zoukankan      html  css  js  c++  java
  • Linux_配置主DNS服务(基础)

    【RHEL8】—DNSserver;【Centos7.4】—DNSclient

    !!!测试环境我们首关闭防火墙和selinux(DNSserver和DNSclient都需要)

    [root@localhost ~]# systemctl stop firewalld
    [root@localhost ~]# systemctl disable firewalld
    [root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    [root@localhost ~]# setenforce 0
    

    前言

    1、DNS服务模式

    1️⃣:服务功能:为网络中的客户机(linux/windows)提供名称和IP地址关系查询的服务

    2️⃣:服务全称:Domain Name Service(Server | System)

    3️⃣:服务器类型:主DNS服务器、从DNS服务器、唯缓存DNS服务器

    2、DNS服务

    1️⃣:服务软件包: bind (bind包是用来提供解析域名的服务程序,等同于做域名解析的任务)

    2️⃣:服务进程名: named (守护进程)

    3️⃣:域名测试包:bind-utils (客户端没有nslookup命令,所以一般在客户端安装;服务端在安装bind包附带安装bind-utils包)

    3️⃣:服务管理脚本:/etc/rc.d/init.d/named

    4️⃣:服务端口号:TCP/UDP-53

    5️⃣:服务客户端:linux (dig  host  nslookup  (ping))和 windows(nslookup (ping))

    3、DNS服务配置文件

    1️⃣:/etc/named.conf                   主配置文件    定义全局配置

    2️⃣:/etc/named.rfc1912.zones   子配置文件    定义正向和反向解析区域

    3️⃣:解析方式:FQDN  -- > IP     正向解析;   IP  -->  FQDN 反向解析 (FQDN:完全合格的域名称 ;FQDN = 主机短名 + 所在域名)

    4️⃣:/var/named/xxx.xxx.zone     正向解析数据库文件      建立名称至IP地址的关系

    5️⃣:/var/named/xxx.xxx.arpa      反向解析数据库文件      建立IP地址至名称的关系

    4、DNS服务端的测试程序

    1️⃣:named-checkconf 检测主配置文件和子配置文件中的语法错误

      用法:named-checkconf 文件名   (无反馈结果表示无错误)

    2️⃣:named-checkzone 检测正向区域和反向区域解析

      用法:named-checkzone 正向区域名 正向解析数据库文件(“OK”表示无错误);named-checkzone 反向区域名 反向解析数据库文件(”OK“表示无错误)

    一、在DNS服务器(DNSserver)端部署DNS服务

    1、查看一下服务端IP

    [root@DNSserver ~]# ifconfig 
    ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 10.0.0.140  netmask 255.0.0.0  broadcast 10.255.255.255
            inet6 fe80::fa13:32e0:3b9f:2196  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:cd:6a:1b  txqueuelen 1000  (Ethernet)
            RX packets 2823  bytes 247406 (241.6 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 1705  bytes 213268 (208.2 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 604  bytes 51188 (49.9 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 604  bytes 51188 (49.9 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    2、DNS服务端安装bind包,并设置开机自启

    [root@DNSserver ~]# yum install -y bind
    [root@DNSserver ~]# systemctl start named
    [root@DNSserver ~]# systemctl enable named
    Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
    [root@DNSserver ~]# systemctl status named
    ● named.service - Berkeley Internet Name Domain (DNS)
       Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
       Active: active (running) since Wed 2020-07-29 09:30:03 CST; 49s ago
     Main PID: 27539 (named)
        Tasks: 5 (limit: 12356)
       Memory: 54.4M
       CGroup: /system.slice/named.service
               └─27539 /usr/sbin/named -u named -c /etc/named.conf
    
    7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
    7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
    7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
    7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:200::b#53
    7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
    7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:2::c#53
    7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
    7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
    7月 29 09:30:05 DNSserver named[27539]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
    7月 29 09:30:05 DNSserver named[27539]: resolver priming query complete
    

    3、在/etc/named.conf文件里面修改全局配置信息

    [root@DNSserver ~]# vim /etc/named.conf
    ..........
    options {
            listen-on port 53 { any; };            //中括号里面讲IP地址换成any
            listen-on-v6 port 53 { any; };         //同上
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            secroots-file   "/var/named/data/named.secroots";
            recursing-file  "/var/named/data/named.recursing";
            allow-query     { any; };              //同上
    ..........    
    

