dns介绍
DNS == domain name server 域名服务器
在最早期的时候,计算机很少,当时没有dns,我们是通过一个文件/etc/hosts去记录另外一个机器的名字
[root@wy ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
解释说明:
一个ip可以对应着多个名字
若两个ip都对应同一个名字的时候,在前面的生效
计算机一开始没有那么多,所以去更新这个文件还是蛮快的,但后来机器越来越多,每台机器都要去同步,一旦增加一台新的机器 ,所有机器的hosts文件都要去更新,这样是越来越麻烦,所以聪明的人发明了DNS,类似于/etc/hosts的功能
DNS小常识:
结构:比如说有个域名www.aminglinux.com,实际上标准的写法www.aminglinux.com. 最后有个小点,这个点叫做根域,它是从右往左看,一层一层的
下面的图展示了如何实现解析域名
dns安装配置
## 安装
[root@wy ~]# yum install -y bind
## 查看配置文件
[root@wy ~]# vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; }; //监听端口、ip
listen-on-v6 port 53 { ::1; }; //ipv6的
directory "/var/named"; //子配置文件对应的目录
[root@wy ~]# cat /var/named/named.localhost
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
解释说明:
$TTL 1D 生存周期1 天
@ 表示域
SOA 是一种记录type,是指定授权的一个服务器 @ 表示主机名
rname.invalid. 管理员的邮箱(因为前面有个@了,有特殊含义,所以中间就用了.)
在上一节主要讲的是一些配置文件,现在我们要拿一个具体的域名来演示怎么去配置DNS,比如说我们有个域名叫123.com随便写个域名
做实验:添加123.com对应的一个域
## 编辑配置文件
[root@wy ~]# vim /etc/named.conf
****在文件末尾
zone "123.com" IN {
type master;
file "/var/named/123.com.zone";
};
## 检查语法
[root@wy ~]# named-checkconf
## 编写对应的文件 (参照/var/named/named.localhost)
[root@wy ~]# vim /var/named/123.com.zone
$TTL 1D
@ IN SOA @ admin.123.com. (
2016112001 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.123.com.
IN MX 5 mail.123.com.
mail IN A 192.168.219.128
ns IN A 192.168.219.129
www IN A 11.11.11.11
bbs IN CNAME www.123.com.
注:后面的 . 不要丢
## 检查
[root@wy ~]# named-checkzone "123.com" /var/named/123.com.zone
zone 123.com/IN: loaded serial 2016112001
OK
## 编辑配置文件
[root@wy ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1;192.168.219.129; };
解释说明:
在配置123.com.zone时指定了ns 192.168.219.129 所以在主配置文件中监听一下,否则不能解析
## 启动服务
[root@wy ~]# /etc/init.d/named start
## 测试
[root@wy ~]# dig @192.168.219.129 www.123.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> @192.168.219.129 www.123.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22887
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.123.com. IN A
;; ANSWER SECTION:
www.123.com. 86400 IN A 11.11.11.11
;; AUTHORITY SECTION:
123.com. 86400 IN NS ns.123.com.
;; ADDITIONAL SECTION:
ns.123.com. 86400 IN A 192.168.219.129
;; Query time: 1 msec
;; SERVER: 192.168.219.129#53(192.168.219.129)
;; WHEN: Sun Nov 20 20:51:33 2016
;; MSG SIZE rcvd: 78
## 测试解析bbs
[root@wy ~]# dig @192.168.219.129 bbs.123.com
## 测试解析mail
[root@wy ~]# dig @192.168.219.129 mail.123.com
## 测试解析(没有配置的)
[root@wy ~]# dig @192.168.219.129 mail6666.123.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> @192.168.219.129 mail6666.123.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20280
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mail6666.123.com. IN A
;; AUTHORITY SECTION:
123.com. 10800 IN SOA 123.com. admin.123.com. 2016112001 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 192.168.219.129#53(192.168.219.129)
;; WHEN: Sun Nov 20 20:54:35 2016
;; MSG SIZE rcvd: 76
解释说明:
这解析不到的
上面是正向解析,下面来反解析(ip解析域名),ip 是反着写的
## 编辑配置文件
[root@wy ~]# vim /etc/named.conf
zone "219.168.192.in-addr.arpa" IN {
type master;
file "/var/named/219.168.192.zone";
};
## 编写对应的文件
[root@wy ~]# vim /var/named/219.168.192.zone
$TTL 1D
@ IN SOA @ admin.123.com. (
2016112001 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.123.com.
129 IN PTR ns.123.com.
128 IN PTR mail.123.com.
## 检查
[root@wy ~]# named-checkconf
## 重启服务
[root@wy ~]# /etc/init.d/named restart
## 测试
[root@wy ~]# dig @192.168.219.129 -x 192.168.219.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> @192.168.219.129 -x 192.168.219.129
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14236
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;129.219.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
129.219.168.192.in-addr.arpa. 86400 IN PTR ns.123.com.
;; AUTHORITY SECTION:
219.168.192.in-addr.arpa. 86400 IN NS ns.123.com.
