大纲
一、DNS相关概念
二、DNS查询原理
三、DNS服务搭建
四、DNS相关查询命令
一、DNS相关概念
1、DNS(Domain Name System)
DNS是因特网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。DNS使用TCP和UDP端口53。当前,对于每一级域名长度的限制是63个字符,域名总长度则不能超过253个字符。
2、FQDN(Full Qualified Domain Name)
完整网域名称由主机名称与母网域名称两部分所组成,例如有一部服务器的本地主机名为myhost,而其母域名为example.com,那指向该服务器的完整网域名称就是myhost.example.com。虽然世界上可能有很多服务器的本地主机名是myhost,但myhost.example.com是唯一的,因此完整网域名称能识别该特定服务器。
3、TLD(Top Level Domain)域名分类
①组织域:.com .org .net .cc
②国家域: .cn .tw .hk .iq .ir .jp
③反向域: IP-->FQDN。反向(互联网上用的较多):IP-->FQDN;正向:FQDN-->IP
4、NSSwitch框架
[root@soysauce ~]# grep "^hosts" /etc/nsswitch.conf hosts: files dns # 先查询/etc/hosts文件,找不到则查询DNS服务器
5、DNS查询方式
①递归:只发出一次请求
②迭代:发出多次请求
6、DNS解析方式
①正向:FQDN-->IP
②反向:IP-->FQDN
7、DNS上下级关系
①上级仅知道其直接下级
②下级只知道根的位置
8、DNS请求答案类型
①接受本地客户查询请求权威答案:递归过程
②外部客户端请求权威答案:肯定答案及否定答案都有对应的TTL值
③外部客户端请求非权威答案
9、DNS服务器类型
①主DNS服务器:能做数据修改
②辅助DNS服务器:不能做数据修改,数据只能从主DNS那里同步过来
③缓存DNS:不提供任何权威答案,只是负责缓存
④转发器:只负责转发,缓存DNS去掉缓存功能就是一个转发器
10、域与区域
①域:Domain,逻辑概念;一般包含正向区域和反向区域
②区域:Zone,物理概念;正向区域同域名,反向区域则不相同
11、区域传送的类型
①完全区域传送: axfr
②增量区域传送:ixfr
12、区域类型
①主区域:master
②从区域:slave
③提示区域:hint
④转发区域:forward
13、ACL
定义格式: acl ACL_NAME { 172.16.0.0/16; 127.0.0.0/8; }; 例如: acl innet { 172.16.0.0/16; 127.0.0.0/8; }; allow-query { innet; };
14、泛域名解析
[root@soysauce named]# pwd /var/named [root@soysauce named]# cat soysauce.com.zone $TTL 86400 @ IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121001 3H 10M 1D 2D ) IN NS ns1 IN MX 10 mail ns1 IN A 172.16.1.111 mail IN A 172.16.1.110 www IN A 172.16.1.110 www IN A 172.16.1.111 ftp IN CNAME www * IN A 172.16.1.111 # 增加一条泛域名解析 [root@soysauce named]# dig -x 172.16.1.111 # 查询IP对应的FQDN ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -x 172.16.1.111 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44066 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;111.1.16.172.in-addr.arpa. IN PTR ;; ANSWER SECTION: 111.1.16.172.in-addr.arpa. 86400 IN PTR www.soysauce.com. 111.1.16.172.in-addr.arpa. 86400 IN PTR ns1.soysauce.com. ;; AUTHORITY SECTION: 1.16.172.in-addr.arpa. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 2 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 11:43:11 2015 ;; MSG SIZE rcvd: 121 [root@soysauce named]# vim /var/www/html/index.html [root@soysauce named]# cat /var/www/html/index.html Test Page [root@soysauce named]# service httpd start Starting httpd: [root@soysauce named]# curl http://fd.soysauce.com Test Page [root@soysauce named]# curl http://s.soysauce.com. # 访问域内的所有主机都被解析为172.16.1.111 Test Page
15、资源记录(Resource Record)
(1)、SOA记录
SOA(Start Of Authority): ZONE NAME TTL IN SOA MASTER_NS_SERVER_FQDN ADMINISTRATOR_MAILBOX ( serial number refresh retry expire na ttl ) 时间单位:M(分钟)、H(小时)、D(天)、W(周),默认单位是秒 邮箱格式:[email protected] -写为-> admin.soysauce.com 例如: soysauce.com. 600 IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121001 1H 5M 1W 1D )
(2)、NS记录
ZONE NAME [TTL] IN RRT NS_SERVER_FQDN 例如: soysauce.com. 600 IN NS ns1.soysauce.com. ns1.soysauce.com. 600 IN A 172.16.1.119
(3)、MX记录
ZONE NAME [TTL] IN RRT pri MX_SERVER_FQDN 例如: soysauce.com. 600 IN MX 10 mail.soysauce.com. mail.soysauce.com. 600 IN A 172.16.1.118
(4)、A记录
NAME [TTL] IN A VALUE 例如: www.soysauce.com. 600 IN A 172.16.1.120
(5)、AAAA记录
