DNS简介
DNS(Domain Name Server),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串基于C/S架构,监听在UDP/53,tcp/53端口上。通俗一点,就是把一个网站的地址,解析成IP地址。
一级域分为三类
组织域:.com、.org、.mil、.gov、.edu、.net、
国家域:.cn、.hk、.tw、.us、.jp、.ir、.uk
反向域:.in-addr.arpa
DNS服务器类型:
主DNS服务器
辅助DNS服务器
缓存DNS服务器
正向解析:通过域名找ip
反向解析:通过ip找域名
正向解析:
首先配置主配置文件,定义区域、配置文件在/etc/named.confg下、有哪些区域需要定义的、一般主配置文件中通常有三个区域、一个是根、还有本地localhost、以及127.0.0.1的反向区域。
其次我们每个区域要完成解析要有区域数据文件、所以还要定义区域数据库文件、而区域数据文件一般都在/var/named/中、运行named的进程还是named这个用户、组也是、这些区域文件或配置文件都不允许额外的其他用户访问、所以他们的权限通常都为640的。
首先查询是否安装服务
[root@localhost ~]# rpm -qa bind
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
表明已安装,未安装的话,yum install bind
1, 修改主配置文件路径在/etc/named.conf,和/etc/named.rfc1912.zones
options{
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file"/etc/named.iscdlv.key";
//managed-keys-directory"/var/named/dynamic";
};
logging{
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone"." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
3为每一个区域提供解析库
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone"caoshujia.com" IN{ //自己定义一个zone
type master;
file "caoshujia.com.zone";
};
2, 然后去/var/named目录下,vimcaoshujia.com.zone 文件
$TTL 3600
@ IN SOA ns.caoshujia.com. admin.caoshujia.com. (
2014080401
2H
10M
7D
1D )
IN NS ns.caoshujia.com.
IN MX 10 mail.caoshujia.com.
ns.caoshujia.com. IN A 172.16.100.10
mail.caoshujia.com. IN A 172.16.100.11
www.caoshujia.com. IN A 172.16.100.12
pop.caoshujia.com. IN CNAME mail.caoshujia.com.
3, 修改此文件的属组和权限
[root@localhost named]# chgrp namedcaoshujia.com.zone
[root@localhost named]# chmod 640caoshujia.com.zone
[root@localhost named]# ll
total 32
-rw-r----- 1 root named 331 Aug 2 16:40caoshujia.com.zone
4, 检查语法错误
[root@localhost named]# service namedconfigtest
zone localhost.localdomain/IN: loadedserial 0
zone localhost/IN: loaded serial 0
zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN:loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial0
zone caoshujia.com/IN: loaded serial2014080401
无语法错误
或者可以手动检查,先检查[root@localhost named]# named-checkconf 主配置文件
然后[root@localhost named]# named-checkzone "caoshujia.com"/var/named/caoshujia.com.zone 检查zone
5, 重新载入一下
[root@localhost named]# service namedreload
Reloading named: [ OK ]
[root@localhost named]# rndc reload
server reload successful
6, 测试是否能解析
[root@localhost ~]# host -t NScaoshujia.com 172.16.249.55
Using domain server:
Name: 172.16.249.55
Address: 172.16.249.55#53
Aliases:
caoshujia.com name serverns.caoshujia.com.
[root@localhost ~]# host -t MXcaoshujia.com 172.16.249.55
Using domain server:
Name: 172.16.249.55
Address: 172.16.249.55#53
Aliases:
caoshujia.com mail is handled by 10mail.caoshujia.com.
[root@localhost ~]# host -t SOAcaoshujia.com 172.16.249.55
Using domain server:
Name: 172.16.249.55
Address: 172.16.249.55#53
Aliases:
caoshujia.com has SOA recordns.caoshujia.com. admin.caoshujia.com. 2014080401 7200 600 604800 86400
7, 添加反向zone,区域名称解析为逆向网络地址加.in-addr.arpa后缀
[root@localhost~]# vim /etc/named.conf
//allow-query { localhost; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.iscdlv.key";
//managed-keys-directory"/var/named/dynamic";
};
logging{
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone"." IN {
type hint;
file "named.ca";
};
zone"100.16.172.in-addr.arpa." IN {
type master;
file "172.16.100.zone";
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
9然后去编辑etc/named.rfc1912.zones
zone "100.16.172.in-addr.arpa."IN {
type master;
file "172.16.100.zone";
};
10,检查语法named-checkconf
11,然后[root@localhostnamed]# cp -p caoshujia.com.zone 172.16.100.zone
这样就不用在新建,而且还保持原属性,直接在里面修改就行。
$TTL 3600
@ IN SOA ns.caoshujia.com. admin.caoshujia.com. (
2014080401
2H
10M
7D
1D)
IN NS ns.caoshujia.com.
10 IN PTR ns.caoshujia.com.
11 IN PTR mail.caoshujia.com.
12 IN PTR www.caoshujia.com.
~
11,检测
[root@localhostnamed]# host -t PTR 172.16.100.10 172.16.249.55
Usingdomain server:
Name:172.16.249.55
Address:172.16.249.55#53
Aliases:
100.16.172.in-addr.arpadomain name pointer ns.caoshujia.com.
[root@localhostnamed]# host -t PTR 172.16.100.11 172.16.249.55
Usingdomain server:
Name:172.16.249.55
Address:172.16.249.55#53
Aliases:
此次的正反向解析完成,然后接着上个去完成主从复制。
1、向区域中添加从服务器的关键两步:
1)、在上级获得授权
2)、在区域数据文件中为从服务器添加一条NS记录和对应的A或PTR记录。
2、向从区域中添加区域,但不需要自己创建数据文件,因为要从主DNS服务器上做区域传送,为了安全,要放在/var/named/slaves目录下,这也是系统专门为从服务器准备的存放区域数据文件的路径。
1, 首先在A的主配置文件中增加从ns记录
$TTL 3600
$ORIGIN caoshujia.com.
