DNS named服務搭建、配置、測試和端口講解

原創 gushaolin 2020-02-27 18:20

測試環境:Centos 7 64位-2,ip:192.168.128.137

一、DNS服務器的類型

①Primary DNS Server(Master)
一個域的主服務器保存着該域的zone配置文件,該域所有的配置、更改都是在該服務器上進行,本篇隨筆要講解的也是如何配置一個域的主DNS服務器
②Secondary DNS Server(Slave)
域從服務器一般都是作爲冗餘負載使用,一個域的從服務器是從該域的主服務器上抓取zone配置文件,從服務器不會進行任何信息的更改,zone配置文件的修改只能在主DNS服務器上進行,所有的修改都有主服務器同步
③Caching only Server
DNS緩存服務器不存在任何的zone配置文件,僅僅依靠緩存來爲客戶端提供服務,通常用於負載均衡及加速訪問操作

二、安裝BIND

對於DNS服務器軟件現在有許多的程序可以使用,但是現今爲止使用的最多最廣泛的DNS服務器軟件還是BIND(Berkeley Internet Name Domain),最早是由伯克利大學的一個學生開發的,現在的最新版本是版本9,由ISC進行編寫和維護。
BIND支持目前市面上所有的主流操作系統,包括Linux、Windows、Mac OS等
我們的CentOS上並沒有默認安裝BIND這個軟件,所以我們需要手動對其進行安裝,這裏使用yum的方式來進行安裝;

2.1,yum安裝軟件bind
[root@CentOS7-2 yum.repos.d]# yum install -y bind bind-chroot bind-utils
Loaded plugins: fastestmirror, langpacks
base                                                            | 3.6 kB  00:00:01     
epel/x86_64/metalink                                            | 9.5 kB  00:00:00     
epel                                                            | 5.4 kB  00:00:04     
extras                                                          | 2.9 kB  00:00:00     
mariadb-org                                                     | 2.9 kB  00:00:00     
nginx-stable                                                    | 2.9 kB  00:00:00     
updates                                                         | 2.9 kB  00:00:00     
(1/9): base/7/x86_64/group_gz                                   | 165 kB  00:00:09     
(2/9): extras/7/x86_64/primary_db                               | 159 kB  00:00:05     
(3/9): epel/x86_64/group_gz                                     |  90 kB  00:00:38     
(4/9): mariadb-org/primary_db                                   |  53 kB  00:00:28     
(5/9): epel/x86_64/updateinfo                                   | 1.0 MB  00:00:46     
(6/9): nginx-stable/x86_64/primary_db                           |  51 kB  00:00:08     
(7/9): base/7/x86_64/primary_db                                 | 6.0 MB  00:01:00     
(8/9): updates/7/x86_64/primary_db                              | 6.7 MB  00:00:58     
(9/9): epel/x86_64/primary_db                                   | 6.7 MB  00:05:59     
Determining fastest mirrors
 * base: mirrors.ustc.edu.cn
 * epel: mirrors.njupt.edu.cn
 * extras: mirrors.zju.edu.cn
 * updates: mirrors.nju.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.11.4-9.P2.el7 will be installed
--> Processing Dependency: bind-libs-lite(x86-64) = 32:9.11.4-9.P2.el7 for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: bind-libs(x86-64) = 32:9.11.4-9.P2.el7 for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: python-ply for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: liblwres.so.160()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libisccfg.so.160()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libisccc.so.160()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libisc.so.169()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libdns.so.1102()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libbind9.so.160()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
---> Package bind-chroot.x86_64 32:9.11.4-9.P2.el7 will be installed
---> Package bind-utils.x86_64 32:9.9.4-50.el7 will be updated
---> Package bind-utils.x86_64 32:9.11.4-9.P2.el7 will be an update
--> Running transaction check
---> Package bind-libs.x86_64 32:9.9.4-50.el7 will be updated
---> Package bind-libs.x86_64 32:9.11.4-9.P2.el7 will be an update
--> Processing Dependency: bind-license = 32:9.11.4-9.P2.el7 for package: 32:bind-libs-9.11.4-9.P2.el7.x86_64
---> Package bind-libs-lite.x86_64 32:9.9.4-50.el7 will be updated
--> Processing Dependency: libdns-export.so.100()(64bit) for package: 12:dhclient-4.2.5-58.el7.centos.x86_64
--> Processing Dependency: libisc-export.so.95()(64bit) for package: 12:dhclient-4.2.5-58.el7.centos.x86_64
---> Package bind-libs-lite.x86_64 32:9.11.4-9.P2.el7 will be an update
---> Package python-ply.noarch 0:3.4-11.el7 will be installed
--> Running transaction check
---> Package bind-license.noarch 32:9.9.4-50.el7 will be updated
---> Package bind-license.noarch 32:9.11.4-9.P2.el7 will be an update
---> Package dhclient.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhclient.x86_64 12:4.2.5-77.el7.centos will be an update
--> Processing Dependency: dhcp-libs(x86-64) = 12:4.2.5-77.el7.centos for package: 12:dhclient-4.2.5-77.el7.centos.x86_64
--> Processing Dependency: dhcp-common = 12:4.2.5-77.el7.centos for package: 12:dhclient-4.2.5-77.el7.centos.x86_64
--> Processing Dependency: libisc-export.so.169()(64bit) for package: 12:dhclient-4.2.5-77.el7.centos.x86_64
--> Processing Dependency: libdns-export.so.1102()(64bit) for package: 12:dhclient-4.2.5-77.el7.centos.x86_64
--> Running transaction check
---> Package bind-export-libs.x86_64 32:9.11.4-9.P2.el7 will be installed
---> Package dhcp-common.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhcp-common.x86_64 12:4.2.5-77.el7.centos will be an update
---> Package dhcp-libs.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhcp-libs.x86_64 12:4.2.5-77.el7.centos will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================
 Package                 Arch          Version                       Repository   Size
=======================================================================================
Installing:
 bind                    x86_64        32:9.11.4-9.P2.el7            base        2.3 M
 bind-chroot             x86_64        32:9.11.4-9.P2.el7            base         90 k
Updating:
 bind-utils              x86_64        32:9.11.4-9.P2.el7            base        258 k
Installing for dependencies:
 bind-export-libs        x86_64        32:9.11.4-9.P2.el7            base        1.1 M
 python-ply              noarch        3.4-11.el7                    base        123 k
Updating for dependencies:
 bind-libs               x86_64        32:9.11.4-9.P2.el7            base        154 k
 bind-libs-lite          x86_64        32:9.11.4-9.P2.el7            base        1.1 M
 bind-license            noarch        32:9.11.4-9.P2.el7            base         88 k
 dhclient                x86_64        12:4.2.5-77.el7.centos        base        285 k
 dhcp-common             x86_64        12:4.2.5-77.el7.centos        base        176 k
 dhcp-libs               x86_64        12:4.2.5-77.el7.centos        base        133 k

