DNS解析流程及服务搭建
解析流程
- 以访问 www.baidu.com 为例子
- 1.客户端首先查看本地hosts文件是否存在对应ip
- 2.如果没有,则向/etc/resolv.conf 文件中指定的DNS解析服务器发起查询请求
- 3.DNS服务器首先查看自己本地有没有用缓存,有就直接返回给客户端,没有就向根域服务发起请求
- 4.根域服务器收到请求后,告诉DNS服务器去它下面的com域去查询
- 5.com域服务器收到请求后,让DNS服务器去它下面的baidu.com去找
- 6.baidu.com服务器收到请求后,发现确实有www主机的ip,于是将对应的ip地址返回给DNS服务器
- 7.DNS服务器收到对应的ip地址后,自己缓存一份,然后发给客户端
- 8.客户端再拿这个ip地址去访问 www.baidu.com
相关知识点
- 资源记录类型
- SOA 指明起始授权机构,设置超时时间等
- NS 标识哪台服务器是DNS服务器
- A 存储域内主机名对应的IP地址
- PTR 存储IP地址对应的主机名
- MX 域邮件服务器
- CNAME 主机别名
服务搭建
服务器端
1.首先关闭selinux,iptables
setenfore 0
systemctl stop firewalld
上面是临时关闭,永久关闭如下:
sed -ir 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
source /etc/selinux/config
systemctl disable firewalld
2.编辑 /etc/named.conf文件
listen-on port 53 { any; };#监听地址和端口
allow-query { any; }; #允许来解析的主机
dnssec-enable no;#关闭dns安全检查
3.修改/etc/named.rfc1912.zones 定义正反解解区域,增加以下内容
#正解
zone "pl.com" IN {
type master;
file "named.pl.com";
}
#反解
zone "139.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.139";
};
4.创建正解文件/var/named/named.pl.com,反解文件/var/named/named.192.168.139 切记一定要修改所有者及所属组!!!
[root@controller /var/named]# vim named.pl.com
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
dns.pl.com. IN A 192.168.139.105
www.pl.com. IN A 192.168.139.106
[root@controller /var/named]# vim named.192.168.139
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
105 IN PTR dns.pl.com.
106 IN PTR www.pl.com.
[root@controller /var/named]# chown named.named named.pl.com named.192.168.139
5.重启服务即可
systemctl restart named
客户端
1.用dig命令测试
#正解
[root@controller /var/named]# dig dns.pl.com @192.168.139.105
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> dns.pl.com @192.168.139.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34409
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.pl.com. IN A
;; ANSWER SECTION:
dns.pl.com. 86400 IN A 192.168.139.105
;; AUTHORITY SECTION:
pl.com. 86400 IN NS dns.pl.com.
;; Query time: 0 msec
;; SERVER: 192.168.139.105#53(192.168.139.105)
;; WHEN: Wed Feb 20 22:13:17 CST 2019
;; MSG SIZE rcvd: 69
#反解
[root@controller /var/named]# dig -x 192.168.139.106 @192.168.139.105
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.139.106 @192.168.139.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34174
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.139.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
106.139.168.192.in-addr.arpa. 86400 IN PTR www.pl.com.
;; AUTHORITY SECTION:
139.168.192.in-addr.arpa. 86400 IN NS dns.pl.com.
;; ADDITIONAL SECTION:
dns.pl.com. 86400 IN A 192.168.139.105
;; Query time: 0 msec
;; SERVER: 192.168.139.105#53(192.168.139.105)
;; WHEN: Wed Feb 20 22:27:57 CST 2019
;; MSG SIZE rcvd: 115
2.永久指定DNS服务器,则修改/etc/resolv.conf文件
[root@node1 ~]# vim /etc/resolv.conf
nameserver 192.168.139.105
DNS主从同步
1.在主服务器上修改定义的正反区域,如下
[root@controller /var/named]# vim /etc/named.rfc1912.zones
zone "pl.com" IN {
type master;
file "named.pl.com";
allow_transfer { 192.168.139.106; };
};
zone "139.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.139";
allow_transfer { 192.168.139.106; };
};
2.将从服务器的NS记录加到正反解文件中
[root@controller /var/named]# vim named.pl.com
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
@ IN NS dns1.pl.com
dns.pl.com. IN A 192.168.139.105
www.pl.com. IN A 192.168.139.106
[root@controller /var/named]# vim named.192.168.139
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
@ IN NS dns1.pl.com
105 IN PTR dns.pl.com.
106 IN PTR www.pl.com.
3.从服务器配置
1.修改/etc/named.conf与主一致
listen-on port 53 { any; };#监听地址和端口
allow-query { any; }; #允许来解析的主机
dnssec-enable no;#关闭dns安全检查
2.修改定义区域与主服务器一致,type为slave ,file放在slaves目录下,正反解无需自己创建,重启服务后会自动生成
zone "pl.com" IN {
type slave;
file "slaves/named.pl.com";
masters { 192.168.139.105; } ;
};
zone "139.168.192.in-addr.arpa" IN {
type slave;
file "slaves/named.192.168.139";
masters { 192.168.139.105; } ;
};
3.重启服务即可
systemctl restart named
4.测试
#可以看到/var/named/slaves自动生成了两个与主服务器一样的正反解文件
[root@node1 /var/named/slaves]# ls
named.192.168.139 named.pl.com
#用dig命令指定从服务器,测试成功
#正解
[root@controller /var/named]# dig www.pl.com @192.168.139.106
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.pl.com @192.168.139.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3356
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.pl.com. IN A
;; ANSWER SECTION:
www.pl.com. 86400 IN A 192.168.139.106
;; AUTHORITY SECTION:
pl.com. 86400 IN NS dns.pl.com.
;; ADDITIONAL SECTION:
dns.pl.com. 86400 IN A 192.168.139.105
;; Query time: 3 msec
;; SERVER: 192.168.139.106#53(192.168.139.106)
;; WHEN: Wed Feb 20 22:54:48 CST 2019
;; MSG SIZE rcvd: 89
#反解
[root@controller /var/named]# dig -x 192.168.139.106 @192.168.139.106
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.139.106 @192.168.139.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42659
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.139.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
106.139.168.192.in-addr.arpa. 86400 IN PTR www.pl.com.
;; AUTHORITY SECTION:
139.168.192.in-addr.arpa. 86400 IN NS dns.pl.com.
;; ADDITIONAL SECTION:
dns.pl.com. 86400 IN A 192.168.139.105
;; Query time: 0 msec
;; SERVER: 192.168.139.106#53(192.168.139.106)
;; WHEN: Wed Feb 20 22:48:51 CST 2019
;; MSG SIZE rcvd: 115
| 每次主服务器正反解有修改,都要更改设置的序列号serial,并且主从服务器都需要重启named服务,从服务器才能同步 |
常见问题
Feb 21 01:24:58 controller named[63486]: zone pl.com/IN: loading from master file named.pl.com failed: permission denied
Feb 21 01:24:58 controller named[63486]: zone pl.com/IN: not loaded due to errors.
无权限加载name.pl.com文件,这就是没有改变正反解文件所有者和所属组所导致的。
解决办法:
chown named.named named.pl.com