NAME [TTL] IN AAAA VALUE 例如: www.soysauce.com. 600 IN AAAA fe80::f9c8:9b49:4062:8ff7%14
(6)、PTR记录
NAME [TTL] IN PTR VALUE 例如: 172.16.1.120 600 IN PRT www.network.com.
(7)、CNAME记录
Alias [TTL] IN CNAME FQDN 例如: www 600 IN CNAME www.soysauce.com.
二、DNS查询原理
DNS查询其实是两段式的过程。对于本地客户端而言,在/etc/resolv.conf中定义的nameserver一定是能够给客户端递归的,不然无法完成DNS服务器解析;对于本地DNS服务器而言,DNS服务器将迭代得来的结果本地缓存之后然后返回给客户端。
三、DNS服务搭建
1、安装BIND软件包
[root@soysauce ~]# yum install -y "bind" "bind-utils"
2、编辑主配置文件/etc/named.conf
[root@soysauce ~]# cd /etc/ [root@soysauce etc]# mv named.conf{,.back} # 备份系统自带的主配置文件 [root@soysauce etc]# vim named.conf # 自行编辑一个主配置文件 [root@soysauce etc]# cat named.conf options { directory "/var/named"; allow-recursion { 172.16.0.0/16; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; }; [root@soysauce etc]# chown root.named named.conf [root@soysauce etc]# chmod 640 named.conf [root@soysauce etc]# named-checkconf # 检查配置文件是否有语法错误 [root@soysauce etc]# named-checkzone "." /var/named/named.ca # 检查根区域文件是否有语法错误 zone ./IN: has 0 SOA records zone ./IN: not loaded due to errors. [root@soysauce etc]# named-checkzone "localhost" /var/named/named.localhost zone localhost/IN: loaded serial 0 OK [root@soysauce etc]# named-checkzone "loopback" /var/named/named.loopback zone loopback/IN: loaded serial 0 OK
3、启动named服务
[root@soysauce etc]# getenforce # 查看selinux状态,如果开启则关闭selinux Disabled [root@soysauce etc]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [root@soysauce etc]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 172.16.1.111:53 0.0.0.0:* LISTEN 7716/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 7716/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1631/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 7716/named tcp 0 0 :::22 :::* LISTEN 1631/sshd tcp 0 0 ::1:953 :::* LISTEN 7716/named udp 0 0 172.16.1.111:53 0.0.0.0:* 7716/named udp 0 0 127.0.0.1:53 0.0.0.0:* 7716/named
4、测试named服务能否解析(互联网地址解析)
[root@soysauce etc]# vim /etc/resolv.conf [root@soysauce etc]# cat /etc/resolv.conf nameserver 172.16.1.111 # DNS已经修改为本机地址 [root@soysauce etc]# dig -t NS . @a.root-servers.net. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t NS . @a.root-servers.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23876 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS f.root-servers.net. ;; ADDITIONAL SECTION: d.root-servers.net. 3600000 IN A 199.7.91.13 d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d e.root-servers.net. 3600000 IN A 192.203.230.10 a.root-servers.net. 3600000 IN A 198.41.0.4 a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 3600000 IN A 192.228.79.201 b.root-servers.net. 3600000 IN AAAA 2001:500:84::b l.root-servers.net. 3600000 IN A 199.7.83.42 l.root-servers.net. 3600000 IN AAAA 2001:500:3::42 m.root-servers.net. 3600000 IN A 202.12.27.33 m.root-servers.net. 3600000 IN AAAA 2001:dc3::35 j.root-servers.net. 3600000 IN A 192.58.128.30 j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 ;; Query time: 300 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Thu Dec 3 09:50:13 2015 ;; MSG SIZE rcvd: 508 [root@soysauce etc]# ping -c 3 www.baidu.com # 已能成功解析 PING www.a.shifen.com (180.97.33.107) 56(84) bytes of data. 64 bytes from 180.97.33.107: icmp_seq=1 ttl=54 time=69.9 ms 64 bytes from 180.97.33.107: icmp_seq=2 ttl=54 time=18.3 ms 64 bytes from 180.97.33.107: icmp_seq=3 ttl=54 time=24.4 ms --- www.a.shifen.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2029ms rtt min/avg/max/mdev = 18.359/37.596/69.996/23.044 ms
