测试环境:Centos 7 64位-2,ip:192.168.128.137
一、DNS服务器的类型
①Primary DNS Server(Master)
一个域的主服务器保存着该域的zone配置文件,该域所有的配置、更改都是在该服务器上进行,本篇随笔要讲解的也是如何配置一个域的主DNS服务器
②Secondary DNS Server(Slave)
域从服务器一般都是作为冗余负载使用,一个域的从服务器是从该域的主服务器上抓取zone配置文件,从服务器不会进行任何信息的更改,zone配置文件的修改只能在主DNS服务器上进行,所有的修改都有主服务器同步
③Caching only Server
DNS缓存服务器不存在任何的zone配置文件,仅仅依靠缓存来为客户端提供服务,通常用于负载均衡及加速访问操作
二、安装BIND
对于DNS服务器软件现在有许多的程序可以使用,但是现今为止使用的最多最广泛的DNS服务器软件还是BIND(Berkeley Internet Name Domain),最早是由伯克利大学的一个学生开发的,现在的最新版本是版本9,由ISC进行编写和维护。
BIND支持目前市面上所有的主流操作系统,包括Linux、Windows、Mac OS等
我们的CentOS上并没有默认安装BIND这个软件,所以我们需要手动对其进行安装,这里使用yum的方式来进行安装;
2.1,yum安装软件bind
[root@CentOS7-2 yum.repos.d]# yum install -y bind bind-chroot bind-utils
Loaded plugins: fastestmirror, langpacks
base | 3.6 kB 00:00:01
epel/x86_64/metalink | 9.5 kB 00:00:00
epel | 5.4 kB 00:00:04
extras | 2.9 kB 00:00:00
mariadb-org | 2.9 kB 00:00:00
nginx-stable | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/9): base/7/x86_64/group_gz | 165 kB 00:00:09
(2/9): extras/7/x86_64/primary_db | 159 kB 00:00:05
(3/9): epel/x86_64/group_gz | 90 kB 00:00:38
(4/9): mariadb-org/primary_db | 53 kB 00:00:28
(5/9): epel/x86_64/updateinfo | 1.0 MB 00:00:46
(6/9): nginx-stable/x86_64/primary_db | 51 kB 00:00:08
(7/9): base/7/x86_64/primary_db | 6.0 MB 00:01:00
(8/9): updates/7/x86_64/primary_db | 6.7 MB 00:00:58
(9/9): epel/x86_64/primary_db | 6.7 MB 00:05:59
Determining fastest mirrors
* base: mirrors.ustc.edu.cn
* epel: mirrors.njupt.edu.cn
* extras: mirrors.zju.edu.cn
* updates: mirrors.nju.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.11.4-9.P2.el7 will be installed
--> Processing Dependency: bind-libs-lite(x86-64) = 32:9.11.4-9.P2.el7 for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: bind-libs(x86-64) = 32:9.11.4-9.P2.el7 for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: python-ply for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: liblwres.so.160()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libisccfg.so.160()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libisccc.so.160()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libisc.so.169()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libdns.so.1102()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
--> Processing Dependency: libbind9.so.160()(64bit) for package: 32:bind-9.11.4-9.P2.el7.x86_64
---> Package bind-chroot.x86_64 32:9.11.4-9.P2.el7 will be installed
---> Package bind-utils.x86_64 32:9.9.4-50.el7 will be updated
---> Package bind-utils.x86_64 32:9.11.4-9.P2.el7 will be an update
--> Running transaction check
---> Package bind-libs.x86_64 32:9.9.4-50.el7 will be updated
---> Package bind-libs.x86_64 32:9.11.4-9.P2.el7 will be an update
--> Processing Dependency: bind-license = 32:9.11.4-9.P2.el7 for package: 32:bind-libs-9.11.4-9.P2.el7.x86_64
---> Package bind-libs-lite.x86_64 32:9.9.4-50.el7 will be updated
--> Processing Dependency: libdns-export.so.100()(64bit) for package: 12:dhclient-4.2.5-58.el7.centos.x86_64
--> Processing Dependency: libisc-export.so.95()(64bit) for package: 12:dhclient-4.2.5-58.el7.centos.x86_64
---> Package bind-libs-lite.x86_64 32:9.11.4-9.P2.el7 will be an update
---> Package python-ply.noarch 0:3.4-11.el7 will be installed
