這篇文檔,是我根據一個視頻教程作出來的筆記,上傳的PDF則爲這個視頻的課件,想看看見不想看我這個的,可以下載就是了,但下面所寫,均爲我個人測試所得,有什麼問題,儘管可以回帖
DNS概述
DNS安裝
DNS常見名詞
DNS配置文件詳解
配置主要DNS服務
DNS案例詳解
DNS域名系統簡介
四部分組成
DNS域名空間
資源記錄
DNS服務器
DNS客戶端
DNS域名空間
根域-->頂極域-->子域-->主機
分成三個類型
組織域--地址域--反向域
DNS查詢工作的原理
兩部分組成
本地解析
查詢DNS服務器
遞歸查詢 (服務器與服務器交流)
迭代查詢(流量會增大,服務器與客戶端的交流)
hosts文件
/etc/hosts解析網絡中的IP地址跟域名
DNS服務器bind及chroot的安裝
比較注意的一個caching-nameserver很多文件已經配置好,比較方便,故此,需要裝上
rpm -q bind查詢是否安裝
yum -y install bind-*
yum -y install caching-nameserver-*
rpm -ql caching-nameserver
/var/name/named.ca根服務器的配置文件
安裝chroot軟件包
原因
優點
危害減少
啓動/停止/重啓 DNS
DNS常見名詞
區
資源記錄
區文件
DNS緩存
正向解析
反向解析
DNS配置文件詳解
/etc/named.conf
/var/named/named.ca
/var/named/localhost.zone
/var/named/name.local
/var/named/
資源記錄
SOA資源記錄
主配置文件named.conf
options{
directory "/var/named"; 指定工作目錄
forwards {192.168.31.2} 指定查詢的目標DNS服務器
allow-transfer -->輔助DNS的時候用到
};
type字段指定的區域類型
master:定義的是主域名服務器
slave:輔助域名服務器
hint:互聯網中根域服務器
forward:
stub:
delegation-only
DNS服務器架設流程
建立named.conf
建立區域文件
重新加載配置文件使配置生效
配置主要名稱服務器的概述
主配置文件
主配置文件
/etc/named.conf
設置根區域
zone "."{
type hint;
};
設置主區域
zone "example.com"{
type master;
};
設置反向解析區域
zone "16.168.192.in-addr.arpa"{
type master;
file "192.168.16.arpa";
};
根服務器信息文件named.ca
ftp下載複製到/var/named/chroot/var/named/目錄下
正向區域文件
反向解析區域文件
/var/named/chroot/var/named/192.168.16.arpa
實現負載均衡功能
主要名稱服務器的測試
1 測試前的準備
啓動DNS服務
配置/etc/resolv.conf
2 使用nslookup程序測試
3 host [-t type] hostname [server][ip]
4 dig [-t type] hostname [server][ip]
最簡單的服務器配置
host 51CTO提醒您,請勿濫發廣告!
發現,超時
cd /var/named/chroot/
cd etc;ls
建立named.conf文件
options {
directory "/var/named";
};
zone "."{
type hint;
file "named.ca"
};
ls -l named.conf
默認是root用戶組
host 51CTO提醒您,請勿濫發廣告!
如果沒有安裝chroot的包的話,比需要把文件的權限更改掉
host ip
dig 51CTO提醒您,請勿濫發廣告!
nslookup 51CTO提醒您,請勿濫發廣告!
named-checkconf 檢查區域文件
named-checkconf named.conf檢查
named-checkconf named.ca /var/named/chroot/var/named/named.ca
配置輔助名稱服務器
優點
提供容錯能力
分擔主服務器的負擔
加快查詢的速度
/etc/named.conf
配置緩存cache-only服務器
類似於代理服務器
options{
dirc
forward only;
forwarders{
ip;
};
};
案例
實例1】技術部所在域爲“tech.org”,部門內有三臺主機,主機名分別是 client1.tech.org,client2.tech.org,client3.tech.org。現要求DNS服務器dns.tech.org 可以解析3臺主機名和IP地址的對應關係。
[root@localhost etc]# yum -y install bind-*
[root@localhost etc]# yum -y install caching-nameserver-*
[root@localhost /]# cd /var/named/chroot/etc/
[root@localhost etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@localhost etc]# vim named.conf
options{
directory "/var/named";
};
zone "."{
type hint;
file "named.ca"
};
zone "tech.org"{
type master;
file "tech.org.zone";
};
zone "141.16.172.in-addr.arpa"{
type master;
file "172.16.141.zone";
};
~
建立區域文件
[root@localhost etc]# cd ..