5、增加本地正向区域解析
[root@soysauce etc]# vim /etc/named.conf [root@soysauce etc]# cat /etc/named.conf options { directory "/var/named"; allow-recursion { 172.16.0.0/16; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; }; zone "soysauce.com" IN { # 增加soysauce.com.区域正向解析 type master; file "soysauce.com.zone"; }; [root@soysauce etc]# cd /var/named/ [root@soysauce named]# vim soysauce.com.zone # 增加区域数据文件 [root@soysauce named]# cat soysauce.com.zone $TTL 86400 @ IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121001 3H 10M 1D 2D ) IN NS ns1 IN MX 10 mail ns1 IN A 172.16.1.111 mail IN A 172.16.1.110 www IN A 172.16.1.110 www IN A 172.16.1.111 ftp IN CNAME www [root@soysauce named]# named-checkconf [root@soysauce named]# named-checkzone "soysauce.com" /var/named/soysauce.com.zone zone soysauce.com/IN: loaded serial 2015121001 OK [root@soysauce named]# chmod 640 soysauce.com.zone # 修改权限为640 [root@soysauce named]# chown root.named soysauce.com.zone # 修改属主属组为root用户,named组
6、增加本地反向区域解析
[root@soysauce named]# vim /etc/named.conf [root@soysauce named]# cat /etc/named.conf options { directory "/var/named"; allow-recursion { 172.16.0.0/16; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; }; zone "soysauce.com" IN { type master; file "soysauce.com.zone"; }; zone "1.16.172.in-addr.arpa" { # 增加soysauce区域反向解析 type master; file "172.16.1.zone"; }; [root@soysauce named]# cp soysauce.com.zone 172.16.1.zone -p [root@soysauce named]# vim 172.16.1.zone # 编辑反向区域数据文件 [root@soysauce named]# cat 172.16.1.zone $TTL 86400 @ IN SOA ns1.soysauce.com. admin.soysauce.com. ( 2015121001 3H 10M 1D 2D ) IN NS ns1.soysauce.com. 111 IN PTR ns1.soysauce.com. 110 IN PTR mail.soysauce.com. 110 IN PTR www.soysauce.com. 111 IN PTR www.soysauce.com. [root@soysauce named]# named-checkconf [root@soysauce named]# named-checkzone "1.16.172.in-addr.arpa" /var/named/172.16.1.zone zone 1.16.172.in-addr.arpa/IN: loaded serial 2015121001 OK
7、测试是否能解析正向区域
[root@soysauce named]# service named reload # 重读配置文件 Reloading named: [ OK ] [root@soysauce named]# dig -t A www.soysauce.com # 查询A记录 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.soysauce.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58027 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.soysauce.com. IN A # 问题段,即查找FQDN对应的A记录 ;; ANSWER SECTION: www.soysauce.com. 86400 IN A 172.16.1.111 # 答案段,即上面FQDN所对应的A记录 www.soysauce.com. 86400 IN A 172.16.1.110 ;; AUTHORITY SECTION: soysauce.com. 86400 IN NS ns1.soysauce.com. # 权威段,即指明域内的权威DNS服务器 ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 # 补充权威DNS的A记录 ;; Query time: 0 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 10:28:12 2015 ;; MSG SIZE rcvd: 100 [root@soysauce named]# dig -t A www.soysauce.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.soysauce.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57600 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.soysauce.com. IN A ;; ANSWER SECTION: www.soysauce.com. 86400 IN A 172.16.1.110 # 可以看到还能实现简单的负载均衡 www.soysauce.com. 86400 IN A 172.16.1.111 ;; AUTHORITY SECTION: soysauce.com. