服務管理-DNS

本文轉載自查看原文 2018-09-14 15:41 1901 Linux運維

DNS服務

DNS（Domain Names System，域名系統），因特網上作為域名和IP地址相互映射的一個分布式數據庫，能夠使用戶更方便的訪問互聯網，而不用去記住能夠被機器直接讀取的IP地址。通過主機名，最終得到該主機名對應的IP地址的過程叫做域名解析。DNS協議運行在UDP之上，使用的端口號是53.

BIND實現正向區解析

[root@localhost ~]# yum install bind
[root@localhost ~]# vim /etc/named.conf 
[root@localhost ~]#

[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# cp named.localhost named.zyg
[root@localhost named]# vim named.zyg 
[root@localhost named]#

[root@localhost named]# chgrp named named.zyg 
[root@localhost named]# systemctl start named

在啟動的時候可能會報：Failed to start Berkeley Internet Name Domain (DNS)

原來是我在寫配置文件的時候少寫了兩個分號導致的。。

[root@localhost named]# vim /etc/resolv.conf

bind實現方向區解析

[root@localhost named]# vim /etc/named.conf

[root@localhost named]# cp named.zyg named.210.29.172
[root@localhost named]# vim named.210.29.172 
[root@localhost named]#

[root@localhost named]# chgrp named named.210.29.172 
[root@localhost named]# systemctl restart named
[root@localhost named]#

智能DNS

普通的DNS服務器只負責為用戶解析出IP記錄，而不去判斷用戶從哪里來，這樣會造成所有用戶都只能解析到固定的IP地址上。

智能DNS顛覆了這個概念。智能DNS會判斷用戶的來路，而做出一些智能化的處理，然后把智能化判斷后的IP地址返回給用戶，比如：智能DNS就會自動判斷用戶的上網線路是網通還是典型，然后智能返回網通或者典型的服務器IP地址。

server：

--------------------------------------------------------------------------------------------------------------------------

[root@localhost named]# cat /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { 127.0.0.1; any; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; any; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "zyg.com" {
    type master;
    file "named.zyg";
};

zone "210.29.172.in-addr.arpa" {
    type master;
    file "named.210.29.172";
};
[root@localhost named]#

client：

-------------------------------------------------------------------------------------------------------------------------

[root@localhost named]# cat /etc/resolv.conf 
# Generated by NetworkManager
search zyg.com
nameserver 10.0.0.2
[root@localhost named]#

更多請百度度。。用到了會補全的，現在沒空研究。。

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 配置和管理DNS服務器 Linux CentOS7 配置與管理DNS服務器 Linux DNS 服務器配置與管理 DNS(1) -- DNS服務及dns資源類型 DNS服務之一：DNS服務相關概念詳解【API管理 APIM】APIM中對后端API服務的DNS域名緩存問題 Linux下DNS服務(Bind9)之Web管理利器-NamedManager部署說明 DNS服務器 DNS提供的服務 linux服務之DNS