[root@localhost chroot]# ls
dev etc var
[root@localhost chroot]# cd var/named/
[root@localhost named]# ls
data localhost.zone named.ca named.local slaves
localdomain.zone named.broadcast named.ip6.local named.zero
[root@localhost named]# vim tech.org.zone
$TTL 86400
@ IN SOA dns.tech.org. root(
2011071300
3H
1H
0)
@ IN NS dns.tech.org.
dns IN A 172.16.141.132
client1 IN A 172.16.141.133
client2 IN A 172.16.141.134
client3 IN A 172.16.141.135
建立反向區域
[root@localhost named]# vim 172.16.141.zone
$TTL 86400
@ IN SOA dns.tech.org. root.tech.org. (
2011071300
3H
1H
1W
0)
@ IN NS dns.tech.org.
132.141.16.172.in-addr.arpa. IN PTR dns.tech.org.
133 IN PTR client1.tech.org.
134 IN PTR client2.tech.org.
135 IN PTR client3.tech.org.
~
檢查區域文件
[root@localhost named]# named-checkzone tech.org.zone /var/named/chroot/var/named/tech.org.zone
zone tech.org.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone 172.16.141.zone /var/named/chroot/var/named/172.16.141.zone
/var/named/chroot/var/named/172.16.141.zone:9: ignoring out-of-zone data (132.141.16.172.in-addr.arpa)
zone 172.16.141.zone/IN: loaded serial 2011071300
OK
[root@localhost named]#
[root@localhost named]# service named start
Starting named: [ OK ]
[root@localhost named]# dig -t PTR 133.141.16.172.in-addr.arpa
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -t PTR 133.141.16.172.in-addr.arpa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39593
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;133.141.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
133.141.16.172.in-addr.arpa. 86400 IN PTR client1.tech.org.
;; AUTHORITY SECTION:
141.16.172.in-addr.arpa. 86400 IN NS dns.tech.org.
;; ADDITIONAL SECTION:
dns.tech.org. 86400 IN A 172.16.141.132
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 13 16:21:15 2011
;; MSG SIZE rcvd: 109
[root@localhost named]#
實例2】企業採用多個區域管理各部門網絡,技術部屬於“tech.boobooke”域,市場部屬於“mart.boobooke”域,其他人員屬於“freedom.boobooke”域。
技術部門共有100人,採用的IP地址爲192.168.31.1-192.168.31.100。
市場部門共有100人,採用IP地址爲192.168.32.1-192.168.32.100。
其他人員只有50人,採用IP地址爲192.168.33.1-192.168.33.50。
現採用一臺主機搭建DNS服務器,其IP地址爲192.168.31.134,要求這臺DNS服務器可以完成內網所有區域的正/反向解析,
並且所有員工均可以訪問外網地址。
配置named.conf
options{
directory "/var/named";
};
zone "."{
type hint;
file "named.ca";
};
zone "tech.boobooke"{
type master;
file "tech.boobooke.zone";
};
zone "141.16.172.in-addr.arpa"{
type master;
file "172.16.141.zone";
};
zone "mark.boobooke"{
type master;
file "mark.boobooke.zone";
};
zone "142.16.172.in-addr.arpa"{
type master;
file "172.16.142.zone";
};
zone "freedom.boobooke"{
type master;
file "freedom.boobooke.zone";
};
zone "143.16.172.in-addr.arpa"{
type master;
file "172.16.143.zone";
};
[root@localhost named]# mv tech.org.zone tech.boobooke.zone
[root@localhost named]# cp tech.boobooke.zone mark.boobooke.zone
[root@localhost named]# cp tech.boobooke.zone freedom.boobooke.zone
[root@localhost named]# cp 172.16.141.zone 172.16.142.zone
[root@localhost named]# cp 172.16.141.zone 172.16.143.zone
[root@localhost named]# vim tech.boobooke.zone
$TTL 86400
@ IN SOA dns.tech.boobooke. root (
2011071300
3H
1H
1W
0)
@ IN NS dns.tech.boobooke.