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 3 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 10:31:18 2015 ;; MSG SIZE rcvd: 100 [root@soysauce named]# dig -t CNAME ftp.soysauce.com. # 查找别名记录 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t CNAME ftp.soysauce.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33519 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;ftp.soysauce.com. IN CNAME ;; ANSWER SECTION: ftp.soysauce.com. 86400 IN CNAME www.soysauce.com. ;; AUTHORITY SECTION: soysauce.com. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 2 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 10:33:11 2015 ;; MSG SIZE rcvd: 86 [root@soysauce named]# dig -t MX soysauce.com. # 查询MX记录 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t MX soysauce.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31918 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;soysauce.com. IN MX ;; ANSWER SECTION: soysauce.com. 86400 IN MX 10 mail.soysauce.com. ;; AUTHORITY SECTION: soysauce.com. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: mail.soysauce.com. 86400 IN A 172.16.1.110 ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 1 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 10:34:47 2015 ;; MSG SIZE rcvd: 101
8、测试是否能解析反向区域
[root@soysauce named]# service named reload # 重读配置文件 Reloading named: [ OK ] [root@soysauce named]# nslookup > server 172.16.1.111 # 指定DNS解析 Default server: 172.16.1.111 Address: 172.16.1.111#53 > set q=PTR # 查询IP对应的FQDN > 172.16.1.110 Server: 172.16.1.111 Address: 172.16.1.111#53 110.1.16.172.in-addr.arpa name = mail.soysauce.com. 110.1.16.172.in-addr.arpa name = www.soysauce.com. > set q=NS > 1.16.172.in-addr.arpa Server: 172.16.1.111 Address: 172.16.1.111#53 1.16.172.in-addr.arpa nameserver = ns1.soysauce.com. > exit [root@soysauce named]# dig -x 172.16.1.111 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -x 172.16.1.111 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18873 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;111.1.16.172.in-addr.arpa. IN PTR ;; ANSWER SECTION: 111.1.16.172.in-addr.arpa. 86400 IN PTR www.soysauce.com. 111.1.16.172.in-addr.arpa. 86400 IN PTR ns1.soysauce.com. ;; AUTHORITY SECTION: 1.16.172.in-addr.arpa. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 1 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 11:29:47 2015 ;; MSG SIZE rcvd: 121
9、测试是否只有指定主机能进行区域传送
[root@soysauce ~]# dig -t axfr soysauce.com. # 此时本机可以进行区域传送 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t axfr soysauce.com. ;; global options: +cmd soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121001 10800 600 86400 172800 soysauce.com. 86400 IN NS ns1.soysauce.com. soysauce.com. 86400 IN MX 10 mail.soysauce.com. *.soysauce.com. 86400 IN A 172.16.1.111 ftp.soysauce.com. 86400 IN CNAME www.soysauce.com. mail.soysauce.com. 86400 IN A 172.16.1.110 ns1.soysauce.com. 86400 IN A 172.16.1.111 www.soysauce.com. 86400 IN A 172.16.1.110 www.soysauce.com. 86400 IN A 172.16.1.111 soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121001 10800 600 86400 172800 ;; Query