[置顶] DayDayUP_Linux运维学习_DNS安装与使用

DNS原理相关
DNS 为Domain Name System（域名系统）的缩写，它是一种将ip地址转换成对应的主机名或将主机名转换成与之相对应ip地址的一种服务机制。
其中通过域名解析出ip地址的叫做正向解析，通过ip地址解析出域名的叫做反向解析。 DNS使用TCP和UDP, 端口号都是53, 但它主要使用UDP，服务器之间备份使用TCP。
全世界只有13台“根”服务器，1个主根服务器放在美国，其他12台为辅根服务器，DNS服务器根据角色可以分为：主DNS, 从DNS, 缓存DNS服务器，DNS转发服务器。
使用bind搭建DNS服务器
安装

[root@www ~]# yum install -y bind

配置

[root@www ~]# cp /etc/named.conf /etc/named.conf.bak
[root@www ~]# > /etc/named.conf
[root@www ~]# vim /etc/named.conf
options {
    directory "/var/named";
#定义子目录，配置文件放在/var/named文件夹下即可
};

zone "." IN  {
    type hint;
    file "named.ca";
};
zone "localhost" IN {
    type master;
    file "localhost.zone"; #自定义，后面在/var/named下编辑即可
};
zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";#自定义，后面在/var/named下编辑即可
};
[root@www ~]# chown named /etc/named.conf
[root@www ~]# cd /var/named/
[root@www named]# dig -t NS . > named.ca //用于寻找根服务器
[root@www named]# cat named.ca 
[root@www named]# vim localhost.zone //前面配置文件所定义的
@                   IN      SOA     localhost.  admin.localhost.     (
                                                                        2015101901
                                                                        1H
                                                                        10M
                                                                        7D
                                                                        1D
                                                                           )

@                   IN          NS          localhost.

localhost.          IN          A           127.0.0.1
[root@www named]# vim named.local
$TTL 86400

@                    IN      SOA     localhost.  admin.localhost.      (
                                                                        2015101901
                                                                        1H
                                                                        10M
                                                                        7D
                                                                        1
                                                                        )

@                    IN          NS          localhost.

1                    IN          PTR         localhost

[root@www named]# named-checkconf ////检测主配置文件
[root@www named]# named-checkzone "localhost" /var/named/localhost.zone  //检测正向解析
/var/named/localhost.zone:1: no TTL specified; using SOA MINTTL instead
zone localhost/IN: loaded serial 2015101901
OK
[root@www named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.local  //检测反向解析
zone 0.0.127.in-addr.arpa/IN: loaded serial 2015101901
OK

启动

[root@www named]# rndc-confgen -r /dev/urandom -a //生成 rndc.key, 如果没有这个key namd 是启动不了的。
wrote key file "/etc/rndc.key"
[root@www named]# chown named:named /etc/rndc.key //更改key的权限
[root@www named]# /etc/init.d/named start //启动named服务
启动 named：                    确定
[root@www named]# netstat -lnp |grep named //检查named进程是否监听了53端口
tcp        0      0 192.168.2.11:53             0.0.0.0:*                   LISTEN      15119/named         
tcp        0      0 192.168.1.110:53            0.0.0.0:*                   LISTEN      15119/named         
tcp        0      0 192.168.1.11:53             0.0.0.0:*                   LISTEN      15119/named         
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      15119/named         
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      15119/named         
tcp        0      0 ::1:953                     :::*                        LISTEN      15119/named         
udp        0      0 192.168.2.11:53             0.0.0.0:*                               15119/named         
udp        0      0 192.168.1.110:53            0.0.0.0:*                               15119/named         
udp        0      0 192.168.1.11:53             0.0.0.0:*                               15119/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               15119/named         

正向测试和方向测试

[root@www named]# dig @127.0.0.1 localhost //格式为 dig @DNSServer 域名 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 localhost ; (1 server found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12472 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost.         IN  A

