DNS原理相關
DNS 爲Domain Name System(域名系統)的縮寫,它是一種將ip地址轉換成對應的主機名或將主機名轉換成與之相對應ip地址的一種服務機制。
其中通過域名解析出ip地址的叫做正向解析,通過ip地址解析出域名的叫做反向解析。 DNS使用TCP和UDP, 端口號都是53, 但它主要使用UDP,服務器之間備份使用TCP。
全世界只有13臺“根”服務器,1個主根服務器放在美國,其他12臺爲輔根服務器,DNS服務器根據角色可以分爲:主DNS, 從DNS, 緩存DNS服務器,DNS轉發服務器。
使用bind搭建DNS服務器
安裝
[root@www ~]# yum install -y bind
配置
[root@www ~]# cp /etc/named.conf /etc/named.conf.bak
[root@www ~]# > /etc/named.conf
[root@www ~]# vim /etc/named.conf
options {
directory "/var/named";
#定義子目錄,配置文件放在/var/named文件夾下即可
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone"; #自定義,後面在/var/named下編輯即可
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";#自定義,後面在/var/named下編輯即可
};
[root@www ~]# chown named /etc/named.conf
[root@www ~]# cd /var/named/
[root@www named]# dig -t NS . > named.ca //用於尋找根服務器
[root@www named]# cat named.ca
[root@www named]# vim localhost.zone //前面配置文件所定義的
@ IN SOA localhost. admin.localhost. (
2015101901
1H
10M
7D
1D
)
@ IN NS localhost.
localhost. IN A 127.0.0.1
[root@www named]# vim named.local
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2015101901
1H
10M
7D
1
)
@ IN NS localhost.
1 IN PTR localhost
[root@www named]# named-checkconf ////檢測主配置文件
[root@www named]# named-checkzone "localhost" /var/named/localhost.zone //檢測正向解析
/var/named/localhost.zone:1: no TTL specified; using SOA MINTTL instead
zone localhost/IN: loaded serial 2015101901
OK
[root@www named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.local //檢測反向解析
zone 0.0.127.in-addr.arpa/IN: loaded serial 2015101901
OK
啓動
[root@www named]# rndc-confgen -r /dev/urandom -a //生成 rndc.key, 如果沒有這個key namd 是啓動不了的。
wrote key file "/etc/rndc.key"
[root@www named]# chown named:named /etc/rndc.key //更改key的權限
[root@www named]# /etc/init.d/named start //啓動named服務
啓動 named: 確定
[root@www named]# netstat -lnp |grep named //檢查named進程是否監聽了53端口
tcp 0 0 192.168.2.11:53 0.0.0.0:* LISTEN 15119/named
tcp 0 0 192.168.1.110:53 0.0.0.0:* LISTEN 15119/named
tcp 0 0 192.168.1.11:53 0.0.0.0:* LISTEN 15119/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15119/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15119/named
tcp 0 0 ::1:953 :::* LISTEN 15119/named
udp 0 0 192.168.2.11:53 0.0.0.0:* 15119/named
udp 0 0 192.168.1.110:53 0.0.0.0:* 15119/named
udp 0 0 192.168.1.11:53 0.0.0.0:* 15119/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 15119/named
正向測試和方向測試
[root@www named]# dig @127.0.0.1 localhost //格式爲 dig @DNSServer
域名
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 localhost
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12472
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
localhost. 86400 IN NS localhost.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 18 15:18:20 2015
;; MSG SIZE rcvd: 57[root@www named]# dig @127.0.0.1 localhost
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 localhost
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12472
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
localhost. 86400 IN NS localhost.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 18 15:18:20 2015
;; MSG SIZE rcvd: 57
[root@www named]# dig @127.0.0.1 -x 127.0.0.1 //測試反向解析,
格式爲 dig @DNSServer -x 域名
增加一個域名hehe.com
[root@www named]# vim /etc/named.conf
zone "hehe.com" IN {
type master; #是一個主
file "hehe.com.zone";#域名配置文件
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.zone";# 用於反向解析
};
[root@www named]# vim /var/named/hehe.com.zone //與上面的配置文件相對應
$TTL 600 //時間 TTL
@ IN SOA hehe.com. root.hehe.com. (//固定時間
2015101901
1H
10M
7D
1D
)
IN NS ns.hehe.com.
IN MX 10 mail.hehe.com.
ns IN A 192.168.1.11 //A記錄
www IN A 192.168.1.12
mail IN A 192.168.1.12
bbs IN CNAME www.hehe.com. //came
[root@www named]# vim /var/named/192.168.zone
$TTL 600
@ IN SOA ns.hehe.com. root.hehe.com. (
2015101901
1H
10M
7D
1D
)
@ IN NS ns.hehe.com.
