DNS解析原理与Bind部署DNS服务
DNS是什么?
DNS(Domain Name System,域名系統(tǒng))是互聯(lián)網(wǎng)上最核心的帶層級的分布式系統(tǒng),它負(fù)責(zé)把域名轉(zhuǎn)換為IP地址、反查IP到域名的反向解析以及宣告郵件路由等信息,使得基于域名提供服務(wù)稱為可能,例如網(wǎng)站訪問、郵件服務(wù)等。
DNS解析原理
DNS系統(tǒng)由兩部分組成,一是Resolver解析器,作為DNS請求的客戶端,負(fù)責(zé)從DNS記錄中解析出IP或別名等信息;二是NS域名服務(wù)器,提供域名解析服務(wù),例如Bind。
DNS服務(wù)器分為三類:一是權(quán)威域名服務(wù)器,用于解析域名或使用NS記錄進(jìn)行授權(quán);二是緩存域名服務(wù)器,用于遞歸查詢并緩存DNS記錄;三是轉(zhuǎn)發(fā)域名服務(wù)器,僅用于轉(zhuǎn)發(fā)DNS請求給指定的上級域名服務(wù)器。
DNS記錄類型
1.A記錄:指定域名對應(yīng)IP的記錄
2.PTR記錄:指定IP對應(yīng)域名的記錄
3.MX記錄:郵件交換記錄,也叫郵件路由記錄,指向郵件服務(wù)器的IP
4.CNAME記錄:別名記錄,用于指向另一個域名
5.NS記錄:域名服務(wù)器記錄,指定該域名由哪個DNS服務(wù)器來解析
Bind部署DNS域名解析
Bind是什么?
BIND伯克利互聯(lián)網(wǎng)域名服務(wù)(Berkeley Internet Name Domain)是一款全球互聯(lián)網(wǎng)使用最廣泛、能夠提供安全可靠、快捷高效的域名解析的服務(wù)程序。
安裝Bind服務(wù)程序
[root@localhost ~]# yum install -y bind-chroot?修改主配置文件
[root@localhost ~]# vim /etc/named.conf 12 options {13 listen-on port 53 { any; }; //監(jiān)聽53端口所有來源信息14 listen-on-v6 port 53 { ::1; };15 directory "/var/named";16 dump-file "/var/named/data/cache_dump.db";17 statistics-file "/var/named/data/named_stats.txt";18 memstatistics-file "/var/named/data/named_mem_stats.txt";19 allow-query { any; }; //允許所有來源訪問正向解析:由域名到IP
配置區(qū)域文件
[root@localhost ~]# vim /etc/named.rfc1912.zones zone "test.com" IN{type master; //服務(wù)器類型:主服務(wù)器file "test.com.zone"; // 數(shù)據(jù)文件名稱allow-update {none;}; // 是否允許從服務(wù)器更新解析數(shù)據(jù)};?配置域名解析文件
[root@localhost ~]# cd /var/named [root@localhost named]# cp -a named.localhost test.com.zone [root@localhost named]# vim test.com.zone $TTL 1D@ IN SOA test.com. root.test.com. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns.test.com. //域名服務(wù)器記錄:表示該域名由哪臺DNS進(jìn)行解析ns IN A 192.168.41.10IN MX 10 mail.test.com. //郵箱交換記錄,用于郵件系統(tǒng)解析mail IN A 192.168.41.10www IN A 192.168.41.10 //地址記錄,表明三級域名www.test.com 對應(yīng)的解析地址bbs IN A 192.168.41.10?重啟服務(wù),進(jìn)行測試
[root@localhost named]# systemctl restart named[root@localhost named]# systemctl enable named[root@localhost ~]# nslookup //常用解析器> www.test.comServer: 192.168.41.10Address: 192.168.41.10#53Name: www.test.comAddress: 192.168.41.10> bbs.test.comServer: 192.168.41.10Address: 192.168.41.10#53Name: bbs.test.comAddress: 192.168.41.10>#測試前記得修改DNS或者直接在/etc/resolve.conf中添加
反向解析:由IP到域名
配置區(qū)域文件
[root@localhost ~]# vim /etc/named.rfc1912.zones zone "41.168.192.in-addr.arpa" IN{type master;file "192.168.41.arpa";allow-update {none;};};配置反向解析文件
[root@localhost ~]# cd /var/named [root@localhost named]# cp -a named.loopback 192.168.41.arpa [root@localhost named]# vim 192.168.41.arpa $TTL 1D@ IN SOA test.com. root.test.com. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns.test.com.ns A 192.168.41.1010 PTR ns.test.com.10 PTR mail.test.com.10 PTR www.test.com.20 PTR bbs.test.com.?重啟服務(wù),進(jìn)行測試
