DNS
DNS(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。DNS协议运行在UDP协议之上,使用端口号53。在RFC文档中RFC 2181对DNS有规范说明,RFC 2136对DNS的动态更新进行说明,RFC 2308对DNS查询的反向缓存进行说明。
- 配置好客户机的/etc/resolv.conf文件
- 分别使用 nslookup、host工具进行测试,确保查询结果正常
- 主配置文件位于:/etc/named.conf 。
- 解析记录文件(区域数据)位于:/var/named/*
解析
正向解析 www.testdns.com -------------> IP
反向解析 IP---------------->www.testdns.com
查询方式
递归查询
返回给客户端一个查询结果
客户端到DNS
迭代查询
返回给客户端一个查询地址
DNS服务器到DNS服务器
安装软件包
[root@www ~]# yum -y install bind bind-chroot
先备份配置文件
[root@www etc]# cp -p named.conf named.conf.bk
[root@www etc]# ll named.conf*
-rw-r-----. 1 root named 1008 7月 19 2010 named.conf
-rw-r-----. 1 root named 1008 7月 19 2010 named.conf.bk
配置文件解释
11行 listen-on port 53 { 127.0.0.1; };改为listen-on port 53 { any; };开放端口
17行 allow-query { localhost; };改为 allow-query { any; }; 允许所有人向我发送请求
37到40行 是根区域
37 zone "." IN {
38 type hint; 根类型
39 file "named.ca"; 该文件在/var/named/named.ca
40 };
当解析找不到时,会找根文件
[root@localhost ~]# cat /var/named/named.ca
; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35
;; Query time: 147 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Feb 18 13:29:18 2008
;; MSG SIZE rcvd: 615
A代表IPV4,AAAA代表IPV6
指定解析记录
SOA 起始授权记录 指定谁我赙当前的区域;在区域里SOA记录只能出现在一次--------正向反向都可以用
A 把主机名解析到IP地址 可以出现多次---------正向
NS (name server)当前区域内的主机名 是谁来负责解析----------正向
CNAME 给主机名定义别名-------------正向
区域文件
$TTL 3600 本地缓存离保存时间--------3600秒 表示该文件全局
test.com IN SOA dns.test.com admin.test.com. ( //admin.test.com等于admin@test.com //dns.test.com是test.com权威服务器
2016081801 序列号的格式
28800 更新时间(单位秒)辅服务器多少时间来更新---解析记录
14400 重试时间
17200 过期时间
86400 和$TLL一样 不可以不写
)
区域 internet SOA记录 主机名 主机是区域的权威服务器 管理员邮箱地址 @表示主机区域,另有含义
test.com.或者用@表示或者不写为空 IN NS dns.test.com. dns.test.com解析test.com记录
www IN A 192.168.100.100
ftp IN A 192.168.100.100
web IN CNAME www
$GENERATE 100-110 dnsserver$ IN A 192.168.100.$ --------这是泛域名
相当于以下
dnsserver100.test.com dnsserver$ IN A 192.168.100.100
dnsserver101.test.com dnsserver$ IN A 192.168.100.101
dnsserver102.test.com dnsserver$ IN A 192.168.100.102
...
dnsserver110.test.com dnsserver$ IN A 192.168.100.110
* IN A 192.168.100.100 ---------这是泛域名
定义自己管理的区域
42 include "/etc/named.rfc1912.zones";
43 include "/etc/named.root.key";
FQDN
fully qualified domain name
实验
搭建DNS服务器
更改vim /etc/named.conf
11行 listen-on port 53 { 127.0.0.1; };改为listen-on port 53 { any; };开放端口
17行 allow-query { localhost; };改为 allow-query { any; }; 允许所有人向我发送请求
编辑文件-----最后追加----------------对域名解析
[root@localhost etc]# tail -4 named.rfc1912.zones
zone "test.com" IN {
type master;
file "test.com.zone";
};
测试下配置文件有没有报错----区域文件格式
named-checkconf /etc/named.conf
指定解析记录
vim /var/named/test.com.zone
$TTL 86400
@ IN SOA dns.test.com. dns.admin.com. (
2016081901
4H
2H
4H
1D
)
IN NS dns.test.com.