--> Running transaction check
---> Package bind-license.noarch 32:9.9.4-50.el7 will be updated
---> Package bind-license.noarch 32:9.11.4-9.P2.el7 will be an update
---> Package dhclient.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhclient.x86_64 12:4.2.5-77.el7.centos will be an update
--> Processing Dependency: dhcp-libs(x86-64) = 12:4.2.5-77.el7.centos for package: 12:dhclient-4.2.5-77.el7.centos.x86_64
--> Processing Dependency: dhcp-common = 12:4.2.5-77.el7.centos for package: 12:dhclient-4.2.5-77.el7.centos.x86_64
--> Processing Dependency: libisc-export.so.169()(64bit) for package: 12:dhclient-4.2.5-77.el7.centos.x86_64
--> Processing Dependency: libdns-export.so.1102()(64bit) for package: 12:dhclient-4.2.5-77.el7.centos.x86_64
--> Running transaction check
---> Package bind-export-libs.x86_64 32:9.11.4-9.P2.el7 will be installed
---> Package dhcp-common.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhcp-common.x86_64 12:4.2.5-77.el7.centos will be an update
---> Package dhcp-libs.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhcp-libs.x86_64 12:4.2.5-77.el7.centos will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================
Package Arch Version Repository Size
=======================================================================================
Installing:
bind x86_64 32:9.11.4-9.P2.el7 base 2.3 M
bind-chroot x86_64 32:9.11.4-9.P2.el7 base 90 k
Updating:
bind-utils x86_64 32:9.11.4-9.P2.el7 base 258 k
Installing for dependencies:
bind-export-libs x86_64 32:9.11.4-9.P2.el7 base 1.1 M
python-ply noarch 3.4-11.el7 base 123 k
Updating for dependencies:
bind-libs x86_64 32:9.11.4-9.P2.el7 base 154 k
bind-libs-lite x86_64 32:9.11.4-9.P2.el7 base 1.1 M
bind-license noarch 32:9.11.4-9.P2.el7 base 88 k
dhclient x86_64 12:4.2.5-77.el7.centos base 285 k
dhcp-common x86_64 12:4.2.5-77.el7.centos base 176 k
dhcp-libs x86_64 12:4.2.5-77.el7.centos base 133 k
Transaction Summary
=======================================================================================
Install 2 Packages (+2 Dependent packages)
Upgrade 1 Package (+6 Dependent packages)
Total download size: 5.8 M
Is this ok [y/d/N]: y
Downloading packages:
No Presto metadata available for base
(1/11): bind-chroot-9.11.4-9.P2.el7.x86_64.rpm | 90 kB 00:00:07
(2/11): bind-export-libs-9.11.4-9.P2.el7.x86_64.rpm | 1.1 MB 00:00:42
(3/11): bind-libs-9.11.4-9.P2.el7.x86_64.rpm | 154 kB 00:00:06
(4/11): bind-utils-9.11.4-9.P2.el7.x86_64.rpm | 258 kB 00:00:03
(5/11): bind-license-9.11.4-9.P2.el7.noarch.rpm | 88 kB 00:00:11
(6/11): dhclient-4.2.5-77.el7.centos.x86_64.rpm | 285 kB 00:00:02
(7/11): dhcp-libs-4.2.5-77.el7.centos.x86_64.rpm | 133 kB 00:00:04
(8/11): bind-9.11.4-9.P2.el7.x86_64.rpm | 2.3 MB 00:01:05
(9/11): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:03
(10/11): bind-libs-lite-9.11.4-9.P2.el7.x86_64.rpm | 1.1 MB 00:00:31
dhcp-common-4.2.5-77.el7.cento FAILED
http://mirrors.ustc.edu.cn/centos/7.7.1908/os/x86_64/Packages/dhcp-common-4.2.5-77.el7.centos.x86_64.rpm: [Errno 12] Timeout on http://mirrors.ustc.edu.cn/centos/7.7.1908/os/x86_64/Packages/dhcp-common-4.2.5-77.el7.centos.x86_64.rpm: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
Trying other mirror.
