一、理论基础
1.1、DNS的出现及演化
网络出现的早期是使用IP地址通讯的,那时就几台主机通讯。但是随着接入网络主机的增多,这种数字标识的地址非常不便于记忆,UNIX上就出现了建立一个叫做hosts的文件(Linux和Windows也继承保留了这个文件)。这个文件中记录着主机名称和IP地址的对应表。这样只要输入主机名称,系统就会去加载hosts文件并查找对应关系,找到对应的IP,就可以访问这个IP的主机了。
但是后来主机太多了,无法保证所有人都能拿到统一的最新的hosts文件,就出现了在文件服务器上集中存放hosts文件,以供下载使用。互联网规模进一步扩大,这种方式也不堪重负,而且把所有地址解析记录形成的文件都同步到所有的客户机似乎也不是一个好办法。这时DNS系统出现了,随着解析规模的继续扩大,DNS系统也在不断的演化,直到现今的多层架构体系。
1.2、DNS概述
DNS(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。DNS协议运行在UDP协议之上,使用端口号53。
DNS 的分布式数据库是以域名为索引的,每个域名实际上就是一棵很大的逆向树中路径,这棵逆向树称为域名空间(domain name space)。如图所示树的最大深度不得超过127 层,树中每个节点都有一个可以长达63 个字符的文本标号。
1.3、DNS域名解析过程
首先,客户端先在本地缓存查找有没有域名缓存,如果没有,客户端发出DNS请求翻译IP地址或主机名。DNS服务器在收到客户机的请求后:
(1)检查DNS服务器的缓存,若查到请求的地址或名字,即向客户机发出应答信息;
(2)若没有查到,则在数据库中查找,若查到请求的地址或名字,即向客户机发出应答信息;
(3)若没有查到,则将请求发给根域DNS服务器,并依序从根域查找顶级域,由顶级查找二级域,二级域查找三级,直至找到要解析的地址或名字,即向客户机所在网络的DNS服务器发出应答信息,DNS服务器收到应答后现在缓存中存储,然后,将解析结果发给客户机。
(4)若没有找到,则返回错误信息。
1.4、DNS分类
主DNS服务器:就是一台存储着原始资料的DNS服务器。
从DNS服务器:使用自动更新方式从主DNS服务器同步数据的DNS服务器。也成辅助DNS服务器。
缓存服务器:不负责本地解析,采用递归方式转发客户机查询请求,并返回结果给客户机的DNS服务器。同时缓存查询回来的结果,也叫递归服务器。
转发器:这台DNS发现非本机负责的查询请求时,不再向根域发起请求,而是直接转发给指定的一台或者多台服务器。自身并不缓存查询结果。
1.5、DNS记录类型
1.5.1 SOA记录
可以理解为一段为自己dns做备注说明的文本,一般与ns一致,比如:dns.laonanhai.com sa.laonanhai.com
a.shifen.com. 579 IN SOA dns.baidu.com. #SOA记录
sa.baidu.com. (
1408010001 ; serial number
5 ; refresh 5s
5 ; retry 5s
86400 ; expire 1d
3600 ;min TTL 1h
)
1.5.2 NS 域的授权名称服务器
NSDName:DNS的FQDN baidu.com. 64899 IN NS ns2.baidu.com. baidu.com. 64899 IN NS ns4.baidu.com. baidu.com. 64899 IN NS dns.baidu.com. baidu.com. 64899 IN NS ns7.baidu.com. baidu.com. 64899 IN NS ns3.baidu.com.
1.5.3 MX 域的邮件交换器
要跟着一个优先级值,越小越高
baidu.com. 7200 IN MX 20 jpmx.baidu.com. baidu.com. 7200 IN MX 20 mx50.baidu.com. baidu.com. 7200 IN MX 10 mx.n.shifen.com. baidu.com. 7200 IN MX 20 mx1.baidu.com.
1.5.4 A记录
IPV4主机地址
1.5.5 AAAA记录
IPV6主机地址
1.5.6 PTR
解析IP的指针,反向记录,有ip解析域名
1.5.7 CNAME
权威(正式)名称,定义别名记录
www.baidu.com. 1154 IN CNAME www.a.shifen.com.