time: 3 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 13:03:36 2015 ;; XFR size: 10 records (messages 1, bytes 251) [root@soysauce ~]# vim /etc/named.conf # 修改配置文件,定义传送指令 [root@soysauce ~]# cat /etc/named.conf options { directory "/var/named"; allow-recursion { 172.16.0.0/16; }; allow-transfer { 172.16.1.110; }; # 定义只允许172.16.1.110才能区域传送 }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "named.localhost"; allow-transfer { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-transfer { none; }; }; zone "soysauce.com" IN { type master; file "soysauce.com.zone"; allow-transfer { 172.16.1.110; }; }; zone "1.16.172.in-addr.arpa" { type master; file "172.16.1.zone"; allow-transfer { 172.16.1.110; }; }; [root@soysauce ~]# service named restart Stopping named: [ OK ] Starting named: [ OK ] [root@soysauce ~]# dig -t axfr soysauce.com. # 完全区域传送失败 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t axfr soysauce.com. ;; global options: +cmd ; Transfer failed. [root@soysauce ~]# dig -t ixfr=20151210 soysauce.com. # 增量区域传送失败 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t ixfr=20151210 soysauce.com. ;; global options: +cmd ; Transfer failed. [root@CentOS5 ~]# ifconfig eth0 # 此时切换到172.16.1.110 eth0 Link encap:Ethernet HWaddr 00:0C:29:FE:82:38 inet addr:172.16.1.110 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fefe:8238/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:36144 errors:0 dropped:0 overruns:0 frame:0 TX packets:22577 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:37904374 (36.1 MiB) TX bytes:2777131 (2.6 MiB) [root@CentOS5 ~]# dig -t axfr soysauce.com. @172.16.1.111 # 172.16.1.110是可以进行区域传送的 ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> -t axfr soysauce.com. @172.16.1.111 ;; global options: printcmd soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121001 10800 600 86400 172800 soysauce.com. 86400 IN NS ns1.soysauce.com. soysauce.com. 86400 IN MX 10 mail.soysauce.com. *.soysauce.com. 86400 IN A 172.16.1.111 ftp.soysauce.com. 86400 IN CNAME www.soysauce.com. mail.soysauce.com. 86400 IN A 172.16.1.110 ns1.soysauce.com. 86400 IN A 172.16.1.111 www.soysauce.com. 86400 IN A 172.16.1.110 www.soysauce.com. 86400 IN A 172.16.1.111 soysauce.com. 86400 IN SOA ns1.soysauce.com. admin.soysauce.com. 2015121001 10800 600 86400 172800 ;; Query time: 7 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Sat Aug 29 04:28:18 2015 ;; XFR size: 10 records (messages 1)
四、DNS相关查询命令
1、host
host - DNS lookup utility # DNS查询工具 SYNOPSIS host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server] -t RT NAME:查询名称的解析结果 [root@soysauce named]# host -t NS soysauce.com. # 查找域内权威DNS soysauce.com name server ns1.soysauce.com. [root@soysauce named]# host -t A www.soysauce.com. # 查找FQDN对应的A记录 www.soysauce.com has address 172.16.1.111 www.soysauce.com has address 172.16.1.110 [root@soysauce named]# host -t A www.soysauce.com. # 同样实现负载均衡效果 www.soysauce.com has address 172.16.1.110 www.soysauce.com has address 172.16.1.111 [root@soysauce named]# host -t MX soysauce.com. # 查找域内MX记录 soysauce.com mail is handled by 10 mail.soysauce.com. [root@soysauce named]# host -t CNAME ftp.soysauce.com. # 查找域内CNAME记录 ftp.soysauce.com is an alias for www.soysauce.com.