(11/11): dhcp-common-4.2.5-77.el7.centos.x86_64.rpm | 176 kB 00:00:01
---------------------------------------------------------------------------------------
Total 68 kB/s | 5.8 MB 01:26
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Updating : 12:dhcp-libs-4.2.5-77.el7.centos.x86_64 1/18
Updating : 32:bind-license-9.11.4-9.P2.el7.noarch 2/18
Updating : 32:bind-libs-lite-9.11.4-9.P2.el7.x86_64 3/18
Updating : 32:bind-libs-9.11.4-9.P2.el7.x86_64 4/18
Updating : 12:dhcp-common-4.2.5-77.el7.centos.x86_64 5/18
Installing : 32:bind-export-libs-9.11.4-9.P2.el7.x86_64 6/18
Installing : python-ply-3.4-11.el7.noarch 7/18
Installing : 32:bind-9.11.4-9.P2.el7.x86_64 8/18
Installing : 32:bind-chroot-9.11.4-9.P2.el7.x86_64 9/18
Updating : 12:dhclient-4.2.5-77.el7.centos.x86_64 10/18
Updating : 32:bind-utils-9.11.4-9.P2.el7.x86_64 11/18
Cleanup : 12:dhclient-4.2.5-58.el7.centos.x86_64 12/18
Cleanup : 12:dhcp-common-4.2.5-58.el7.centos.x86_64 13/18
Cleanup : 32:bind-libs-lite-9.9.4-50.el7.x86_64 14/18
Cleanup : 32:bind-utils-9.9.4-50.el7.x86_64 15/18
Cleanup : 12:dhcp-libs-4.2.5-58.el7.centos.x86_64 16/18
Cleanup : 32:bind-libs-9.9.4-50.el7.x86_64 17/18
Cleanup : 32:bind-license-9.9.4-50.el7.noarch 18/18
Verifying : python-ply-3.4-11.el7.noarch 1/18
Verifying : 32:bind-chroot-9.11.4-9.P2.el7.x86_64 2/18
Verifying : 32:bind-license-9.11.4-9.P2.el7.noarch 3/18
Verifying : 32:bind-libs-9.11.4-9.P2.el7.x86_64 4/18
Verifying : 12:dhcp-common-4.2.5-77.el7.centos.x86_64 5/18
Verifying : 32:bind-libs-lite-9.11.4-9.P2.el7.x86_64 6/18
Verifying : 32:bind-export-libs-9.11.4-9.P2.el7.x86_64 7/18
Verifying : 32:bind-utils-9.11.4-9.P2.el7.x86_64 8/18
Verifying : 32:bind-9.11.4-9.P2.el7.x86_64 9/18
Verifying : 12:dhclient-4.2.5-77.el7.centos.x86_64 10/18
Verifying : 12:dhcp-libs-4.2.5-77.el7.centos.x86_64 11/18
Verifying : 12:dhcp-libs-4.2.5-58.el7.centos.x86_64 12/18
Verifying : 12:dhcp-common-4.2.5-58.el7.centos.x86_64 13/18
Verifying : 32:bind-license-9.9.4-50.el7.noarch 14/18
Verifying : 32:bind-libs-lite-9.9.4-50.el7.x86_64 15/18
Verifying : 32:bind-utils-9.9.4-50.el7.x86_64 16/18
Verifying : 32:bind-libs-9.9.4-50.el7.x86_64 17/18
Verifying : 12:dhclient-4.2.5-58.el7.centos.x86_64 18/18
Installed:
bind.x86_64 32:9.11.4-9.P2.el7 bind-chroot.x86_64 32:9.11.4-9.P2.el7
Dependency Installed:
bind-export-libs.x86_64 32:9.11.4-9.P2.el7 python-ply.noarch 0:3.4-11.el7
Updated:
bind-utils.x86_64 32:9.11.4-9.P2.el7
Dependency Updated:
bind-libs.x86_64 32:9.11.4-9.P2.el7 bind-libs-lite.x86_64 32:9.11.4-9.P2.el7
bind-license.noarch 32:9.11.4-9.P2.el7 dhclient.x86_64 12:4.2.5-77.el7.centos
dhcp-common.x86_64 12:4.2.5-77.el7.centos dhcp-libs.x86_64 12:4.2.5-77.el7.centos
Complete!