Transaction Summary
=======================================================================================
Install  2 Packages (+2 Dependent packages)
Upgrade  1 Package  (+6 Dependent packages)

Total download size: 5.8 M
Is this ok [y/d/N]: y
Downloading packages:
No Presto metadata available for base
(1/11): bind-chroot-9.11.4-9.P2.el7.x86_64.rpm                  |  90 kB  00:00:07     
(2/11): bind-export-libs-9.11.4-9.P2.el7.x86_64.rpm             | 1.1 MB  00:00:42     
(3/11): bind-libs-9.11.4-9.P2.el7.x86_64.rpm                    | 154 kB  00:00:06     
(4/11): bind-utils-9.11.4-9.P2.el7.x86_64.rpm                   | 258 kB  00:00:03     
(5/11): bind-license-9.11.4-9.P2.el7.noarch.rpm                 |  88 kB  00:00:11     
(6/11): dhclient-4.2.5-77.el7.centos.x86_64.rpm                 | 285 kB  00:00:02     
(7/11): dhcp-libs-4.2.5-77.el7.centos.x86_64.rpm                | 133 kB  00:00:04     
(8/11): bind-9.11.4-9.P2.el7.x86_64.rpm                         | 2.3 MB  00:01:05     
(9/11): python-ply-3.4-11.el7.noarch.rpm                        | 123 kB  00:00:03     
(10/11): bind-libs-lite-9.11.4-9.P2.el7.x86_64.rpm              | 1.1 MB  00:00:31     
dhcp-common-4.2.5-77.el7.cento FAILED                                          
http://mirrors.ustc.edu.cn/centos/7.7.1908/os/x86_64/Packages/dhcp-common-4.2.5-77.el7.centos.x86_64.rpm: [Errno 12] Timeout on http://mirrors.ustc.edu.cn/centos/7.7.1908/os/x86_64/Packages/dhcp-common-4.2.5-77.el7.centos.x86_64.rpm: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
Trying other mirror.
(11/11): dhcp-common-4.2.5-77.el7.centos.x86_64.rpm             | 176 kB  00:00:01     
---------------------------------------------------------------------------------------
Total                                                      68 kB/s | 5.8 MB  01:26     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Updating   : 12:dhcp-libs-4.2.5-77.el7.centos.x86_64                            1/18 
  Updating   : 32:bind-license-9.11.4-9.P2.el7.noarch                             2/18 
  Updating   : 32:bind-libs-lite-9.11.4-9.P2.el7.x86_64                           3/18 
  Updating   : 32:bind-libs-9.11.4-9.P2.el7.x86_64                                4/18 
  Updating   : 12:dhcp-common-4.2.5-77.el7.centos.x86_64                          5/18 
  Installing : 32:bind-export-libs-9.11.4-9.P2.el7.x86_64                         6/18 
  Installing : python-ply-3.4-11.el7.noarch                                       7/18 
  Installing : 32:bind-9.11.4-9.P2.el7.x86_64                                     8/18 
  Installing : 32:bind-chroot-9.11.4-9.P2.el7.x86_64                              9/18 
  Updating   : 12:dhclient-4.2.5-77.el7.centos.x86_64                            10/18 
  Updating   : 32:bind-utils-9.11.4-9.P2.el7.x86_64                              11/18 
  Cleanup    : 12:dhclient-4.2.5-58.el7.centos.x86_64                            12/18 
  Cleanup    : 12:dhcp-common-4.2.5-58.el7.centos.x86_64                         13/18 
  Cleanup    : 32:bind-libs-lite-9.9.4-50.el7.x86_64                             14/18 
  Cleanup    : 32:bind-utils-9.9.4-50.el7.x86_64                                 15/18 
  Cleanup    : 12:dhcp-libs-4.2.5-58.el7.centos.x86_64                           16/18 
  Cleanup    : 32:bind-libs-9.9.4-50.el7.x86_64                                  17/18 
  Cleanup    : 32:bind-license-9.9.4-50.el7.noarch                               18/18 
  Verifying  : python-ply-3.4-11.el7.noarch                                       1/18 
  Verifying  : 32:bind-chroot-9.11.4-9.P2.el7.x86_64                              2/18 
  Verifying  : 32:bind-license-9.11.4-9.P2.el7.noarch                             3/18 
  Verifying  : 32:bind-libs-9.11.4-9.P2.el7.x86_64                                4/18 
  Verifying  : 12:dhcp-common-4.2.5-77.el7.centos.x86_64                          5/18 
  Verifying  : 32:bind-libs-lite-9.11.4-9.P2.el7.x86_64                           6/18 
  Verifying  : 32:bind-export-libs-9.11.4-9.P2.el7.x86_64                         7/18 
  Verifying  : 32:bind-utils-9.11.4-9.P2.el7.x86_64                               8/18 
  Verifying  : 32:bind-9.11.4-9.P2.el7.x86_64                                     9/18 
  Verifying  : 12:dhclient-4.2.5-77.el7.centos.x86_64                            10/18 
  Verifying  : 12:dhcp-libs-4.2.5-77.el7.centos.x86_64                           11/18 
  Verifying  : 12:dhcp-libs-4.2.5-58.el7.centos.x86_64                           12/18 
  Verifying  : 12:dhcp-common-4.2.5-58.el7.centos.x86_64                         13/18 
  Verifying  : 32:bind-license-9.9.4-50.el7.noarch                               14/18 
  Verifying  : 32:bind-libs-lite-9.9.4-50.el7.x86_64                             15/18 
  Verifying  : 32:bind-utils-9.9.4-50.el7.x86_64                                 16/18 
  Verifying  : 32:bind-libs-9.9.4-50.el7.x86_64                                  17/18 
  Verifying  : 12:dhclient-4.2.5-58.el7.centos.x86_64                            18/18 

