zoukankan      html  css  js  c++  java

  • day5-Dns

    DNS

    DNS(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。DNS协议运行在UDP协议之上,使用端口号53。在RFC文档中RFC 2181对DNS有规范说明,RFC 2136对DNS的动态更新进行说明,RFC 2308对DNS查询的反向缓存进行说明。

    • 配置好客户机的/etc/resolv.conf文件
    • 分别使用 nslookup、host工具进行测试,确保查询结果正常
    • 主配置文件位于:/etc/named.conf 。
    • 解析记录文件(区域数据)位于:/var/named/* 

    解析

    正向解析  www.testdns.com -------------> IP

    反向解析      IP---------------->www.testdns.com

    查询方式

    递归查询

      返回给客户端一个查询结果

      客户端到DNS

    迭代查询

      返回给客户端一个查询地址

      DNS服务器到DNS服务器

    安装软件包

    [root@www ~]# yum -y install bind bind-chroot

    先备份配置文件

    [root@www etc]# cp -p named.conf named.conf.bk
    [root@www etc]# ll named.conf*
    -rw-r-----. 1 root named 1008 7月 19 2010 named.conf
    -rw-r-----. 1 root named 1008 7月 19 2010 named.conf.bk

     配置文件解释

    11行  listen-on port 53 { 127.0.0.1; };改为listen-on port 53 { any; };开放端口

    17行   allow-query     { localhost; };改为 allow-query     { any; };  允许所有人向我发送请求

     37到40行 是根区域

    37 zone "." IN {
    38 type hint;   根类型
    39 file "named.ca";   该文件在/var/named/named.ca
    40 };

    当解析找不到时,会找根文件

    [root@localhost ~]# cat /var/named/named.ca
    ; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
    ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    . 518400 IN NS M.ROOT-SERVERS.NET.
    . 518400 IN NS A.ROOT-SERVERS.NET.
    . 518400 IN NS B.ROOT-SERVERS.NET.
    . 518400 IN NS C.ROOT-SERVERS.NET.
    . 518400 IN NS D.ROOT-SERVERS.NET.
    . 518400 IN NS E.ROOT-SERVERS.NET.
    . 518400 IN NS F.ROOT-SERVERS.NET.
    . 518400 IN NS G.ROOT-SERVERS.NET.
    . 518400 IN NS H.ROOT-SERVERS.NET.
    . 518400 IN NS I.ROOT-SERVERS.NET.
    . 518400 IN NS J.ROOT-SERVERS.NET.
    . 518400 IN NS K.ROOT-SERVERS.NET.
    . 518400 IN NS L.ROOT-SERVERS.NET.

    ;; ADDITIONAL SECTION:
    A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
    A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30
    B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
    C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
    D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
    E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
    F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
    F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f
    G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
    H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
    H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235
    I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
    J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
    J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30
    K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
    K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1
    L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
    M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
    M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35

    ;; Query time: 147 msec
    ;; SERVER: 198.41.0.4#53(198.41.0.4)
    ;; WHEN: Mon Feb 18 13:29:18 2008
    ;; MSG SIZE rcvd: 615

    A代表IPV4,AAAA代表IPV6

    指定解析记录

    SOA  起始授权记录  指定谁我赙当前的区域;在区域里SOA记录只能出现在一次--------正向反向都可以用

    A  把主机名解析到IP地址  可以出现多次---------正向

    NS  (name server)当前区域内的主机名 是谁来负责解析----------正向

    CNAME  给主机名定义别名-------------正向

    区域文件

    $TTL  3600  本地缓存离保存时间--------3600秒  表示该文件全局

    test.com  IN  SOA  dns.test.com  admin.test.com.   (  //admin.test.com等于admin@test.com  //dns.test.com是test.com权威服务器

      2016081801  序列号的格式

      28800  更新时间(单位秒)辅服务器多少时间来更新---解析记录

      14400  重试时间

      17200  过期时间

      86400  和$TLL一样  不可以不写

    )