[root@CentOS7-2 yum.repos.d]#
[root@CentOS7-2 yum.repos.d]#
[root@CentOS7-2 yum.repos.d]#
[root@CentOS7-2 yum.repos.d]#
[root@CentOS7-2 yum.repos.d]#
[root@CentOS7-2 yum.repos.d]#
[root@CentOS7-2 yum.repos.d]# rpm -qa | grep bind
bind-export-libs-9.11.4-9.P2.el7.x86_64
bind-chroot-9.11.4-9.P2.el7.x86_64
bind-utils-9.11.4-9.P2.el7.x86_64
bind-libs-9.11.4-9.P2.el7.x86_64
bind-9.11.4-9.P2.el7.x86_64
keybinder3-0.3.0-1.el7.x86_64
bind-libs-lite-9.11.4-9.P2.el7.x86_64
rpcbind-0.2.0-42.el7.x86_64
bind-license-9.11.4-9.P2.el7.noarch
[root@CentOS7-2 yum.repos.d]#
[root@CentOS7-2 yum.repos.d]#
我们这里一共安装了三个文件,一个是bind的主程序,一个是bind-chroot,还有一个是bind-utils,这两个包一般我们在安装bind时都要用到的,包括bind的拓展功能以及伪根等等,所以我们一并将其安装了
BIND的服务名是 named,因为BIND提供的是DNS服务,而DNS默认的协议是TCP与UDP协议,所以BIND服务在启动以后会占用53(Domain), 953(mdc)这两个端口号。
2.2,启动named服务
root@CentOS7-2 named]# systemctl start named
[root@CentOS7-2 named]#
[root@CentOS7-2 named]#
[root@CentOS7-2 named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2020-02-26 11:12:21 CST; 9s ago
Process: 11307 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 11305 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 11310 (named)
CGroup: /system.slice/named.service
└─11310 /usr/sbin/named -u named -c /etc/named.conf
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './NS/IN': 2...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './NS/IN': 2...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:21 CentOS7-2 named[11310]: network unreachable resolving './NS/IN': 2...53
Feb 26 11:12:22 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:22 CentOS7-2 named[11310]: network unreachable resolving './DNSKEY/IN...53
Feb 26 11:12:22 CentOS7-2 named[11310]: managed-keys-zone: Key 20326 for zone . ac...ed
Feb 26 11:12:24 CentOS7-2 named[11310]: resolver priming query complete
Hint: Some lines were ellipsized, use -l to show in full.
[root@CentOS7-2 named]#
2.3,备份主配置文件
安装完BIND以后,BIND的主配置文件通常是保存在两个位置:
/etc/named.conf -BIND服务主配置文件
/var/named/ -域的zone配置文件
但是我们如果在安装了 bind-chroot 这个程序以后,BIND的主配置文件存放位置就变了,此时BIND的主配置文件会被封装到一个伪根目录内,此时的配置文件位置为:
/var/named/chroot/etc/named.conf -BIND服务主配置文件
/var/named/chroot/var/named -域的zone配置文件
为什么安装了bind-chroot以后,BIND的主配置文件的存放位置变了呢?这里就涉及到了一个伪根的知识,chroot是通过将相关文件封装到一个伪根目录内,已达到安全防护的目的,一旦该程序被攻破,将只能访问到伪根目录内的内容,而并不是真实的根目录。我们知道Linux的根目录是 / ,我们的服务如果安装了chroot这个程序,此时我们的服务的配置文件都会被安装到我们的伪根里面,会在里面生成一个与原来服务完全相同的一个目录体系结构。我们知道 /var/named/chroot 这个肯定不是我们的根目录,但是如果在安装了chroot以后,该服务的根目录就会把 /var/named/chroot 当成是自己的根目录,这样就可以对我们的真实根目录进行保护,所以建议大家在安装网络服务时最好都附带安装上chroot这个程序,有关chroot的更多知识,
不同于其他的服务,BIND服务在安装完以后不会有预置的配置文件,其他服务比如samba、httpd服务安装完以后其目录下都会有一些配置文件,而BIND服务是没有的,怎么办呢?我们通常在安装完BIND服务以后,有关该服务的一些文档都会保存在 /usr/share/doc 这个目录下,在 (/usr/share/doc/bind-9.8.2/)这个目录下有我们BIND配置文件的模板,我们只需要将其拷贝到其伪根目录下即可。
这里我实际的主配置文件是/etc/named.conf
[root@CentOS7-2 named]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/bin/arpaname
/usr/bin/named-rrchecker
/usr/lib/python2.7/site-packages/isc
/usr/lib/python2.7/site-packages/isc-2.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/isc/__init__.py
/usr/lib/python2.7/site-packages/isc/__init__.pyc
/usr/lib/python2.7/site-packages/isc/__init__.pyo
/usr/lib/python2.7/site-packages/isc/checkds.py
/usr/lib/python2.7/site-packages/isc/checkds.pyc
/usr/lib/python2.7/site-packages/isc/checkds.pyo
/usr/lib/python2.7/site-packages/isc/coverage.py
/usr/lib/python2.7/site-packages/isc/coverage.pyc
/usr/lib/python2.7/site-packages/isc/coverage.pyo