2、dig
dig - DNS lookup utility # DNS查询工具 SYNOPSIS dig [options] NAME -t RT:查找名称对应的解析结果 -x IP:查找IP所对应的FQDN +[no]trace:追踪查询过程 +[no]recurse:是否递归查询 -t axfr:查询是否能完全区域传送 -t ixfr N:查询自序列号为N之后是否有改变 [root@soysauce named]# dig -t A www.baidu.com # 查找A记录 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28934 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 1200 IN CNAME www.a.shifen.com. www.a.shifen.com. 300 IN A 180.97.33.107 www.a.shifen.com. 300 IN A 180.97.33.108 ;; AUTHORITY SECTION: a.shifen.com. 1200 IN NS ns4.a.shifen.com. a.shifen.com. 1200 IN NS ns2.a.shifen.com. a.shifen.com. 1200 IN NS ns1.a.shifen.com. a.shifen.com. 1200 IN NS ns5.a.shifen.com. a.shifen.com. 1200 IN NS ns3.a.shifen.com. ;; ADDITIONAL SECTION: ns4.a.shifen.com. 1200 IN A 115.239.210.176 ns5.a.shifen.com. 1200 IN A 119.75.222.17 ns1.a.shifen.com. 1200 IN A 61.135.165.224 ns2.a.shifen.com. 1200 IN A 180.149.133.241 ns3.a.shifen.com. 1200 IN A 61.135.162.215 ;; Query time: 766 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 10:35:39 2015 ;; MSG SIZE rcvd: 260 [root@soysauce named]# dig -t NS baidu.com. @a.root-servers.net # 指定通过根域查找 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t NS baidu.com. @a.root-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20713 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;baidu.com. IN NS ;; AUTHORITY SECTION: com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. ;; ADDITIONAL SECTION: m.gtld-servers.net. 172800 IN A 192.55.83.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 a.gtld-servers.net. 172800 IN A 192.5.6.30 ;; Query time: 301 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Thu Dec 3 10:41:23 2015 ;; MSG SIZE rcvd: 487 [root@soysauce named]# dig -t A www.sina.com # 查找A记录 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.sina.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17974 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.sina.com. IN A ;; ANSWER SECTION: www.sina.com. 60 IN CNAME us.sina.com.cn. us.sina.com.cn. 60 IN CNAME news.sina.com.cn. news.sina.com.cn. 60 IN CNAME jupiter.sina.com.cn. jupiter.sina.com.cn. 3600 IN CNAME ara.sina.com.cn. ara.sina.com.cn. 60 IN A 121.14.1.189 ara.sina.com.cn. 60 IN A 121.14.1.190 ara.sina.com.cn. 60 IN A 58.63.236.248 ;; AUTHORITY SECTION: sina.com.cn. 86398 IN NS ns2.sina.com.cn. sina.com.cn. 86398 IN NS ns3.sina.com.cn. sina.com.cn. 86398 IN NS ns1.sina.com.cn. sina.com.cn. 86398 IN NS ns4.sina.com.cn. ;; ADDITIONAL SECTION: ns3.sina.com.cn. 86398 IN A 123.125.29.99 ns4.sina.com.cn. 86398 IN A 121.14.1.22 ns2.sina.com.cn. 86399 IN A 61.172.201.254 ns1.sina.com.cn. 86398 IN A 202.106.184.166 ;; Query time: 1995 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 10:43:27 2015 ;; MSG SIZE rcvd: 301 [root@soysauce ~]# dig -x 172.16.1.111 # 查找IP对应的FQDN ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -x 172.16.1.111 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38595 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;111.1.16.172.in-addr.arpa. IN PTR ;; ANSWER SECTION: 111.1.16.172.in-addr.arpa. 86400 IN PTR ns1.soysauce.com. 