centos7.3之DNS正反向解析-主從

本文轉載自查看原文 2017-06-06 17:34 2504

[root@localhost ~]# cat /var/named/named.localhost 查看本地主機
$TTL 1D 定義全局的TTL
@ IN SOA @ rname.invalid. ( 資源記錄
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1 把localhost主機名解析為127.0.0.1
AAAA ::1
別想要訪問127.0.01只能反向解析
---------------------------------------------------------------------------------------------------------
[root@localhost ~]# cat /var/named/named.loopback 查看本地主機
$TTL 1D 定義全局的TTL
@ IN SOA @ rname.invalid. ( 資源記錄
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost. 把127.0.0.1解析為localhost主機名
---------------------------------------------------------------------------------------------------------
注意：
---------------------------------------------------------------------------------------------------------
（1）TTL可以從全局聚承；
---------------------------------------------------------------------------------------------------------
（2）@表示當前區域的名稱；
---------------------------------------------------------------------------------------------------------
（3）相鄰的兩條記錄其name相同時，后面的可以省略；
---------------------------------------------------------------------------------------------------------
（4）對於正向區域來說，個MX，NS等類型的記錄的value為FQDN，此FQDN應該有一個A記錄；
---------------------------------------------------------------------------------------------------------
DNS協議--> BIND,PowerDNS
---------------------------------------------------------------------------------------------------------
http://www.lsc.org
---------------------------------------------------------------------------------------------------------
程序環境：主程序：/user/sbin/named
---------------------------------------------------------------------------------------------------------
Unit File : /use/lib/systemd/system/named.service
---------------------------------------------------------------------------------------------------------
配置文件：/etc/named.conf
---------------------------------------------------------------------------------------------------------
區域解析庫文件：
---------------------------------------------------------------------------------------------------------
第一步 1111
[root@localhost named]# vim ilinux.io.zone
---------------------------------------------------------------------------------------------------------
$TTL 600
ilinux.io. IN SOA ilinux.io. nsadmin.ilinux.io. (
2017060310
1H
5M
1W
6H ) 第1個和第2個域名
ilinux.io. IN NS dns1.ilinux.io. 這里的ilinux.io.可以不寫因為和上面的一樣 dns1后面是域名
ilinux.io. IN NS dns2.ilinux.io. 這里的ilinux.io.可以不寫因為和上面的一樣 dns2后面是域名
dns1.ilinux.io. IN A 172.16.0.67 第一台的地址
dns2.ilinux.io. IN A 172.16.0.68 第二台的地址
www.ilinux.io. IN A 172.16.0.1 這台主機的地址
web IN CNAME WWW
---------------------------------------------------------------------------------------------------------
第一條ilinux.io.為域名后面可以不寫，不寫為繼承ilinux.io.
---------------------------------------------------------------------------------------------------------
IN 為固定關鍵字ilinux.io.
---------------------------------------------------------------------------------------------------------
SOA 為固定關鍵字nsadmin.ilinux.io.
---------------------------------------------------------------------------------------------------------
2017060305 為2017年6月3號到2017年6月10號有效期為7天
---------------------------------------------------------------------------------------------------------
1H 表示為1小時
---------------------------------------------------------------------------------------------------------
5M 每隔5分鍾重復一次
---------------------------------------------------------------------------------------------------------
1W 有效期一周
---------------------------------------------------------------------------------------------------------
6H 6小時
---------------------------------------------------------------------------------------------------------
第二步2222
[root@localhost named]# vim /etc/named.conf 更改配置文件
options { 加上雙斜線相當於注釋掉，不引用
listen-on port 53 { 0.0.0.0; }; 0.0.0.0為更改后的最好加上//listen-on port 53 { 0.0.0.0; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; any為更改后的表示任何人都可以
recursion yes;