;; ANSWER SECTION: localhost. 86400 IN A 127.0.0.1 ;; AUTHORITY SECTION: localhost. 86400 IN NS localhost. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Oct 18 15:18:20 2015 ;; MSG SIZE  rcvd: 57[root@www named]# dig @127.0.0.1 localhost ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 localhost ; (1 server found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12472 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost.         IN  A

;; ANSWER SECTION: localhost. 86400 IN A 127.0.0.1 ;; AUTHORITY SECTION: localhost. 86400 IN NS localhost. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Oct 18 15:18:20 2015 ;; MSG SIZE  rcvd: 57 [root@www named]# dig @127.0.0.1 -x 127.0.0.1 //测试反向解析， 格式为 dig @DNSServer -x 域名

增加一个域名hehe.com

[root@www named]# vim /etc/named.conf
zone "hehe.com" IN {
    type master; #是一个主
    file "hehe.com.zone";#域名配置文件
};
zone "1.168.192.in-addr.arpa" IN {
    type master;
    file "192.168.zone";# 用于反向解析
};

[root@www named]# vim /var/named/hehe.com.zone //与上面的配置文件相对应


$TTL    600 //时间 TTL
@               IN      SOA     hehe.com.      root.hehe.com.    (//固定时间
                                                        2015101901
                                                        1H
                                                        10M
                                                        7D
                                                        1D
)
                 IN      NS      ns.hehe.com.
                 IN      MX  10  mail.hehe.com.
ns               IN      A       192.168.1.11  //A记录
www              IN      A       192.168.1.12
mail             IN      A       192.168.1.12
bbs              IN      CNAME    www.hehe.com.  //came 


[root@www named]# vim /var/named/192.168.zone
$TTL 600
@               IN      SOA     ns.hehe.com.      root.hehe.com. (
                                                        2015101901
                                                        1H
                                                        10M
                                                        7D
                                                        1D
)
@               IN      NS      ns.hehe.com.
111              IN      PTR     ns.hehe.com.
123              IN      PTR     mail.hehe.com.
122              IN      PTR     www.hehe.com.

测试是否正确

[root@www named]# named-checkconf 
[root@www named]# named-checkzone "0.0.127.in-addr.arpa" 192.168.zone 
zone 0.0.127.in-addr.arpa/IN: loaded serial 2015101901
OK
[root@www named]# named-checkzone "hehe.com" /var/named/hehe.com.zone 
zone hehe.com/IN: loaded serial 2015101901
OK

重启

[root@www named]# /etc/init.d/named restart

测试

[root@www named]# dig @192.168.1.11 www.hehe.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 www.hehe.com ; (1 server found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22136 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.hehe.com.          IN  A

;; ANSWER SECTION: www.hehe.com. 600 IN A 192.168.1.122 ;; AUTHORITY SECTION: hehe.com. 600 IN NS ns.hehe.com. ;; ADDITIONAL SECTION: ns.hehe.com. 600 IN A 192.168.1.111 ;; Query time: 2 msec ;; SERVER: 192.168.1.11#53(192.168.1.11) ;; WHEN: Sun Oct 18 15:50:04 2015 ;; MSG SIZE  rcvd: 79 [root@www named]# dig @192.168.1.11 bbs.hehe.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 bbs.hehe.com ; (1 server found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42901 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;bbs.hehe.com.          IN  A

;; ANSWER SECTION: bbs.hehe.com. 600 IN CNAME www.hehe.com. www.hehe.com. 600 IN A 192.168.1.122 ;; AUTHORITY SECTION: hehe.com. 600 IN NS ns.hehe.com. ;; ADDITIONAL SECTION: ns.hehe.com. 600 IN A 192.168.1.111 ;; Query time: 3 msec ;; SERVER: 192.168.1.11#53(192.168.1.11) ;; WHEN: Sun Oct 18 15:51:07 2015 ;; MSG SIZE  rcvd: 97 [root@www named]# dig @127.0.0.1 -x 192.168.1.111 //反向解析 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 -x 192.168.1.111 ; (1 server found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21145 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;111.1.168.192.in-addr.arpa.    IN  PTR