@ IN SOA ns.caoshujia.com. admin.caoshujia.com. (
2014080401
2H
10M
7D
1D )
IN NS ns
IN NS ns2
IN MX 10 mail
ns IN A 172.16.100.10
ns2 IN A 172.16.249.198
mail IN A 172.16.100.11
www IN A 172.16.100.12
pop IN CNAME mail
2, 在B中配置/etc/named.conf文件,不过要首先ntpdateNTP_server一下,调整一下时间,A中已经用过,关于ntpdate是为了更新时间一致,能够做主从复制。
options {
// listen-onport 53 { 127.0.0.1; };
// listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursionyes;
// dnssec-enableyes;
// dnssec-validation yes;
// dnssec-lookaside auto;
/* Path toISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
logging {
channeldefault_debug {
file"data/named.run";
severity dynamic;
};
};
其实和A中的文件是一样的。
3, B中配置vim /etc/named.rfc1912.zones文件
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "caoshujia.com"IN {
type slave;
file"slaves/caoshujia.com.zone";
masters { 172.16.249.114; };
};
并检查语法是否正确
named-checkconf
4, 检测是否检测出数据
;;QUESTION SECTION:
;www.caoshujia.com. IN A
;; ANSWERSECTION:
www.caoshujia.com. 3600 IN A 172.16.100.12
www.caoshujia.com. 3600 IN A 172.16.249.198
;;AUTHORITY SECTION:
caoshujia.com. 3600 IN NS ns.caoshujia.com.
caoshujia.com. 3600 IN NS ns2.caoshujia.com.
;;ADDITIONAL SECTION:
ns.caoshujia.com. 3600 IN A 172.16.100.10
ns2.caoshujia.com. 3600 IN A 172.16.249.198
;; Querytime: 3 msec
;;SERVER: 172.16.249.114#53(172.16.249.114)
;; WHEN:Wed Aug 6 16:10:54 2014
;; MSG SIZE rcvd:118
反向解析
1, 编辑B上文件
[root@localhostslaves]# vim /etc/named.rfc1912.zones
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone"caoshujia.com" IN {
type slave;
file"slaves/caoshujia.com.zone";
masters { 172.16.249.114; };
};
zone"16.172.in-addr.arpa" IN {
type slave;
file "slaves/172.16.zone";
masters { 172.16.249.114; };
};
2, 然后去A上编辑反向解析文件
Vim /etc/named.conf中
zone"16.172.in-addr.arpa." IN {
type master;
file "172.16.zone";
};
3, 然后再[root@localhostnamed]# vim /var/named/172.16.zone 这个文件
$TTL 3600
@ IN SOA ns.caoshujia.com. admin.caoshujia.com. (
2014080402
2H
10M
7D
1D)
IN NS ns.caoshujia.com.
IN NS ns2.caoshujia.com.
114.249 IN PTR ns.caoshujia.com.
198.249 IN PTR ns2.caoshujia.com.
4, 本地检测一下
[root@localhost named]# dig -x172.16.249.114 @172.16.249.114
; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -x [email protected]
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 52639
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;114.249.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
114.249.16.172.in-addr.arpa. 3600 IN PTR ns.caoshujia.com.
;; AUTHORITY SECTION:
16.172.in-addr.arpa. 3600 IN NS ns.caoshujia.com.
16.172.in-addr.arpa. 3600 IN NS ns2.caoshujia.com.
;; ADDITIONAL SECTION:
ns.caoshujia.com. 3600 IN A 172.16.100.10
ns2.caoshujia.com. 3600 IN A 172.16.249.198
;; Query time: 1 msec
;; SERVER:172.16.249.114#53(172.16.249.114)
;; WHEN: Wed Aug 6 17:11:35 2014
;; MSG SIZE rcvd: 139
[root@localhost named]# dig -t NScaoshujia.com @172.16.249.114
; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -t NS [email protected]
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 718
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2,AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;caoshujia.com. IN NS
;; ANSWER SECTION:
caoshujia.com. 3600 IN NS ns.caoshujia.com.
caoshujia.com. 3600 IN NS ns2.caoshujia.com.
;; ADDITIONAL SECTION:
ns.caoshujia.com. 3600 IN A 172.16.100.10
ns2.caoshujia.com. 3600 IN A 172.16.249.198
;; Query time: 0 msec
;; SERVER:172.16.249.114#53(172.16.249.114)
;; WHEN: Wed Aug 6 17:12:11 2014
;; MSG SIZE rcvd: 98
5,去从服务器上检测
[root@localhost slaves]# dig -x172.16.249.110 @172.16.249.198
; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -x [email protected]
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 17026
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;110.249.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
110.249.16.172.in-addr.arpa. 3600 IN PTR mail.caoshujia.com.
;; AUTHORITY SECTION:
16.172.in-addr.arpa. 3600 IN NS ns2.caoshujia.com.
16.172.in-addr.arpa. 3600 IN NS ns.caoshujia.com.
;; ADDITIONAL SECTION:
ns.caoshujia.com. 3600 IN A 172.16.100.10
ns2.caoshujia.com. 3600 IN A 172.16.249.198
;; Query time: 2 msec
;; SERVER:172.16.249.198#53(172.16.249.198)
;; WHEN: Wed Aug 6 17:58:18 2014
;; MSG SIZE rcvd: 144
本次的主从同步完成