DNS域名解析服務(Domain Name System)是用於解析域名與IP地址對應關系的服務,功能上可以實現正向解析與反向解析:
一、DNS服務器工作模式分類:
1、主服務器:在特定區域內具有唯一性、負責維護該區域內的域名與IP地址對應關系。
2、從服務器:從主服務器中獲得域名與IP地址對應關系並維護,以防主服務器宕機等情況。
3、緩存服務器:通過向其他域名解析服務器查詢獲得域名與IP地址對應關系,提高重復查詢時的效率.
二、DNS查詢方式:
1、迭代查詢:
2、遞歸查詢:
三、解析方式分類
1、正向解析,既將FQDN解析為IP.
2、反向解析,將IP解析為FQDN.
四、Bind配置文件的結構:
| 主程序 | /usr/sbin/named |
| 主配置文件 | /etc/named.conf |
| 區域配置文件 | /etc/named.rfc1912.zones |
| zone文件的默認路徑 | /var/named |
/etc/named.conf : Bind的主配置文件,用於定義全局設置,DNS的zone等相關配置。
1.options部分:
options { //options段用於定義全局設置
listen-on port 53 { 127.0.0.1; };
//定義bind的監聽IP地址(IPv4)
listen-on-v6 port 53 { ::1; };
//定義bind的監聽IP地址(IPv6)
directory "/var/named";
//zone文件的默認路徑
dump-file "/var/named/data/cache_dump.db";
//cache的備份
statistics-file "/var/named/data/named_stats.txt";
//靜態文件
memstatistics-file "/var/named/data/named_mem_stats.txt";
//內存靜態文件
allow-query { localhost; };
//允許誰向此DNS進行查詢
recursion yes|no;
//允許遞歸查詢
#安全相關部分:
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
2.日志系統部分:
logging { //定義日志
channel myfile {
//定義channel名稱
file "data/named.run";
//以文件形式存儲日志
severity dynamic;
//存儲日志的級別,一共7個級別從高到低分別是:crit,error,warning,notice,info(前面5個屬於syslog);debug[level],dynamic(后兩個屬於Bind8,9獨有的級別)
};
category statistics { my_file; };
//定義bind系統中各子系統的日志 //將日志發給那個channel,可以發給多個channel,一個channel只能接受一個category。
};
3.定義zone
zone "." IN { //定義Dns的zone,"."代表根區域
type hint; //定義zone的類型,根區域的類型就為hint
file "named.ca"; //指定zone文件,默認已經生成
};
二、DNS中zone文件的放置/var/named/*.zone(與named.conf中的zone對應的文件)
zone文件的書寫格式:
$TTL 1D //用宏定義一個TTL默認值為1天,下面數據直接引用此值.
@ [TTL] IN SOA 主DNS服務器FQDN 管理員郵箱 (
0 ; 序列號
1D ; 更新間隔
1H ; 更新失敗后重試間隔
1W ; 過期時長
3H ) ; 否定記錄保存時長
資源類型:A(IPv4), AAAA(IPv6):定義FQDN的IP
NS : 定義DNS服務器的FQDN
SOA : 起始授權(每個zone首先要定義此值)
MX: 定義郵件記錄,有優先級概念(0-99),值越小優先級越高。
CNAME: 定義別名
PTR: 反向記錄
單台DNS主服務器應用實驗之正向解析:
查看bind版本:
[root@localhost ~]# rpm -q bind bind-9.8.2-0.62.rc1.el6_9.4.x86_64 如果沒有則安裝: #yum install -y bind bind-utils
實驗環境
系統:CentOS release 6.8 軟件:bind-9.8.2-0.62.rc1.el6_9.4.x86_64 服務器: IP 192.168.153.130;netmask 255.255.255.0 ;DNS 192.168.153.130;GW 192.168.153.2
我在192.168.153.130上面裝的dns服務,resolv.conf 中dns的地址配置第一行為本機ip地址,在后邊配置文件中的192.168.153.129為我的nginx服務器地址,nginx服務器的dns指向為192.168.153.130,這個在nginx主機nslookup時就可已用130的dns做解析了.
1.配置DNS服務器name.conf
options {
listen-on port 53 { 127.0.0.1;
192.168.153.130; // 為局域網其它機器提供Named服務,必須監聽向本機IP發出的請求.
