DNS
Domain Name System,域名系统,是一种组织成域层次结构的计算机和网络服务命名系统,它用于TCP/IP网络,提供将主机域名转换为IP地址的服务。
DNS解析过程
在输入网址后,域名解析通常所需步骤如下:
-
第一步:客户机提出域名解析请求,查找本地HOST文件后将该请求发送给本地的域名服务器。
-
第二步:当本地的域名服务器收到请求后,就先查询本地的缓存,如果有该纪录项,则本地的域名服务器就直接把查询的结果返回。
-
第三步:如果本地DNS缓存中没有该纪录,则本地域名服务器就直接把请求发给根域名服务器,然后根域名服务器再返回给本地域名服务器一个所查询域(根的子域)的主域名服务器的地址(例如请求域名为.com域,则返回负责.com域解析的主域名服务器——辅助服务器)。
-
第四步:本地服务器再向上一步返回的域名服务器发送请求,然后接受请求的服务器查询自己的缓存,如果没有该纪录,则返回相关的下级的域名服务器的地址。
-
第五步:重复第四步,直到找到正确的纪录。
-
第六步:本地域名服务器把返回的结果保存到缓存,以备下一次使用,同时还将结果返回给客户机。
搭建简单的DNS服务
1、安装bind软件包
#yum -y install bind*
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Determining fastest mirrors
.....
Installed:
bind-chroot.x86_64 32:9.8.2-0.68.rc1.el6_10.3 bind-devel.x86_64 32:9.8.2-0.68.rc1.el6_10.3
bind-dyndb-ldap.x86_64 0:2.3-8.el6 bind-sdb.x86_64 32:9.8.2-0.68.rc1.el6_10.3
Dependency Installed:
postgresql-libs.x86_64 0:8.4.20-8.el6_9
Complete!
2、查找主配置文件和区域文件存放目录
# rpm -ql bind /etc/NetworkManager/dispatcher.d/13-named /etc/logrotate.d/named /etc/named #区域文件存放目录 /etc/named.conf #主配置文件 /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/portreserve/named /etc/rc.d/init.d/named /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /usr/lib64/bind /usr/sbin/arpaname ......
3、修改主配置文件
# vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; #监听在主机的53端口上,any代表监听所有的主机。 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { 0.0.0.0/0; }; #允许访问查询本DNS服务的主机地址 recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
4、设置区域文件
修改/etc/named.rfc1912.zones文件,添加test.com的正向和反向区域
新建一个区域,格式如:
zone "区域名称" IN {
type master|slave|forward; //注意每个语句要以分号结尾
file "ZONE_NAME.zone";
}; //注意要以分号结尾
# vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // ...... zone "test.com" IN { type master; file "test.com.zone"; allow-updaate { none; }; }; zone "10.168.192.in-addr.arpa" IN { type master; file "192.168.10.zone"; allow-update { none; }; }; "/etc/named.rfc1912.zones" 53L, 1121C written
创建正向和反向区域数据资源文件/var/named/目录下
# vim test.com.zone $TTL 600 @ IN SOA @ test.com. ( 20190917 1D 1H 1W 3H) IN NS @ IN A 127.0.0.1 IN AAAA ::1 IN MX 10 mail.test.com. www IN A 192.168.10.22 # vim 192.168.10.zone $TTL 600 @ IN SOA @ test.com. ( 20190917 1D 1H 1W 3H ) IN NS @ IN A 127.0.0.1 IN AAAA ::1 22 IN PTR www.test.com.
改变区域文件属主
# chown root:named test.com.zone # chown root:named 192.168.10.zone
使用相关命令(named-checkconf、named-checkzone)测试配置文件及区域文件是否存在语法错误
# named-checkconf # named-checkzone "test.com.zone" /var/named/test.com.zone zone test.com.zone/IN: loaded serial 20190917 OK # named-checkzone "192.168.10.zone" /var/named/192.168.10.zone zone 192.168.10.zone/IN: loaded serial 20190917 OK #
5、启动服务
# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
加入开机自启
# chkconfig named on # chkconfig --list named named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
查看服务进程
# netstat -lantup | grep named tcp 0 0 192.168.10.22:53 0.0.0.0:* LISTEN 2672/named-sdb tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2672/named-sdb tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2672/named-sdb tcp 0 0 ::1:53 :::* LISTEN 2672/named-sdb tcp 0 0 ::1:953 :::* LISTEN 2672/named-sdb udp 0 0 192.168.10.22:53 0.0.0.0:* 2672/named-sdb udp 0 0 127.0.0.1:53 0.0.0.0:* 2672/named-sdb udp 0 0 ::1:53 :::* 2672/named-sdb
用nslookup验证服务器配置
# nslookup > server 192.168.10.22 #本机的地址 Default server: 192.168.10.22 Address: 192.168.10.22#53 > www.test.com #设置的域名 Server: 192.168.10.22 Address: 192.168.10.22#53 Name: www.test.com Address: 192.168.10.22 >
添加域名服务器。nameserver:解析域名时使用该地址指定的主机为域名服务器。当第一个nameserver没有反应时才查询下面的nameserver。就可以直接ping和host测试DNS服务器。
# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.10.22 #自己的域名服务器
nameserver 114.114.114.114
nameserver 223.5.5.5
# ping www.test.com PING www.test.com (192.168.10.22) 56(84) bytes of data. 64 bytes from www.test.com (192.168.10.22): icmp_seq=1 ttl=64 time=0.006 ms 64 bytes from www.test.com (192.168.10.22): icmp_seq=2 ttl=64 time=0.017 ms ^C --- www.test.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1969ms rtt min/avg/max/mdev = 0.006/0.011/0.017/0.006 ms # host www.test.com
www.test.com has address 192.168.10.22
一些可能遇到的问题;
/etc/resolv.conf文件重启后恢复的问题
resolv.conf保存DNS是暂时的,当网卡重启后,Network Manager会根据网卡配置的DNS更改resolv.conf文件。
所以解决的办法:
1、禁用Network Manager
/etc/sysconfig/network-scripts/ifcfg-eth1 的配置中将Network Manager服务设置为不开启。
NM_CONTROLLED=no
PEERDNS=no //②默认为yes,修改为no之后则不会在重启之后更新resolv
停止Network Manager服务
service NetworkManager stop
关闭开机自启Network Manager
chkconfig NetworkManager off2、在网卡文件中添加所需的DNS
直接将DNS服务器地址加入/etc/sysconfig/network-scripts/ifcfg-eth1 的配置中