DNS服务搭建

DNS：Domain Name System 域名系统
它是由解析器和域名服务器组成的。域名服务器是指保存有该网络中所有主机的域名和对应IP地址，并具有将域名转换为IP地址功能的服务器。其中域名必须对应一个IP地址，而IP地址不一定有域名。域名系统采用类似目录树的等级结构。域名服务器为客户机/服务器模式中的服务器方，它主要有两种形式：主服务器和转发服务器。将域名映射为IP地址的过程就称为“域名解析”。在Internet上域名与IP地址之间是一对一（或者多对一）的，域名虽然便于人们记忆，但机器之间只能互相认识IP地址，它们之间的转换工作称为域名解析，域名解析需要由专门的域名解析服务器来完成，DNS就是进行域名解析的服务器。 DNS 命名用于 Internet 等 TCP/IP 网络中，通过用户友好的名称查找计算机和服务。当用户在应用程序中输入 DNS 名称时，DNS 服务可以将此名称解析为与之相关的其他信息，如 IP 地址。因为，你在上网时输入的网址，是通过域名解析系统解析找到了相对应的IP地址，这样才能上网。其实，域名的最终指向是IP。计算机网络上的计算机彼此之间只能用IP地址才能相互识别。
域名是由圆点分开一串单词或缩写组成的，每一个域名都对应一个惟一的IP地址，这一命名的方法或这样管理域名的系统叫做域名管理系统
DNS服务搭建

DNS查询过程：本地hosts文件-本机DNS缓存-DNS服务器
正向解析
[[email protected] ~]# yum install bind -y
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Resolving Dependencies
–> Running transaction check
—> Package bind.x86_64 32:9.9.4-50.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================
**Package Arch Version Repository Size
=========================================================================================**
Installing:
bind x86_64 32:9.9.4-50.el7 base 1.8 M

**Transaction Summary
=========================================================================================**
Install 1 Package

Total download size: 1.8 M
Installed size: 4.3 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-9.9.4-50.el7.x86_64 1/1
Verifying : 32:bind-9.9.4-50.el7.x86_64 1/1

Installed:
bind.x86_64 32:9.9.4-50.el7

Complete!
[[email protected] ~]# systemctl start named
Bind的主配置文件/etc/named.conf，该文件包括Bind的基本配置，
[[email protected] ~]# vim /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 172.16.50.37; };
directory “/var/named”;
};

zone “baidu.com” IN {
type master; ####主区域用来保存DNS服务器baidu.com区域的数据信息
file “baidu.com.zone”;
};
DNS服务搭建
资源记录类型
SOA 　　起始授权机构，此记录指定区域的起点。它所包含的信息有区域名、区域管理员电子邮件地址，以及指示辅 DNS服务器如何更新区域数据文件的设置等。　
A 此记录列出特定主机名的 IP 地址。这是名称解析的重要记录。　　
CNAME 标准名称此记录指定标准主机名的别名。　　
MX 邮件交换器此记录列出了负责接收发到域中的电子邮件的主机。　　
NS 名称服务器此记录指定负责给指定区域的名称服务器
[[email protected] named]# vim baidu.com.zone
$TTL 1D
@ IN SOA @ admin.baidu.com. (
0
1D
1H
1W
3H )
IN NS ns.baidu.com.
IN MX 10 mail.baidu.com.
ns IN A 172.16.50.37
mail IN A 172.16.50.2
www IN A 172.16.50.1
www IN A 172.16.50.3
ftp IN CNAME www

[[email protected] named]# systemctl restart named
[[email protected] named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2018-08-02 09:22:56 EDT; 8s ago
Process: 76387 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 76404 ExecStart=/usr/sbin/named -u named -c $N A M E D C O N F$ OPTIONS (code=exited, status=0/SUCCESS)**
Process: 76399 ExecStartPre=/bin/bash -c if [ ! “ $D I S A B L E_{Z} O N E_{C} H E C K I N G "==" y e s "]; t h e n / u s r / s b i n / n a m e d - c h e c k c o n f - z "$ NAMEDCONF”; else echo “Checking of zone files is disabled”; fi (code=exited, status=0/SUCCESS)
Main PID: 76405 (named)
CGroup: /system.slice/named.service
└─76405 /usr/sbin/named -u named -c /etc/named.conf

验证配置如下
[[email protected] named]# dig -t A www.baidu.com @172.16.50.37

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t A www.baidu.com @172.16.50.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27004
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com. 86400 IN A 172.16.50.1
www.baidu.com. 86400 IN A 172.16.50.3

;; AUTHORITY SECTION:
baidu.com. 86400 IN NS ns.baidu.com.

;; ADDITIONAL SECTION:
ns.baidu.com. 86400 IN A 172.16.50.37

;; Query time: 0 msec
;; SERVER: 172.16.50.37#53(172.16.50.37)
;; WHEN: Thu Aug 02 09:23:32 EDT 2018
;; MSG SIZE rcvd: 107

[[email protected] named]# dig -t MX baidu.com @172.16.50.37

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t MX baidu.com @172.16.50.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35754
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com. IN MX

;; ANSWER SECTION:
baidu.com. 86400 IN MX 10 mail.baidu.com.