111.1.16.172.in-addr.arpa. 86400 IN PTR www.soysauce.com. ;; AUTHORITY SECTION: 1.16.172.in-addr.arpa. 86400 IN NS ns1.soysauce.com. ;; ADDITIONAL SECTION: ns1.soysauce.com. 86400 IN A 172.16.1.111 ;; Query time: 0 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 12:30:01 2015 ;; MSG SIZE rcvd: 121 [root@soysauce ~]# dig +norecurse -t A www.tudou.com. @172.16.1.111 # 不递归查询土豆 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> +norecurse -t A www.tudou.com. @172.16.1.111 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47903 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14 ;; QUESTION SECTION: ;www.tudou.com. IN A ;; AUTHORITY SECTION: com. 165526 IN NS m.gtld-servers.net. com. 165526 IN NS f.gtld-servers.net. com. 165526 IN NS j.gtld-servers.net. com. 165526 IN NS i.gtld-servers.net. com. 165526 IN NS l.gtld-servers.net. com. 165526 IN NS e.gtld-servers.net. com. 165526 IN NS g.gtld-servers.net. com. 165526 IN NS d.gtld-servers.net. com. 165526 IN NS b.gtld-servers.net. com. 165526 IN NS a.gtld-servers.net. com. 165526 IN NS k.gtld-servers.net. com. 165526 IN NS c.gtld-servers.net. com. 165526 IN NS h.gtld-servers.net. ;; ADDITIONAL SECTION: a.gtld-servers.net. 165526 IN A 192.5.6.30 a.gtld-servers.net. 165526 IN AAAA 2001:503:a83e::2:30 b.gtld-servers.net. 165526 IN A 192.33.14.30 b.gtld-servers.net. 165526 IN AAAA 2001:503:231d::2:30 c.gtld-servers.net. 165526 IN A 192.26.92.30 d.gtld-servers.net. 165526 IN A 192.31.80.30 e.gtld-servers.net. 165526 IN A 192.12.94.30 f.gtld-servers.net. 165526 IN A 192.35.51.30 g.gtld-servers.net. 165526 IN A 192.42.93.30 h.gtld-servers.net. 172607 IN A 192.54.112.30 i.gtld-servers.net. 165526 IN A 192.43.172.30 j.gtld-servers.net. 165526 IN A 192.48.79.30 k.gtld-servers.net. 165526 IN A 192.52.178.30 l.gtld-servers.net. 172634 IN A 192.41.162.30 ;; Query time: 3 msec ;; SERVER: 172.16.1.111#53(172.16.1.111) ;; WHEN: Thu Dec 3 12:28:20 2015 ;; MSG SIZE rcvd: 503 [root@soysauce ~]# dig +norecurse -t A www.tudou.com. @m.gtld-servers.net. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> +norecurse -t A www.tudou.com. @m.gtld-servers.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33313 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.tudou.com. IN A ;; AUTHORITY SECTION: tudou.com. 172800 IN NS ns1.tudoudns.com. tudou.com. 172800 IN NS ns2.tudoudns.com. tudou.com. 172800 IN NS ns3.tudoudns.com. tudou.com. 172800 IN NS ns4.tudoudns.com. ;; ADDITIONAL SECTION: ns1.tudoudns.com. 172800 IN A 211.151.50.170 ns2.tudoudns.com. 172800 IN A 211.151.50.171 ns3.tudoudns.com. 172800 IN A 114.80.121.118 ns4.tudoudns.com. 172800 IN A 114.80.122.118 ;; Query time: 141 msec ;; SERVER: 192.55.83.30#53(192.55.83.30) ;; WHEN: Thu Dec 3 12:28:33 2015 ;; MSG SIZE rcvd: 176 [root@soysauce ~]# dig +norecurse -t A www.tudou.com. @ns1.tudoudns.com. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> +norecurse -t A www.tudou.com. @ns1.tudoudns.