1.6、DNS的命名规范
1. 26个英文字母
2. “0,1,2,3,4,5,6,7,8,9”十个数字
3. “-”(英文中的连词号)
4. 最多63字节长度
非要不按照这个,master-view文件上配置check-names ignore;
1.7、常用DNS工具介绍
host命令
[root@dns-master etc]# host baidu.com baidu.com has address 220.181.38.148 baidu.com has address 39.156.69.79 baidu.com mail is handled by 20 mx1.baidu.com. baidu.com mail is handled by 15 mx.n.shifen.com. baidu.com mail is handled by 20 mx50.baidu.com. baidu.com mail is handled by 20 jpmx.baidu.com. baidu.com mail is handled by 10 mx.maillb.baidu.com.
nslookup命令:反应出是哪个dnsserver返回的结果
[root@dns-master etc]# nslookup baidu.com Server: 223.5.5.5 Address: 223.5.5.5#53 Non-authoritative answer: Name: baidu.com Address: 39.156.69.79 Name: baidu.com Address: 220.181.38.148
dig命令:返回整个解析过程详细情况,类似于traceroute
[root@dns-master etc]# dig www.baidu.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51458 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 184 IN CNAME www.a.shifen.com. www.a.shifen.com. 184 IN A 163.177.151.109 www.a.shifen.com. 184 IN A 163.177.151.110 ;; Query time: 50 msec ;; SERVER: 223.5.5.5#53(223.5.5.5) ;; WHEN: Fri Aug 30 22:02:55 2019 ;; MSG SIZE rcvd: 90
二、centos6部署DNS服务
2.1、bind介绍
Bind是一款开放源码的DNS服务器软件,Bind由美国加州大学Berkeley分校开发和维护的,全名为Berkeley Internet Name Domain它是目前世界上使用最为广泛的DNS
2.2、环境准备
先部署master,然后在部署slave
[root@dns-master ~]# cat /etc/redhat-release CentOS release 6.7 (Final) [root@dns-master ~]# uname -r 2.6.32-573.el6.x86_64 [root@dns-master ~]# getenforce Disabled [root@dns-master ~]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@dns-master ~]# chkconfig iptables off
2.3、部署单台DNS
master的ip地址设置为:10.0.0.22
2.3.1 安装bind相关软件包
[root@dns-master ~]# yum install bind-utils bind bind-devel bind-chroot –y [root@dns-master ~]# rpm -qa|grep bind bind-9.8.2-0.68.rc1.el6_10.3.x86_64 ypbind-1.20.4-31.el6.x86_64 rpcbind-0.2.0-11.el6.x86_64 bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64 bind-chroot-9.8.2-0.68.rc1.el6_10.3.x86_64 bind-devel-9.8.2-0.68.rc1.el6_10.3.x86_64 samba-winbind-3.6.23-20.el6.x86_64 bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64 samba-winbind-clients-3.6.23-20.el6.x86_64
2.3.2 编辑相关配置文件
1)编辑/etc/named.conf
[root@dns-master ~]# cp /etc/named.conf{,.bak}
[root@dns-master ~]# cat /etc/named.conf
options {
version "1.1.1";
listen-on port 53 {any;};
directory "/var/named/chroot/etc/";
pid-file "/var/named/chroot/var/run/named/named.pid";
allow-query { any; };
Dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {202.106.196.115;8.8.8.8; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log" versions 10 size 100m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
2)编辑/etc/rndc.key
这个文件默认是没有的
[root@dns-master ~]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
3)编辑/etc/rndc.conf
[root@dns-master ~]# cat /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
4)编辑/var/named/chroot/etc/view.conf
[root@dns-master ~]# cat /var/named/chroot/etc/view.conf
view "View" {
zone "lnh.com" {
type master;
file "lnh.com.zone";
allow-transfer {
10.0.0.23;
};
notify yes;
also-notify {
10.0.0.23;
};
};
};
5)编辑/var/named/chroot/etc/lnh.com.zone
[root@dns-master ~]# cat /var/named/chroot/etc/lnh.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
lnh.com IN SOA op.lnh.com. dns.lnh.com. (
2000 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.lnh.com.