/usr/lib/python2.7/site-packages/isc/dnskey.py
/usr/lib/python2.7/site-packages/isc/dnskey.pyc
/usr/lib/python2.7/site-packages/isc/dnskey.pyo
/usr/lib/python2.7/site-packages/isc/eventlist.py
/usr/lib/python2.7/site-packages/isc/eventlist.pyc
/usr/lib/python2.7/site-packages/isc/eventlist.pyo
/usr/lib/python2.7/site-packages/isc/keydict.py
/usr/lib/python2.7/site-packages/isc/keydict.pyc
/usr/lib/python2.7/site-packages/isc/keydict.pyo
/usr/lib/python2.7/site-packages/isc/keyevent.py
/usr/lib/python2.7/site-packages/isc/keyevent.pyc
/usr/lib/python2.7/site-packages/isc/keyevent.pyo
/usr/lib/python2.7/site-packages/isc/keymgr.py
/usr/lib/python2.7/site-packages/isc/keymgr.pyc
/usr/lib/python2.7/site-packages/isc/keymgr.pyo
/usr/lib/python2.7/site-packages/isc/keyseries.py
/usr/lib/python2.7/site-packages/isc/keyseries.pyc
/usr/lib/python2.7/site-packages/isc/keyseries.pyo
/usr/lib/python2.7/site-packages/isc/keyzone.py
/usr/lib/python2.7/site-packages/isc/keyzone.pyc
/usr/lib/python2.7/site-packages/isc/keyzone.pyo
/usr/lib/python2.7/site-packages/isc/parsetab.py
/usr/lib/python2.7/site-packages/isc/parsetab.pyc
/usr/lib/python2.7/site-packages/isc/parsetab.pyo
/usr/lib/python2.7/site-packages/isc/policy.py
/usr/lib/python2.7/site-packages/isc/policy.pyc
/usr/lib/python2.7/site-packages/isc/policy.pyo
/usr/lib/python2.7/site-packages/isc/rndc.py
/usr/lib/python2.7/site-packages/isc/rndc.pyc
/usr/lib/python2.7/site-packages/isc/rndc.pyo
/usr/lib/python2.7/site-packages/isc/utils.py
/usr/lib/python2.7/site-packages/isc/utils.pyc
/usr/lib/python2.7/site-packages/isc/utils.pyo
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-checkds
/usr/sbin/dnssec-coverage
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-importkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-keymgr
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/dnssec-verify
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/sbin/tsig-keygen
/usr/share/doc/bind-9.11.4
/usr/share/doc/bind-9.11.4/Bv9ARM.ch01.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch02.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch03.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch04.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch05.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch06.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch07.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch08.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch09.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch10.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch11.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch12.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch13.html
/usr/share/doc/bind-9.11.4/Bv9ARM.html
/usr/share/doc/bind-9.11.4/Bv9ARM.pdf
/usr/share/doc/bind-9.11.4/CHANGES
/usr/share/doc/bind-9.11.4/README
/usr/share/doc/bind-9.11.4/isc-logo.pdf
/usr/share/doc/bind-9.11.4/man.arpaname.html
/usr/share/doc/bind-9.11.4/man.ddns-confgen.html
/usr/share/doc/bind-9.11.4/man.delv.html
/usr/share/doc/bind-9.11.4/man.dig.html
/usr/share/doc/bind-9.11.4/man.dnssec-checkds.html
/usr/share/doc/bind-9.11.4/man.dnssec-coverage.html
/usr/share/doc/bind-9.11.4/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-importkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.11.4/man.dnssec-keygen.html
/usr/share/doc/bind-9.11.4/man.dnssec-keymgr.html
/usr/share/doc/bind-9.11.4/man.dnssec-revoke.html