;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Oct 18 15:53:03 2015 ;; MSG SIZE  rcvd: 44

配置DNS转发
我们配置的DNS是只能解析我们定义的zone的，我们没有定义的是不能解析的。配置DNS转发就可以解析其他互联网上的域名了，前提是这个域名在互联网中的确在使用，也就是说这个域名已经被某个DNS服务器解析了。

[root@www named]# vim /etc/named.conf
将options选项修改为

options {
    directory "/var/named";
    forward first;
    forwarders { 8.8.8.8; };
};

测试

[root@www named]# named-checkconf 
[root@www named]# /etc/init.d/named restart
停止 named：                                               [确定]
启动 named：                                               [确定]

[root@www named]# dig @192.168.1.11 www.baidu.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18147
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com.      246 IN  CNAME   www.a.shifen.com.
www.a.shifen.com.   104 IN  A   61.135.169.125
www.a.shifen.com.   104 IN  A   61.135.169.121

;; Query time: 1 msec
;; SERVER: 192.168.1.11#53(192.168.1.11)
;; WHEN: Sun Oct 18 16:04:35 2015
;; MSG SIZE rcvd: 90

配置主从
主 www 192.168.1.11 已安装bind（必须）
从 test 192.168.1.12 已安装bind（必须）
主

[root@www named]# vim /etc/named.conf
options {
    directory "/var/named";
    forward first;
    forwarders { 8.8.8.8; };
};

zone "." IN  {
    type hint;
    file "named.ca";
};
zone "localhost" IN {
    type master;
    file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";
};
zone "hehe.com" IN {
    type master;
    file "hehe.com.zone";
    notify yes;//增加访问速度,一旦修改立即告诉从
    also-notify { 192.168.1.12; }; //从的ip地址
};
zone "137.168.192.in-addr.arpa" IN {
    type master;
    file "192.168.zone";
    notify yes;
    also-notify { 192.168.1.11; };
};
[root@www named]# named-checkconf 
[root@www named]# scp /etc/named.conf 192.168.1.12:/etc/
[root@www named]# scp /var/named/localhost.zone 192.168.1.12:/var/named/
[root@www named]# scp /var/named/named.local 192.168.1.12:/var/named/

从上

[root@test ~]# vim /etc/named.conf
options {
    directory "/var/named";
    forward first;
    forwarders { 8.8.8.8; };
};

zone "." IN  {
    type hint;
    file "named.ca";
};
zone "localhost" IN {
    type master;
    file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";
};
zone "hehe.com" IN {
    type slave;
    file "slaves/hehe.com.zone";
    masters { 192.168.1.11; };
};
zone "137.168.192.in-addr.arpa" IN {
    type slave;
    file "slaves/192.168.zone";
    masters { 192.168.1.11; };
};

[root@test ~]# named-checkconf 
[root@test ~]# rndc-confgen -r /dev/urandom -a
wrote key file "/etc/rndc.key"
[root@test ~]# chown named:named /etc/rndc.key 
[root@test ~]# /etc/init.d/named start
启动 named：                                               [确定]
启动后将会发现
在/var/named/slaves有
[root@test slaves]# ls -l /var/named/slaves/
总用量 8
-rw-r--r-- 1 named named 385 10月 18 16:31 192.168.zone
-rw-r--r-- 1 named named 385 10月 18 16:31 hehe.com.zone

两个文件

注意：
必须同步时间

[root@www named]# ntpdate 202.120.2.101

测试主从同步
在主上执行

[root@www named]# vim /var/named/hehe.com.zone // 在最后增加一行并改变顺列号,使序列号大于原来的 2015101902>2015101901
cangls           IN      A       192.168.1.222
root@www named]# /etc/init.d/named restart
停止 named：                                               [确定]
启动 named：                                               [确定]

说明：
从设备的内容可以修改，但是从变动，主不变，如从变动后，又同步了主的，则以主的为主
但是如过主设备的zone文件的时间小于或等于从设备的zone则会导致文件不会同步
其中2015101902>2015101901

