反向区域DNS解析服务

原创

清欢难寻 2019-01-31 23:13:05 ©著作权

文章标签 IT 90后职场 文章分类 运维

©著作权归作者所有：来自51CTO博客作者清欢难寻的原创作品，请联系作者获取转载授权，否则将追究法律责任

前期准备：反向解析的tree结构是从根往下数，第二级为arpa，第三级为in-addr，第四级为IP，表示出来是：254.58.168.192.in-addr.apra.

1、建立反向解析区域：
[root@centos7 ~]# vim /etc/named.rfc1912.zones
 type master;
      file "magedu.com.zones";
};
zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "58.168.192.in-addr.arpa" IN {
       type master;
       file  "named.loopback";
       allow-update { none; };
};                                                                                                                    
"/etc/named.rfc1912.zones" 49L, 1126C
照猫画虎，我们添加了zone "58.168.192.in-addr.arpa" IN {
       type master;
       file  "named.loopback";
       allow-update { none; };
};        内容！

2、[root@centos7 ~]# cd /var/named
[root@centos7 named]# ls
data  dynamic  magedu.com.zone  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@centos7 named]# vim 192.168.58.zone
$TTL  86400
@   IN   SOA  master  admin.magedu.com.  (  0  1H  20M  1D  1H )
    NS   master
master   A  192.168.58.254
254      PTR    master.magedu.com.
8        PTR   www.magedu.com.
9        PTR   www.wange.com.     
[root@centos7 named]# rndc reload
server reload successful       (此处使脚本生效)
以上内容为反向解析脚本内容！

3、测试反向解析结果如下：

[root@Centos6 ~]# dig -x 192.168.58.254

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -x 192.168.58.254 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7237 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION: ;254.58.168.192.in-addr.arpa. IN PTR

;; AUTHORITY SECTION: 58.168.192.in-addr.arpa. 10800 IN SOA 58.168.192.in-addr.arpa. rname.invalid. 0 86400 3600 604800 10800

;; Query time: 7 msec ;; SERVER: 192.168.58.254#53(192.168.58.254) ;; WHEN: Thu Jan 31 21:06:38 2019 ;; MSG SIZE rcvd: 94

[root@Centos6 ~]# dig -x 192.168.58.8

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -x 192.168.58.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53711 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION: ;8.58.168.192.in-addr.arpa. IN PTR

;; AUTHORITY SECTION: 58.168.192.in-addr.arpa. 10800 IN SOA 58.168.192.in-addr.arpa. rname.invalid. 0 86400 3600 604800 10800

;; Query time: 6 msec ;; SERVER: 192.168.58.254#53(192.168.58.254) ;; WHEN: Thu Jan 31 21:06:49 2019 ;; MSG SIZE rcvd: 92

[root@Centos6 ~]# dig -x 192.168.58.9

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -x 192.168.58.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26461 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION: ;9.58.168.192.in-addr.arpa. IN PTR

;; AUTHORITY SECTION: 58.168.192.in-addr.arpa. 10800 IN SOA 58.168.192.in-addr.arpa. rname.invalid. 0 86400 3600 604800 10800

;; Query time: 1 msec ;; SERVER: 192.168.58.254#53(192.168.58.254) ;; WHEN: Thu Jan 31 21:06:53 2019 ;; MSG SIZE rcvd: 92

以上内容为反向解析的内容！！！

当我们不小心把网址输错了，但是百度，京东，淘宝等网站却还可以访问是为什么？
答：他们在下面添加了  *   无论用户输入什么信息，只要后缀正确，均可以访问。
[root@centos7 named]# vim  magedu.com.zone

$TTL  1D

@     IN SOA  master  admin.magedu.com.  (
                    20190131             ; serial
                    1D     ; refresh
                    1H     ; retry
                    1W     ; expire
                    3H   )  ;  minimun
        NS      master
	@           A           192.68.58.130
master      A           192.168.58.254
 www         CNAME       websrv
 websrv      A           192.168.58.133
 blog        A           192.168.58.136
 @           mx          10  mailsrv1
 @           mx          20  mailsrv2
 mailsrv1    A           192.168.58.137
 mailsrv2    A           192.168.58.138
*            A           192.168.58.254  

[root@Centos6 ~]# ping wwwwwwww.magedu.com
PING www.magedu.com (101.200.188.230) 56(84) bytes of data.
64 bytes from 101.200.188.230: icmp_seq=1 ttl=53 time=5.48 ms
64 bytes from 101.200.188.230: icmp_seq=2 ttl=53 time=6.39 ms
64 bytes from 101.200.188.230: icmp_seq=3 ttl=53 time=6.84 ms
64 bytes from 101.200.188.230: icmp_seq=4 ttl=53 time=5.84 m
这是加 *  的效果，
[root@Centos6 ~]# ping magedu.com
PING magedu.com (101.200.188.230) 56(84) bytes of data.
64 bytes from 101.200.188.230: icmp_seq=1 ttl=53 time=7.01 ms
64 bytes from 101.200.188.230: icmp_seq=2 ttl=53 time=5.59 ms
64 bytes from 101.200.188.230: icmp_seq=3 ttl=53 time=7.43 ms
这是加 @ 的效果。