    区域  internet  SOA记录  主机名  主机是区域的权威服务器  管理员邮箱地址  @表示主机区域,另有含义

    test.com.或者用@表示或者不写为空  IN  NS  dns.test.com.  dns.test.com解析test.com记录

    www  IN  A  192.168.100.100

    ftp     IN  A  192.168.100.100

    web  IN  CNAME  www

    $GENERATE  100-110  dnsserver$  IN  A  192.168.100.$  --------这是泛域名

    相当于以下

    dnsserver100.test.com  dnsserver$  IN  A  192.168.100.100  

    dnsserver101.test.com  dnsserver$  IN  A  192.168.100.101

    dnsserver102.test.com  dnsserver$  IN  A  192.168.100.102

    ...

    dnsserver110.test.com  dnsserver$  IN  A  192.168.100.110

    *  IN  A  192.168.100.100  ---------这是泛域名

    定义自己管理的区域

    42 include "/etc/named.rfc1912.zones";
    43 include "/etc/named.root.key";

    FQDN

    fully qualified domain name

    实验 

    搭建DNS服务器

    更改vim /etc/named.conf

    11行  listen-on port 53 { 127.0.0.1; };改为listen-on port 53 { any; };开放端口

    17行   allow-query     { localhost; };改为 allow-query     { any; };  允许所有人向我发送请求

    编辑文件-----最后追加----------------对域名解析

    [root@localhost etc]# tail -4 named.rfc1912.zones
    zone "test.com" IN {
    type master;
    file "test.com.zone";
    };

    测试下配置文件有没有报错----区域文件格式

    named-checkconf /etc/named.conf 

    指定解析记录

    vim /var/named/test.com.zone

    $TTL 86400
    @ IN SOA dns.test.com. dns.admin.com. (
    2016081901
    4H
    2H
    4H
    1D
    )
    IN NS dns.test.com.
    dns IN A 192.168.100.100  ------------这条必须添加,不然会报错  解析自己的dns对应上面的SOA后面的dns.test.com
    www IN A 192.168.100.100
    ftp IN A 192.168.100.100
    web IN CNAME www  ---------------这是别名

    $GENERATE  100-110  ftp$  IN  A  192.168.100.$  --------这是泛域名

     -------------------------------------------------------------------------------------------------

    相当于以下

    ftp100.test.com  IN  A  192.168.100.100  

    ftp101.test.com  IN  A  192.168.100.101

    ftp102.test.com  IN  A  192.168.100.102

    ...

    ftp110.test.com  IN  A  192.168.100.110

    *  IN  A  192.168.100.100  ---------这是泛域名---------没有的记录,也能匹配  *.test.com

    检查记录文件是否有错误

    [root@localhost named]# named-checkzone test.com /var/named/test.com.zone
    zone test.com/IN: loaded serial 2016081901
    OK


    重启服务

    /etc/init.d/named restart

    看下端口

    [root@localhost named]# netstat -anptu |grep named
    tcp 0 0 192.168.100.100:53 0.0.0.0:* LISTEN 3377/named
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3377/named
    tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3377/named
    tcp 0 0 ::1:53 :::* LISTEN 3377/named
    tcp 0 0 ::1:953 :::* LISTEN 3377/named
    udp 0 0 192.168.100.100:53 0.0.0.0:* 3377/named
    udp 0 0 127.0.0.1:53 0.0.0.0:* 3377/named
    udp 0 0 ::1:53 :::* 3377/name

    [root@localhost ~]# tail -1 /etc/resolv.conf
    nameserver 192.168.100.100

    测试结果

    使用nslookup工具测试

    [root@localhost named]# nslookup www.test.com
    Server: 192.168.100.100  DNS服务器名称
    Address: 192.168.100.100#53  DNS服务器地址、端口

    Name: www.test.com  查询目标域名
    Address: 192.168.100.100  反馈结果IP地址

    [root@localhost named]# nslookup web.test.com
    Server: 192.168.100.100
    Address: 192.168.100.100#53

    web.test.com canonical name = www.test.com.
    Name: www.test.com
    Address: 192.168.100.100