从

[root@test slaves]# vim /var/named/slaves/hehe.com.zone
增加一行
ccc                     A       1.2.4.3  
并加大序列号 2015101903

$ORIGIN .
$TTL 600        ; 10 minutes
hehe.com                IN SOA  hehe.com. root.hehe.com. (
                                2015101903 ; serial
                                3600       ; refresh (1 hour)
                                600        ; retry (10 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      ns.hehe.com.
                        MX      10 mail.hehe.com.
$ORIGIN hehe.com.
bbs                     CNAME   www
cangls                  A       192.168.1.222
mail                    A       192.168.1.123
ns                      A       192.168.1.111
www                     A       192.168.1.122
ccc                     A       1.2.4.3  
[root@test slaves]# /etc/init.d/named restart
[root@test slaves]# dig @localhost ccc.hehe.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55988
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;ccc.hehe.com. IN A

;; ANSWER SECTION:
ccc.hehe.com.       600 IN  A   1.2.4.3

;; AUTHORITY SECTION:
hehe.com.       600 IN  NS  ns.hehe.com.

;; ADDITIONAL SECTION:
ns.hehe.com.        600 IN  A   192.168.1.111

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 18 17:02:13 2015
;; MSG SIZE rcvd: 79

可以看到解析为1.2.4.3

主上

root@www named]# vim hehe.com.zone 
增加一行
ccc              IN      A       1.2.3.4
并且不改变序列号
$TTL    600
@               IN      SOA     hehe.com.      root.hehe.com.    (
                                                        2015101902
                                                        1H
                                                        10M
                                                        7D
                                                        1D
)
                 IN      NS      ns.hehe.com.
                 IN      MX  10  mail.hehe.com.
ns               IN      A       192.168.1.111
www              IN      A       192.168.1.122
mail             IN      A       192.168.1.123
bbs              IN      CNAME    www.hehe.com.
cangls           IN      A       192.168.1.222
ccc              IN      A       1.2.3.4
[root@www named]# /etc/init.d/named restart

从上执行

[root@test slaves]# dig @localhost ccc.hehe.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com ; (2 servers found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49573 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;ccc.hehe.com.          IN  A

;; ANSWER SECTION: ccc.hehe.com. 600 IN A 1.2.4.3 ;; AUTHORITY SECTION: hehe.com. 600 IN NS ns.hehe.com. ;; ADDITIONAL SECTION: ns.hehe.com. 600 IN A 192.168.1.111 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Oct 18 17:06:19 2015 ;; MSG SIZE  rcvd: 79

可以看到解析的为1.2.4.3
因为主上序列号小于从上的，从并不跟随主上的修改

主上执行

[root@www named]# vim hehe.com.zone 
增大序列号
$TTL    600
@               IN      SOA     hehe.com.      root.hehe.com.    (
                                                        2015101904
                                                        1H
                                                        10M
                                                        7D
                                                        1D
)
                 IN      NS      ns.hehe.com.
                 IN      MX  10  mail.hehe.com.
ns               IN      A       192.168.1.111
www              IN      A       192.168.1.122
mail             IN      A       192.168.1.123
bbs              IN      CNAME    www.hehe.com.
cangls           IN      A       192.168.1.222
ccc              IN      A       1.2.3.4
[root@www named]# /etc/init.d/named restart

从上执行

[root@test slaves]# dig @localhost ccc.hehe.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com ; (2 servers found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49573 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;ccc.hehe.com.          IN  A

;; ANSWER SECTION: ccc.hehe.com. 600 IN A 1.2.3.4 ;; AUTHORITY SECTION: hehe.com. 600 IN NS ns.hehe.com. ;; ADDITIONAL SECTION: ns.hehe.com. 600 IN A 192.168.1.111 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Oct 18 17:06:19 2015 ;; MSG SIZE  rcvd: 79

可以看到解析的为1.2.3.4
因为主上序列号大于从上的，从跟随主上的修改