更详细的dns笔记整理: http://services.linuxpanda.tech/DNS/index.html
1 DNS介绍
DNS(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,
能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。
DNS协议运行在UDP协议之上,使用端口号53。
2. 环境准备
2.1 环境介绍
我这里使用的是centos7,内核版本是3.10.0-514.el7.x86_64
主dns:192.168.137.101
从dns:192.168.137.100
2.2查看默认bind的安装情况
[root@mail ~]# rpm -qa bind bind-9.9.4-37.el7.x86_64
2.3 主要文件介绍
/etc/named.conf : 主配置文件, 定义了bind的工作属性,区域的定义。
/etc/rndc.key : 秘钥文件,配置文件是/etc/rndc.conf。
/var/named/ : 区域数据文件存放位置。
/usr/sbin/named-checkconf : 检查主配置文件
/usr/sbin/named-checkzone : 检查区域文件
3.主DNS的搭建
3.1正向解析搭建
3.1.1备份配置文件
[root@mail ~]# cp /etc/named.conf /etc/named.conf.bak
[root@mail ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
3.1.2编辑主配置文件/etc/named.conf
注释一下几行
//listen-on port 53 { 127.0.0.1; }; //listen-on-v6 port 53 { ::1; }; //allow-query { localhost; };
3.1.3检查配置文件并重启
[root@mail ~]# named-checkconf
[root@mail ~]# systemctl restart named.service
3.1.4编辑/etc/named.rfc1912.zones 文件, 添加区域
在/etc/nmaed.rfc1912.zones 最后添加如下行。
zone "linuxpanda.com" IN { type master; file "linuxpanda.com.zone"; };
3.1.5 添加区域的文件
在 /var/named目录下创建一个linuxpanda.com.zone 文件(文件名和etc/named.rfc1912.zones一致),文件内容如下。
$TTL 600 @ IN SOA ns.linuxpanda.com. admin.linuxpanda.com. ( 20170317 1H 1M 2D 6H) IN NS ns IN MX 10 mail ns IN A 192.168.137.101 mail IN A 192.168.137.100 www IN A 192.168.137.103 www IN A 192.168.137.104 ftp IN CNAME www
3.1.6 修改权限和属主
[root@mail named]# chown root.named linuxpanda.com.zone [root@mail named]# chmod 640 linuxpanda.com.zone
3.1.7 检查配置文件和区域文件并重新启动named
[root@mail named]# named-checkconf [root@mail named]# named-checkzone "linuxpanda.com" /var/named/linuxpanda.com.zone zone linuxpanda.com/IN: loaded serial 20170317 OK [root@mail named]# systemctl restart named.service
3.1.8 测试配置正确性
3.1.8.1测试linuxpanda.com区域的ns记录
[root@mail named]# dig -t NS linuxpanda.com @192.168.137.101 ; <<>> DiG 9.9.4-RedHat-9.9.4-37.el7 <<>> -t NS linuxpanda.com @192.168.137.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17926 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;linuxpanda.com. IN NS ;; ANSWER SECTION: linuxpanda.com. 600 IN NS ns.linuxpanda.com. ;; ADDITIONAL SECTION: ns.linuxpanda.com. 600 IN A 192.168.137.101 ;; Query time: 0 msec ;; SERVER: 192.168.137.101#53(192.168.137.101) ;; WHEN: Sun Mar 26 14:57:44 CST 2017 ;; MSG SIZE rcvd: 76
3.2.8.2测试www.linuxpanda.com的ip地址
[root@mail named]# dig -t A www.linuxpanda.com @192.168.137.101 ; <<>> DiG 9.9.4-RedHat-9.9.4-37.el7 <<>> -t A www.linuxpanda.com @192.168.137.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49907 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.linuxpanda.com. IN A ;; ANSWER SECTION: www.linuxpanda.com. 600 IN A 192.168.137.103 www.linuxpanda.com. 600 IN A 192.168.137.104 ;; AUTHORITY SECTION: linuxpanda.com. 600 IN NS ns.linuxpanda.com. ;; ADDITIONAL SECTION: ns.linuxpanda.com. 600 IN A 192.168.137.101 ;; Query time: 0 msec ;; SERVER: 192.168.137.101#53(192.168.137.101) ;; WHEN: Sun Mar 26 14:59:33 CST 2017 ;; MSG SIZE rcvd: 112
3.1.9window下测试
C:UsersAdministrator>nslookup #启动终端cmd,输入nslookup 默认服务器: google-public-dns-a.google.com Address: 8.8.8.8 > server 192.168.137.101 #指定主机, 我的dns服务器放置linux上,ip为192.168.137.101 默认服务器: [192.168.137.101] Address: 192.168.137.101 > set q=A #设置查询类型为A记录 类型dit -t A > www.linuxpanda.com #查询www.linuxpanda.com
3.2反向解析搭建
3.2.1编辑/etc/named.rfc1912.zones 文件, 添加区域
在/etc/nmaed.rfc1912.zones 最后添加如下行。
zone "137.168.192.in-addr.arpa" IN { type master; file "192.168.137.zone"; };
3.2.2 添加反向解析的区域文件
[root@mail named]# cp linuxpanda.com.zone 192.168.137.zone -p #-p选项, 保证了属主属组和权限信息的一致性 编辑 192.168.137.zone文件,内容如下 $TTL 600 @ IN SOA ns.linuxpanda.com. admin.linuxpanda.com. ( 20170317 1H 1M 2D 6H) IN NS ns.linuxpanda.com. 101 IN PTR ns.linuxpanda.com. 100 IN PTR mail.linuxpanda.com. 103 IN PTR www.linuxpanda.com. 104 IN PTR www.linuxpanda.com.
3.2.3 检查配置文件并重启
[root@mail named]# named-checkconf [root@mail named]# named-checkzone "137.168.192.in-addr.ara" /var/named/192.168.137.zone zone 137.168.192.in-addr.ara/IN: loaded serial 20170317 OK [root@mail named]# systemctl restart named.service
3.2.4 测试反向的配置
[root@mail named]# dig -x 192.168.137.103 @192.168.137.101 ; <<>> DiG 9.9.4-RedHat-9.9.4-37.el7 <<>> -x 192.168.137.103 @192.168.137.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9869 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;103.137.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 103.137.168.192.in-addr.arpa. 600 IN PTR www.linuxpanda.com. ;; AUTHORITY SECTION: 137.168.192.in-addr.arpa. 600 IN NS ns.linuxpanda.com. ;; ADDITIONAL SECTION: ns.linuxpanda.com. 600 IN A 192.168.137.101 ;; Query time: 1 msec ;; SERVER: 192.168.137.101#53(192.168.137.101) ;; WHEN: Sun Mar 26 15:34:41 CST 2017 ;; MSG SIZE rcvd: 122
4 从服务器的搭建