};
listen-on-v6 port 53 { ::1; }; //如不使用IPv6地址,可以刪除或注釋掉
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; //更改為any或者刪除或注釋掉,表示可以接受查詢的來源
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "music.com" IN{ //定義一個zone,zone的名字“music.com”
type master; //類型為主服務器
file "music.com.zone"; //自定義的域名到IP的正向解析配置
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2.開始建立正向解析文件:
創建並編輯正向解析文件music.com.zone(文件名要和name.conf文件中定義的zone file名一致)
#vim /var/named/music.com.zone
$TTL 1D
@ IN SOA master.music.com. email.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master
master IN A 192.168.153.130
www IN A 192.168.153.129
nginx IN A 192.168.153.129
bbs IN A 192.168.153.129
3.配置完成后,檢查配置文件的正確性:
[root@localhost ~]# /usr/sbin/named-checkconf -z zone music.com/IN: loaded serial 0 zone 153.168.192.in-addr.arpa/IN: loaded serial 2010110901 zone localhost.localdomain/IN: loaded serial 0 zone localhost/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 zone 0.in-addr.arpa/IN: loaded serial 0
4.重啟服務:
[root@localhost ~]# /sbin/service named restart Stopping named: .[ OK ] Starting named: [ OK ]
5.nslookup解析測試:
[root@localhost ~]# nslookup > master.music.com Server: 192.168.153.130 //dns地址 Address: 192.168.153.130#53 Name: master.music.com //域名服務器主機名 Address: 192.168.153.130 > www.music.com Server: 192.168.153.130 Address: 192.168.153.130#53 Name: www.music.com Address: 192.168.153.129 //www域名對應的A記錄地址 > nginx.music.com Server: 192.168.153.130 Address: 192.168.153.130#53 Name: nginx.music.com Address: 192.168.153.129 > bbs.music.com Server: 192.168.153.130 Address: 192.168.153.130#53 Name: bbs.music.com Address: 192.168.153.129 >
單台DNS主服務器應用實驗之反向解析:
1.配置主區域數據文件(/etc/named.conf),追加反向解析如下內容:
zone "153.168.192.in-addr.arpa" IN{ type master; file "192.168.153.arpa.zone"; allow-update { none; }; };
2.配置解析數據文件.
[root@localhost ~]# cd /var/named/
[root@localhost named]# vim 192.168.153.arpa.zone
$TTL 1D
@ IN SOA 153.168.192.in-addr.arpa. music.com. (
2010110901
28800
14400
3600000
86400
)
@ IN NS master.music.com.
130 IN PTR master.music.com 192.168.153.130 -> master
129 IN PTR www.music.com. ; 192.168.153.129 -> www
129 IN PTR nginx.music.com. ; 192.168.153.129 -> nginx
129 IN PTR img.music.com. ; 192.168.153.129 -> img
3.語法檢查:
[root@localhost ~]# /usr/sbin/named-checkconf -z
4.重啟服務:
[root@localhost ~]# /etc/init.d/named restart Stopping named: [ OK ] Starting named: [ OK ]
5.反向解析驗證:
[root@localhost ~]# nslookup > 192.168.153.129 Server: 192.168.153.130 Address: 192.168.153.130#53 129.153.168.192.in-addr.arpa name = www.music.com. 129.153.168.192.in-addr.arpa name = nginx.music.com. 129.153.168.192.in-addr.arpa name = img.music.com. > > 192.168.153.130 Server: 192.168.153.130 Address: 192.168.153.130#53 130.153.168.192.in-addr.arpa name = master.music.com.153.168.192.in-addr.arpa. >
DNS CNAME記錄
CNAME記錄,即別名記錄,我們通過設置別名記錄,可以將多個名稱指向同一台主機,CNAME記錄的前提是必須要有一條A記錄,A記錄是創建CNAME記錄的前提.
這樣可以在ip變動的情況下,我們不用一個一個的去更改主機名到主機的A記錄映射,只需要改動別名到主機的一條A記錄就可以全部搞定,達到事倍功半的效果.
未使用別名(CNAME)的正向解析區域配置文件:
[root@localhost named]# vim music.com.zone $TTL 1D @ IN SOA master.music.com. email.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS master master IN A 192.168.153.130 www IN A 192.168.153.129 nginx IN A 192.168.153.129 bbs IN A 192.168.153.129 img IN A 192.168.153.129
使用別名后的區域配置文件.
[root@localhost named]# vim music.com.zone $TTL 1D @ IN SOA master.music.com. email.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS master master IN A 192.168.153.130 proxy IN A 192.168.153.129 www IN CNAME proxy nginx IN CNAME proxy bbs IN CNAME proxy img IN CNAME proxy
檢查並重啟服務,nslookup測試驗證:
[root@localhost ~]# nslookup > img.music.com Server: 192.168.153.130 Address: 192.168.153.130#53 img.music.com canonical name = proxy.music.com. //別名 Name: proxy.music.com Address: 192.168.153.129 > www.music.com Server: 192.168.153.130 Address: 192.168.153.130#53 www.music.com canonical name = proxy.music.com. Name: proxy.music.com Address: 192.168.153.129 >
參考文檔:
https://www.cnblogs.com/zydev/p/6293745.html
http://leitelyaya.iteye.com/blog/808266