一. DNS原理相关
DNS 为Domain Name System(域名系统)的缩写,它是一种将ip地址转换成对应的主机名或将主机名转换成与之相对应ip地址的一种服务机制。
其中通过域名解析出ip地址的叫做正向解析,通过ip地址解析出域名的叫做反向解析。 DNS使用TCP和UDP, 端口号都是53, 但它主要使用UDP,服务器之间备份使用TCP。
全世界只有13台“根”服务器,1个主根服务器放在美国,其他12台为辅根服务器,DNS服务器根据角色可以分为:主DNS, 从DNS, 缓存DNS服务器,DNS转发服务器。
二. 使用bind搭建DNS服务器
[root@localhost ~]# yum install -y bind bind-utils [root@localhost ~]# /etc/init.d/named start Generating /etc/rndc.key: [确定] 启动 named: [确定]
查看生成的关键文件
[root@localhost ~]# rpm -ql bind /etc/NetworkManager/dispatcher.d/13-named /etc/logrotate.d/named /etc/named /etc/named.conf /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/portreserve/named /etc/rc.d/init.d/named /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /usr/lib/bind /usr/sbin/arpaname
三.配置一个自定义的域(正向解析,通过IP解析域名)
[root@localhost ~]# vim /etc/named.conf 在最后面添加一行 zone "123.com" IN { type master; file "123.com.zone"; }; [root@localhost ~]# named-checkconf 检查一下配置文件有没有错,如果有错会出现字母提示 [root@localhost ~]# vim /var/named/123.com.zone $TTL 1D @ IN SOA @ admin.123.com. ( 20150109 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.123.com. ns IN A 192.168.1.191 www IN A 11.11.11.11 bbs IN CNAME WWW [root@localhost ~]# named-checkzone "123.com" /var/named/123.com.zone 测试刚定义的有没有错 zone 123.com/IN: loaded serial 20150109 OK [root@localhost ~]# vim /etc/named.conf 配置ns IP进行监听 options { listen-on port 53 { 127.0.0.1; 192.168.1.191;}; [root@localhost ~]# /etc/init.d/named restart 停止 named: [确定] 启动 named: [确定] 测试能不能解析 [root@localhost ~]# dig @192.168.1.191 www.123.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.191 www.123.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52057 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.123.com. IN A ;; ANSWER SECTION: www.123.com. 86400 IN A 11.11.11.11 ;; AUTHORITY SECTION: 123.com. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 0 msec ;; SERVER: 192.168.1.191#53(192.168.1.191) ;; WHEN: Sun Mar 27 01:50:38 2016 ;; MSG SIZE rcvd: 78
四.DNS主从配置
配置从
[root@localhost ~]# yum install -y bind bind-utils [root@localhost ~]# vim /etc/named.conf // listen-on port 53 { 127.0.0.1; }; 想监听所有的IP就注释掉,想监听某个IP就在127后面添加 // listen-on-v6 port 53 { ::1; }; zone "123.com" IN { type slave; file "slaves/123.com.zone"; masters { 192.168.1.191; }; }; [root@localhost ~]# /etc/init.d/named start Generating /etc/rndc.key: [确定] 启动 named: [确定] [root@localhost ~]# ls /var/named/slaves/ 123.com.zone
然后我们可以在主和从上看一下数据是不是一样的
先从
[root@localhost ~]# cat /var/named/slaves/123.com.zone $ORIGIN . $TTL 86400 ; 1 day 123.com IN SOA 123.com. admin.123.com. ( 20150109 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS ns.123.com. $ORIGIN 123.com. ns A 192.168.1.191 www A 11.11.11.11
再看主
[root@localhost ~]# cat /var/named/123.com.zone $TTL 1D @ IN SOA @ admin.123.com. ( 20150109 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.123.com. ns IN A 192.168.1.191 www IN A 11.11.11.11
是不是数据一样呢!这说明主从已设置成功。
测试一下从解析
[root@localhost ~]# dig @192.168.1.192 www.123.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.192 www.123.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62629 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.123.com. IN A ;; ANSWER SECTION: www.123.com. 86400 IN A 11.11.11.11 ;; AUTHORITY SECTION: 123.com. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 0 msec ;; SERVER: 192.168.1.192#53(192.168.1.192) ;; WHEN: Sun Mar 27 01:16:46 2016 ;; MSG SIZE rcvd: 78