dns IN A 172.16.141.132
client1 IN A 172.16.141.1
client2 IN A 172.16.141.2
client3 IN A 172.16.141.3
client100 IN A 172.16.141.100
[root@localhost named]# vim mark.boobooke.zone
$TTL 86400
@ IN SOA dns.mark.boobooke. root (
2011071300
3H
1H
1W
0)
@ IN NS dns.mark.boobooke.
dns IN A 172.16.141.132
client1 IN A 172.16.142.1
client2 IN A 172.16.142.2
client3 IN A 172.16.142.3
client100 IN A 172.16.142.100
[root@localhost named]# vim freedom.boobooke.zone
$TTL 86400
@ IN SOA dns.freedom.boobooke. root (
2011071300
3H
1H
1W
0)
@ IN NS dns.freedom.boobooke.
dns IN A 172.16.141.132
client1 IN A 172.16.143.1
client2 IN A 172.16.143.2
client3 IN A 172.16.143.3
client50 IN A 172.16.143.50
然後編輯反向區域
[root@localhost named]# vim 172.16.141.zone
$TTL 86400
@ IN SOA dns.tech.boobooke. root.tech.boobooke. (
2011071300
3H
1H
1W
0)
@ IN NS dns.tech.boobooke.
132 IN PTR dns.tech.boobooke.
1 IN PTR client1.tech.boobooke.
2 IN PTR client2.tech.boobooke.
3 IN PTR client3.tech.boobooke.
100 IN PTR client100.tech.boobooke.
[root@localhost named]# cp 172.16.141.zone 172.16.142.zone
cp: overwrite `172.16.142.zone'? y
[root@localhost named]# cp 172.16.141.zone 172.16.143.zone
cp: overwrite `172.16.143.zone'? y
[root@localhost named]# vim 172.16.142.zone
$TTL 86400
@ IN SOA dns.mark.boobooke. root.mark.boobooke. (
2011071300
3H
1H
1W
0)
@ IN NS dns.mark.boobooke.
132 IN PTR dns.mark.boobooke.
1 IN PTR client1.mark.boobooke.
2 IN PTR client2.mark.boobooke.
3 IN PTR client3.mark.boobooke.
100 IN PTR client100.mark.boobooke.
[root@localhost named]# vim 172.16.143.zone
$TTL 86400
@ IN SOA dns.freedom.boobooke. root.freedom.boobooke. (
2011071300
3H
1H
1W
0)
@ IN NS dns.freedom.boobooke.
132 IN PTR dns.freedom.boobooke.
1 IN PTR client1.freedom.boobooke.
2 IN PTR client2.freedom.boobooke.
3 IN PTR client3.freedom.boobooke.
50 IN PTR client50.freedom.boobooke.
[root@localhost named]# named-checkconf /var/named/chroot/etc/named.conf
[root@localhost named]# named-checkzone 172.16.141.zone /var/named/chroot/var/named/172.16.141.zone
zone 172.16.141.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone 172.16.142.zone /var/named/chroot/var/named/172.16.142.zone
zone 172.16.142.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone 172.16.143.zone /var/named/chroot/var/named/172.16.143.zone
zone 172.16.143.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone tech.boobooke.zone /var/named/chroot/var/named/tech.boobooke.zone
zone tech.boobooke.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone mark.boobooke.zone /var/named/chroot/var/named/mart.boobooke.zone
zone mart.boobooke.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone freedom.boobooke.zone /var/named/chroot/var/named/freedom.boobooke.zone
zone freedom.boobooke.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@localhost named]#
[root@localhost named]# host client1.tech.boobooke
client1.tech.boobooke has address 172.16.141.1
[root@localhost named]# host client1.mark.boobooke
client1.mark.boobooke has address 172.16.142.1
[root@localhost named]# host client1.freedom.boobooke
client1.freedom.boobooke has address 172.16.143.1
[root@localhost named]#
[root@localhost named]# host 172.16.141.100
100.141.16.172.in-addr.arpa domain name pointer client100.tech.boobooke.
[root@localhost named]# host 172.16.142.100
100.142.16.172.in-addr.arpa domain name pointer client100.mark.boobooke.
[root@localhost named]# host 172.16.143.100
Host 100.143.16.172.in-addr.arpa. not found: 3(NXDOMAIN)
[root@localhost named]# host 172.16.143.50
50.143.16.172.in-addr.arpa domain name pointer client50.freedom.boobooke.