Installed:
  bind.x86_64 32:9.11.4-9.P2.el7         bind-chroot.x86_64 32:9.11.4-9.P2.el7        

Dependency Installed:
  bind-export-libs.x86_64 32:9.11.4-9.P2.el7       python-ply.noarch 0:3.4-11.el7      

Updated:
  bind-utils.x86_64 32:9.11.4-9.P2.el7                                                 

Dependency Updated:
  bind-libs.x86_64 32:9.11.4-9.P2.el7        bind-libs-lite.x86_64 32:9.11.4-9.P2.el7 
  bind-license.noarch 32:9.11.4-9.P2.el7     dhclient.x86_64 12:4.2.5-77.el7.centos   
  dhcp-common.x86_64 12:4.2.5-77.el7.centos  dhcp-libs.x86_64 12:4.2.5-77.el7.centos  

Complete!
[root@CentOS7-2 yum.repos.d]# 
[root@CentOS7-2 yum.repos.d]# 
[root@CentOS7-2 yum.repos.d]# 
[root@CentOS7-2 yum.repos.d]# 
[root@CentOS7-2 yum.repos.d]# 
[root@CentOS7-2 yum.repos.d]# 
[root@CentOS7-2 yum.repos.d]# rpm -qa | grep bind
bind-export-libs-9.11.4-9.P2.el7.x86_64
bind-chroot-9.11.4-9.P2.el7.x86_64
bind-utils-9.11.4-9.P2.el7.x86_64
bind-libs-9.11.4-9.P2.el7.x86_64
bind-9.11.4-9.P2.el7.x86_64
keybinder3-0.3.0-1.el7.x86_64
bind-libs-lite-9.11.4-9.P2.el7.x86_64
rpcbind-0.2.0-42.el7.x86_64
bind-license-9.11.4-9.P2.el7.noarch
[root@CentOS7-2 yum.repos.d]# 
[root@CentOS7-2 yum.repos.d]#

我們這裏一共安裝了三個文件,一個是bind的主程序,一個是bind-chroot,還有一個是bind-utils,這兩個包一般我們在安裝bind時都要用到的,包括bind的拓展功能以及僞根等等,所以我們一併將其安裝了
BIND的服務名是 named,因爲BIND提供的是DNS服務,而DNS默認的協議是TCP與UDP協議,所以BIND服務在啓動以後會佔用53(Domain), 953(mdc)這兩個端口號。

