dns原理
DNS 是域名系統 (Domain Name System) 的縮寫,該系統用於命名組織到域層次結構中的計算機和網絡服務。在Internet上域名與IP地址之間是一一對應的,域名雖然便於人們記憶,但機器之間只能互相認識IP地址,它們之間的轉換工作稱爲域名解析,域名解析需要由專門的域名解析服務器來完成,DNS就是進行域名解析的服務器。 DNS 命名用於 Internet 等 TCP/IP 網絡中,通過用戶友好的名稱查找計算機和服務。當用戶在應用程序中輸入 DNS 名稱時,DNS 服務可以將此名稱解析爲與之相關的其他信息,如 IP 地址。因爲,你在上網時輸入的網址,是通過域名解析系統解析找到了相對應的IP地址,這樣才能上網。其實,域名的最終指向是IP
例1、單臺dns服務器搭建
1】在CentOS 6.4 環境下安裝dns服務器需要安裝bind 和bind-chroot
[root@localhost ~]# yum install bind bind-utils bind-chroot
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
* c6-media:
file:///media/CentOS/repodata/repomd.xml: [Errno 14] Could not open/read file:///media/CentOS/repodata/repomd.xml
Trying other mirror.
file:///media/cdrecorder/repodata/repomd.xml: [Errno 14] Could not open/read file:///media/cdrecorder/repodata/repomd.xml
Trying other mirror.
c6-media | 4.0 kB 00:00 ...
Setting up Install Process
Package 32:bind-utils-9.8.2-0.17.rc1.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.17.rc1.el6 will be installed
---> Package bind-chroot.x86_64 32:9.8.2-0.17.rc1.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================
Package Arch Version Repository Size
======================================================================
Installing:
bind x86_64 32:9.8.2-0.17.rc1.el6 c6-media 4.0 M
bind-chroot x86_64 32:9.8.2-0.17.rc1.el6 c6-media 70 k
Transaction Summary
======================================================================
Install 2 Package(s)
Total download size: 4.0 M
Installed size: 7.2 M
Is this ok [y/N]: y
Downloading Packages:
----------------------------------------------------------------------
Total 83 MB/s | 4.0 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 32:bind-9.8.2-0.17.rc1.el6.x86_64 1/2
Installing : 32:bind-chroot-9.8.2-0.17.rc1.el6.x86_64 2/2
Verifying : 32:bind-chroot-9.8.2-0.17.rc1.el6.x86_64 1/2
Verifying : 32:bind-9.8.2-0.17.rc1.el6.x86_64 2/2
Installed:
bind.x86_64 32:9.8.2-0.17.rc1.el6
bind-chroot.x86_64 32:9.8.2-0.17.rc1.el6
Complete!
2】進入終端生成nadc.key文件並重啓named服務
這一步會生成dns需要的各種文件
進入/var/named/chroot/etc修改rndc.key所屬組和權限
[root@localhost chroot]#cd etc
[root@localhost etc]# chgrp named rndc.key
[root@localhost etc]# chmod g+r rndc.key
查看53端口信息
[root@localhost chroot]# netstat -tupln |grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3171/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3171/named
tcp 0 0 ::1:53 :::* LISTEN 3171/named
tcp 0 0 ::1:953 :::* LISTEN 3171/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 3171/named
udp 0 0 ::1:53 :::* 3171/named
3】修改dns服務器配置文件
1、進入/var/named/chroot/etc目錄這是dns服務器的配置文件
[root@localhost ~]# cd /var/named/chroot/etc
修改豬配置文件named.conf
[root@localhost etc]# vim named.conf
10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };
18 recursion yes;
19
20 dnssec-enable yes;
21 dnssec-validation yes;
22 dnssec-lookaside auto;
23
24 /* Path to ISC DLV key */
25 bindkeys-file "/etc/named.iscdlv.key";
26
27 managed-keys-directory "/var/named/dynamic";
28 };
2、修改區域聲明文件named.rfc1912.zones
[root@localhost etc]# vim named.rfc1912.zones
拷貝19-23行修改爲
25 zone "a.com" IN { 26 type master;
27 file "a.com.zone";
28 allow-update { none; };
29 };
3、進入/var/named/chroot/var/named/目錄創建a.com.zone
[root@localhost etc]# cd ../var/named
[root@localhost named]# cp -p named.localhost a.com.zone
修改a.com.zone
[root@localhost named]# vim a.com.zone
1 $TTL 1D
2 @ IN SOA ns.a.com. rname.invalid. (
3 1 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 @ IN NS ns.a.com.
9 ns IN A 192.168.3.122
10 www IN A 1.1.1.1
4、爲了便於測試把自己看作客戶端,修改/etc/resolv.conf
[root@localhost named]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.3.122
[root@localhost named]# rndc reload
server reload successful
5、進行域名解析
[root@localhost named]# dig www.a.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> www.a.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29186
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.a.com.INA
;; ANSWER SECTION:
www.a.com.86400INA1.1.1.1
;; AUTHORITY SECTION:
a.com.86400INNSns.a.com.
;; ADDITIONAL SECTION:
ns.a.com.86400INA192.168.3.122
;; Query time: 1 msec
;; SERVER: 192.168.3.122#53(192.168.3.122)
;; WHEN: Tue May 6 10:03:33 2014
;; MSG SIZE rcvd: 78
好了dns服務器搭建好了
例2、dns服務器主輔同步
主服務器配置同例1
輔助dns服務器配置只需將例1的第3】步中的
2修改爲
25 zone "a.com" IN {
26 type slave;
27 masters { 192.168.3.120; };
28 file "slave/a.com.zone";
29 };
3、進入/var/named/chroot/var/named/目錄創建a.com.zone
[root@localhost etc]# cd ../var/named
[root@localhost named]# cp -p named.localhost slaves/a.com.zone
修改a.com.zone
[root@localhost slaves]# vim a.com.zone
1 $TTL 1D
2 @ IN SOA ns.a.com. rname.invalid. (
3 1 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 @ IN NS ns.a.com.
9 ns IN A 192.168.3.122
10 www IN A 1.1.1.1
4、爲了便於測試把自己看作客戶端,修改/etc/resolv.conf
[root@localhost named]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.3.122
[root@localhost named]# rndc reload
server reload successful
在dns主服務器上添加mail 3.3.3.3
[root@localhost chroot]# vim var/named/a.com.zone
$TTL 1D
@ IN SOA ns.a.com. name.invalid. (
9 ; serial
1M ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.a.com.
ns IN A 192.168.3.122
www IN A 1.1.1.1
ftp IN A 2.2.2.2
mail IN A 3.3.3.3
[root@localhost chroot]# rndc reload
5、進行域名解析
[root@localhost chroot]# dig mail.a.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> mail.a.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 508
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.a.com.INA
;; ANSWER SECTION:
mail.a.com.86400INA3.3.3.3
;; AUTHORITY SECTION:
a.com.86400INNSns.a.com.
;; ADDITIONAL SECTION:
ns.a.com.86400INA192.168.3.120
;; Query time: 1 msec
;; SERVER: 192.168.3.122#53(192.168.3.122)
;; WHEN: Tue May 6 21:59:51 2014
;; MSG SIZE rcvd: 77
好了主輔同步完成了