    [root@localhost named]# nslookup ftp.test.com
    Server: 192.168.100.100
    Address: 192.168.100.100#53

    Name: ftp.test.com
    Address: 192.168.100.100

    [root@localhost named]# nslookup dns.test.com
    Server: 192.168.100.100
    Address: 192.168.100.100#53

    Name: dns.test.com
    Address: 192.168.100.100

    使用host命令测试

    [root@localhost named]# host web.test.com
    web.test.com is an alias for www.test.com.
    www.test.com has address 192.168.100.100
    [root@localhost named]# host ftp.test.com
    ftp.test.com has address 192.168.100.100
    [root@localhost named]# host dns.test.com
    dns.test.com has address 192.168.100.100

    -----------------------------------------------

    搭建从(辅)DNS服务器 slave

    主DNS服务器配置

    [root@master ~]# tail -5 /etc/named.rfc1912.zones
    zone "test.com" IN {
    type master;
    file "test.com.zone";
    allow-transfer { 192.168.100.101; };
    };

    [root@master ~]# cat /var/named/test.com.zone
    $TTL 86400
    @ IN SOA dns.test.com. dns.admin.com. (
    2016081901
    4H
    2H
    4H
    1D
    )
    IN NS dns.test.com.
    IN NS slave.test.com.
    dns IN A 192.168.100.100
    slave IN A 192.168.100.100
    www IN A 192.168.100.100
    web IN CNAME www

    $GENERATE 100-110 FTP$ IN A 192.168.100.$

    * IN A 192.168.100.100

    /etc/init.d/named restart  主DNS重启服务

    从DNS配置

    更改vim /etc/named.conf

    11行  listen-on port 53 { 127.0.0.1; };改为listen-on port 53 { any; };开放端口

    17行   allow-query     { localhost; };改为 allow-query     { any; };  允许所有人向我发送请求

    [root@slaves ~]# tail -5 /etc/named.rfc1912.zones
    zone "test.com" {
    type slave;
    masters { 192.168.100.100; };
    file "slaves/slave.test.com.zone";
    };

    [root@slaves ~]# ll /var/named/ /var/named/slaves/
    /var/named/:
    总用量 32
    drwxr-x---. 6 root named 4096 8月 19 22:50 chroot
    drwxrwx---. 2 named named 4096 2月 22 2013 data
    drwxrwx---. 2 named named 4096 2月 22 2013 dynamic
    -rw-r-----. 1 root named 1892 2月 18 2008 named.ca
    -rw-r-----. 1 root named 152 12月 15 2009 named.empty
    -rw-r-----. 1 root named 152 6月 21 2007 named.localhost
    -rw-r-----. 1 root named 168 12月 15 2009 named.loopback
    drwxrwx---. 2 named named 4096 2月 22 2013 slaves

    /var/named/slaves/:
    总用量 0

    /etc/init.d/named restart  从DNS重启服务

    可以看到从主DNS服务器上面取下来的记录文件

    [root@slaves ~]# ll /var/named/slaves/
    总用量 4
    -rw-r--r--. 1 named named 711 8月 19 23:10 slave.test.com.zone

    使用host

    [root@slaves ~]# host ftp110.test.com
    ftp110.test.com has address 192.168.100.110
  • 相关阅读:
    【Codechef】Chef and Bike(二维多项式插值)
    USACO 完结的一些感想
    USACO 6.5 Checker Challenge
    USACO 6.5 The Clocks
    USACO 6.5 Betsy's Tour (插头dp)
    USACO 6.5 Closed Fences
    USACO 6.4 Electric Fences
    USACO 6.5 All Latin Squares
    USACO 6.4 The Primes
    USACO 6.4 Wisconsin Squares
  • 原文地址:https://www.cnblogs.com/fina/p/5783851.html
Copyright © 2011-2022 走看看