【RHEL8】—DNSserver;【Centos7.4】—DNSclient
!!!測試環境我們首關閉防火牆和selinux(DNSserver和DNSclient都需要)
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld [root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config [root@localhost ~]# setenforce 0
前言
1、DNS服務模式
1️⃣:服務功能:為網絡中的客戶機(linux/windows)提供名稱和IP地址關系查詢的服務
2️⃣:服務全稱:Domain Name Service(Server | System)
3️⃣:服務器類型:主DNS服務器、從DNS服務器、唯緩存DNS服務器
2、DNS服務
1️⃣:服務軟件包: bind (bind包是用來提供解析域名的服務程序,等同於做域名解析的任務)
2️⃣:服務進程名: named (守護進程)
3️⃣:域名測試包:bind-utils (客戶端沒有nslookup命令,所以一般在客戶端安裝;服務端在安裝bind包附帶安裝bind-utils包)
3️⃣:服務管理腳本:/etc/rc.d/init.d/named
4️⃣:服務端口號:TCP/UDP-53
5️⃣:服務客戶端:linux (dig host nslookup (ping))和 windows(nslookup (ping))
3、DNS服務配置文件
1️⃣:/etc/named.conf 主配置文件 定義全局配置
2️⃣:/etc/named.rfc1912.zones 子配置文件 定義正向和反向解析區域
3️⃣:解析方式:FQDN -- > IP 正向解析; IP --> FQDN 反向解析 (FQDN:完全合格的域名稱 ;FQDN = 主機短名 + 所在域名)
4️⃣:/var/named/xxx.xxx.zone 正向解析數據庫文件 建立名稱至IP地址的關系
5️⃣:/var/named/xxx.xxx.arpa 反向解析數據庫文件 建立IP地址至名稱的關系
4、DNS服務端的測試程序
1️⃣:named-checkconf 檢測主配置文件和子配置文件中的語法錯誤
用法:named-checkconf 文件名 (無反饋結果表示無錯誤)
2️⃣:named-checkzone 檢測正向區域和反向區域解析
用法:named-checkzone 正向區域名 正向解析數據庫文件(“OK”表示無錯誤);named-checkzone 反向區域名 反向解析數據庫文件(”OK“表示無錯誤)
一、在DNS服務器(DNSserver)端部署DNS服務
1、查看一下服務端IP
[root@DNSserver ~]# ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.140 netmask 255.0.0.0 broadcast 10.255.255.255
inet6 fe80::fa13:32e0:3b9f:2196 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:cd:6a:1b txqueuelen 1000 (Ethernet)
RX packets 2823 bytes 247406 (241.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1705 bytes 213268 (208.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 604 bytes 51188 (49.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 604 bytes 51188 (49.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2、DNS服務端安裝bind包,並設置開機自啟
[root@DNSserver ~]# yum install -y bind
[root@DNSserver ~]# systemctl start named
[root@DNSserver ~]# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@DNSserver ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-07-29 09:30:03 CST; 49s ago
Main PID: 27539 (named)
Tasks: 5 (limit: 12356)
Memory: 54.4M
CGroup: /system.slice/named.service
└─27539 /usr/sbin/named -u named -c /etc/named.conf
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:200::b#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:2::c#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
7月 29 09:30:05 DNSserver named[27539]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
7月 29 09:30:05 DNSserver named[27539]: resolver priming query complete
3、在/etc/named.conf文件里面修改全局配置信息
[root@DNSserver ~]# vim /etc/named.conf
..........
options {
listen-on port 53 { any; }; //中括號里面講IP地址換成any
listen-on-v6 port 53 { any; }; //同上
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; }; //同上
..........
4、在/etc/named.rfc1912.zones子配置文件里面添加正向和反向的解析區域
[root@DNSserver ~]# arpaname 10.0.0.140
140.0.0.10.IN-ADDR.ARPA
[root@DNSserver ~]# vim /etc/named.rfc1912.zones
.........
zone "test.com" IN {
type master;
file "test.zone";
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.arpa";
};
.........
//在文件的最后添加正向和反向的解析文件
正向: zone:代表一個區域 " " : 雙引號(英文)里面寫入的是自己域名 type master : master 代表是主域名服務器 file " ":雙引號里面寫文件與在 /var/named下創建的文件名相同 反向: " ":雙引號里面寫入的是反ip,例如:0.0.10.id-addr.arpa說明反向可以解析10.0.0.X網段的所有IP地址域名解析 可以使用:arpaname IP 查看自己的服務器IP的反IP
5、復制生成正向和反向區域解析數據庫文件
[root@DNSserver ~]# cd /var/named/ [root@DNSserver named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [root@DNSserver named]# cp -a named.localhost test.zone [root@DNSserver named]# cp -a named.loopback 10.0.0.arpa //復制后的文件名一定要與剛剛在子配置文件里面寫的文件名一致
6、編輯正向區域解析數據庫文件
[root@DNSserver named]# vim test.zone
$TTL 1D
@ IN SOA test.com. root.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
A 127.0.0.1
AAAA ::1
ns1 A 10.0.0.140
www A 10.0.0.50
aaa A 10.0.0.100
bbb A 10.0.0.150
ccc A 10.0.0.200
ddd A 10.0.0.250
7、編輯反向區域解析數據庫文件
[root@DNSserver named]# vim 10.0.0.arpa
$TTL 1D
@ IN SOA test.com. root.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
A 127.0.0.1
AAAA ::1
PTR localhost.