[root@localhost named]# systemctl restart named[root@localhost named]# nslookup> 192.168.41.10Server: 192.168.41.10Address: 192.168.41.10#5310.41.168.192.in-addr.arpa name = www.test.com.10.41.168.192.in-addr.arpa name = ns.test.com.10.41.168.192.in-addr.arpa name = mail.test.com.> 192.168.41.20Server: 192.168.41.10Address: 192.168.41.10#5320.41.168.192.in-addr.arpa name = bbs.test.com.>部署從服務(wù)器
配置主服務(wù)器區(qū)域文件
[root@localhost named]# vim /etc/named.rfc1912.zones zone "test.com" IN{type master;file "test.com.zone";allow-update {192.168.41.30;}; //允許從服務(wù)器更新};zone "41.168.192.in-addr.arpa" IN{type master;file "192.168.41.arpa";allow-update {192.168.41.30;};};?配置從服務(wù)器區(qū)域文件
[root@localhost ~]# vim /etc/named.rfc1912.zones zone "test.com" IN{type slave; //服務(wù)器類型:從服務(wù)器masters {192.168.41.10;}; //主服務(wù)器IPfile "slaves/test.com.zone"; //同步的文件保存的地址};zone "41.168.192.in-addr.arpa" IN{type slave;masters {192.168.41.10;};file "slaves/192.168.41.arpa";};?重啟服務(wù),進(jìn)行測試
[root@localhost slaves]# cd /var/named/slaves/[root@localhost slaves]# systemctl restart named[root@localhost slaves]# ls192.168.41.arpa test.com.zone // 主服務(wù)器數(shù)據(jù)文件已經(jīng)同步過來了[root@localhost slaves]# nslookup > www.test.comServer: 192.168.41.30Address: 192.168.41.30#53Name: www.test.comAddress: 192.168.41.10> bbs.test.comServer: 192.168.41.30Address: 192.168.41.30#53Name: bbs.test.comAddress: 192.168.41.10> 192.168.41.10Server: 192.168.41.30Address: 192.168.41.30#5310.41.168.192.in-addr.arpa name = www.test.com.10.41.168.192.in-addr.arpa name = mail.test.com.10.41.168.192.in-addr.arpa name = ns.test.com.>#測試前記得修改DNS或者直接在/etc/resolve.conf中添加
#同步之前記得設(shè)置或關(guān)閉主服務(wù)器防火墻,主從服務(wù)器都要重啟named服務(wù)
?幾點(diǎn)說明
1./etc/resolve.conf是設(shè)置DNS的文件,解析器需要讀取該文件請求DNS服務(wù)。
2.當(dāng)網(wǎng)卡重啟時,/etc/resolve.conf文件內(nèi)的設(shè)置將會被網(wǎng)卡配置文件中的DNS設(shè)置覆蓋,所以如果希望DNS設(shè)置永久生效,則要在網(wǎng)卡配置文件中配置DNS;如果只是臨時修改或添加DNS,則直接配置/etc/resolve.conf文件即可。
3.Bind服務(wù)默認(rèn)開啟遞歸查詢功能,所以既是緩存域名服務(wù)器,又是權(quán)威域名服務(wù)器。如果僅作為權(quán)威服務(wù)器用于域名解析,則可以關(guān)閉遞歸查詢功能;
vim /etc/named.conf options {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { any; };recursion no; // 關(guān)閉遞歸查詢功能dnssec-enable yes;dnssec-validation yes;?4.DNS服務(wù)器中存放著全球13組根域名服務(wù)器的NS記錄,保存在域名解析文件named.ca中。
vim /etc/named.confzone "." IN {type hint;file "named.ca"; };vim /var/named/named.ca ; formerly NS.INTERNIC.NET ; . 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c "/var/named/named.ca" 92L, 3289C ... ...?
轉(zhuǎn)載于:https://www.cnblogs.com/Peter2014/p/7561597.html
總結(jié)
以上是生活随笔為你收集整理的DNS解析原理与Bind部署DNS服务的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: linux 下php多版本安装
- 下一篇: 21_resultMap和resultT