DNS and BIND
Ŀ¼
DNS�����
DNS����Ĵ
���Ӹ���
������Ȩ
����bind viewʵ������DNS
һ��DNS�����
DNS��Domain Name System������ϵͳ ��DNS��Ϊ�����IP��ַ�ӳ���һ���ֲ�ʽ��ݿ⣬�ܹ����û���ӷ���ķ��ʻ������������ӳ���ǰ�һ�������IP��ַ������������ķ���ӳ���ǰ�IP��ַ�����������������DNSЭ��������UDPЭ���ϣ�ʹ�ö˿ں�53.
����DNS���ֿռ䱻��֯��һ�����νṹ��ÿ�������������������ķ�֧�ϵ�һ���ڵ㡣
�����
����/
������
��ʶ�����.com .net .org .edu��
��ҵ�����.cn .de .jp .hk .us��
������www.mage.com������.magedu����һ����������
DNS��ѯ���ͣ�
�ݹ��ѯ���ͻ���������������������������������ʵ�Ĵ�����ת������һ����һ�����ƣ�ֱ���鵽�ͻ���������������Ӧ��IP��ַ��Ȼ��IP��ַ���ظ�ͻ���
����ѯ���ͻ�����DNS��������������DNS�����������Ƿ�鵽��Ӧ��IP��ֱַ�ӷ��ظ�ͻ����
DNS���������
���������FQDN��IP��ַ�Ľ���
���������IP��ַ��FQDN�Ľ���
DNS�����������ͣ�
����������ά�����������ڽ�����ķ�����
�ӷ�������������������ͬ�����ƶ�Ӧ�Ľ������ļ�
������������������ѯ��Ľ�����Ŀ
ת��������������DZ��������ڵ������ͨ��ת�������DNS�������Ͻ��б��ز�ѯ
DNSһ�������ѯ�Ĺ�̣�
���ȿͻ�����һ��DNS�������鿴host�ļ����Ƿ�����Ӧ�Ķ�Ӧ������Ŀ�����û�оͲ�صĻ��棬����û�о������������������ѯ�������������������������ȥ�ĸ���Ӧ�����в�ѯ���Դ����ƣ��鵽��Ӧ�� IPȻ�ظ�ͻ���
DNS����Դ��¼��
SOA������һ��DNS����
NS����ʶ������������
A�����ֵ�IPv4��ַ��ת��
AAAA�����ֵ�ipv6��ַ��ת��
PTR����ַ�����ֵ�ת��
MX���ʼ���¼
CNAME������ı����¼
����DNS����Ĵ
1����װDNS��������bind��
yum -y install bind
2����/ec/named.conf�����ļ�
[root@bogon ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };####DNS����Ķ˿ںż�������Щ�������˶˿ں�
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };###������Щ������Խ��в�ѯ����
recursion yes;###�Ƿ�����ݹ����
dnssec-enable yes;
dnssec-validation yes;
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
3���༭/etc/named.rfc1912.zones�ļ����������������ļ��ͷ��������ļ�
[root@bogon ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN { ##�������
type master; ##������DNS
file "magedu.com.zone";###����������ļ�
};
zone "1.168.192.in-addr.arpa" IN { ##�������
type master; ##�������������DNS
file "192.168.1.zone"; ##����������ļ�
};
4����/var/namedĿ¼�½�����������ͷ��������ļ��Ľ��������
[root@bogon named]# vim magedu.com.zone######���������������� $TTL 1D @ IN SOA ns1.magedu.com. admin.magedu.com. ( 2016070901 1H 2M 3D 1D ) IN NS ns1.magedu.com. IN MX 10 mx1.magedu.com. ns1 IN A 192.168.1.104 mx1 IN A 192.168.1.10 www IN A 192.168.1.20 web IN CNAME www [root@bogon named]# vim 192.168.1.zone####���������������� $TTL 1D @ IN SOA ns1.magedu.com. admin.magedu.com.�� 2016070901 1H 2M 3D 1D ) IN NS ns1.magedu.com. 104 IN PTR ns1.magedu.com. 10 IN PTR mx1.magedu.com. 20 IN PTR www.magedu.com. 20 IN PTR web.magedu.com. ~
5���ļ������Ѿ���������������Ҫ������Ȩ��������Ϊnamed
[root@bogon named]# chown :named magedu.com.zone 192.168.1.zone [root@bogon named]# ll -rw-r--r--. 1 root named 273 Jul 9 16:28 192.168.1.zone -rw-r--r--. 1 root named 268 Jul 9 16:23 magedu.com.zone
6����������ļ��������ļ���Ƿ���ȷ
[root@bogon named]# named-checkconf [root@bogon named]# named-checkzone magedu.com.zone /var/named/magedu.com.zone zone magedu.com.zone/IN: loaded serial 2016070901 OK [root@bogon named]# named-checkzone 1.168.192.in-addr.arpa /var/named/192.168.1.zone zone 1.168.192.in-addr.arpa/IN: loaded serial 2016070901 OK