;; AUTHORITY SECTION:
baidu.com. 86400 IN NS ns.baidu.com.

;; ADDITIONAL SECTION:
mail.baidu.com. 86400 IN A 172.16.50.2
ns.baidu.com. 86400 IN A 172.16.50.37

;; Query time: 0 msec
;; SERVER: 172.16.50.37#53(172.16.50.37)
;; WHEN: Thu Aug 02 09:23:57 EDT 2018
;; MSG SIZE rcvd: 108

[[email protected] named]# dig -t MS baidu.com @172.16.50.37
;; Warning, ignoring invalid type MS

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t MS baidu.com @172.16.50.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46325
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com. IN A

;; AUTHORITY SECTION:
baidu.com. 10800 IN SOA baidu.com. admin.baidu.com. 0 86400 3600 604800 10800

;; Query time: 0 msec
;; SERVER: 172.16.50.37#53(172.16.50.37)
;; WHEN: Thu Aug 02 09:24:10 EDT 2018
;; MSG SIZE rcvd: 80

[[email protected] named]# dig -t NS baidu.com @172.16.50.37

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t NS baidu.com @172.16.50.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52173
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com. IN NS

;; ANSWER SECTION:
baidu.com. 86400 IN NS ns.baidu.com.

;; ADDITIONAL SECTION:
ns.baidu.com. 86400 IN A 172.16.50.37

;; Query time: 0 msec
;; SERVER: 172.16.50.37#53(172.16.50.37)
;; WHEN: Thu Aug 02 09:24:16 EDT 2018
;; MSG SIZE rcvd: 71

[[email protected] named]# dig -t CNAME ftp.baidu.com @172.16.50.37

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t CNAME ftp.baidu.com @172.16.50.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22894
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.baidu.com. IN CNAME

;; ANSWER SECTION:
ftp.baidu.com. 86400 IN CNAME www.baidu.com.

;; AUTHORITY SECTION:
baidu.com. 86400 IN NS ns.baidu.com.

;; ADDITIONAL SECTION:
ns.baidu.com. 86400 IN A 172.16.50.37

;; Query time: 0 msec
;; SERVER: 172.16.50.37#53(172.16.50.37)
;; WHEN: Thu Aug 02 09:24:47 EDT 2018
;; MSG SIZE rcvd: 93

反向DNS配置：
查看端口
[[email protected] ~]# netstat -lntup|grep named
tcp 0 0 172.16.50.37:53 0.0.0.0:* LISTEN 76405/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 76405/named
tcp6 0 0 ::1:953 :::* LISTEN 76405/named
udp 0 0 172.16.50.37:53 0.0.0.0:* 76405/named
[[email protected] ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 172.16.50.37; };
directory “/var/named”;
};
zone “baidu.com” IN {
type master;
file “baidu.com.zone”;
};

zone “50.16.172.in-addr.arpa” IN {
type master;
file “hehe.com.zone”;
};
“/etc/named.conf” 25L, 616C
[[email protected] ~]# cat /var/named/hehe.com.zone
$TTL 1D
@ IN SOA ns.baidu.com. admin.baidu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.baidu.com.
37 IN PTR ns.baidu.com.
128 IN PTR www.baidu.com.
[[email protected] ~]# systemctl restart named
验证命令
dig
-x addr 逆向查询（将地址映射到名称）可以通过 -x 选项加以简化。addr 是一个以小数点为界的 IPv4 地址或冒号为界的 IPv6 地址。当使用这个选项时，无需提供 name、class 和 type 参数。dig 自动运行类似 11.12.13.10.in-addr.arpa 的域名查询，并分别设置查询类型和类为 PTR 和 IN。
-t type 设置查询类型为 type。可以是 BIND9 支持的任意有效查询类型。缺省查询类型是 A，除非提供 -x 选项来指示一个逆向查询。通过指定 AXFR 的 type 可以请求一个区域传输。当需要增量区域传输（IXFR）时，type 设置为 ixfr=N。增量区域传输将包含自从区域的 SOA 记录中的***改为 N 之后对区域所做的更改

[[email protected] ~]# dig -x 172.16.50.128 @172.16.50.37
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 172.16.50.128 @172.16.50.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49281
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;128.50.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
128.50.16.172.in-addr.arpa. 86400 IN PTR www.baidu.com.
;; AUTHORITY SECTION:
50.16.172.in-addr.arpa. 86400 IN NS ns.baidu.com.
;; ADDITIONAL SECTION:
ns.baidu.com. 86400 IN A 172.16.50.37
;; Query time: 0 msec
;; SERVER: 172.16.50.37#53(172.16.50.37)
;; WHEN: Sat Aug 04 05:14:09 EDT 2018
;; MSG SIZE rcvd: 115

相关推荐