dnssec-enable no; no為更改后的表示不做安全校驗
dnssec-validation no; no為更改后的表示不做安全校驗

---------------------------------------------------------------------------------------------------------
any=容許所有人來查詢
---------------------------------------------------------------------------------------------------------
第三步3333
[root@localhost named]# vim /etc/named.rfc1912.zones 更改配置文件
---------------------------------------------------------------------------------------------------------
在腳本末端增加：
zone "ilinux.io" IN { 我自己來解析ilinux.io
type master;
file "ilinux.io.zone"; 這個文件叫ilinux.io.zone
};
---------------------------------------------------------------------------------------------------------
[root@localhost named]# cat ilinux.io.zone
$TTL 600
ilinux.io. IN SOA ilinux.io. nsadmin.ilinux.io. (
2017060310
1H
5M
1W
6H )
IN NS dns1.ilinux.io.
IN NS dns1.ilinux.io.
dns1.ilinux.io. IN A 172.16.0.67
dns2.ilinux.io. IN A 172.16.0.68
www.ilinux.io. IN A 172.16.0.1
web IN CNAME www
---------------------------------------------------------------------------------------------------------
[root@localhost named]# named-checkconf 查語法是否存在錯誤
第四步4444
[root@localhost named]# named-checkzone "ilimux.io" /var/named/ilinux.io.zone 檢查語法是否存在錯誤
---------------------------------------------------------------------------------------------------------
one
zone ilinux.io/IN: loaded serial 2017060310
OK
---------------------------------------------------------------------------------------------------------
named-checkzone 檢查語法錯誤 "ilimux.io"區域名 /var/named/ilinux.io.zone 地址
---------------------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------------------
-rw-r--r--. 1 root root 262 6月 3 21:52 ilinux.io.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# chmod o= ilinux.io.zone 更改其權限不讓別人訪問
---------------------------------------------------------------------------------------------------------
-rw-r-----. 1 root root 262 6月 3 21:52 ilinux.io.zone
---------------------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------------------
[root@localhost named]# chown :named ilinux.io.zone 更改所屬主組
---------------------------------------------------------------------------------------------------------
-rw-r-----. 1 root named 262 6月 3 21:52 ilinux.io.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# rndc reload 重新加載服務器
server reload successful 服務器加載成功
---------------------------------------------------------------------------------------------------------
[root@localhost named]# ss -nul 查看
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:4764 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 172.16.253.236:53 *:*
UNCONN 0 0 127.0.0.1:53 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 *%virbr0:67 *:*
UNCONN 0 0 *:68 *:*
UNCONN 0 0 *:55481 *:*
UNCONN 0 0 ::1:323 :::*
UNCONN 0 0 ::1:53 :::*
UNCONN 0 0 :::50284 :::*

--------------------------------------------------------------------------------------------------------
[root@localhost named]# dig www.ilinux.io

--------------------------------------------------------------------------------------------------------

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> www.ilinux.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38345
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ilinux.io. IN A

;; ANSWER SECTION:
www.ilinux.io. 2575 IN CNAME www.linuxpharos.com.
www.linuxpharos.com. 2575 IN A 47.92.31.192

;; AUTHORITY SECTION:
linuxpharos.com. 167877 IN NS dns15.hichina.com.
linuxpharos.com. 167877 IN NS dns16.hichina.com.

;; ADDITIONAL SECTION:
dns15.hichina.com. 163980 IN A 42.120.221.25
dns15.hichina.com. 163980 IN A 140.205.81.15
dns15.hichina.com. 163980 IN A 140.205.81.25
dns15.hichina.com. 163980 IN A 140.205.228.15
dns15.hichina.com. 163980 IN A 140.205.228.25
dns15.hichina.com. 163980 IN A 42.120.221.15
dns16.hichina.com. 163980 IN A 140.205.81.16
dns16.hichina.com. 163980 IN A 140.205.81.26
dns16.hichina.com. 163980 IN A 140.205.228.16
dns16.hichina.com. 163980 IN A 140.205.228.26
dns16.hichina.com. 163980 IN A 42.120.221.16
dns16.hichina.com. 163980 IN A 42.120.221.26

;; Query time: 2 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: 二 6月 06 18:53:55 CST 2017
;; MSG SIZE rcvd: 331
---------------------------------------------------------------------------------------------------------
測試命令dig：

dig [-t type] name [@SERVER] [query options]

dig 只用於測試dns 系統，不會查詢hosts 文件進行解析

查詢選項：

+[no]trace程：跟蹤解析過程 : dig +trace rookie.com

+[no]recurse：進行遞歸解析

--------------------------------------------------------------------------------------------------------

[root@localhost ~]#dig -t A www.baidu.com @172.16.252.254 +trace

--------------------------------------------------------------------------------------------------------

測試反向解析：

dig -x IP = dig -t ptr reverseip.in-addr.arpa

---------------------------------------------------------------------------------------------------------
ss命令
-h：顯示幫助信息；
-V：顯示指令版本信息；
-n：不解析服務名稱，以數字方式顯示；
-a：顯示所有的套接字；
-l：顯示處於監聽狀態的套接字；
-o：顯示計時器信息；
-m：顯示套接字的內存使用情況；
-p：顯示使用套接字的進程信息；
-i：顯示內部的TCP信息；
-4：只顯示ipv4的套接字；
-6：只顯示ipv6的套接字；
-t：只顯示tcp套接字；
-u：只顯示udp套接字；
-d：只顯示DCCP套接字；
-w：僅顯示RAW套接字；
-x：僅顯示UNIX域套接字。

來自: http://man.linuxde.net/ss
---------------------------------------------------------------------------------------------------------
[root@localhost named]# host -t A www.ilinux.io
www.ilinux.io is an alias for www.linuxpharos.com.
www.linuxpharos.com has address 47.92.31.192
---------------------------------------------------------------------------------------------------------
host(選項)
(參數) 選項
-a：顯示詳細的DNS信息；
-c<類型>：指定查詢類型，默認值為“IN“；
-C：查詢指定主機的完整的SOA記錄；
-r：在查詢域名時，不使用遞歸的查詢方式；
-t<類型>：指定查詢的域名信息類型；
-v：顯示指令執行的詳細信息；
-w：如果域名服務器沒有給出應答信息，則總是等待，直到域名服務器給出應答；
-W<時間>：指定域名查詢的最長時間，如果在指定時間內域名服務器沒有給出應答信息，則退出指令；
-4：使用IPv4；
-6：使用IPv6.

