DNS:Domain Name Server
DNS其功能是实现名称解析主要包括两个方面:
正向解析:FQDN(完全主机名)--> IP
逆向解析:IP --> FQDN(完全主机名)
DNS查询只有有两种:
1.迭代查询interation (查找时会得到参考答案的为迭代查询,客户端到根域的查找过程为迭代查询)
2.递归查询:recursion (查找时会得到最终答案的为递归查询)
DNS工作原理:
场景:假设客户机查询www.magedu.com;则DNS系统查询主机名称解析过程如下图所示:
DNS的记录:用于标明资源的作用。
常见的资源类型:
SOA:Start Of Authority(起始授权认证)
NS:Name Server(域名服务器)
MX:Mail eXchange(邮件服务器)
A:Address(正向记录:主机名到IP地址)
PTR:PointeR(反向记录:IP地址到主机名)
AAAA:Address(主机名到Ipv6)
CNAME:Canonicale Name(别名记录)
场景:
注册一个域名: 对应的网段:172.16.19.且该DNS服务器提供以下服务:
mail:172.16.19.2
www :172.16.19.3
pop-->mail
ftp-->www
dns:172.16.0.1
正确配置好yum源
1.使用yum install 安装 bind
# yum install -y bind.i686
2.查看所有安装的文件
# rpm -ql bind.i6863
3.编辑配置文件/etc/named.conf
区域类型有 type:{hint(根)| master(主dns)| slave(辅助DNS)| forward(转发)}
//
// named.conf
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//全局选项
options {
directory "/var/named";定义区域数据文件
recursion yes; 允许递归查询
};
// 定义日志
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//定义根区域
zone "."IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";4. 在/etc/named.rfc1912.zones文件最后加一个正向区域和一个添反向区域
zone ""IN {
type master;
file ".zone";
};
zone "19.16.172.in-addr.arpa"IN {
type master;
file "172.16.19.zone";
};5.为正向区域在/var/named目录下创建区域数据文件.zone
$TTL 86400 @ IN SOA dsn.. admin. ( 2014031901;序列号,一般为十进制数不能超过十位通常为日期 1D ;刷新时间 12H ;重试时间,小于刷新时间 1D ;过期时间 12H ;否定答案的TTL) IN NS dns IN MX 20mail dns IN A 172.16.19.100 mail IN A 172.16.19.2 www IN A 172.16.19.3 pop IN CNAME mail ftp IN CNAME www
6.为反向区域19.16.172.in-addr.arpa在/var/named目录下创建区域数据文件172.16.19.zone
$TTL 86400 @ IN SOA dsn.. admin. ( 2014031901 1D 12H 1D 12H ) IN NS dns.. IN MX 20mail.. 100IN PTR dns.. 2IN PTR mail.. 3IN PTR www..
7.改变文件的属组和属主以及权限
# chown root:named /var/named/.zone /var/named/172.16.19.zone # chmod 640/var/named/.zone /var/named/172.16.19.zone # ls -l /var/named/.zone /var/named/172.16.19.zone -rw-r----- 1root named 204Mar 1614:39/var/named/172.16.19.zone -rw-r----- 1root named 225Mar 1614:38/var/named/.zone
8.测试添加的区域和区域数据文件是否有错误
service named configtest zone localhost.localdomain/IN: loaded serial 0 zone localhost/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 zone 0.in-addr.arpa/IN: loaded serial 0 zone /IN: loaded serial 2014031901 zone 19.16.172.in-addr.arpa/IN: loaded serial 2014031901
9.启动named服务service named start 或 named -u named。
我使用service named start启动服务失败,原因是不能产生足够的随机数,所以使用named -u named
# named -u named
9.使用dig测试正向区域
# dig -t A www. @172.16.19.100 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> -t A www. @172.16.19.100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17722 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.. IN A ;; ANSWER SECTION: www.. 86400IN A 172.16.19.3 ;; AUTHORITY SECTION: . 86400IN NS dns.. ;; ADDITIONAL SECTION: dns.. 86400IN A 172.16.19.100 ;; Query time: 2msec ;; SERVER: 172.16.19.100#53(172.16.19.100) ;; WHEN: Sun Mar 1614:19:242014 ;; MSG SIZE rcvd: 83
10.使用host测试反向区域
# host -t PTR 172.16.19.100 1.19.16.172.in-addr.arpa domain name pointer dns.. # host -t PTR 172.16.19.2 2.19.16.172.in-addr.arpa domain name pointer mail.. # host -t PTR 172.16.19.3 3.19.16.172.in-addr.arpa domain name pointer www..
11.模拟区域传送
# dig -t axfr ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> -t axfr ;; global options: +cmd . 86400IN SOA dsn.. admin... 201403190186400432008640043200 . 86400IN NS dns.. . 86400IN MX 20mail.. dns.. 86400IN A 172.16.19.100 ftp.. 86400IN CNAME www.. mail.. 86400IN A 172.16.19.2 pop.. 86400IN CNAME mail.. www.. 86400IN A 172.16.19.3 . 86400IN SOA dsn.. admin... 201403190186400432008640043200 ;; Query time: 2msec ;; SERVER: 172.16.19.100#53(172.16.19.100) ;; WHEN: Sun Mar 1615:12:072014 ;; XFR size: 9records (messages 1, bytes 250)