$ORIGIN lnh.com.
shanks A 1.2.3.4
op A 1.2.3.4
-------------------------------------------------------------------
#配置文件说明
Serial:只是一个序号,但这个序号可被用来作为 slave 与 master 更新的依据。 举例来说, master 序号为 100 但 slave 序号为 90 时,那么这个 zone file 的资料就会被传送到 slave 来更新了。由于这个序号代表新旧资料,通常我们建议你可以利用日期来设定!举例来说,上面的资料是在 2006/10/20 所写的第一次,所以用 2006102001 作为序号代表!(yyyymmddnn,nn代表这一天是第几次修改)
Refresh:除了根据 Serial 来判断新旧之外,我们可以利用这个 refresh(更新) 命令 slave 多久进行一次主动更新;
Retry:如果到了 Refresh 的时间,但是 slave 却无法连接到 master时, 那么在多久之后,slave 会再次的主动尝试与主机连线;
Expire:如果 slave 一直无法与 master连接上,那么经过多久的时间之后, 则命令 slave 不要再连接 master了!也就是说,此时我们假设 master DNS 可能遇到重大问题而无法上线,则等待系统管理员处理完毕后,再重新来到 slave DNS 重新启动 bind 吧!
Minimun:这个就有点象是 TTL !
-----------------------------------------------------------------
6)修改目录权限,并启动服务
[root@dns-master ~]# cd /var && chown -R named.named named/ [root@dns-master var]# ll -d named/ drwxr-x--- 6 named named 4096 Aug 30 17:04 named/ [root@dns-master var]# /etc/init.d/named start Starting named: [ OK ] [root@dns-master var]# chkconfig named on
7)测试是否能解析
[root@dns-master var]# dig @10.0.0.22 shanks.lnh.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> @10.0.0.22 shanks.lnh.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52168 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;shanks.lnh.com. IN A ;; ANSWER SECTION: shanks.lnh.com. 3600 IN A 1.2.3.4 #出现域名的解析结果 ;; AUTHORITY SECTION: lnh.com. 3600 IN NS op.lnh.com. ;; ADDITIONAL SECTION: op.lnh.com. 3600 IN A 1.2.3.4 ;; Query time: 0 msec ;; SERVER: 10.0.0.22#53(10.0.0.22) ;; WHEN: Fri Aug 30 17:33:43 2019 ;; MSG SIZE rcvd: 81
2.4、部署主从DNS
准备从服务器,IP地址为10.0.0.23
2.4.1 安装相关软件包
[root@dns-slave ~]# yum install bind-utils bind bind-devel bind-chroot -y
2.4.2 编辑相关配置文件
1)编辑/etc/named.conf
[root@dns-slave ~]# cp /etc/named.conf{,.bak}
[root@dns-slave ~]# cat /etc/named.conf
options {
version "1.1.1";
listen-on port 53 {any;};
directory "/var/named/chroot/etc/";
pid-file "/var/named/chroot/var/run/named/named.pid";
allow-query { any; };
Dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {202.106.196.115;8.8.8.8; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log" versions 10 size 100m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
2)编辑/etc/rndc.key
[root@dns-slave ~]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
3)编辑/etc/rndc.conf
[root@dns-slave ~]# cat /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
4)编辑/var/named/chroot/etc/view.conf
[root@dns-slave ~]# cat /var/named/chroot/etc/view.conf
view "SlaveView" {
zone "lnh.com" {
type slave;
masters {10.0.0.22; }; #指定master的ip地址
file "slave.lnh.com.zone";
};
};
5)修改slave的目录权限并启动
[root@dns-slave ~]# cd /var && chown -R named.named named/ [root@dns-slave var]# /etc/init.d/named start Starting named: [ OK ] [root@dns-slave var]# chkconfig named on
6)配置主从同步
回到master的配置,查看slave的节点是否加入,然后修改lnh.com.zone将serial+1,并执行rndc reload
[root@dns-master etc]# cat lnh.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
lnh.com IN SOA op.lnh.com. dns.lnh.com. (
2001 ; serial #修改serial,加1
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.lnh.com.