2.2,啓動named服務
root@CentOS7-2 named]# systemctl start named
[root@CentOS7-2 named]# 
[root@CentOS7-2 named]# 
[root@CentOS7-2 named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-02-26 11:12:21 CST; 9s ago
  Process: 11307 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 11305 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 11310 (named)
   CGroup: /system.slice/named.service
           └─11310 /usr/sbin/named -u named -c /etc/named.conf

Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './NS/IN': 2...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './NS/IN': 2...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './NS/IN': 2...53
Feb 26 11:12:22 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:22 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:22 CentOS7-2 named[11310]: managed-keys-zone: Key 20326 for zone . ac...ed
Feb 26 11:12:24 CentOS7-2 named[11310]: resolver priming query complete
Hint: Some lines were ellipsized, use -l to show in full.
[root@CentOS7-2 named]#
2.3,備份主配置文件

安裝完BIND以後,BIND的主配置文件通常是保存在兩個位置:
/etc/named.conf  -BIND服務主配置文件
/var/named/  -域的zone配置文件
但是我們如果在安裝了 bind-chroot 這個程序以後,BIND的主配置文件存放位置就變了,此時BIND的主配置文件會被封裝到一個僞根目錄內,此時的配置文件位置爲:
/var/named/chroot/etc/named.conf  -BIND服務主配置文件
/var/named/chroot/var/named  -域的zone配置文件
爲什麼安裝了bind-chroot以後,BIND的主配置文件的存放位置變了呢?這裏就涉及到了一個僞根的知識,chroot是通過將相關文件封裝到一個僞根目錄內,已達到安全防護的目的,一旦該程序被攻破,將只能訪問到僞根目錄內的內容,而並不是真實的根目錄。我們知道Linux的根目錄是 / ,我們的服務如果安裝了chroot這個程序,此時我們的服務的配置文件都會被安裝到我們的僞根裏面,會在裏面生成一個與原來服務完全相同的一個目錄體系結構。我們知道 /var/named/chroot 這個肯定不是我們的根目錄,但是如果在安裝了chroot以後,該服務的根目錄就會把 /var/named/chroot 當成是自己的根目錄,這樣就可以對我們的真實根目錄進行保護,所以建議大家在安裝網絡服務時最好都附帶安裝上chroot這個程序,有關chroot的更多知識,
不同於其他的服務,BIND服務在安裝完以後不會有預置的配置文件,其他服務比如samba、httpd服務安裝完以後其目錄下都會有一些配置文件,而BIND服務是沒有的,怎麼辦呢?我們通常在安裝完BIND服務以後,有關該服務的一些文檔都會保存在 /usr/share/doc 這個目錄下,在 (/usr/share/doc/bind-9.8.2/)這個目錄下有我們BIND配置文件的模板,我們只需要將其拷貝到其僞根目錄下即可。