[root@localhost named]#
【實例3】安裝基於chroot的DNS服務器,並將其配置成緩存Cache-only服務器,然後將客戶機的查詢轉發到202.100.138.68和202.100.128.68的DNS服務器上。
配置named.conf文件
刪除所有文件的內容,建立緩存服務器
options{
directory "/var/named";
forwarders {
202.100.138.68;
202.100.128.68;};
forward only;
};
重啓服務
[root@localhost etc]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 220.181.111.148
www.a.shifen.com has address 220.181.112.143
【實例4】安裝基於chroot的DNS服務器,並根據以下要求配置主要名稱服務器。
(1)定義服務器的版本信息爲“9.3.4”。
(2)設置根區域,以便DNS服務器在本地區域文件不能進行查詢的解析時,能轉到根DNS服務器查詢。
(3)建立xyz.org主區域,設置允許區域複製的輔域名服務器的地址爲192.168.31.134。
(4)建立以下A資源記錄。
dns.xyz.org. IN A 192.168.31.1
www.xyz.org. IN A 192.168.31.2
mail.xyz.org. IN A 192.168.31.3
(5)建立以下別名CNAME資源記錄。
bbs IN CNAME www
(6)建立以下郵件交換器MX資源記錄
Xyz.org. IN MX 10 mail.xyz.org.
(7)建立反向解析區域31.168.192.in-addr.arpa,併爲以上A資源記錄建立對應的指針PTR資源記錄。
[root@localhost etc]# vim named.conf
options{
directory "/var/named";
version "9.3.4";
allow-transfer {172.16.141.139;};
};
zone "." {
type hint;
file "named.ca";
};
zone "xyz.org" {
type master;
file "xyz.org.zone";
};
zone "141.16.172.in-addr.arpa" {
type master;
file "172.16.141.zone";
};
[root@localhost named]# vim xyz.org.zone
$TTL 86400
@ IN SOA dns.xyz.org. root (
2011071400;
3H;
1H;
1W
1D)
@ IN NS dns
dns IN A 172.16.141.1
www IN A 172.16.141.2
mail IN A 172.16.141.3
bbs IN CNAME www
xyz.org. IN MX 10 mail.xyz.org.
[root@localhost named]# vim 172.16.141.zone
$TTL 86400
@ IN SOA dns.xyz.org. root (
2011071400
3H
1H
1W
1D)
@ IN NS dns.xyz.org.
1 IN PTR dns.xyz.org.
2 IN PTR www.xyz.org.
3 IN PTR mail.xyz.org.
配置好之後,一定要留意/etc/resolve.conf中,
; generated by /sbin/dhclient-script
search localdomain
nameserver 127.0.0.1
nameserver一定要是本地的迴環地址,不然會錯誤
實例5】安裝基於chroot的DNS服務器,並根據以下要求配置輔助名稱服務器。
(1)建立xyz.org從區域,設置主要名稱服務器的地址爲192.168.31.132。
(2)建立反向解析從區域31.168.192.in-addr.arpa,設置主要名稱服務器的地址爲192.168.31.132。
輔助域名服務器的配置
[root@localhost yum.repos.d]# yum -y install bind-*
[root@localhost yum.repos.d]# yum -y install caching-nameserver-*
設置主配置文件
options {
directory "/var/named";
};
zone "xyz.org" {
type slave;
masters { 172.16.141.132; };
file "slaves/xyz.org.zone";
};
zone "141.16.172.in-addr.arpa" {
type slave;
masters { 172.16.141.132; };
file "slaves/172.16.141.zone";
};
去到/var/named/slaves 中,此時
[root@localhost slaves]# ls
沒有文件
[root@localhost slaves]# service named start
Starting named: [ OK ]
[root@localhost slaves]# ls
172.16.141.zone xyz.org.zone
[root@localhost slaves]#
重啓服務即可看到
[root@localhost slaves]# host dns.xyz.org
;; connection timed out; no servers could be reached
發現,解析不了,因爲我們需要修改DNS
[root@localhost slaves]# vim /etc/resolv.conf
nameserver 127.0.0.1
[root@localhost slaves]# host dns.xyz.org
dns.xyz.org has address 172.16.141.1
即可實現