來自: http://man.linuxde.net/host
---------------------------------------------------------------------------------------------------------
上方為正向解析
---------------------------------------------------------------------------------------------------------
下方為反向解析
---------------------------------------------------------------------------------------------------------
[root@localhost named]# vim 172.16.zone
---------------------------------------------------------------------------------------------------------
$TTL 600
ilinux.io. IN SOA ilinux.io. nsadmin.ilinux.io. (
2017060612
1H
5M
1W
6H )
IN NS dns1.ilinux.io.
IN NS dns2.ilinux.io.
dns1.ilinux.io. IN A 172.16.253.236
dns2.ilinux.io. IN A 172.16.252.201
www.ilinux.io. IN A 172.16.0.1
web IN CNAME WWW
---------------------------------------------------------------------------------------------------------
[root@localhost named]# vim /etc/named.rfc1912.zones 在最下方加入
---------------------------------------------------------------------------------------------------------
zone "16.172.in-addr.arpa" IN {
type master;
file "172.16.zone";
};
---------------------------------------------------------------------------------------------------------
[root@localhost named]# vim /etc/resolv.conf
---------------------------------------------------------------------------------------------------------
nameserver 172.16.253.236 將172.16.253.236更改為自己的地址
---------------------------------------------------------------------------------------------------------
[root@localhost named]# chmod o= 172.16.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# chown :named 172.16.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# ll 172.16.zone
-rw-r-----. 1 root named 269 6月 6 19:21 172.16.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# named-checkconf
---------------------------------------------------------------------------------------------------------
[root@localhost named]# named-checkzone 172.16.in-addr.arpa 172.16.zone
---------------------------------------------------------------------------------------------------------
zone 172.16.in-addr.arpa/IN: loaded serial 2017060612
OK
---------------------------------------------------------------------------------------------------------
[root@localhost named]# rndc reload
---------------------------------------------------------------------------------------------------------
server reload successful
---------------------------------------------------------------------------------------------------------
[root@localhost named]# systemctl restart named.service 重新啟動DNS服務
---------------------------------------------------------------------------------------------------------
[root@localhost named]# ss -nul
---------------------------------------------------------------------------------------------------------
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:4764 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 172.16.253.236:53 *:*
UNCONN 0 0 127.0.0.1:53 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 *%virbr0:67 *:*
UNCONN 0 0 *:68 *:*
UNCONN 0 0 *:55481 *:*
UNCONN 0 0 ::1:323 :::*
UNCONN 0 0 ::1:53 :::*
UNCONN 0 0 :::50284 :::*
---------------------------------------------------------------------------------------------------------
[root@localhost named]# host -t www.ilinux.io
---------------------------------------------------------------------------------------------------------
host: invalid type: www.ilinux.io
---------------------------------------------------------------------------------------------------------
[root@localhost named]# host -t A www.ilinux.io
---------------------------------------------------------------------------------------------------------
www.ilinux.io has address 172.16.0.1
---------------------------------------------------------------------------------------------------------
[root@localhost named]# dig -x 172.16.25
---------------------------------------------------------------------------------------------------------
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -x 172.16.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46628
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;25.16.172.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
16.172.in-addr.arpa. 10800 IN SOA ilinux.io. nsadmin.ilinux.io. 2017060612 86400 3600 604800 10800

;; Query time: 1 msec
;; SERVER: 172.16.253.236#53(172.16.253.236)
;; WHEN: 二 6月 06 19:47:07 CST 2017
;; MSG SIZE rcvd: 104
---------------------------------------------------------------------------------------------------------
主從DNS服務器配置(包含正反向域名解析)
步驟
第一步：編輯解析數據庫文件
1.DNS主服務器正反向解析數據庫文件配置上面已有配置，不再介紹
2.DNS從服務器正反向解析數據庫文件配置
環境：centos6.8 IP:10.0.0.68 DNS主機名：dns2.ilinux.io

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Centos7.3搭建DNS服務器--BIND centos7.3安裝docker CentOS7.3安裝VirtualBox linux下DNS服務器搭建，正反向解析配置 centos7.3安裝python3.6.5 centos7.3網絡配置 CentOS7.3安裝JIRA7.10 CentOS7.3下的一個iptables配置 centos7.3安裝配置vsftp Centos7.3防火牆配置