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47493 ;; flags: qr aa; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.tudou.com. IN A ;; ANSWER SECTION: www.tudou.com. 600 IN A 222.73.6.33 www.tudou.com. 600 IN A 222.73.6.34 www.tudou.com. 600 IN A 222.73.6.36 www.tudou.com. 600 IN A 222.73.6.37 www.tudou.com. 600 IN A 222.73.6.38 www.tudou.com. 600 IN A 222.73.6.35 ;; AUTHORITY SECTION: tudou.com. 600 IN NS ns2.tudoudns.com. tudou.com. 600 IN NS ns1.tudoudns.com. tudou.com. 600 IN NS ns3.tudoudns.com. tudou.com. 600 IN NS ns4.tudoudns.com. ;; ADDITIONAL SECTION: ns1.tudoudns.com. 7200 IN A 211.151.50.170 ns2.tudoudns.com. 7200 IN A 211.151.50.171 ns3.tudoudns.com. 7200 IN A 114.80.121.118 ns4.tudoudns.com. 7200 IN A 114.80.122.118 ;; Query time: 46 msec ;; SERVER: 211.151.50.170#53(211.151.50.170) ;; WHEN: Thu Dec 3 12:29:00 2015 ;; MSG SIZE rcvd: 272 [root@soysauce ~]# dig +trace -t A www.baidu.com @172.16.1.111 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> +trace -t A www.baidu.com @172.16.1.111 ;; global options: +cmd . 510560 IN NS i.root-servers.net. . 510560 IN NS h.root-servers.net. . 510560 IN NS j.root-servers.net. . 510560 IN NS d.root-servers.net. . 510560 IN NS l.root-servers.net. . 510560 IN NS f.root-servers.net. . 510560 IN NS a.root-servers.net. . 510560 IN NS e.root-servers.net. . 510560 IN NS c.root-servers.net. . 510560 IN NS b.root-servers.net. . 510560 IN NS k.root-servers.net. . 510560 IN NS g.root-servers.net. . 510560 IN NS m.root-servers.net. ;; Received 496 bytes from 172.16.1.111#53(172.16.1.111) in 19641 ms com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. ;; Received 491 bytes from 199.7.91.13#53(199.7.91.13) in 17853 ms baidu.com. 172800 IN NS dns.baidu.com. baidu.com. 172800 IN NS ns2.baidu.com. baidu.com. 172800 IN NS ns3.baidu.com. baidu.com. 172800 IN NS ns4.baidu.com. baidu.com. 172800 IN NS ns7.baidu.com. ;; Received 201 bytes from 192.54.112.30#53(192.54.112.30) in 1062 ms www.baidu.com. 1200 IN CNAME www.a.shifen.com. a.shifen.com. 1200 IN NS ns2.a.shifen.com. a.shifen.com. 1200 IN NS ns1.a.shifen.com. a.shifen.com. 1200 IN NS ns3.a.shifen.com. a.shifen.com. 1200 IN NS ns5.a.shifen.com. a.shifen.com. 1200 IN NS ns4.a.shifen.com. ;; Received 228 bytes from 220.181.38.10#53(220.181.38.10) in 108 ms
3、nslookup
nslookup - query Internet name servers interactively # 交互式互联网名称服务查询工具 SYNOPSIS nslookup [-option] [name | -] [server] server SERVER_IP:使用指定DNS解析 set q=RT:指定查询类型 [root@soysauce named]# nslookup > server 172.16.1.111 # 指定以172.16.1.111来解析 Default server: 172.16.1.111 Address: 172.16.1.111#53 > set q=A # 指定查询A记录 > www.soysauce.com. # 查询www.soysauce.com.对应的IP地址 Server: 172.16.1.111 Address: 172.16.1.111#53 Name: www.soysauce.com Address: 172.16.1.110 Name: www.soysauce.com Address: 172.16.1.111 > set q=NS # 指定查询NS记录 > soysauce.com. # 查询soysauce.com.域内权威DNS Server: 172.16.1.111 Address: 172.16.1.111#53 soysauce.com nameserver = ns1.soysauce.com. > set q=MX # 指定查询MX记录 > soysauce.com. # 查询soysauce.com.域内邮件服务器 Server: 172.16.1.111 Address: 172.16.1.111#53 soysauce.com mail exchanger = 10 mail.soysauce.com. > set q=CNAME # 指定查询CNAME记录 > ftp.soysauce.com. # 查询ftp.soysauce.com.对应的城市名称 Server: 172.16.1.111 Address: 172.16.1.111#53 ftp.soysauce.com canonical name = www.soysauce.com.