dns IN A 192.168.100.100 ------------这条必须添加,不然会报错 解析自己的dns对应上面的SOA后面的dns.test.com
www IN A 192.168.100.100
ftp IN A 192.168.100.100
web IN CNAME www ---------------这是别名
$GENERATE 100-110 ftp$ IN A 192.168.100.$ --------这是泛域名
-------------------------------------------------------------------------------------------------
相当于以下
ftp100.test.com IN A 192.168.100.100
ftp101.test.com IN A 192.168.100.101
ftp102.test.com IN A 192.168.100.102
...
ftp110.test.com IN A 192.168.100.110
* IN A 192.168.100.100 ---------这是泛域名---------没有的记录,也能匹配 *.test.com
检查记录文件是否有错误
[root@localhost named]# named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2016081901
OK
重启服务
/etc/init.d/named restart
看下端口
[root@localhost named]# netstat -anptu |grep named
tcp 0 0 192.168.100.100:53 0.0.0.0:* LISTEN 3377/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3377/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3377/named
tcp 0 0 ::1:53 :::* LISTEN 3377/named
tcp 0 0 ::1:953 :::* LISTEN 3377/named
udp 0 0 192.168.100.100:53 0.0.0.0:* 3377/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 3377/named
udp 0 0 ::1:53 :::* 3377/name
[root@localhost ~]# tail -1 /etc/resolv.conf
nameserver 192.168.100.100
测试结果
使用nslookup工具测试
[root@localhost named]# nslookup www.test.com
Server: 192.168.100.100 DNS服务器名称
Address: 192.168.100.100#53 DNS服务器地址、端口
Name: www.test.com 查询目标域名
Address: 192.168.100.100 反馈结果IP地址
[root@localhost named]# nslookup web.test.com
Server: 192.168.100.100
Address: 192.168.100.100#53
web.test.com canonical name = www.test.com.
Name: www.test.com
Address: 192.168.100.100
[root@localhost named]# nslookup ftp.test.com
Server: 192.168.100.100
Address: 192.168.100.100#53
Name: ftp.test.com
Address: 192.168.100.100
[root@localhost named]# nslookup dns.test.com
Server: 192.168.100.100
Address: 192.168.100.100#53
Name: dns.test.com
Address: 192.168.100.100
使用host命令测试
[root@localhost named]# host web.test.com
web.test.com is an alias for www.test.com.
www.test.com has address 192.168.100.100
[root@localhost named]# host ftp.test.com
ftp.test.com has address 192.168.100.100
[root@localhost named]# host dns.test.com
dns.test.com has address 192.168.100.100
-----------------------------------------------
搭建从(辅)DNS服务器 slave
主DNS服务器配置
[root@master ~]# tail -5 /etc/named.rfc1912.zones
zone "test.com" IN {
type master;
file "test.com.zone";
allow-transfer { 192.168.100.101; };
};
[root@master ~]# cat /var/named/test.com.zone
$TTL 86400
@ IN SOA dns.test.com. dns.admin.com. (
2016081901
4H
2H
4H
1D
)
IN NS dns.test.com.
IN NS slave.test.com.
dns IN A 192.168.100.100
slave IN A 192.168.100.100
www IN A 192.168.100.100
web IN CNAME www
$GENERATE 100-110 FTP$ IN A 192.168.100.$
* IN A 192.168.100.100
/etc/init.d/named restart 主DNS重启服务
从DNS配置
更改vim /etc/named.conf
11行 listen-on port 53 { 127.0.0.1; };改为listen-on port 53 { any; };开放端口
17行 allow-query { localhost; };改为 allow-query { any; }; 允许所有人向我发送请求
[root@slaves ~]# tail -5 /etc/named.rfc1912.zones
zone "test.com" {
type slave;
masters { 192.168.100.100; };
file "slaves/slave.test.com.zone";
};
[root@slaves ~]# ll /var/named/ /var/named/slaves/
/var/named/:
总用量 32
drwxr-x---. 6 root named 4096 8月 19 22:50 chroot
drwxrwx---. 2 named named 4096 2月 22 2013 data
drwxrwx---. 2 named named 4096 2月 22 2013 dynamic
-rw-r-----. 1 root named 1892 2月 18 2008 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 4096 2月 22 2013 slaves
/var/named/slaves/:
总用量 0
/etc/init.d/named restart 从DNS重启服务
可以看到从主DNS服务器上面取下来的记录文件
[root@slaves ~]# ll /var/named/slaves/
总用量 4
-rw-r--r--. 1 named named 711 8月 19 23:10 slave.test.com.zone
使用host
[root@slaves ~]# host ftp110.test.com
ftp110.test.com has address 192.168.100.110