr.arpa.
;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. 86400 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 86400 IN A 127.0.0.1
;; Query time: 21 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 3 04:44:03 2015
;; MSG SIZE rcvd: 103
2. 增加一个域名(zone)
[root@webserver named]# vim /etc/named.conf //添加
zone "abc.com" IN {
type master;
file "abc.com.zone";
};
zone "137.168.192.in-addr.arpa" IN {
type master;
file "192.168.zone";
};
[root@webserver named]# vim /var/named/abc.com.zone //添加
$TTL 600
@ IN SOA abc.com. root.abc.com. (
2013081601
1H
10M
7D
1D
)
IN NS ns.abc.com.
IN MX 10 mail.abc.com.
ns IN A 192.168.1.111
www IN A 192.168.1.122
mail IN A 192.168.1.123
bbs IN CNAME www.abc.com.
[root@webserver named]# vim /var/named/192.168.zone //添加
$TTL 600
@ IN SOA ns.abc.com. root.abc.com. (
2013081601
1H
10M
7D
1D
)
@ IN NS ns.abc.com.
111 IN PTR ns.abc.com.
123 IN PTR mail.abc.com.
122 IN PTR www.abc.com.
[root@webserver named]# named-checkzone "abc.com" abc.com.zone
zone abc.com/IN: loaded serial 2013081601
OK
[root@webserver named]# named-checkzone "137.168.192.in-addr.arpa" 192.168.zone zone 137.168.192.in-addr.arpa/IN: loaded serial 2013081601
OK
[root@webserver named]# /etc/init.d/named restart
停止 named:. [确定]
启动 named: [确定]
[root@webserver named]# dig @127.0.0.1 www.abc.com //测试正向解析
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @127.0.0.1 www.abc.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.abc.com. IN A
;; ANSWER SECTION:
www.abc.com. 600 IN A 192.168.1.122
;; AUTHORITY SECTION:
abc.com. 600 IN NS ns.abc.com.
;; ADDITIONAL SECTION:
ns.abc.com. 600 IN A 192.168.1.111
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 3 04:59:34 2015
;; MSG SIZE rcvd: 78
[root@webserver named]# dig @127.0.0.1 -x 192.168.1.122 //测试反向解析
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @127.0.0.1 -x 192.168.1.122
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54873
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;122.1.168.192.in-addr.arpa. IN PTR
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 3 05:00:50 2015
;; MSG SIZE rcvd: 44
3. 配置DNS转发
我们配置的DNS是只能解析我们定义的zone的,我们没有定义的是不能解析的。配置DNS转发就可以解析其他互联网上的域名了,前提是这个域名在互联网中的确在使用,也就是说这个域名已经被某个DNS服务器解析了。
[root@webserver ~]# vim /etc/named.conf //在options{} 里面增加以下内容,这两行就是用来配置转发的,该DNS服务器不能解析的域名会转发到8.8.8.8这个DNS服务器上去解析。
forward first;
forwarders { 8.8.8.8; };
[root@webserver ~]# named-checkconf
[root@webserver ~]# /etc/init.d/named restart
停止 named:. [确定]
启动 named: [确定]
[root@localhost ~]# ping www.abc.com //解析的自己配置的DNS上
PING www.abc.com (192.168.1.122) 56(84) bytes of data.
[root@localhost ~]# ping www.qq.com //通过DNS转发可以ping通到QQ的域名
PING www.qq.com (61.135.157.156) 56(84) bytes of data.