$ORIGIN lnh.com.
shanks A 1.2.3.4
op A 1.2.3.4
[root@dns-master etc]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
回到slave,配置主从后,会在slave的/var/named/chroot/etc/目录下生成slave.lnh.com.zone
[root@dns-slave ~]# cd /var/named/chroot/etc/ [root@dns-slave etc]# ll total 680 -rw-r--r-- 1 root root 388 Aug 29 01:04 localtime drwxr-x--- 2 root named 4096 Jun 19 00:19 named -rw-r----- 1 root named 1126 Aug 30 17:40 named.conf -rw-r--r-- 1 root named 3923 Jun 19 00:19 named.iscdlv.key -rw-r----- 1 root named 931 Jun 21 2007 named.rfc1912.zones -rw-r--r-- 1 root named 1587 May 30 2017 named.root.key drwxr-x--- 3 named named 4096 Aug 30 17:38 pki -rw-r--r--. 1 root root 6455 Jan 12 2010 protocols -rw-r--r-- 1 root root 198 Aug 30 17:42 rndc.conf -rw-r--r-- 1 root root 92 Aug 30 17:41 rndc.key -rw-r--r--. 1 root root 641020 Oct 2 2013 services -rw-r--r-- 1 named named 312 Aug 30 17:49 slave.lnh.com.zone -rw-r--r-- 1 named named 166 Aug 30 17:44 view.conf [root@dns-slave etc]# cat slave.lnh.com.zone #此时主从同步完成 $ORIGIN . $TTL 3600 ; 1 hour lnh.com IN SOA op.lnh.com. dns.lnh.com. ( 2001 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.lnh.com. $ORIGIN lnh.com. op A 1.2.3.4 shanks A 1.2.3.4
三、DNS相关操作
3.1、添加A记录
在master上修改lnh.com.zone, 添加一条A记录,并将serial+1
[root@dns-master ~]# cat /var/named/chroot/etc/lnh.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
lnh.com IN SOA op.lnh.com. dns.lnh.com. (
2002 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.lnh.com.
$ORIGIN lnh.com.
shanks A 1.2.3.4
op A 1.2.3.4
a A 10.10.0.3 #添加的A记录
[root@dns-master ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@dns-master ~]# nslookup a.lnh.com 10.0.0.22 #主DNS解析
Server: 10.0.0.22
Address: 10.0.0.22#53
Name: a.lnh.com
Address: 10.10.0.3
[root@dns-master ~]# nslookup a.lnh.com 10.0.0.23 #从DNS解析
Server: 10.0.0.23
Address: 10.0.0.23#53
Name: a.lnh.com
Address: 10.10.0.3
3.2、添加CNAME
[root@dns-master ~]# cat /var/named/chroot/etc/lnh.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
lnh.com IN SOA op.lnh.com. dns.lnh.com. (
2003 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.lnh.com.
$ORIGIN lnh.com.
shanks A 1.2.3.4
op A 1.2.3.4
a A 10.10.0.3 #该记录必须要有
cname CNAME a.lnh.com.
[root@dns-master ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@dns-master ~]# nslookup cname.lnh.com 10.0.0.22
Server: 10.0.0.22
Address: 10.0.0.22#53
cname.lnh.com canonical name = a.lnh.com.
Name: a.lnh.com
Address: 10.10.0.3
[root@dns-master ~]# nslookup cname.lnh.com 10.0.0.23
Server: 10.0.0.23
Address: 10.0.0.23#53
cname.lnh.com canonical name = a.lnh.com.
Name: a.lnh.com
Address: 10.10.0.3
3.3、添加MX记录
[root@dns-master ~]# cat /var/named/chroot/etc/lnh.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
lnh.com IN SOA op.lnh.com. dns.lnh.com. (
2004 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.lnh.com.
$ORIGIN lnh.com.
shanks A 1.2.3.4
op A 1.2.3.4
a A 10.10.0.3
cname CNAME a.lnh.com.
mx MX 5 192.168.122.101 #添加MX记录
[root@dns-master ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@dns-master ~]# nslookup mx.lnh.com 10.0.0.22
Server: 10.0.0.22
Address: 10.0.0.22#53
*** Can't find mx.lnh.com: No answer
[root@dns-master ~]# host mx.lnh.com 10.0.0.22
Using domain server:
Name: 10.0.0.22
Address: 10.0.0.22#53
Aliases:
mx.lnh.com mail is handled by 5 192.168.122.101.lnh.com.