ns1 A 10.0.0.140
50 PTR www.test.com.
100 PTR aaa.test.com.
150 PTR bbb.test.com.
200 PTR ccc
250 PTR ddd
8、配置文件檢測
[root@DNSserver ~]# named-checkconf /etc/named.conf [root@DNSserver ~]# named-checkconf /etc/named.rfc1912.zones //回車后,沒有報錯信息說明沒有錯誤
9、正向和反向區域解析測試
[root@DNSserver ~]# named-checkzone test.com /var/named/test.zone zone test.com/IN: loaded serial 0 OK [root@DNSserver ~]# named-checkzone test.com /var/named/10.0.0.arpa zone test.com/IN: loaded serial 0 OK
10、重啟DNS服務,查看端口
[root@DNSserver ~]# systemctl restart named [root@DNSserver ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.0.0.142:53 0.0.0.0:* LISTEN 27803/named tcp 0 0 10.0.0.140:53 0.0.0.0:* LISTEN 27803/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 27803/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1101/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27803/named tcp6 0 0 :::53 :::* LISTEN 27803/named tcp6 0 0 :::22 :::* LISTEN 1101/sshd tcp6 0 0 ::1:953 :::* LISTEN 27803/named udp 0 0 10.0.0.142:53 0.0.0.0:* 27803/named udp 0 0 10.0.0.140:53 0.0.0.0:* 27803/named udp 0 0 127.0.0.1:53 0.0.0.0:* 27803/named udp 0 0 0.0.0.0:68 0.0.0.0:* 1611/dhclient udp6 0 0 :::53 :::* 27803/named
到這里DNS服務端搭建完成
二、DNS客戶端測試
1、查看客戶端主機的IP(Centos7)
[root@dnsclient ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.100 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::fe04:212a:5e53:cec4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b3:89:a5 txqueuelen 1000 (Ethernet)
RX packets 23748 bytes 29630344 (28.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4841 bytes 605544 (591.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 156 bytes 13460 (13.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 156 bytes 13460 (13.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2、測試是否能與服務器端互通
[root@dnsclient ~]# ping -c 3 10.0.0.140 PING 10.0.0.140 (10.0.0.140) 56(84) bytes of data. 64 bytes from 10.0.0.140: icmp_seq=1 ttl=64 time=1.09 ms 64 bytes from 10.0.0.140: icmp_seq=2 ttl=64 time=0.478 ms 64 bytes from 10.0.0.140: icmp_seq=3 ttl=64 time=0.439 ms --- 10.0.0.140 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2006ms rtt min/avg/max/mdev = 0.439/0.672/1.099/0.302 ms
3、安裝bind-utils包
[root@dnsclient ~]# rpm -ql nslookup 未安裝軟件包 nslookup [root@dnsclient ~]# yum install -y bind-utils [root@dnsclient ~]# rpm -qa | grep bind-utils bind-utils-9.11.4-16.P2.el7_8.6.x86_64
4、在客戶端 /etc/resolv.conf 加入服務端的DNS
[root@dnsclient ~]# vim /etc/resolv.conf [root@dnsclient ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 10.0.0.140 nameserver 8.8.8.8 //DNS有優先級,所以測試的話必須將10.0.0.140放在其他的dnsserver上面,沒有就可以不管優先級;或者在網卡配置文件里面添加DNS2=10.0.0.140
5、測試
[root@dnsclient ~]# nslookup www.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: www.test.com Address: 10.0.0.50 [root@dnsclient ~]# nslookup 10.0.0.50 50.0.0.10.in-addr.arpa name = www.test.com. [root@dnsclient ~]# nslookup aaa.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: aaa.test.com Address: 10.0.0.100 [root@dnsclient ~]# nslookup 10.0.0.100 100.0.0.10.in-addr.arpa name = aaa.test.com. [root@dnsclient ~]# nslookup bbb.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: bbb.test.com Address: 10.0.0.150 [root@dnsclient ~]# nslookup 10.0.0.150 150.0.0.10.in-addr.arpa name = bbb.test.com. [root@dnsclient ~]# nslookup ccc.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: ccc.test.com Address: 10.0.0.200 [root@dnsclient ~]# nslookup 10.0.0.200 200.0.0.10.in-addr.arpa name = ccc.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup ddd.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: ddd.test.com Address: 10.0.0.250 [root@dnsclient ~]# nslookup 10.0.0.250 250.0.0.10.in-addr.arpa name = ddd.0.0.10.in-addr.arpa.
三、服務器端獲取反向域名的方法
dig 默認情況下解析的是A記錄
-t NS 解析NS記錄
-t MX 解析MX記錄
-x 解析PTR記錄
host 默認情況下解析的是A記錄和PTR記錄
-t NS 解析NS記錄
-t MX 解析MX記錄
nslookup 默認情況下解析的是A記錄和PTR記錄
在交互模式下可使用set q= 或者set type= 改變解析類型
資源記錄(RR)分類
SOA(起始授權)記錄:定義名稱域
NS(名稱服務器)記錄:定義域中的名稱服務器
A(主機)記錄:定義名稱至IP地址之間的關系(正向解析)
CNAME(別名)記錄:定義A記錄的別名(附屬名)
PTR(反向指針)記錄:定義IP地址至名稱之間的關系(反向解析)
MX(郵件交換器)記錄:定義域中的郵件服務器