测试有没有主从同步,在主上修改配置文件。
[root@localhost ~]# vim /var/named/123.com.zone $TTL 1D @ IN SOA @ admin.123.com. ( 201501092 ; serial 后面更改一个数字2说明第二次更改 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.123.com. ns IN A 192.168.1.191 www IN A 11.11.11.11 bbs IN CNAME WWW guozhen IN A 111.111.111.111 新加一行做测试 [root@master ~]# /etc/init.d/named restart 停止 named: [确定] 启动 named: [确定]
测试能不能解析
[root@localhost ~]# dig @192.168.1.191 guozhen.123.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.191 guozhen.123.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25913 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;guozhen.123.com. IN A ;; ANSWER SECTION: guozhen.123.com. 86400 IN A 111.111.111.111 ;; AUTHORITY SECTION: 123.com. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 0 msec ;; SERVER: 192.168.1.191#53(192.168.1.191) ;; WHEN: Sun Mar 27 02:46:06 2016 ;; MSG SIZE rcvd: 82
要想实时同步必须改主配置文件
[root@localhost ~]# vim /etc/named.conf zone "123.com" IN { type master; file "123.com.zone"; notify yes; 实时同步 also-notify {192.168.1.192; }; 从IP }; [root@localhost ~]# named-checkconf 检查有没有错 [[root@localhost ~]# /etc/init.d/named restart 停止 named: [确定] 启动 named: [确定]
在从上测试
[root@localhost ~]# dig @192.168.1.192 guozhen.123.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.192 guozhen.123.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5755 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;guozhen.123.com. IN A ;; ANSWER SECTION: guozhen.123.com. 86400 IN A 111.111.111.111 ;; AUTHORITY SECTION: 123.com. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 1 msec ;; SERVER: 192.168.1.192#53(192.168.1.192) ;; WHEN: Sun Mar 27 01:40:31 2016 ;; MSG SIZE rcvd: 82 [root@localhost ~]# cat /var/named/slaves/123.com.zone $ORIGIN . $TTL 86400 ; 1 day 123.com IN SOA 123.com. admin.123.com. ( 201501092 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS ns.123.com. $ORIGIN 123.com. bbs CNAME WWW guozhen A 111.111.111.111 ns A 192.168.1.191 www A 11.11.11.11 OK 经过查看已经全部同步完成 写的不好,见谅哦。
切记做的时候一定要关闭防火墙
忘记写反向解析了(通过域名解析IP)
步骤如下(在主上添加配置文件)
[root@localhost ~]# vim /etc/named.conf
zone "1.168.192.in-addr.arpa" IN { type master; file "1.168.192.zone"; notify yes; also-notify {192.168.1.192; }; }; [root@localhost ~]# named-checkconf [root@localhost ~]# vim /var/named/1.168.192.zone $TTL 1D @ IN SOA @ admin.123.com. ( 201501092 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.123.com. 191 IN PTR ns.123.com. 20 IN PTR mail.123.com. [root@localhost ~]# named-checkconf 检查有没有错 [root@localhost ~]# /etc/init.d/named restart 重启 停止 named: [确定] 启动 named: [确定] [root@localhost ~]# dig @192.168.1.191 -x 192.168.1.191 测试能不能解析 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.191 -x 192.168.1.191 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5620 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;191.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 191.1.168.192.in-addr.arpa. 86400 IN PTR ns.123.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 2 msec ;; SERVER: 192.168.1.191#53(192.168.1.191) ;; WHEN: Sun Mar 27 02:14:07 2016 ;; MSG SIZE rcvd: 98