3.4、添加PTR记录:ip解析域名
master上操作
1)修改master的配置文件/var/named/chroot/etc/view.conf
[root@dns-master ~]# cat /var/named/chroot/etc/view.conf
view "View" {
zone "lnh.com" {
type master;
file "lnh.com.zone";
allow-transfer {
10.0.0.23;
};
notify yes;
also-notify {
10.0.0.23;
};
};
zone "168.192.in-addr.arpa" { #添加如下代码块
type master;
file "168.192.zone";
allow-transfer {
10.0.0.23;
};
notify yes;
also-notify {
10.0.0.23;
};
};
};
2)添加master配置文件/var/named/chroot/etc/168.192.zone,并授权
[root@dns-master ~]# cat /var/named/chroot/etc/168.192.zone
$TTL 3600 ; 1 hour
@ IN SOA op.lnh.com. dns.lnh.com. (
2004 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.lnh.com.
102.122 IN PTR a.lnh.com. #注意写法,相当于122.102.168.192
[root@dns-master ~]# cd /var/named/chroot/etc/
[root@dns-master etc]# chown named.named 168.192.zone
[root@dns-master etc]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
slave上操作:
1)编辑配置文件/var/named/chroot/etc/view.conf
[root@dns-slave ~]# cat /var/named/chroot/etc/view.conf
view "SlaveView" {
zone "lnh.com" {
type slave;
masters {10.0.0.22; };
file "slave.lnh.com.zone";
};
zone "168.192.in-addr.arpa" {
type slave;
masters {10.0.0.22; };
file "slave.168.192.zone";
};
};
[root@dns-slave ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@dns-slave ~]# ll /var/named/chroot/etc/slave.
slave.168.192.zone slave.lnh.com.zone
[root@dns-slave ~]# ll /var/named/chroot/etc/slave.*
-rw-r--r-- 1 named named 327 Aug 30 18:28 /var/named/chroot/etc/slave.168.192.zone
-rw-r--r-- 1 named named 370 Aug 30 18:28 /var/named/chroot/etc/slave.lnh.com.zone
使用host命令查看
[root@dns-master etc]# host 192.168.122.102 10.0.0.22 Using domain server: Name: 10.0.0.22 Address: 10.0.0.22#53 Aliases: 102.122.168.192.in-addr.arpa domain name pointer a.lnh.com. [root@dns-master etc]# host 192.168.122.102 10.0.0.23 Using domain server: Name: 10.0.0.23 Address: 10.0.0.23#53 Aliases: 102.122.168.192.in-addr.arpa domain name pointer a.lnh.com.
在master上添加PTR记录并测试
[root@dns-master etc]# pwd
/var/named/chroot/etc
[root@dns-master etc]# cat 168.192.zone
$TTL 3600 ; 1 hour
@ IN SOA op.lnh.com. dns.lnh.com. (
2005 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.lnh.com.
102.122 IN PTR a.lnh.com.
107.120 IN PTR b.lnh.com. #添加的PTR记录
[root@dns-master etc]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@dns-master etc]# host 192.168.120.107 10.0.0.22
Using domain server:
Name: 10.0.0.22
Address: 10.0.0.22#53
Aliases:
107.120.168.192.in-addr.arpa domain name pointer b.lnh.com.
[root@dns-master etc]# host 192.168.120.107 10.0.0.23
Using domain server:
Name: 10.0.0.23
Address: 10.0.0.23#53
Aliases:
107.120.168.192.in-addr.arpa domain name pointer b.lnh.com.
3.5、DNS实现服务的负载均衡
如db.lnh.com的ip地址有3个,访问域名时,实现ip的轮询
配置master的/var/named/chroot/etc/lnh.com.zone
[root@dns-master etc]# cat lnh.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
lnh.com IN SOA op.lnh.com. dns.lnh.com. (
2004 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.lnh.com.
$ORIGIN lnh.com.
shanks A 1.2.3.4
op A 1.2.3.4
a A 10.10.0.3
cname CNAME a.lnh.com.