這裏我實際的主配置文件是/etc/named.conf
[root@CentOS7-2 named]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/bin/arpaname
/usr/bin/named-rrchecker
/usr/lib/python2.7/site-packages/isc
/usr/lib/python2.7/site-packages/isc-2.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/isc/__init__.py
/usr/lib/python2.7/site-packages/isc/__init__.pyc
/usr/lib/python2.7/site-packages/isc/__init__.pyo
/usr/lib/python2.7/site-packages/isc/checkds.py
/usr/lib/python2.7/site-packages/isc/checkds.pyc
/usr/lib/python2.7/site-packages/isc/checkds.pyo
/usr/lib/python2.7/site-packages/isc/coverage.py
/usr/lib/python2.7/site-packages/isc/coverage.pyc
/usr/lib/python2.7/site-packages/isc/coverage.pyo
/usr/lib/python2.7/site-packages/isc/dnskey.py
/usr/lib/python2.7/site-packages/isc/dnskey.pyc
/usr/lib/python2.7/site-packages/isc/dnskey.pyo
/usr/lib/python2.7/site-packages/isc/eventlist.py
/usr/lib/python2.7/site-packages/isc/eventlist.pyc
/usr/lib/python2.7/site-packages/isc/eventlist.pyo
/usr/lib/python2.7/site-packages/isc/keydict.py
/usr/lib/python2.7/site-packages/isc/keydict.pyc
/usr/lib/python2.7/site-packages/isc/keydict.pyo
/usr/lib/python2.7/site-packages/isc/keyevent.py
/usr/lib/python2.7/site-packages/isc/keyevent.pyc
/usr/lib/python2.7/site-packages/isc/keyevent.pyo
/usr/lib/python2.7/site-packages/isc/keymgr.py
/usr/lib/python2.7/site-packages/isc/keymgr.pyc
/usr/lib/python2.7/site-packages/isc/keymgr.pyo
/usr/lib/python2.7/site-packages/isc/keyseries.py
/usr/lib/python2.7/site-packages/isc/keyseries.pyc
/usr/lib/python2.7/site-packages/isc/keyseries.pyo
/usr/lib/python2.7/site-packages/isc/keyzone.py
/usr/lib/python2.7/site-packages/isc/keyzone.pyc
/usr/lib/python2.7/site-packages/isc/keyzone.pyo
/usr/lib/python2.7/site-packages/isc/parsetab.py
/usr/lib/python2.7/site-packages/isc/parsetab.pyc
/usr/lib/python2.7/site-packages/isc/parsetab.pyo
/usr/lib/python2.7/site-packages/isc/policy.py
/usr/lib/python2.7/site-packages/isc/policy.pyc
/usr/lib/python2.7/site-packages/isc/policy.pyo
/usr/lib/python2.7/site-packages/isc/rndc.py
/usr/lib/python2.7/site-packages/isc/rndc.pyc
/usr/lib/python2.7/site-packages/isc/rndc.pyo
/usr/lib/python2.7/site-packages/isc/utils.py
/usr/lib/python2.7/site-packages/isc/utils.pyc
/usr/lib/python2.7/site-packages/isc/utils.pyo
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-checkds
/usr/sbin/dnssec-coverage
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-importkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-keymgr
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/dnssec-verify
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/sbin/tsig-keygen
/usr/share/doc/bind-9.11.4
/usr/share/doc/bind-9.11.4/Bv9ARM.ch01.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch02.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch03.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch04.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch05.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch06.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch07.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch08.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch09.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch10.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch11.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch12.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch13.html
/usr/share/doc/bind-9.11.4/Bv9ARM.html
/usr/share/doc/bind-9.11.4/Bv9ARM.pdf
/usr/share/doc/bind-9.11.4/CHANGES
/usr/share/doc/bind-9.11.4/README
/usr/share/doc/bind-9.11.4/isc-logo.pdf
/usr/share/doc/bind-9.11.4/man.arpaname.html
/usr/share/doc/bind-9.11.4/man.ddns-confgen.html
/usr/share/doc/bind-9.11.4/man.delv.html
/usr/share/doc/bind-9.11.4/man.dig.html
/usr/share/doc/bind-9.11.4/man.dnssec-checkds.html
/usr/share/doc/bind-9.11.4/man.dnssec-coverage.html
/usr/share/doc/bind-9.11.4/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-importkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.11.4/man.dnssec-keygen.html
/usr/share/doc/bind-9.11.4/man.dnssec-keymgr.html
/usr/share/doc/bind-9.11.4/man.dnssec-revoke.html
/usr/share/doc/bind-9.11.4/man.dnssec-settime.html
/usr/share/doc/bind-9.11.4/man.dnssec-signzone.html
/usr/share/doc/bind-9.11.4/man.dnssec-verify.html
/usr/share/doc/bind-9.11.4/man.dnstap-read.html
/usr/share/doc/bind-9.11.4/man.genrandom.html
/usr/share/doc/bind-9.11.4/man.host.html
/usr/share/doc/bind-9.11.4/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.11.4/man.lwresd.html
/usr/share/doc/bind-9.11.4/man.mdig.html
/usr/share/doc/bind-9.11.4/man.named-checkconf.html
/usr/share/doc/bind-9.11.4/man.named-checkzone.html
/usr/share/doc/bind-9.11.4/man.named-journalprint.html
/usr/share/doc/bind-9.11.4/man.named-nzd2nzf.html
/usr/share/doc/bind-9.11.4/man.named-rrchecker.html
/usr/share/doc/bind-9.11.4/man.named.conf.html
/usr/share/doc/bind-9.11.4/man.named.html
/usr/share/doc/bind-9.11.4/man.nsec3hash.html
/usr/share/doc/bind-9.11.4/man.nslookup.html
/usr/share/doc/bind-9.11.4/man.nsupdate.html
/usr/share/doc/bind-9.11.4/man.pkcs11-destroy.html
/usr/share/doc/bind-9.11.4/man.pkcs11-keygen.html
/usr/share/doc/bind-9.11.4/man.pkcs11-list.html
/usr/share/doc/bind-9.11.4/man.pkcs11-tokens.html
/usr/share/doc/bind-9.11.4/man.rndc-confgen.html
/usr/share/doc/bind-9.11.4/man.rndc.conf.html
/usr/share/doc/bind-9.11.4/man.rndc.html
/usr/share/doc/bind-9.11.4/named.conf.default
/usr/share/doc/bind-9.11.4/notes.html
/usr/share/doc/bind-9.11.4/notes.pdf
/usr/share/doc/bind-9.11.4/sample
/usr/share/doc/bind-9.11.4/sample/etc
/usr/share/doc/bind-9.11.4/sample/etc/named.conf
/usr/share/doc/bind-9.11.4/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.11.4/sample/var
/usr/share/doc/bind-9.11.4/sample/var/named
/usr/share/doc/bind-9.11.4/sample/var/named/data
/usr/share/doc/bind-9.11.4/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/named.ca
/usr/share/doc/bind-9.11.4/sample/var/named/named.empty
/usr/share/doc/bind-9.11.4/sample/var/named/named.localhost
/usr/share/doc/bind-9.11.4/sample/var/named/named.loopback
/usr/share/doc/bind-9.11.4/sample/var/named/slaves
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man1/named-rrchecker.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-checkds.8.gz
/usr/share/man/man8/dnssec-coverage.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-importkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-keymgr.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/dnssec-verify.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/usr/share/man/man8/tsig-keygen.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
[root@CentOS7-2 named]# 
[root@CentOS7-2 named]# ps -aux |grep named
named     11310  0.0  3.0 243108 57556 ?        Ssl  11:56   0:03 /usr/sbin/named -u named -c /etc/named.conf
root      18813  0.0  0.0 112712   964 pts/0    S+   14:12   0:00 grep --color=auto named
[root@CentOS7-2 named]# cp /etc/named.conf /etc/named.conf_default
三,配置實戰和測試
3.1,Type的類型有