4. 配置主从
[root@webserver ~]# cat /etc/named.conf //更改主上的配置文件
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "abc.com" IN {
type master;
file "abc.com.zone";
notify yes; //增加此内容可以提高同步速度
also-notify { 192.168.1.119; };
};
[root@localhost ~]# yum install -y bind //在从服务器上安装bind
拷贝主上的配置文件到从上,其中有/etc/named.conf, /var/named/localhost.zone, /var/named/named.local
[root@localhost ~]# scp 192.168.1.111:/etc/named.conf /etc/
named.conf 100% 446 0.4KB/s 00:00
[root@localhost ~]# scp 192.168.1.111:/var/named/localhost.zone /var/named/
localhost.zone 100% 658 0.6KB/s 00:00
[root@localhost ~]# scp 192.168.1.111:/var/named/named.local /var/named/
named.local 100% 672 0.7KB/s 00:00
拷贝过来后,修改一下从的/etc/named.conf 内容参考:
[root@localhost ~]# cat /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "abc.com" IN {
type slave;
file "slaves/abc.com.zone";
masters { 192.168.1.111; };
};
[root@localhost ~]# named-checkconf
[root@localhost ~]# rndc-confgen -r /dev/urandom -a
wrote key file "/etc/rndc.key"
[root@localhost ~]# /etc/init.d/named start
启动 named: [确定]
[root@localhost ~]# cat /var/named/slaves/abc.com.zone //此文件会自动生成
$ORIGIN .
$TTL 600 ; 10 minutes
abc.com IN SOA abc.com. root.abc.com. (
2013081601 ; serial
3600 ; refresh (1 hour)
600 ; retry (10 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.abc.com.
MX 10 mail.abc.com.
$ORIGIN abc.com.
bbs CNAME www
mail A 192.168.1.123
ns A 192.168.1.111
www A 192.168.1.122
5. 测试主从同步
[root@webserver ~]# /var/named/abc.com.zone // 在最后增加一行:
cangls IN A 192.168.1.222
[root@webserver ~]# named-checkconf
[root@webserver ~]# /etc/init.d/named restart
停止 named: [确定]
启动 named: [确定]
[root@localhost ~]# cat /var/named/slaves/abc.com.zone
$ORIGIN .
$TTL 600 ; 10 minutes
abc.com IN SOA abc.com. root.abc.com. (
2015081601 ; serial
3600 ; refresh (1 hour)
600 ; retry (10 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.abc.com.
MX 10 mail.abc.com.
$ORIGIN abc.com.
bbs CNAME www
cangls A 192.168.1.222
mail A 192.168.1.123
ns A 192.168.1.111
www A 192.168.1.122
若主设备的zone文件的时间小于或等于从设备的zone则会导致文件不会同步。
[root@webserver ~]# cat /var/named/abc.com.zone
$TTL 600
@ IN SOA abc.com. root.abc.com. (
2015081601
1H
10M
7D
1D
)
IN NS ns.abc.com.
IN MX 10 mail.abc.com.
ns IN A 192.168.1.111
www IN A 192.168.1.122
mail IN A 192.168.1.123
bbs IN CNAME www.abc.com.
cangls IN A 192.168.1.222
longls IN A 192.168.1.223
[root@localhost ~]# cat /var/named/slaves/abc.com.zone
$ORIGIN .
$TTL 600 ; 10 minutes
abc.com IN SOA abc.com. root.abc.com. (
2015081601 ; serial
3600 ; refresh (1 hour)
600 ; retry (10 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.abc.com.
MX 10 mail.abc.com.
$ORIGIN abc.com.
bbs CNAME www
cangls A 192.168.1.222
mail A 192.168.1.123
ns A 192.168.1.111
www A 192.168.1.122
[root@webserver ~]# cat /var/named/abc.com.zone //更改时间后
$TTL 600
@ IN SOA abc.com. root.abc.com. (
2015081602
1H
10M
7D
1D
)
IN NS ns.abc.com.
IN MX 10 mail.abc.com.
ns IN A 192.168.1.111
www IN A 192.168.1.122
mail IN A 192.168.1.123
bbs IN CNAME www.abc.com.
cangls IN A 192.168.1.222
longls IN A 192.168.1.223
[root@webserver ~]# /etc/init.d/named restart
停止 named: [确定]
启动 named: [确定]
[root@localhost ~]# cat /var/named/slaves/abc.com.zone
$ORIGIN .
$TTL 600 ; 10 minutes
abc.com IN SOA abc.com. root.abc.com. (
2015081602 ; serial
3600 ; refresh (1 hour)
600 ; retry (10 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.abc.com.
MX 10 mail.abc.com.
$ORIGIN abc.com.
bbs CNAME www
cangls A 192.168.1.222
longls A 192.168.1.223
mail A 192.168.1.123
ns A 192.168.1.111
www A 192.168.1.122