111 IN PTR ns.hehe.com.
123 IN PTR mail.hehe.com.
122 IN PTR www.hehe.com.
測試是否正確
[root@www named]# named-checkconf
[root@www named]# named-checkzone "0.0.127.in-addr.arpa" 192.168.zone
zone 0.0.127.in-addr.arpa/IN: loaded serial 2015101901
OK
[root@www named]# named-checkzone "hehe.com" /var/named/hehe.com.zone
zone hehe.com/IN: loaded serial 2015101901
OK
重啓
[root@www named]# /etc/init.d/named restart
測試
[root@www named]# dig @192.168.1.11 www.hehe.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 www.hehe.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22136
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.hehe.com. IN A
;; ANSWER SECTION:
www.hehe.com. 600 IN A 192.168.1.122
;; AUTHORITY SECTION:
hehe.com. 600 IN NS ns.hehe.com.
;; ADDITIONAL SECTION:
ns.hehe.com. 600 IN A 192.168.1.111
;; Query time: 2 msec
;; SERVER: 192.168.1.11#53(192.168.1.11)
;; WHEN: Sun Oct 18 15:50:04 2015
;; MSG SIZE rcvd: 79
[root@www named]# dig @192.168.1.11 bbs.hehe.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 bbs.hehe.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42901
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;bbs.hehe.com. IN A
;; ANSWER SECTION:
bbs.hehe.com. 600 IN CNAME www.hehe.com.
www.hehe.com. 600 IN A 192.168.1.122
;; AUTHORITY SECTION:
hehe.com. 600 IN NS ns.hehe.com.
;; ADDITIONAL SECTION:
ns.hehe.com. 600 IN A 192.168.1.111
;; Query time: 3 msec
;; SERVER: 192.168.1.11#53(192.168.1.11)
;; WHEN: Sun Oct 18 15:51:07 2015
;; MSG SIZE rcvd: 97
[root@www named]# dig @127.0.0.1 -x 192.168.1.111 //反向解析
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 -x 192.168.1.111
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21145
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;111.1.168.192.in-addr.arpa. IN PTR
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 18 15:53:03 2015
;; MSG SIZE rcvd: 44
配置DNS轉發
我們配置的DNS是隻能解析我們定義的zone的,我們沒有定義的是不能解析的。配置DNS轉發就可以解析其他互聯網上的域名了,前提是這個域名在互聯網中的確在使用,也就是說這個域名已經被某個DNS服務器解析了。
[root@www named]# vim /etc/named.conf
將options選項修改爲
options {
directory "/var/named";
forward first;
forwarders { 8.8.8.8; };
};
測試
[root@www named]# named-checkconf
[root@www named]# /etc/init.d/named restart
停止 named: [確定]
啓動 named: [確定]
[root@www named]# dig @192.168.1.11 www.baidu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18147
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 246 IN CNAME www.a.shifen.com.
www.a.shifen.com. 104 IN A 61.135.169.125
www.a.shifen.com. 104 IN A 61.135.169.121
;; Query time: 1 msec
;; SERVER: 192.168.1.11#53(192.168.1.11)
;; WHEN: Sun Oct 18 16:04:35 2015
;; MSG SIZE rcvd: 90
配置主從
主 www 192.168.1.11 已安裝bind(必須)
從 test 192.168.1.12 已安裝bind(必須)
主
[root@www named]# vim /etc/named.conf
options {
directory "/var/named";
forward first;
forwarders { 8.8.8.8; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "hehe.com" IN {
type master;
file "hehe.com.zone";
notify yes;//增加訪問速度,一旦修改立即告訴從
also-notify { 192.168.1.12; }; //從的ip地址
};
zone "137.168.192.in-addr.arpa" IN {
type master;
file "192.168.zone";
notify yes;
also-notify { 192.168.1.11; };
};
[root@www named]# named-checkconf
[root@www named]# scp /etc/named.conf 192.168.1.12:/etc/
[root@www named]# scp /var/named/localhost.zone 192.168.1.12:/var/named/
[root@www named]# scp /var/named/named.local 192.168.1.12:/var/named/
從上
[root@test ~]# vim /etc/named.conf
options {
directory "/var/named";
forward first;
forwarders { 8.8.8.8; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "hehe.com" IN {
type slave;
file "slaves/hehe.com.zone";
masters { 192.168.1.11; };
};
zone "137.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.zone";
masters { 192.168.1.11; };
};
[root@test ~]# named-checkconf
[root@test ~]# rndc-confgen -r /dev/urandom -a
wrote key file "/etc/rndc.key"
[root@test ~]# chown named:named /etc/rndc.key
[root@test ~]# /etc/init.d/named start
啓動 named: [確定]
啓動後將會發現
在/var/named/slaves有
[root@test slaves]# ls -l /var/named/slaves/
總用量 8
-rw-r--r-- 1 named named 385 10月 18 16:31 192.168.zone
-rw-r--r-- 1 named named 385 10月 18 16:31 hehe.com.zone
兩個文件
注意:
必須同步時間
[root@www named]# ntpdate 202.120.2.101
測試主從同步
在主上執行
[root@www named]# vim /var/named/hehe.com.zone // 在最後增加一行並改變順列號,使序列號大於原來的 2015101902>2015101901
cangls IN A 192.168.1.222
root@www named]# /etc/init.d/named restart
停止 named: [確定]
啓動 named: [確定]
說明:
從設備的內容可以修改,但是從變動,主不變,如從變動後,又同步了主的,則以主的爲主
但是如過主設備的zone文件的時間小於或等於從設備的zone則會導致文件不會同步
其中2015101902>2015101901
從
[root@test slaves]# vim /var/named/slaves/hehe.com.zone
增加一行
ccc A 1.2.4.3
並加大序列號 2015101903
$ORIGIN .