mx MX 5 192.168.122.101
db A 1.3.2.4
db A 1.3.2.5
db A 1.3.2.6
[root@dns-master etc]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@dns-master etc]# host db.lnh.com 10.0.0.22
Using domain server:
Name: 10.0.0.22
Address: 10.0.0.22#53
Aliases:
db.lnh.com has address 1.3.2.5
db.lnh.com has address 1.3.2.6
db.lnh.com has address 1.3.2.4
#多次使用nslookup查看效果
[root@dns-master etc]# nslookup db.lnh.com 10.0.0.22
Server: 10.0.0.22
Address: 10.0.0.22#53
Name: db.lnh.com
Address: 1.3.2.6
Name: db.lnh.com
Address: 1.3.2.4
Name: db.lnh.com
Address: 1.3.2.5
[root@dns-master etc]# nslookup db.lnh.com 10.0.0.22
Server: 10.0.0.22
Address: 10.0.0.22#53
Name: db.lnh.com
Address: 1.3.2.4
Name: db.lnh.com
Address: 1.3.2.5
Name: db.lnh.com
Address: 1.3.2.6
[root@dns-master etc]# nslookup db.lnh.com 10.0.0.22
Server: 10.0.0.22
Address: 10.0.0.22#53
Name: db.lnh.com
Address: 1.3.2.5
Name: db.lnh.com
Address: 1.3.2.6
Name: db.lnh.com
Address: 1.3.2.4
3.6、配置DNS视图(智能DNS)
1)编辑master节点vim /var/named/chroot/etc/named.conf,在include上面添加
acl group1 {
10.0.0.22;
};
acl group2 {
10.0.0.23;
};
2)编辑master节点vim /var/named/chroot/etc/view.conf为
[root@dns-master etc]# cp view.conf{,.bak}
[root@dns-master etc]# cat view.conf
view "GROUP1" {
match-clients { group1; };
zone "viewlnh.com" {
type master;
file "group1.viewlnh.com.zone";
};
};
view "GROUP2" {
match-clients { group2; };
zone "viewlnh.com" {
type master;
file "group2.viewlnh.com.zone";
};
};
3)编辑master节点vim /var/named/chroot/etc/group1.viewlnh.com.zone
[root@dns-master etc]# cat /var/named/chroot/etc/group1.viewlnh.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
viewlnh.com IN SOA op.viewlnh.com. dns.viewlnh.com. (
2005 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.viewlnh.com.
$ORIGIN viewlnh.com.
op A 192.168.122.1
view A 192.168.122.1
4)编辑master节点vim /var/named/chroot/etc/group2.viewlnh.com.zone
[root@dns-master etc]# cat /var/named/chroot/etc/group2.viewlnh.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
viewlnh.com IN SOA op.viewlnh.com. dns.viewlnh.com. (
2005 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.viewlnh.com.
$ORIGIN viewlnh.com.
op A 192.168.122.2
view A 192.168.122.2
5)修改文件所属,加载配置
[root@dns-master etc]# chown named.named /var/named/chroot/etc/group*.zone [root@dns-master etc]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful
6)在不同机器上测试解析
[root@dns-master etc]# dig @10.0.0.22 op.viewlnh.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> @10.0.0.22 op.viewlnh.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14430 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;op.viewlnh.com. IN A ;; ANSWER SECTION: op.viewlnh.com. 3600 IN A 192.168.122.1 #在master上解析到了192.168.122.1上 ;; AUTHORITY SECTION: viewlnh.com. 3600 IN NS op.viewlnh.com. ;; Query time: 0 msec ;; SERVER: 10.0.0.22#53(10.0.0.22) ;; WHEN: Fri Aug 30 19:06:32 2019 ;; MSG SIZE rcvd: 62 [root@dns-slave ~]# dig @10.0.0.22 op.viewlnh.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> @10.0.0.22 op.viewlnh.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44793 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;op.viewlnh.com. IN A ;; ANSWER SECTION: op.viewlnh.com. 3600 IN A 192.168.122.2 #在slave上解析到了192.168.122.2 ;; AUTHORITY SECTION: viewlnh.com. 3600 IN NS op.viewlnh.com. ;; Query time: 0 msec ;; SERVER: 10.0.0.22#53(10.0.0.22) ;; WHEN: Fri Aug 30 19:06:50 2019 ;; MSG SIZE rcvd: 62
也可以使用nslookup测试
[root@dns-master etc]# nslookup op.viewlnh.com 10.0.0.22 Server: 10.0.0.22 Address: 10.0.0.22#53 Name: op.viewlnh.com Address: 192.168.122.1 -------------------------------- [root@dns-slave ~]# nslookup op.viewlnh.com 10.0.0.22 Server: 10.0.0.22 Address: 10.0.0.22#53 Name: op.viewlnh.com Address: 192.168.122.2