7������named����Ȼ������Ƿ���
[root@bogon named]# systemctl restart named.service [root@bogon ~]# dig www.magedu.com @192.168.1.104 ##������� ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> www.magedu.com @192.168.1.104 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9645 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.magedu.com. IN A ;; ANSWER SECTION: www.magedu.com. 86400 IN A 192.168.1.20 ;; AUTHORITY SECTION: magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.1.104 ;; Query time: 1 msec ;; SERVER: 192.168.1.104#53(192.168.1.104) ;; WHEN: Tue Jun 21 22:15:50 2016 ;; MSG SIZE rcvd: 82 [root@bogon ~]# dig -x 192.168.1.20 @192.168.1.104 ###������� ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> -x 192.168.1.20 @192.168.1.104 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60239 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;20.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 20.1.168.192.in-addr.arpa. 86400 IN PTR www.magedu.com. 20.1.168.192.in-addr.arpa. 86400 IN PTR web.magedu.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.1.104 ;; Query time: 0 msec ;; SERVER: 192.168.1.104#53(192.168.1.104) ;; WHEN: Tue Jun 21 22:17:12 2016 ;; MSG SIZE rcvd: 123
�����Ӹ���
1����DNS��/var/named.conf�����ļ�ͬ��DNS��������һ��ģ����д˴��Ͳ�����չʾ�ˡ�
2���༭/etc/named.rfc1912.zones�ļ����ôӷ�����������ͷ�������Ľ�������
[root@bogon ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters {192.168.1.104;};
file "slaves/magedu.com.slave.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters {192.168.1.104;};
file "slvaes/192.168.1.slave.zone";
};
3����������鿴/var/named/slavesĿ¼��������
192.168.1.slave.zone magedu.com.slave.zone�������ļ���
[root@bogon slaves]# ll total 8 -rw-r--r-- 1 named named 413 May 11 23:37 192.168.1.slave.zone -rw-r--r-- 1 named named 396 May 11 23:39 magedu.com.slave.zone
4�����ԣ���ʱ���ǰѿͻ����DNSָ�����ǵĴӷ�������ַȻ���Ƿ����ʹ����
[root@bogon ~]# dig -x 192.168.1.20 @192.168.1.100��192.168.1.100�Ǵ�DNS�������ĵ�ַ�� ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> -x 192.168.1.20 @192.168.1.100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16233 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;20.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 20.1.168.192.in-addr.arpa. 86400 IN PTR web.magedu.com. 20.1.168.192.in-addr.arpa. 86400 IN PTR www.magedu.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.1.104 ;; Query time: 31 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Tue Jun 21 22:39:33 2016 ;; MSG SIZE rcvd: 123 [root@bogon ~]# dig www.magedu.com @192.168.1.100��192.168.1.100�Ǵ�DNS�������ĵ�ַ�� ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> www.magedu.com @192.168.1.100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10729 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.magedu.com. IN A ;; ANSWER SECTION: www.magedu.com. 86400 IN A 192.168.1.20 ;; AUTHORITY SECTION: magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.1.104 ;; Query time: 0 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Tue Jun 21 22:39:53 2016 ;; MSG SIZE rcvd: 82 ok�������ʱ���ǵĴ�DNS��������û������ġ����������DNS���и�����Ŀ��ô���Ǵӷ�������ʱ�� ÿ�а취ͬ�������ģ���ô������һ������������ͬ������
