★DNS原理
DNS(Domain Name System---域名系统),它是一种将ip地址转换成对应的主机名或将主机名转换成与之相对应ip地址的一种服务机制。
其中,
正向解析:通过域名解析出ip地址
反向解析:通过ip地址解析出域名
DNS使用TCP和UDP, 端口号都是53, 但它主要使用UDP,服务器之间备份使用TCP。
全世界只有13台“根”服务器,1个主根服务器放在美国,其他12台为辅根服务器,DNS服务器根据角色可以分为:主DNS, 从DNS, 缓存DNS服务器,DNS转发服务器。
客户端到NS服务器是递归
NS服务器找目的地是迭代
比如:客户端要求访问www.baidu.com 。首先会在本地/etc/hosts文件中查找,看能否找到域名对应的ip,如果在hosts文件中没找到会去访问Dns server ,首先是根域(.),然后查找.com,再找baidu.com,最后是www.baidu.com
★使用bind搭建DNS服务器
首先安装bind : yum install -y bind
cp /etc/named.conf /etc/named.conf.bak 更改重要配置文件要形成备份的好习惯
>/etc/named.conf 将文件内容置空,再重新编辑
向文件/etc/named.conf中加入以下内容:
options {
directory "/var/named"; <== 众多子配置文件所在路径
};
zone "." IN { <== 每个zone就是一个域,一个域名
type hint;
file "named.ca"; <== 根域对应的文件
};
zone "localhost" IN {
type master;
file "localhost.zone"; <== localhost域对应的文件
};
zone "0.0.127.in-addr.arpa" IN { <== 反解析的一个zone(反解析:ip解析成域名)
type master;
file "named.local";
};chown named /etc/named.conf 给文件更改属组,如果改成别的属组可能无法正常启动
dig -t NS . > named.ca
vim localhost.zone 加入下面的内容:
@ IN SOA localhost. admin.localhost. (
2013081601
1H
10M
7D
1D
)
@ IN NS localhost.
localhost. IN A 127.0.0.1vim named.local 加入下面的内容:
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2013081601
1H
10M
7D
1D
)
@ IN NS localhost.
1 IN PTR localhost检查配置是否有问题:named-checkconf
检测正解析:named-checkzone "localhost" /var/named/localhost.zone
[root@yue named]# named-checkzone "localhost" /var/named/localhost.zone
/var/named/localhost.zone:2: no TTL specified; using SOA MINTTL instead
zone localhost/IN: loaded serial 2013081601
OK
检测反解析:named-checkzone "0.0.127.in-addr.arpa" /var/named/named.local
[root@yue named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.local
zone 0.0.127.in-addr.arpa/IN: loaded serial 2013081601
OK
反解析平时很少用到,与邮件相关的服务可能会用到反解析,反垃圾邮件,反解析不出来就不去收他的邮件
rndc-confgen -r /dev/urandom -a 生成 rndc.key, 没有这个key,namd 启动不了,启动时会提示
[root@yue named]# rndc-confgen -r /dev/urandom -a
wrote key file "/etc/rndc.key"
chown named:named /etc/rndc.key 把key的属组也改成named
启动named服务
[root@yue named]# /etc/init.d/named start
启动 named: [确定]
==> named监听的是53端口,可以是有 netstat -lnp |grep named 查看
★测试
测试正向解析:
[root@yue named]# dig @192.168.16.100 localhost
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @192.168.16.100 localhost
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50149
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
localhost. 86400 IN NS localhost. <== NS指明的是我们的DNS Server是谁
NS是从上面的localhost.zone中定义的
;; Query time: 4 msec
;; SERVER: 192.168.16.100#53(192.168.16.100)
;; WHEN: Tue Feb 3 12:04:51 2015
;; MSG SIZE rcvd: 57
==>没有dig需要安装bind-utils
==>只要监听的是53端口,我们都可以去解析
nslookup 命令
测试反向解析:dig @127.0.0.1 -x 127.0.0.1
[root@yue named]# dig @127.0.0.1 -x 127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @127.0.0.1 -x 127.0.0.1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36960
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 86400 IN PTR localhost.0.0.127.in-addr.arpa.
;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. 86400 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 86400 IN A 127.0.0.1
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 3 12:14:43 2015
;; MSG SIZE rcvd: 103
