DNS之正反向解析和主从

DNS简介

DNS(Domain Name Server),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串基于C/S架构,监听在UDP/53,tcp/53端口上。通俗一点,就是把一个网站的地址,解析成IP地址。


一级域分为三类
       组织域:.com、.org、.mil、.gov、.edu、.net、
       国家域:.cn、.hk、.tw、.us、.jp、.ir、.uk
       反向域:.in-addr.arpa


DNS服务器类型:
       主DNS服务器
       辅助DNS服务器
       缓存DNS服务器

正向解析:通过域名找ip

反向解析:通过ip找域名


正向解析:

 首先配置主配置文件,定义区域、配置文件在/etc/named.confg下、有哪些区域需要定义的、一般主配置文件中通常有三个区域、一个是根、还有本地localhost、以及127.0.0.1的反向区域。
   其次我们每个区域要完成解析要有区域数据文件、所以还要定义区域数据库文件、而区域数据文件一般都在/var/named/中、运行named的进程还是named这个用户、组也是、这些区域文件或配置文件都不允许额外的其他用户访问、所以他们的权限通常都为640的。


首先查询是否安装服务

[root@localhost ~]# rpm -qa bind

bind-9.8.2-0.17.rc1.el6_4.6.x86_64

表明已安装,未安装的话,yum install bind



1,  修改主配置文件路径在/etc/named.conf,和/etc/named.rfc1912.zones

options{

        //listen-on port 53 { 127.0.0.1; };

        //listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file      "/var/named/data/cache_dump.db";

        statistics-file"/var/named/data/named_stats.txt";

        memstatistics-file"/var/named/data/named_mem_stats.txt";

        //allow-query     { localhost; };

        recursion yes;

 

        //dnssec-enable yes;

        //dnssec-validation yes;

        //dnssec-lookaside auto;

 

        /* Path to ISC DLV key */

        //bindkeys-file"/etc/named.iscdlv.key";

 

        //managed-keys-directory"/var/named/dynamic";

};

 

logging{

        channel default_debug {

                file"data/named.run";

                severity dynamic;

        };

};

zone"." IN {

        type hint;

        file "named.ca";

};

 

include"/etc/named.rfc1912.zones";

//include"/etc/named.root.key";

 

 

 

3为每一个区域提供解析库

zone"localhost.localdomain" IN {

        type master;

        file "named.localhost";

        allow-update { none; };

};

 

zone"localhost" IN {

        type master;

        file "named.localhost";

        allow-update { none; };

};

 

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

        type master;

        file "named.loopback";

        allow-update { none; };

};

 

zone"1.0.0.127.in-addr.arpa" IN {

        type master;

        file "named.loopback";

        allow-update { none; };

};

 

zone"0.in-addr.arpa" IN {

        type master;

        file "named.empty";

        allow-update { none; };

};

zone"caoshujia.com" IN{                      //自己定义一个zone

         type master;

         file "caoshujia.com.zone";

}

2,  然后去/var/named目录下,vimcaoshujia.com.zone 文件

$TTL 3600

@       IN     SOA     ns.caoshujia.com.       admin.caoshujia.com. (

                        2014080401

                        2H

                        10M

                       7D

                        1D )

 

        IN     NS      ns.caoshujia.com.

        IN     MX  10  mail.caoshujia.com.

ns.caoshujia.com.       IN     A       172.16.100.10

mail.caoshujia.com.     IN     A       172.16.100.11

www.caoshujia.com.      IN     A       172.16.100.12

pop.caoshujia.com.      IN     CNAME   mail.caoshujia.com.

 

3,  修改此文件的属组和权限

[root@localhost named]# chgrp namedcaoshujia.com.zone

[root@localhost named]# chmod 640caoshujia.com.zone

[root@localhost named]# ll

total 32

-rw-r----- 1 root  named 331 Aug  2 16:40caoshujia.com.zone

 

4,  检查语法错误

[root@localhost named]# service namedconfigtest

zone localhost.localdomain/IN: loadedserial 0

zone localhost/IN: loaded serial 0

zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loaded serial 0

zone 1.0.0.127.in-addr.arpa/IN:loaded serial 0

zone 0.in-addr.arpa/IN: loaded serial0

zone caoshujia.com/IN: loaded serial2014080401

无语法错误

或者可以手动检查,先检查[root@localhost named]# named-checkconf 主配置文件

然后[root@localhost named]# named-checkzone "caoshujia.com"/var/named/caoshujia.com.zone 检查zone

5,  重新载入一下

[root@localhost named]# service namedreload

Reloading named:                                           [ OK  ]

[root@localhost named]# rndc reload

server reload successful

 

6,  测试是否能解析

[root@localhost ~]# host -t NScaoshujia.com 172.16.249.55

Using domain server:

Name: 172.16.249.55

Address: 172.16.249.55#53

Aliases:

 

caoshujia.com name serverns.caoshujia.com.

 

 

[root@localhost ~]# host -t MXcaoshujia.com 172.16.249.55

Using domain server:

Name: 172.16.249.55

Address: 172.16.249.55#53

Aliases:

 

caoshujia.com mail is handled by 10mail.caoshujia.com.