Type的類型有:main,slave,forward,hint

3.2,編輯主配置文件,此處以type爲master爲例
[root@CentOS7-2 etc]# cat /etc/named.conf
options{
	directory "/var/named";   //域名文件存放的絕對路徑
};
zone "imooc.com" {      // 裏面寫上我們要配置的域的域名
	type master;     // 指定我們要配置的是域主DNS服務器
	file "imooc.com.zone";  //解析域名imooc.com的zone文件內容,其路徑由options中的directory指定,一般都是以域名.zone命名
};
zone "iaskjob.com" {
        type master;
        file "iaskjob.com.zone";
};
[root@CentOS7-2 etc]#
3.3,編輯zone配置文件
[root@CentOS7-2 named]# vim /var/named/imooc.com.zone 
$TTL 7200
imooc.com. IN SOA imooc.com. jeson.imooc.com. (222 1H 15M 1W 1D)
imooc.com. IN NS dns1.imooc.com.
dns1.imooc.com. IN A 192.168.128.137
www.imooc.com. IN A 115.182.41.180
或者
[root@CentOS7-2 named]# vim /var/named/imooc.com.zone
$TTL 7200
@ IN SOA imooc.com. jeson.imooc.com. (222 1H 15M 1W 1D)
imooc.com. IN NS dns1.imooc.com.
dns1 IN A 192.168.128.137
www IN A 115.182.41.180
[root@CentOS7-2 named]# 
[root@CentOS7-2 named]# vim /var/named/iaskjob.com.zone 
$TTL 7200
iaskjob.com. IN SOA iaskjob.com. iaskjob.163.com. (4012100 1H 15M 1W 1D)
iaskjob.com. IN NS dns1.iaskjob.com.
dns1.iaskjob.com. IN A 192.168.128.137
www.iaskjob.com. IN CNAME www.imooc.com.
[root@CentOS7-2 named]#

注意:我們在配置好以後,都要確保other用戶對配置文件擁有 r 的權限

3.4,重啓named服務
[root@CentOS7-2 named]# systemctl restart named
3.5,測試配置是否成功
[root@CentOS7-2 named]# dig @192.168.128.137 www.imooc.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @192.168.128.137 www.imooc.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5396
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.imooc.com.			IN	A

;; ANSWER SECTION:
www.imooc.com.		7200	IN	A	115.182.41.180

;; AUTHORITY SECTION:
imooc.com.		7200	IN	NS	dns1.imooc.com.

;; ADDITIONAL SECTION:
dns1.imooc.com.		7200	IN	A	192.168.128.137

;; Query time: 0 msec
;; SERVER: 192.168.128.137#53(192.168.128.137)
;; WHEN: Wed Feb 26 15:15:05 CST 2020
;; MSG SIZE  rcvd: 93

[root@CentOS7-2 named]# 
[root@CentOS7-2 named]# dig  www.imooc.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.imooc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25725
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.imooc.com.			IN	A

;; ANSWER SECTION:
www.imooc.com.		30	IN	A	115.182.41.103
www.imooc.com.		30	IN	A	115.182.41.163
www.imooc.com.		30	IN	A	117.121.101.134
www.imooc.com.		30	IN	A	117.121.101.40
www.imooc.com.		30	IN	A	117.121.101.144
www.imooc.com.		30	IN	A	117.121.101.41
www.imooc.com.		30	IN	A	115.182.41.180

;; Query time: 131 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Wed Feb 26 15:15:39 CST 2020
;; MSG SIZE  rcvd: 154

[root@CentOS7-2 named]# dig @192.168.128.137 www.iaskjob.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @192.168.128.137 www.iaskjob.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24878
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.iaskjob.com.		IN	A

;; ANSWER SECTION:
www.iaskjob.com.	7200	IN	CNAME	www.imooc.com.
www.imooc.com.		7200	IN	A	115.182.41.180

;; AUTHORITY SECTION:
imooc.com.		7200	IN	NS	dns1.imooc.com.