    4、在/etc/named.rfc1912.zones子配置文件里面添加正向和反向的解析区域

    [root@DNSserver ~]# arpaname 10.0.0.140
    140.0.0.10.IN-ADDR.ARPA
    [root@DNSserver ~]# vim /etc/named.rfc1912.zones 
    .........
    zone "test.com" IN {
            type master;
            file "test.zone";
    };
    
    zone "0.0.10.in-addr.arpa" IN {
            type master;
            file "10.0.0.arpa";
    };
    .........
     //在文件的最后添加正向和反向的解析文件
    正向:
            zone:代表一个区域
            " " :  双引号(英文)里面写入的是自己域名
            type master : master 代表是主域名服务器
            file " ":双引号里面写文件与在 /var/named下创建的文件名相同
    反向:
            " ":双引号里面写入的是反ip,例如:0.0.10.id-addr.arpa说明反向可以解析10.0.0.X网段的所有IP地址域名解析
            可以使用:arpaname IP 查看自己的服务器IP的反IP
    注释

    5、复制生成正向和反向区域解析数据库文件

    [root@DNSserver ~]# cd /var/named/
    [root@DNSserver named]# ls
    data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
    [root@DNSserver named]# cp -a named.localhost test.zone
    [root@DNSserver named]# cp -a named.loopback 10.0.0.arpa
     //复制后的文件名一定要与刚刚在子配置文件里面写的文件名一致
    

    6、编辑正向区域解析数据库文件

    [root@DNSserver named]# vim test.zone
    $TTL 1D
    @       IN SOA  test.com. root.test.com. (
                                            0       ; serial
                                            1D      ; refresh
                                            1H      ; retry
                                            1W      ; expire
                                            3H )    ; minimum
            NS      ns1.test.com.
            A       127.0.0.1
            AAAA    ::1
    ns1     A       10.0.0.140
    www     A       10.0.0.50
    aaa     A       10.0.0.100
    bbb     A       10.0.0.150
    ccc     A       10.0.0.200
    ddd     A       10.0.0.250
    

    7、编辑反向区域解析数据库文件

    [root@DNSserver named]# vim 10.0.0.arpa 
    $TTL 1D
    @       IN SOA  test.com. root.test.com. (
                                            0       ; serial
                                            1D      ; refresh
                                            1H      ; retry
                                            1W      ; expire
                                            3H )    ; minimum
            NS      ns1.test.com.
            A       127.0.0.1
            AAAA    ::1
            PTR     localhost.
    ns1     A       10.0.0.140
    50      PTR     www.test.com.
    100     PTR     aaa.test.com.
    150     PTR     bbb.test.com.
    200     PTR     ccc
    250     PTR     ddd
    

    8、配置文件检测

    [root@DNSserver ~]# named-checkconf /etc/named.conf 
    [root@DNSserver ~]# named-checkconf /etc/named.rfc1912.zones
     //回车后,没有报错信息说明没有错误
    

    9、正向和反向区域解析测试

    [root@DNSserver ~]# named-checkzone test.com /var/named/test.zone 
    zone test.com/IN: loaded serial 0
    OK
    [root@DNSserver ~]# named-checkzone test.com /var/named/10.0.0.arpa 
    zone test.com/IN: loaded serial 0
    OK
    

    10、重启DNS服务,查看端口

    [root@DNSserver ~]# systemctl restart named
    [root@DNSserver ~]# netstat -tunlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0      0 10.0.0.142:53           0.0.0.0:*               LISTEN      27803/named         
    tcp        0      0 10.0.0.140:53           0.0.0.0:*               LISTEN      27803/named         
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      27803/named         
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1101/sshd           
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      27803/named         
    tcp6       0      0 :::53                   :::*                    LISTEN      27803/named         
    tcp6       0      0 :::22                   :::*                    LISTEN      1101/sshd           
    tcp6       0      0 ::1:953                 :::*                    LISTEN      27803/named         
    udp        0      0 10.0.0.142:53           0.0.0.0:*                           27803/named         
    udp        0      0 10.0.0.140:53           0.0.0.0:*                           27803/named         
    udp        0      0 127.0.0.1:53            0.0.0.0:*                           27803/named         
    udp        0      0 0.0.0.0:68              0.0.0.0:*                           1611/dhclient       
    udp6       0      0 :::53                   :::*                                27803/named   

     到这里DNS服务端搭建完成

    二、DNS客户端测试

    1、查看客户端主机的IP(Centos7)

    [root@dnsclient ~]# ifconfig 
    ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 10.0.0.100  netmask 255.255.255.0  broadcast 10.0.0.255
            inet6 fe80::fe04:212a:5e53:cec4  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:b3:89:a5  txqueuelen 1000  (Ethernet)
            RX packets 23748  bytes 29630344 (28.2 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 4841  bytes 605544 (591.3 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1  (Local Loopback)
            RX packets 156  bytes 13460 (13.1 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 156  bytes 13460 (13.1 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    2、测试是否能与服务器端互通