[root@localhost ~]# host -t SOAcaoshujia.com 172.16.249.55

Using domain server:

Name: 172.16.249.55

Address: 172.16.249.55#53

Aliases:

 

caoshujia.com has SOA recordns.caoshujia.com. admin.caoshujia.com. 2014080401 7200 600 604800 86400

 

7,  添加反向zone,区域名称解析为逆向网络地址加.in-addr.arpa后缀

 

[root@localhost~]# vim /etc/named.conf

 

        //allow-query     { localhost; };

        recursion yes;

 

        //dnssec-enable yes;

        //dnssec-validation yes;

        //dnssec-lookaside auto;

 

        /* Path to ISC DLV key */

        //bindkeys-file "/etc/named.iscdlv.key";

 

        //managed-keys-directory"/var/named/dynamic";

};

 

logging{

        channel default_debug {

                file"data/named.run";

                severity dynamic;

        };

};

 

zone"." IN {

        type hint;

        file "named.ca";

};

zone"100.16.172.in-addr.arpa." IN {

        type master;

        file "172.16.100.zone";

};     

 

include"/etc/named.rfc1912.zones";

//include"/etc/named.root.key";

 

9然后去编辑etc/named.rfc1912.zones

zone "100.16.172.in-addr.arpa."IN {

        type master;

        file "172.16.100.zone";

};

10,检查语法named-checkconf

11,然后[root@localhostnamed]# cp -p caoshujia.com.zone 172.16.100.zone

这样就不用在新建,而且还保持原属性,直接在里面修改就行。

$TTL 3600

@      IN      SOA     ns.caoshujia.com.       admin.caoshujia.com. (

                        2014080401

                        2H

                        10M

                        7D

                        1D)

       IN      NS      ns.caoshujia.com.

10     IN      PTR     ns.caoshujia.com.

11     IN      PTR     mail.caoshujia.com.

12     IN      PTR     www.caoshujia.com.

 

~                                           

11,检测

[root@localhostnamed]# host -t PTR 172.16.100.10 172.16.249.55

Usingdomain server:

Name:172.16.249.55

Address:172.16.249.55#53

Aliases:

 

  1. 100.16.172.in-addr.arpadomain name pointer ns.caoshujia.com.

[root@localhostnamed]# host -t PTR 172.16.100.11 172.16.249.55

Usingdomain server:

Name:172.16.249.55

Address:172.16.249.55#53

Aliases:

此次的正反向解析完成,然后接着上个去完成主从复制。


1、向区域中添加从服务器的关键两步:

   1)、在上级获得授权

   2)、在区域数据文件中为从服务器添加一条NS记录和对应的A或PTR记录。

2、向从区域中添加区域,但不需要自己创建数据文件,因为要从主DNS服务器上做区域传送,为了安全,要放在/var/named/slaves目录下,这也是系统专门为从服务器准备的存放区域数据文件的路径。


1,  首先在A的主配置文件中增加从ns记录

$TTL 3600

$ORIGIN caoshujia.com.

@       IN      SOA    ns.caoshujia.com.      admin.caoshujia.com. (

                       2014080401

                       2H

                       10M

                       7D

                       1D )

 

        IN      NS     ns

        IN      NS     ns2

        IN      MX 10  mail

ns      IN      A      172.16.100.10

ns2     IN     A       172.16.249.198

mail    IN      A      172.16.100.11

www     IN      A      172.16.100.12

pop     IN      CNAME  mail      

2,  B中配置/etc/named.conf文件,不过要首先ntpdateNTP_server一下,调整一下时间,A中已经用过,关于ntpdate是为了更新时间一致,能够做主从复制。

options {

//      listen-onport 53 { 127.0.0.1; };

//      listen-on-v6port 53 { ::1; };

       directory      "/var/named";

       dump-file      "/var/named/data/cache_dump.db";

       statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file"/var/named/data/named_mem_stats.txt";

//     allow-query     { localhost; };

        recursionyes;

 

//      dnssec-enableyes;

//     dnssec-validation yes;

//     dnssec-lookaside auto;

 

        /* Path toISC DLV key */

//      bindkeys-file"/etc/named.iscdlv.key";

 

//     managed-keys-directory "/var/named/dynamic";

};

 

logging {

        channeldefault_debug {

                file"data/named.run";

               severity dynamic;

        };

};        

其实和A中的文件是一样的。

3,  B中配置vim /etc/named.rfc1912.zones文件

 zone "localhost.localdomain" IN {

        type master;

        file "named.localhost";

        allow-update { none; };

};

 

zone"localhost" IN {

        type master;

        file "named.localhost";

        allow-update { none; };

};

 

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

        type master;

        file "named.loopback";

        allow-update { none; };

};

 

zone"1.0.0.127.in-addr.arpa" IN {

        type master;

        file "named.loopback";

        allow-update { none; };

};

zone"0.in-addr.arpa" IN {

        type master;

        file "named.empty";

        allow-update { none; };

};

zone "caoshujia.com"IN {

        type slave;

        file"slaves/caoshujia.com.zone";

        masters { 172.16.249.114; };

}

并检查语法是否正确

named-checkconf

4,  检测是否检测出数据

 

;;QUESTION SECTION:

;www.caoshujia.com.                 IN     A

 

;; ANSWERSECTION:

www.caoshujia.com.         3600         IN     A       172.16.100.12

www.caoshujia.com.    3600     IN      A  172.16.249.198

;;AUTHORITY SECTION:

caoshujia.com.          3600         IN     NS    ns.caoshujia.com.

caoshujia.com.          3600         IN     NS    ns2.caoshujia.com.