/usr/share/doc/bind-9.11.4/man.dnssec-settime.html
/usr/share/doc/bind-9.11.4/man.dnssec-signzone.html
/usr/share/doc/bind-9.11.4/man.dnssec-verify.html
/usr/share/doc/bind-9.11.4/man.dnstap-read.html
/usr/share/doc/bind-9.11.4/man.genrandom.html
/usr/share/doc/bind-9.11.4/man.host.html
/usr/share/doc/bind-9.11.4/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.11.4/man.lwresd.html
/usr/share/doc/bind-9.11.4/man.mdig.html
/usr/share/doc/bind-9.11.4/man.named-checkconf.html
/usr/share/doc/bind-9.11.4/man.named-checkzone.html
/usr/share/doc/bind-9.11.4/man.named-journalprint.html
/usr/share/doc/bind-9.11.4/man.named-nzd2nzf.html
/usr/share/doc/bind-9.11.4/man.named-rrchecker.html
/usr/share/doc/bind-9.11.4/man.named.conf.html
/usr/share/doc/bind-9.11.4/man.named.html
/usr/share/doc/bind-9.11.4/man.nsec3hash.html
/usr/share/doc/bind-9.11.4/man.nslookup.html
/usr/share/doc/bind-9.11.4/man.nsupdate.html
/usr/share/doc/bind-9.11.4/man.pkcs11-destroy.html
/usr/share/doc/bind-9.11.4/man.pkcs11-keygen.html
/usr/share/doc/bind-9.11.4/man.pkcs11-list.html
/usr/share/doc/bind-9.11.4/man.pkcs11-tokens.html
/usr/share/doc/bind-9.11.4/man.rndc-confgen.html
/usr/share/doc/bind-9.11.4/man.rndc.conf.html
/usr/share/doc/bind-9.11.4/man.rndc.html
/usr/share/doc/bind-9.11.4/named.conf.default
/usr/share/doc/bind-9.11.4/notes.html
/usr/share/doc/bind-9.11.4/notes.pdf
/usr/share/doc/bind-9.11.4/sample
/usr/share/doc/bind-9.11.4/sample/etc
/usr/share/doc/bind-9.11.4/sample/etc/named.conf
/usr/share/doc/bind-9.11.4/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.11.4/sample/var
/usr/share/doc/bind-9.11.4/sample/var/named
/usr/share/doc/bind-9.11.4/sample/var/named/data
/usr/share/doc/bind-9.11.4/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/named.ca
/usr/share/doc/bind-9.11.4/sample/var/named/named.empty
/usr/share/doc/bind-9.11.4/sample/var/named/named.localhost
/usr/share/doc/bind-9.11.4/sample/var/named/named.loopback
/usr/share/doc/bind-9.11.4/sample/var/named/slaves
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man1/named-rrchecker.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-checkds.8.gz
/usr/share/man/man8/dnssec-coverage.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-importkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-keymgr.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/dnssec-verify.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/usr/share/man/man8/tsig-keygen.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
[root@CentOS7-2 named]#
[root@CentOS7-2 named]# ps -aux |grep named
named 11310 0.0 3.0 243108 57556 ? Ssl 11:56 0:03 /usr/sbin/named -u named -c /etc/named.conf
root 18813 0.0 0.0 112712 964 pts/0 S+ 14:12 0:00 grep --color=auto named
[root@CentOS7-2 named]# cp /etc/named.conf /etc/named.conf_default
三,配置实战和测试
3.1,Type的类型有
Type的类型有:main,slave,forward,hint
3.2,编辑主配置文件,此处以type为master为例
[root@CentOS7-2 etc]# cat /etc/named.conf
options{
directory "/var/named"; //域名文件存放的绝对路径
};
zone "imooc.com" { // 里面写上我们要配置的域的域名
type master; // 指定我们要配置的是域主DNS服务器
file "imooc.com.zone"; //解析域名imooc.com的zone文件内容,其路径由options中的directory指定,一般都是以域名.zone命名
};
zone "iaskjob.com" {
type master;
file "iaskjob.com.zone";
};
[root@CentOS7-2 etc]#
3.3,编辑zone配置文件
[root@CentOS7-2 named]# vim /var/named/imooc.com.zone
$TTL 7200
imooc.com. IN SOA imooc.com. jeson.imooc.com. (222 1H 15M 1W 1D)
imooc.com. IN NS dns1.imooc.com.