5������ͬ��
����DNS��������/var/named/magedu.com.zone�����һ��NS��¼���˼�¼ָ�����Ǵ�DNS��������IP��ַ
����DNS������/var/named/192.168.1.zone�����һ��NS��¼ͬʱ����Ӧ�ķ���IP����
$TTL 1D @ IN SOA ns1.magedu.com. admin.magedu.com. ( 2016070902###�汾����Ҫ��� 1H 2M 3D 1D ) IN NS ns1.magedu.com. IN NS ns2.magedu.com.###����Ϊ��ӵ�ns��¼ IN MX 10 mx1.magedu.com. ns1 IN A 192.168.1.104 ns2 IN A 192.168.1.100####��Ӧ��ns������ַ���˵�ַΪ��DNS�������ĵ�ַ mx1 IN A 192.168.1.10 www IN A 192.168.1.20 web IN CNAME www ~
$TTL 1D @ IN SOA ns1.magedu.com. admin.magedu.com. ( 2016070902###�汾����Ҫ��� 1H 2M 3D 1D ) IN NS ns1.magedu.com. IN NS ns2.magedu.com.###����Ϊ��ӵ�ns��¼ 100 IN PTR ns2.magedu.com.###��Ӧ�Ľ�����ַ 104 IN PTR ns1.magedu.com. 10 IN PTR mx1.magedu.com. 20 IN PTR www.magedu.com. 20 IN PTR web.magedu.com. ~
���¼�����DNS�������ķ���rndc reload��Ȼ�����ǵ���DNS�в鿴���Ѿ�ͬ���ˡ�
[root@bogon slaves]# cat 192.168.1.slave.zone $ORIGIN . $TTL 86400 ; 1 day 1.168.192.in-addr.arpa IN SOA ns1.magedu.com. admin.magedu.com. ( 2016070902 ; serial 3600 ; refresh (1 hour) 120 ; retry (2 minutes) 259200 ; expire (3 days) 86400 ; minimum (1 day) ) NS ns1.magedu.com. NS ns2.magedu.com. $ORIGIN 1.168.192.in-addr.arpa. 10 PTR mx1.magedu.com. 100 PTR ns2.magedu.com. 104 PTR ns1.magedu.com. 20 PTR www.magedu.com. PTR web.magedu.com.
[root@bogon slaves]# [root@bogon slaves]# cat magedu.com.slave.zone $ORIGIN . $TTL 86400 ; 1 day magedu.com IN SOA ns1.magedu.com. admin.magedu.com. ( 2016070902 ; serial 3600 ; refresh (1 hour) 120 ; retry (2 minutes) 259200 ; expire (3 days) 86400 ; minimum (1 day) ) NS ns1.magedu.com. NS ns2.magedu.com. MX 10 mx1.magedu.com. $ORIGIN magedu.com. mx1 A 192.168.1.10 ns1 A 192.168.1.104 ns2 A 192.168.1.100 web CNAME www www A 192.168.1.20
ok�����˴��Ѿ������ͬ���ˡ�
�ġ�������Ȩ
�����Ѿ�ӵ����magedu.com
��������һ������sport.magedu.com��Ҫ�Դ�������н���
1)��DNS�������ϱ༭/var/named.rfc1912.zones�ļ��ڴ����������������ļ�
[root@bogon named]# vim /etc/named.rfc1912.zones
zone "sport.magedu.com" IN {
type master;
file "sport.magedu.com.zone";
};
2����/var/named/Ŀ¼�½���sport.magedu.com.zone������������
[root@bogon named]# vim /var/named/sport.magedu.com.zone $TTL 1D @ IN SOA ns1.sport.magedu.com. admin.sport.magedu.com. ( 2016070902 1H 2M 3D 1D ) IN NS ns1.sport.magedu.com. ns1 IN A 192.168.1.100 www IN A 192.168.1.200
3����������������¼��ط���rndc reload
4������������������Ƿ���
[root@bogon ~]# dig www.sport.magedu.com @192.168.1.104 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> www.sport.magedu.com @192.168.1.104 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31997 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.sport.magedu.com. IN A ;; ANSWER SECTION: www.sport.magedu.com. 86400 IN A 192.168.1.200 ;; AUTHORITY SECTION: sport.magedu.com. 86400 IN NS ns1.sport.magedu.com. ;; ADDITIONAL SECTION: ns1.sport.magedu.com. 86400 IN A 192.168.1.100 ;; Query time: 0 msec ;; SERVER: 192.168.1.104#53(192.168.1.104) ;; WHEN: Tue Jun 21 23:12:13 2016 ;; MSG SIZE rcvd: 88