    [root@dnsclient ~]# ping -c 3 10.0.0.140
    PING 10.0.0.140 (10.0.0.140) 56(84) bytes of data.
    64 bytes from 10.0.0.140: icmp_seq=1 ttl=64 time=1.09 ms
    64 bytes from 10.0.0.140: icmp_seq=2 ttl=64 time=0.478 ms
    64 bytes from 10.0.0.140: icmp_seq=3 ttl=64 time=0.439 ms
    
    --- 10.0.0.140 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2006ms
    rtt min/avg/max/mdev = 0.439/0.672/1.099/0.302 ms
    

    3、安装bind-utils包

    [root@dnsclient ~]# rpm -ql nslookup
    未安装软件包 nslookup
    [root@dnsclient ~]# yum install -y bind-utils
    [root@dnsclient ~]# rpm -qa | grep bind-utils
    bind-utils-9.11.4-16.P2.el7_8.6.x86_64
    

    4、在客户端 /etc/resolv.conf 加入服务端的DNS

    [root@dnsclient ~]# vim /etc/resolv.conf
    [root@dnsclient ~]# cat /etc/resolv.conf 
    # Generated by NetworkManager
    nameserver 10.0.0.140
    nameserver 8.8.8.8
     //DNS有优先级,所以测试的话必须将10.0.0.140放在其他的dnsserver上面,没有就可以不管优先级;或者在网卡配置文件里面添加DNS2=10.0.0.140
    

    5、测试

    [root@dnsclient ~]# nslookup www.test.com
    Server:		10.0.0.140
    Address:	10.0.0.140#53
    
    Name:	www.test.com
    Address: 10.0.0.50
    [root@dnsclient ~]# nslookup 10.0.0.50
    50.0.0.10.in-addr.arpa	name = www.test.com.
    
    [root@dnsclient ~]# nslookup aaa.test.com
    Server:		10.0.0.140
    Address:	10.0.0.140#53
    
    Name:	aaa.test.com
    Address: 10.0.0.100
    [root@dnsclient ~]# nslookup 10.0.0.100
    100.0.0.10.in-addr.arpa	name = aaa.test.com.
    
    [root@dnsclient ~]# nslookup bbb.test.com
    Server:		10.0.0.140
    Address:	10.0.0.140#53
    
    Name:	bbb.test.com
    Address: 10.0.0.150
    [root@dnsclient ~]# nslookup 10.0.0.150
    150.0.0.10.in-addr.arpa	name = bbb.test.com.
    
    [root@dnsclient ~]# nslookup ccc.test.com
    Server:		10.0.0.140
    Address:	10.0.0.140#53
    
    Name:	ccc.test.com
    Address: 10.0.0.200
    [root@dnsclient ~]# nslookup 10.0.0.200
    200.0.0.10.in-addr.arpa	name = ccc.0.0.10.in-addr.arpa.
    
    [root@dnsclient ~]# nslookup ddd.test.com
    Server:		10.0.0.140
    Address:	10.0.0.140#53
    
    Name:	ddd.test.com
    Address: 10.0.0.250
    [root@dnsclient ~]# nslookup 10.0.0.250
    250.0.0.10.in-addr.arpa	name = ddd.0.0.10.in-addr.arpa.

    三、服务器端获取反向域名的方法

    dig  默认情况下解析的是A记录
        -t NS	解析NS记录
        -t MX	解析MX记录
        -x		解析PTR记录
    host 默认情况下解析的是A记录和PTR记录
        -t NS	解析NS记录
        -t MX	解析MX记录
    nslookup 默认情况下解析的是A记录和PTR记录
        在交互模式下可使用set q=  或者set type= 改变解析类型
    资源记录(RR)分类
    	SOA(起始授权)记录:定义名称域
    	NS(名称服务器)记录:定义域中的名称服务器
    	A(主机)记录:定义名称至IP地址之间的关系(正向解析)
    	CNAME(别名)记录:定义A记录的别名(附属名)
    	PTR(反向指针)记录:定义IP地址至名称之间的关系(反向解析)
    	MX(邮件交换器)记录:定义域中的邮件服务器
    
  • 相关阅读:
    [kuangbin带你飞]专题十六 KMP & 扩展KMP & ManacherK
    [kuangbin带你飞]专题十六 KMP & 扩展KMP & Manacher J
    [kuangbin带你飞]专题十六 KMP & 扩展KMP & Manacher I
    pat 1065 A+B and C (64bit)(20 分)(大数, Java)
    pat 1069 The Black Hole of Numbers(20 分)
    pat 1077 Kuchiguse(20 分) (字典树)
    pat 1084 Broken Keyboard(20 分)
    pat 1092 To Buy or Not to Buy(20 分)
    pat 1046 Shortest Distance(20 分) (线段树)
    pat 1042 Shuffling Machine(20 分)
  • 原文地址:https://www.cnblogs.com/itwangqiang/p/13395138.html
Copyright © 2011-2022 走看看