DNS服务正反解析
DNS(protocal):Domain Name Server 域名名称空间
www.baidu.com. 后面有个(.)点就是根域名服务器,全球有13个
DNS查询:有递归和迭代两种
递归:一级一级往上查询往下返回 A<-->B<-->C<-->D
迭代:轮询查询返回A<-->B , A<-->C , A<-->D
FQDN:Full Qualified Domain Name 完全合格域名/全称域名
组织域:.com .org .net .mil .edu .gov等等有一些组织商管理
国家域:.cn .us .uk等等代表一些国家的域名
反向域:.in-addr.arpa由IANA来管理
zone 区域,用来本地配置解析库
资源记录类型rr(resource record)用于此记录解析的属性
NS:Name Server,zone库里可以有多个
SOA:Start Of Authority,起始授权记录 一个zone库里只能有一个
MX:Mail exchange,邮件交换器
优先级(0-99)
A:正向解析库,FQDN到IPv4 经常用到的地址解析
PTR:反向解析库,IP到FQDN
AAAA:正向解析库,FQDN到IPv6
CNAME:Canonical Name,正式名称(别名记录)
domain 域 用来注册通过zone来实现
权威DNS服务器:存放域内所有主机名称解析的服务器,需要有备用
bind(package):bekerley internet name domain
process script:/etc/rc.d/init.d/named
conf:/etc/named.conf, /etc/named.rfc1912.zones
zone解析库文件:/var/named/zone_name.zone
注:为了安全process要以系统用户的身份运行,在chroot模型下运行
目的:本地配置正反解析
本地IP:192.168.80.128
解析域名:baidu.com
安装bind
[root@localhost ~]# yum install bind -y
查看named.conf
[root@localhost ~]# vim /etc/named.conf
基于不运行在互联网上,所以注释掉一些选项
options {
//listen-on port 53 { 127.0.0.1; };//监听在哪个断口及IP地址,注:花括号中要有空格
//listen-on-v6 port 53 { ::1; };
directory "/var/named";//定义工作目录,解析库等查找位置
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
//memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };//允许查询
recursion yes;//是否允许递归
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.iscdlv.key";
//managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;//根类型
file "named.ca";//13个根域名服务器
};
include "/etc/named.rfc1912.zones";//包含此路径配置文件
//include "/etc/named.root.key";
查看name.rfc1912.zones
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};//IPv6的反向解析
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
33,2-9 Top
type master;
file "named.loopback";
allow-update { none; };
};//127.0.0.1的反向解析
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
//增加以下几行:
zone "baidu.com" IN {
type master;
file "baidu.com.zone";
};
创建解析库文件
[root@localhost ~]# cd /var/named/ [root@localhost named]# vim baidu.com.zone $TTL 3600 @ IN SOA ns.baidu.com. admin.gmail.com. ( 2015060701 1H 5M 1W 1D ) IN NS ns.baidu.com. IN MX 10 mail.baidu.com. ns.baidu.com. IN A 1.1.1.1 mail.baidu.com. IN A 1.1.1.2 . IN A 1.1.1.3 pop.baidu.com. IN CNAME mail.baidu.com.
确定权限
-rw-r--r--. 1 root root 255 Jun 7 08:16 baidu.com.zone drwxrwx---. 2 named named 4096 Jun 7 07:34 data drwxrwx---. 2 named named 4096 May 19 06:27 dynamic -rw-r-----. 1 root named 2075 Apr 23 2014 named.ca -rw-r-----. 1 root named 152 Dec 15 2009 named.empty -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback drwxrwx---. 2 named named 4096 May 19 06:27 slaves [root@localhost named]# chgrp named baidu.com.zone [root@localhost named]# chmod 640 baidu.com.zone [root@localhost named]# rndc reload
检查语法错误
[root@localhost ~]# service named configtest
启动
[root@localhost ~]# service named start Generating /etc/rndc.key: [ OK ] ;随机数生成器 Starting named: [ OK ]
查看状态
[root@localhost ~]# service named status version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 软件版本 CPUs found: 1 CPU个数 worker threads: 1 工作线程 number of zones: 20 zone区域个数 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF 查询区域关闭 recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running named (pid 24383) is running...
测试
[root@localhost named]# host -t A www.baidu.com 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: www.baidu.com has address 1.1.1.3 [root@localhost named]# host -t SOA baidu.com 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: baidu.com has SOA record ns.baidu.com. admin.gmail.com. 2015060701 3600 300 604800 86400 [root@localhost named]# host -t MX baidu.com 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: baidu.com mail is handled by 10 mail.baidu.com. [root@localhost named]# nslookup > set type=A > www.baidu.com Server: 192.168.80.128 Address: 192.168.80.128#53 Name: www.baidu.com Address: 1.1.1.3 > set type=MX > baidu.com Server: 192.168.80.128 Address: 192.168.80.128#53 baidu.com mail exchanger = 10 mail.baidu.com. > [root@localhost named]# dig -t A www.baidu.com @192.168.80.128 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> -t A www.baidu.com @192.168.80.128 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6791 ;; flags: qr aa/*(权威解答)*/ rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 报文守护相关信息 ;; QUESTION SECTION://查询问题 ;www.baidu.com. IN A ;; ANSWER SECTION://回答 www.baidu.com. 3600 IN A 1.1.1.3 ;; AUTHORITY SECTION://谁回答 baidu.com. 3600 IN NS ns.baidu.com. ;; ADDITIONAL SECTION://补充说明 ns.baidu.com. 3600 IN A 1.1.1.1 ;; Query time: 0 msec ;; SERVER: 192.168.80.128#53(192.168.80.128) ;; WHEN: Sun Jun 7 09:01:18 2015 ;; MSG SIZE rcvd: 80 完全区域查询 [root@localhost named]# [root@localhost named]# dig -t AXFR baidu.com @192.168.80.128 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> -t AXFR baidu.com @192.168.80.128 ;; global options: +cmd baidu.com. 3600 IN SOA ns.baidu.com. admin.gmail.com. 2015060701 3600 300 604800 86400 baidu.com. 3600 IN NS ns.baidu.com. baidu.com. 3600 IN MX 10 mail.baidu.com. mail.baidu.com. 3600 IN A 1.1.1.2 ns.baidu.com. 3600 IN A 1.1.1.1 pop.baidu.com. 3600 IN CNAME mail.baidu.com. www.baidu.com. 3600 IN A 1.1.1.3 baidu.com. 3600 IN SOA ns.baidu.com. admin.gmail.com. 2015060701 3600 300 604800 86400 ;; Query time: 0 msec ;; SERVER: 192.168.80.128#53(192.168.80.128) ;; WHEN: Sun Jun 7 09:05:26 2015 ;; XFR size: 8 records (messages 1, bytes 219)
rndc: remote name domain controller 监听在953端口
本地使用,用于重新载入配置文件等
本文出自 “linux学习” 博客,转载请与作者联系!