 

;;ADDITIONAL SECTION:

ns.caoshujia.com.     3600         IN     A       172.16.100.10

ns2.caoshujia.com.  3600         IN     A       172.16.249.198

 

;; Querytime: 3 msec

;;SERVER: 172.16.249.114#53(172.16.249.114)

;; WHEN:Wed Aug  6 16:10:54 2014

;; MSG SIZE  rcvd:118

 

 

反向解析

1,  编辑B上文件

 [root@localhostslaves]# vim /etc/named.rfc1912.zones

zone"0.in-addr.arpa" IN {

        type master;

        file "named.empty";

        allow-update { none; };

};

zone"caoshujia.com" IN {

        type slave;

        file"slaves/caoshujia.com.zone";

        masters { 172.16.249.114; };

};

zone"16.172.in-addr.arpa" IN {

         type slave;

         file "slaves/172.16.zone";

        masters { 172.16.249.114; };

};

2,  然后去A上编辑反向解析文件

Vim /etc/named.conf

zone"16.172.in-addr.arpa."     IN {

        type master;

        file "172.16.zone";

};     

3,  然后再[root@localhostnamed]# vim /var/named/172.16.zone 这个文件

 

$TTL 3600

@       IN      SOA    ns.caoshujia.com.      admin.caoshujia.com. (

                       2014080402

                       2H

                       10M

                       7D

                       1D)

        IN      NS     ns.caoshujia.com.

        IN      NS     ns2.caoshujia.com.

114.249 IN      PTR     ns.caoshujia.com.

198.249 IN      PTR     ns2.caoshujia.com.

4 本地检测一下

[root@localhost named]# dig -x172.16.249.114 @172.16.249.114

 

; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -x [email protected]

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 52639

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 2, ADDITIONAL: 2

 

;; QUESTION SECTION:

;114.249.16.172.in-addr.arpa.         IN     PTR

 

;; ANSWER SECTION:

114.249.16.172.in-addr.arpa. 3600 IN    PTR  ns.caoshujia.com.

 

;; AUTHORITY SECTION:

16.172.in-addr.arpa.        3600         IN     NS    ns.caoshujia.com.

16.172.in-addr.arpa.        3600         IN     NS    ns2.caoshujia.com.

 

;; ADDITIONAL SECTION:

ns.caoshujia.com.   3600         IN     A       172.16.100.10

ns2.caoshujia.com. 3600         IN     A       172.16.249.198

 

;; Query time: 1 msec

;; SERVER:172.16.249.114#53(172.16.249.114)

;; WHEN: Wed Aug  6 17:11:35 2014

;; MSG SIZE rcvd: 139

 

[root@localhost named]# dig -t NScaoshujia.com @172.16.249.114

 

; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -t NS [email protected]

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 718

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2,AUTHORITY: 0, ADDITIONAL: 2

 

;; QUESTION SECTION:

;caoshujia.com.                          IN     NS

 

;; ANSWER SECTION:

caoshujia.com.                  3600         IN     NS    ns.caoshujia.com.

caoshujia.com.                  3600         IN     NS    ns2.caoshujia.com.

 

;; ADDITIONAL SECTION:

ns.caoshujia.com.   3600         IN     A       172.16.100.10

ns2.caoshujia.com. 3600         IN     A       172.16.249.198

 

;; Query time: 0 msec

;; SERVER:172.16.249.114#53(172.16.249.114)

;; WHEN: Wed Aug  6 17:12:11 2014

;; MSG SIZE rcvd: 98

5,去从服务器上检测

   

 

[root@localhost slaves]# dig -x172.16.249.110 @172.16.249.198

 

; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -x [email protected]

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 17026

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 2, ADDITIONAL: 2

 

;; QUESTION SECTION:

;110.249.16.172.in-addr.arpa.         IN     PTR

 

;; ANSWER SECTION:

110.249.16.172.in-addr.arpa. 3600 IN    PTR  mail.caoshujia.com.

 

;; AUTHORITY SECTION:

16.172.in-addr.arpa.        3600         IN     NS    ns2.caoshujia.com.

16.172.in-addr.arpa.        3600         IN     NS    ns.caoshujia.com.

 

;; ADDITIONAL SECTION:

ns.caoshujia.com.   3600         IN     A       172.16.100.10

ns2.caoshujia.com. 3600         IN     A       172.16.249.198

 

;; Query time: 2 msec

;; SERVER:172.16.249.198#53(172.16.249.198)

;; WHEN: Wed Aug  6 17:58:18 2014

;; MSG SIZE rcvd: 144


本次的主从同步完成


你可能感兴趣的:(dns,主从同步,正反向解析)