;; ADDITIONAL SECTION:
dns1.imooc.com.		7200	IN	A	192.168.128.137

;; Query time: 2 msec
;; SERVER: 192.168.128.137#53(192.168.128.137)
;; WHEN: Wed Feb 26 15:16:18 CST 2020
;; MSG SIZE  rcvd: 119
[root@CentOS7-2 named]#
四,在本機配置dns服務器地址
[root@CentOS7-2 named]# cat /etc/sysconfig/net
netconsole       network          network-scripts/ 
[root@CentOS7-2 named]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
#BOOTPROTO=dhcp
BOOTPROTO=static
IPADDR=192.168.128.137
NAME=ens33
DEVICE=ens33
ONBOOT=yes
GATEWAY=192.168.128.2
#DNS1=10.1.1.2
DNS2=8.8.8.8
DNS3=114.114.114.114
DNS4=115.115.115.115
[root@CentOS7-2 named]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 114.114.114.114
nameserver 115.115.115.115
[root@CentOS7-2 named]#

注:需在 /etc/sysconfig/network-scripts/ifcfg-ens33中配置dns地址,否則重啓network服務之後,/etc/resolv.conf 會被清空。

五,DNS端口說明

DNS同時佔用UDP和TCP端口53是公認的,這種單個應用協議同時使用兩種傳輸協議的情況在TCP/IP棧也算是個另類。但很少有人知道DNS分別在什麼情況下使用這兩種協議。
先簡單介紹下TCP與UDP。
TCP是一種面向連接的協議,提供可靠的數據傳輸,一般服務質量要求比較高的情況,使用這個協議。UDP—用戶數據報協議,是一種無連接的傳輸層協議,提供面向事務的簡單不可靠信息傳送服務。
TCP與UDP的區別:
UDP和TCP協議的主要區別是兩者在如何實現信息的可靠傳遞方面不同。TCP協議中包含了專門的傳遞保證機制,當數據接收方收到發送方傳來的信息時,會自動向發送方發出確認消息;發送方只有在接收到該確認消息之後才繼續傳送其它信息,否則將一直等待直到收到確認信息爲止。 與TCP不同,UDP協議並不提供數據傳送的保證機制。如果在從發送方到接收方的傳遞過程中出現數據報的丟失,協議本身並不能做出任何檢測或提示。因此,通常人們把UDP協議稱爲不可靠的傳輸協議。相對於TCP協議,UDP協議的另外一個不同之處在於如何接收突發性的多個數據報。不同於TCP,UDP並不能確保數據的發送和接收順序。事實上,UDP協議的這種亂序性基本上很少出現,通常只會在網絡非常擁擠的情況下才有可能發生。
既然UDP是一種不可靠的網絡協議,那麼還有什麼使用價值或必要呢?其實不然,在有些情況下UDP協議可能會變得非常有用。因爲UDP具有TCP所望塵莫及的速度優勢。雖然TCP協議中植入了各種安全保障功能,但是在實際執行的過程中會佔用大量的系統開銷,無疑使速度受到嚴重的影響。反觀UDP由於排除了信息可靠傳遞機制,將安全和排序等功能移交給上層應用來完成,極大降低了執行時間,使速度得到了保證。
DNS在進行區域傳輸的時候使用TCP協議,其它時候則使用UDP協議;
DNS的規範規定了2種類型的DNS服務器,一個叫主DNS服務器,一個叫輔助DNS服務器。在一個區中主DNS服務器從自己本機的數據文件中讀取該區的DNS數據信息,而輔助DNS服務器則從區的主DNS服務器中讀取該區的DNS數據信息。當一個輔助DNS服務器啓動時,它需要與主DNS服務器通信,並加載數據信息,這就叫做區傳送(zone transfer)。
爲什麼既使用TCP又使用UDP?
首先了解一下TCP與UDP傳送字節的長度限制:
UDP報文的最大長度爲512字節,而TCP則允許報文長度超過512字節。當DNS查詢超過512字節時,協議的TC標誌出現刪除標誌,這時則使用TCP發送。通常傳統的UDP報文一般不會大於512字節。
區域傳送時使用TCP,主要有一下兩點考慮:
1.輔域名服務器會定時(一般時3小時)向主域名服務器進行查詢以便了解數據是否有變動。如有變動,則會執行一次區域傳送,進行數據同步。區域傳送將使用TCP而不是UDP,因爲數據同步傳送的數據量比一個請求和應答的數據量要多得多。
2.TCP是一種可靠的連接,保證了數據的準確性。
域名解析時使用UDP協議:
客戶端向DNS服務器查詢域名,一般返回的內容都不超過512字節,用UDP傳輸即可。不用經過TCP三次握手,這樣DNS服務器負載更低,響應更快。雖然從理論上說,客戶端也可以指定向DNS服務器查詢的時候使用TCP,但事實上,很多DNS服務器進行配置的時候,僅支持UDP查詢包。

參考鏈接:
https://www.cnblogs.com/xiaoluo501395377/archive/2013/06/06/3120326.html
https://www.cnblogs.com/cobbliu/archive/2013/03/19/2970311.html
https://blog.csdn.net/App_IOS/article/details/86893929
https://www.cnblogs.com/ginvip/p/6365605.html