dns1.imooc.com. IN A 192.168.128.137
www.imooc.com. IN A 115.182.41.180
或者
[root@CentOS7-2 named]# vim /var/named/imooc.com.zone
$TTL 7200
@ IN SOA imooc.com. jeson.imooc.com. (222 1H 15M 1W 1D)
imooc.com. IN NS dns1.imooc.com.
dns1 IN A 192.168.128.137
www IN A 115.182.41.180
[root@CentOS7-2 named]#
[root@CentOS7-2 named]# vim /var/named/iaskjob.com.zone
$TTL 7200
iaskjob.com. IN SOA iaskjob.com. iaskjob.163.com. (4012100 1H 15M 1W 1D)
iaskjob.com. IN NS dns1.iaskjob.com.
dns1.iaskjob.com. IN A 192.168.128.137
www.iaskjob.com. IN CNAME www.imooc.com.
[root@CentOS7-2 named]#
注意:我们在配置好以后,都要确保other用户对配置文件拥有 r 的权限
3.4,重启named服务
[root@CentOS7-2 named]# systemctl restart named
3.5,测试配置是否成功
[root@CentOS7-2 named]# dig @192.168.128.137 www.imooc.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @192.168.128.137 www.imooc.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5396
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.imooc.com. IN A
;; ANSWER SECTION:
www.imooc.com. 7200 IN A 115.182.41.180
;; AUTHORITY SECTION:
imooc.com. 7200 IN NS dns1.imooc.com.
;; ADDITIONAL SECTION:
dns1.imooc.com. 7200 IN A 192.168.128.137
;; Query time: 0 msec
;; SERVER: 192.168.128.137#53(192.168.128.137)
;; WHEN: Wed Feb 26 15:15:05 CST 2020
;; MSG SIZE rcvd: 93
[root@CentOS7-2 named]#
[root@CentOS7-2 named]# dig www.imooc.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> www.imooc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25725
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.imooc.com. IN A
;; ANSWER SECTION:
www.imooc.com. 30 IN A 115.182.41.103
www.imooc.com. 30 IN A 115.182.41.163
www.imooc.com. 30 IN A 117.121.101.134
www.imooc.com. 30 IN A 117.121.101.40
www.imooc.com. 30 IN A 117.121.101.144
www.imooc.com. 30 IN A 117.121.101.41
www.imooc.com. 30 IN A 115.182.41.180
;; Query time: 131 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Wed Feb 26 15:15:39 CST 2020
;; MSG SIZE rcvd: 154
[root@CentOS7-2 named]# dig @192.168.128.137 www.iaskjob.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @192.168.128.137 www.iaskjob.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24878
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.iaskjob.com. IN A
;; ANSWER SECTION:
www.iaskjob.com. 7200 IN CNAME www.imooc.com.
www.imooc.com. 7200 IN A 115.182.41.180
;; AUTHORITY SECTION:
imooc.com. 7200 IN NS dns1.imooc.com.