$TTL 600 ; 10 minutes
hehe.com IN SOA hehe.com. root.hehe.com. (
2015101903 ; serial
3600 ; refresh (1 hour)
600 ; retry (10 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.hehe.com.
MX 10 mail.hehe.com.
$ORIGIN hehe.com.
bbs CNAME www
cangls A 192.168.1.222
mail A 192.168.1.123
ns A 192.168.1.111
www A 192.168.1.122
ccc A 1.2.4.3
[root@test slaves]# /etc/init.d/named restart
[root@test slaves]# dig @localhost ccc.hehe.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55988
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;ccc.hehe.com. IN A
;; ANSWER SECTION:
ccc.hehe.com. 600 IN A 1.2.4.3
;; AUTHORITY SECTION:
hehe.com. 600 IN NS ns.hehe.com.
;; ADDITIONAL SECTION:
ns.hehe.com. 600 IN A 192.168.1.111
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 18 17:02:13 2015
;; MSG SIZE rcvd: 79
可以看到解析爲1.2.4.3
主上
root@www named]# vim hehe.com.zone
增加一行
ccc IN A 1.2.3.4
並且不改變序列號
$TTL 600
@ IN SOA hehe.com. root.hehe.com. (
2015101902
1H
10M
7D
1D
)
IN NS ns.hehe.com.
IN MX 10 mail.hehe.com.
ns IN A 192.168.1.111
www IN A 192.168.1.122
mail IN A 192.168.1.123
bbs IN CNAME www.hehe.com.
cangls IN A 192.168.1.222
ccc IN A 1.2.3.4
[root@www named]# /etc/init.d/named restart
從上執行
[root@test slaves]# dig @localhost ccc.hehe.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49573
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;ccc.hehe.com. IN A
;; ANSWER SECTION:
ccc.hehe.com. 600 IN A 1.2.4.3
;; AUTHORITY SECTION:
hehe.com. 600 IN NS ns.hehe.com.
;; ADDITIONAL SECTION:
ns.hehe.com. 600 IN A 192.168.1.111
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 18 17:06:19 2015
;; MSG SIZE rcvd: 79
可以看到解析的爲1.2.4.3
因爲主上序列號小於從上的,從並不跟隨主上的修改
主上執行
[root@www named]# vim hehe.com.zone
增大序列號
$TTL 600
@ IN SOA hehe.com. root.hehe.com. (
2015101904
1H
10M
7D
1D
)
IN NS ns.hehe.com.
IN MX 10 mail.hehe.com.
ns IN A 192.168.1.111
www IN A 192.168.1.122
mail IN A 192.168.1.123
bbs IN CNAME www.hehe.com.
cangls IN A 192.168.1.222
ccc IN A 1.2.3.4
[root@www named]# /etc/init.d/named restart
從上執行
[root@test slaves]# dig @localhost ccc.hehe.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49573
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;ccc.hehe.com. IN A
;; ANSWER SECTION:
ccc.hehe.com. 600 IN A 1.2.3.4
;; AUTHORITY SECTION:
hehe.com. 600 IN NS ns.hehe.com.
;; ADDITIONAL SECTION:
ns.hehe.com. 600 IN A 192.168.1.111
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 18 17:06:19 2015
;; MSG SIZE rcvd: 79
可以看到解析的爲1.2.3.4
因爲主上序列號大於從上的,從跟隨主上的修改