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

高效調度新篇章:詳解DolphinScheduler 3.2.0生產級集羣搭建

轉載自tuoluzhe8521 導讀:通過簡化複雜的任務依賴關係, DolphinScheduler爲數據工程師提供了強大的工作流程管理和調度能力。在3.2.0版本中,DolphinScheduler帶來了一系列新功能和改進,使其在生產環

原創 2024-05-15 21:22:54

Spring 按條件裝配使用方法

條件註冊 Spring 4.0 引入條件註冊機制,暴露給用戶的API是@Conditional和Condition接口,把@Conditional聲明在一個 @Component類上,並接受一組條件(Condition實現),容器初始化期間

原創 2024-05-15 11:50:12

界面組件DevExpress Reporting v24.1預覽版 - 擁有原生Angular報表查看器

DevExpress Reporting是.NET Framework下功能完善的報表平臺,它附帶了易於使用的Visual Studio報表設計器和豐富的報表控件集,包括數據透視表、圖表,因此您可以構建無與倫比、信息清晰的報表。 下一個主要

原創 2024-05-14 12:21:34

利用pyinstaller打包Python程序爲一個可執行文件

有時,Python發佈的程序需要被打包爲一個文件夾、甚至一個文件發佈。 目前(2020)最佳的策略是使用pyinstaller。 pyinstaller不僅支持打包整個運行環境到一個可執行文件,而且還支持加密。 但唯一的問題是,必須依賴

osc_hwc3munb 2024-05-14 02:04:34

FA的linux基礎01

vim常用功能 set nu   :200  set nonu  G 最後一行   gg跳到第一行 dd 刪除光標所在行      5dd 從光標所在行開始,刪除5行 p粘貼 yy 複製光標所在行  p粘貼 5yy  u 撤銷之前的操

osc_hzf6peqc 2024-05-14 01:40:14

Android內存管理機制官方詳解文檔

很早之前寫過一篇《Android內存管理機制詳解》點擊量已7萬+,現把Google官方文檔整理輸出一下,供各位參考。 一、內存管理概覽 Android 運行時 (ART) 和 Dalvik 虛擬機使用分頁和內存映射來管理內存。這意味着應用

osc_51airx3z 2024-05-14 00:37:42

raid添加新的硬盤問題

linux平臺下: 在raid5已經做好的時候,不能添加新硬盤的raid5的陣列組裏,添加的只能變爲spare盤。 比如:用4塊磁盤做的raid5,再往這麼陣列組中添加硬盤變成5塊硬盤的陣列是錯誤的做法,原因是raid是橫向條帶化的。

osc_61miaq6u 2024-05-13 22:58:18

BlackHat ASIA 議題解讀 | 安卓Netlink內核模塊中隱藏的“傳送門”

作者:百度安全-AIoT安全團隊 Chao Ma, Han Yan, Tim Xia 隨着安卓系統的流行,Netlink作爲Linux內核與用戶態進程之間的一種通信機制,被廣泛應用在安卓操作系統內核模塊中,但其使用的安全性卻未得到足夠

百度安全 2024-05-13 21:42:48

Linux下BMP圖片添加水印

Linux下BMP圖片添加水印   BMP是英文Bitmap(位圖)的簡寫,它是Windows操作系統中的標準圖像文件格式,能夠被多種Windows應用程序所支持。隨着Windows操作系統的流行與豐富的Windows應用程序的開發,BM

osc_m6gaz63w 2024-05-13 21:33:54

linux-vim編輯器、條件表達式

osc_bv96h8zs 2024-05-13 21:17:32

Linux 服務器配置-安裝portainer-ce社區版

操作系統Debian12 1. portainer 簡介 Portainer 是一個開源的輕量級容器管理工具,主要用於 Docker 和 Swarm 環境的可視化管理和操作。通過 Portainer,用戶可以通過簡潔易用的 Web UI

原創 2024-05-13 13:22:00

Linux服務器配置-安裝docker-ce社區版

1.查看linux內核版本和系統版本 docker的安裝和運行對linux版本和系統是有要求的。 查看linux內核版本 uname -a root@server88:~# uname -a Linux server88 6.1.0-18-

原創 2024-05-13 13:21:57

Linux 異寵動物園,平面設計篇,Linux 平臺常見的開源平面設計軟件

Linux 異寵動物園,平面設計篇,分佈介紹視頻,講解了 Linux 平臺常見的開源平面設計軟件。如 Inkscape,Gimp,Krita,Scribus,並介紹了平面設計行業早期的歷史和 Aldus 公司的歷史。 視頻請見: https

原創 2024-05-13 12:11:29

Docker 的 Busybox 操作系統鏡像

BusyBox是一個遵循GPL協議、以自由軟件形式發行的應用程序。 Busybox在單一的可執行文件中提供了精簡的Unix工具集,可運行於多款POSIX環境的操作系統,例如Linux(包括Android)、Hurd、FreeBSD等等。 由

原創 2024-05-13 11:45:19

Vue 學習筆記簡寫

一.Vue文件內容                <template>     </template>     <script>     </script>     <style>     </style>

原創 2024-05-13 21:42:40