;; ADDITIONAL SECTION:
dns1.imooc.com. 7200 IN A 192.168.128.137
;; Query time: 2 msec
;; SERVER: 192.168.128.137#53(192.168.128.137)
;; WHEN: Wed Feb 26 15:16:18 CST 2020
;; MSG SIZE rcvd: 119
[root@CentOS7-2 named]#
四,在本机配置dns服务器地址
[root@CentOS7-2 named]# cat /etc/sysconfig/net
netconsole network network-scripts/
[root@CentOS7-2 named]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
#BOOTPROTO=dhcp
BOOTPROTO=static
IPADDR=192.168.128.137
NAME=ens33
DEVICE=ens33
ONBOOT=yes
GATEWAY=192.168.128.2
#DNS1=10.1.1.2
DNS2=8.8.8.8
DNS3=114.114.114.114
DNS4=115.115.115.115
[root@CentOS7-2 named]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 114.114.114.114
nameserver 115.115.115.115
[root@CentOS7-2 named]#
注:需在 /etc/sysconfig/network-scripts/ifcfg-ens33中配置dns地址,否则重启network服务之后,/etc/resolv.conf 会被清空。
五,DNS端口说明
DNS同时占用UDP和TCP端口53是公认的,这种单个应用协议同时使用两种传输协议的情况在TCP/IP栈也算是个另类。但很少有人知道DNS分别在什么情况下使用这两种协议。
先简单介绍下TCP与UDP。
TCP是一种面向连接的协议,提供可靠的数据传输,一般服务质量要求比较高的情况,使用这个协议。UDP—用户数据报协议,是一种无连接的传输层协议,提供面向事务的简单不可靠信息传送服务。
TCP与UDP的区别:
UDP和TCP协议的主要区别是两者在如何实现信息的可靠传递方面不同。TCP协议中包含了专门的传递保证机制,当数据接收方收到发送方传来的信息时,会自动向发送方发出确认消息;发送方只有在接收到该确认消息之后才继续传送其它信息,否则将一直等待直到收到确认信息为止。 与TCP不同,UDP协议并不提供数据传送的保证机制。如果在从发送方到接收方的传递过程中出现数据报的丢失,协议本身并不能做出任何检测或提示。因此,通常人们把UDP协议称为不可靠的传输协议。相对于TCP协议,UDP协议的另外一个不同之处在于如何接收突发性的多个数据报。不同于TCP,UDP并不能确保数据的发送和接收顺序。事实上,UDP协议的这种乱序性基本上很少出现,通常只会在网络非常拥挤的情况下才有可能发生。
既然UDP是一种不可靠的网络协议,那么还有什么使用价值或必要呢?其实不然,在有些情况下UDP协议可能会变得非常有用。因为UDP具有TCP所望尘莫及的速度优势。虽然TCP协议中植入了各种安全保障功能,但是在实际执行的过程中会占用大量的系统开销,无疑使速度受到严重的影响。反观UDP由于排除了信息可靠传递机制,将安全和排序等功能移交给上层应用来完成,极大降低了执行时间,使速度得到了保证。
DNS在进行区域传输的时候使用TCP协议,其它时候则使用UDP协议;
DNS的规范规定了2种类型的DNS服务器,一个叫主DNS服务器,一个叫辅助DNS服务器。在一个区中主DNS服务器从自己本机的数据文件中读取该区的DNS数据信息,而辅助DNS服务器则从区的主DNS服务器中读取该区的DNS数据信息。当一个辅助DNS服务器启动时,它需要与主DNS服务器通信,并加载数据信息,这就叫做区传送(zone transfer)。
为什么既使用TCP又使用UDP?
首先了解一下TCP与UDP传送字节的长度限制:
UDP报文的最大长度为512字节,而TCP则允许报文长度超过512字节。当DNS查询超过512字节时,协议的TC标志出现删除标志,这时则使用TCP发送。通常传统的UDP报文一般不会大于512字节。
区域传送时使用TCP,主要有一下两点考虑:
1.辅域名服务器会定时(一般时3小时)向主域名服务器进行查询以便了解数据是否有变动。如有变动,则会执行一次区域传送,进行数据同步。区域传送将使用TCP而不是UDP,因为数据同步传送的数据量比一个请求和应答的数据量要多得多。
2.TCP是一种可靠的连接,保证了数据的准确性。
域名解析时使用UDP协议:
客户端向DNS服务器查询域名,一般返回的内容都不超过512字节,用UDP传输即可。不用经过TCP三次握手,这样DNS服务器负载更低,响应更快。虽然从理论上说,客户端也可以指定向DNS服务器查询的时候使用TCP,但事实上,很多DNS服务器进行配置的时候,仅支持UDP查询包。
参考链接:
https://www.cnblogs.com/xiaoluo501395377/archive/2013/06/06/3120326.html
https://www.cnblogs.com/cobbliu/archive/2013/03/19/2970311.html
https://blog.csdn.net/App_IOS/article/details/86893929
https://www.cnblogs.com/ginvip/p/6365605.html