�塢����bind viewʵ������DNS
���������������ʱ�����ʹ�õ��ǵ��ź���ͨ��IP��ַ����������Ҫʵ���û�DNS�����ʱ���ܹ��ж��û��ǵ��Ż�����ͨ�Ӷ���û���Ӧ������Ӫ��IP��ַ��
###��ʵ���ǵ�����������û��ϵ��
1����װbind����
2�����������ļ��ж���acl����
acl liantong { ###�˴�������ͨ��acl
192.168.1.104; ###ģ��192.168.1.104����ͨ�ͻ���
};
acl dianxin { ###�������acl
192.168.1.100; ###ģ��192.168.1.100�ǵ��ſͻ���
};
####�˹�����Ҫ��ӵ�optionsǰ��
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
3������view
view liantong {
match-clients {liantong;}; ����lingtong�����acl
include "/etc/liantong.zones"; ����linatong������ݴ��λ��
};
view dianxin {
match-clients {dianxin;};
include "/etc/dianxin.zones"
};
view otherview {
match-clients {any;};
include "/etc/named.rfc1912.zones";
};
//include "/etc/named.rfc1912.zones";###����ע�͵�
include "/etc/named.root.key";
4����/etc/named.conf�еĸ������ƶ���/etc/naemd.rfc1912.zones�˴���,��ԭ���ĸ��ļ���Ҫ��ɾ����
[root@bogon ~]# vim /etc/named.rfc1912.zones
zone "." IN {
type hint;
file "named.ca";
};
5��������������ļ�
[root@bogon ~]# vim /etc/liantong.zones
zone "magedu.com." IN {
type master;
file liantong.zone;
};
[root@bogon ~]# vim /etc/dianxin.zones
zone "magedu.com" IN {
type master;
file "dianxin.zone";
};
6�����Ȩ�ޣ�
[root@bogon ~]# chown :named /etc/liantong.zones /etc/dianxin.zones [root@bogon ~]# ll /etc/liantong.zones -rw-r--r--. 1 root named 64 6�� 21 23:54 /etc/liantong.zones [root@bogon ~]# ll /etc/dianxin.zones -rw-r--r--. 1 root named 62 6�� 21 23:55 /etc/dianxin.zones
7��������������ļ��Ľ��������
[root@bogon ~]# vim /var/named/liantong.zone $TTL 1D @ IN SOA ns1.magedu.com. admin.magedu.com. ( 2016070401 1D 1H 1W 3H ) IN NS ns1 ns1 IN A 192.168.1.108 www IN A 5.5.5.5 ��ģ����ͨIP��
[root@bogon ~]# vim /var/named/dianxin.zone $TTL 1D @ IN SOA ns1.magedu.com. admin.magedu.com. ( 2016070401 1D 1H 1W 3H ) IN NS ns1 ns1 IN A 192.168.1.108 www IN A 6.6.6.6��ģ�����IP��
8�����Ȩ��
[root@bogon named]# chown :named dianxin.zone liantong.zone drwxrwx---. 2 named named 4096 5�� 11 07:07 data -rw-r--r--. 1 root named 410 6�� 22 00:05 dianxin.zone drwxrwx---. 2 named named 4096 5�� 11 07:07 dynamic -rw-r--r--. 1 root named 407 6�� 22 00:05 liantong.zone -rw-r-----. 1 root named 3171 1�� 11 22:12 named.ca -rw-r-----. 1 root named 152 12�� 15 2009 named.empty -rw-r-----. 1 root named 152 6�� 21 2007 named.localhost -rw-r-----. 1 root named 168 12�� 15 2009 named.loopback drwxrwx---. 2 named named 4096 5�� 11 07:07 slaves
9������������ԣ�
[root@bogon ~]# dig www.magedu.com @192.168.1.108 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> www.magedu.com @192.168.1.108 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17536 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.magedu.com. IN A ;; ANSWER SECTION: ###�˴����Կ�������ģ���ַ�Խ��� ;; AUTHORITY SECTION: magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.1.108 ;; Query time: 1 msec ;; SERVER: 192.168.1.108#53(192.168.1.108) ;; WHEN: Thu May 12 01:22:51 2016 ;; MSG SIZE rcvd: 82