;; ADDITIONAL SECTION:
ns.123.com. 86400 IN A 192.168.219.129
;; Query time: 0 msec
;; SERVER: 192.168.219.129#53(192.168.219.129)
;; WHEN: Sun Nov 20 21:10:28 2016
;; MSG SIZE rcvd: 100
[root@wy ~]# dig @192.168.219.129 -x 192.168.219.128
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> @192.168.219.129 -x 192.168.219.128
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49994
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;128.219.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
128.219.168.192.in-addr.arpa. 86400 IN PTR mail.123.com.
;; AUTHORITY SECTION:
219.168.192.in-addr.arpa. 86400 IN NS ns.123.com.
;; ADDITIONAL SECTION:
ns.123.com. 86400 IN A 192.168.219.129
;; Query time: 1 msec
;; SERVER: 192.168.219.129#53(192.168.219.129)
;; WHEN: Sun Nov 20 21:12:05 2016
;; MSG SIZE rcvd: 105
何做DNS的主从
光有一个主不保险,假如说这个主服务器宕掉之后,咱们这个域名就解析不到了,那么可能你这个网站就访问不到,这是很危险的一件事情,所以我们需要给它做一个从DNS服务器,甚至是多台
打开另一台机器
## 安装
[root@y2 ~]# yum install -y bind
## 编辑配置文件
[root@y2 ~]# vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
解释说明:
//listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
这两行都注释掉,表示监听所有的;若想指定,则加上所想监听的
zone "123.com" IN {
type slave;
file "slaves/123.com.zone";
masters { 192.168.219.129; };
};
zone "219.168.192.in-addr.arpa" IN {
type slave;
file "slaves/219.168.192.zone";
masters { 192.168.219.129; };
};
注:分号不要丢
## 启动服务
[root@y2 ~]# /etc/init.d/named start
## 查看是否生成那两个文件
[root@y2 ~]# ls /var/named/slaves/
123.com.zone 219.168.192.zone
[root@y2 ~]# cat /var/named/slaves/123.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
123.com IN SOA 123.com. admin.123.com. (
2016112001 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns.123.com.
MX 5 mail.123.com.
$ORIGIN 123.com.
bbs CNAME www
mail A 192.168.219.128
ns A 192.168.219.129
www A 11.11.11.11
解释说明:
主上是手动编写的,这个是从上自动生成的,显示的格式就很规整
## 测试解析
[root@y2 ~]# dig @192.168.219.128 www.123.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> @192.168.219.128 www.123.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22465
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.123.com. IN A
;; ANSWER SECTION:
www.123.com. 86400 IN A 11.11.11.11
;; AUTHORITY SECTION:
123.com. 86400 IN NS ns.123.com.
;; ADDITIONAL SECTION:
ns.123.com. 86400 IN A 192.168.219.129
;; Query time: 1 msec
;; SERVER: 192.168.219.128#53(192.168.219.128)
;; WHEN: Sun Nov 20 21:39:05 2016
;; MSG SIZE rcvd: 78
## 反解析测试
[root@y2 ~]# dig @192.168.219.128 -x 192.168.219.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> @192.168.219.128 -x 192.168.219.129
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50789
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;129.219.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
129.219.168.192.in-addr.arpa. 86400 IN PTR ns.123.com.
;; AUTHORITY SECTION:
219.168.192.in-addr.arpa. 86400 IN NS ns.123.com.
;; ADDITIONAL SECTION:
ns.123.com. 86400 IN A 192.168.219.129
;; Query time: 0 msec
;; SERVER: 192.168.219.128#53(192.168.219.128)
;; WHEN: Sun Nov 20 21:40:21 2016
;; MSG SIZE rcvd: 100
我们还要去测一测怎么样让它产生变化
## 主上编辑123.com.zone文件,增加一条记录
[root@wy ~]# vim /var/named/123.com.zone
$TTL 1D
@ IN SOA @ admin.123.com. (
2016112002 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.123.com.
IN MX 5 mail.123.com.
mail IN A 192.168.219.128
ns IN A 192.168.219.129
www IN A 11.11.11.11
bbs IN CNAME www.123.com.
aming IN A 111.111.111.111
解释说明:
2016112002 要想让从给它同步过去,这个数字要比从上大
## 重启
[root@wy ~]# /etc/init.d/named restart
## 测试
[root@wy ~]# dig @192.168.219.129 aming.123.com
aming.123.com. 86400 IN A 111.111.111.111
## 在从上来测试
[root@y2 ~]# dig @192.168.219.128 aming.123.com
解释说明:
它实际上并没有生效,它这个呀有个时间的间隔,它过一段时间会去主上去查,看看序列号有没有变
86400 ; refresh (1 day) 表示什么去刷新,这配置的时间太久了,所以我们应该给它做一个强制性地,只要我们这个主一更改,一重启,就要把这个信号发出去,发给这个从上,立马让它更改,所以我们需要在主上增加一段配置
## 主上编辑配置文件
[root@wy ~]# vim /etc/named.conf
zone "123.com" IN {
type master;
file "/var/named/123.com.zone";
notify yes;
also-notify { 192.168.219.128; };
};
zone "219.168.192.in-addr.arpa" IN {
type master;
file "/var/named/219.168.192.zone";
notify yes;
also-notify { 192.168.219.128; };
};
## 检查
[root@wy ~]# named-checkconf
## 重启
[root@wy ~]# /etc/init.d/named restart
## 在从上测试来看
[root@y2 ~]# dig @192.168.219.128 aming.123.com
aming.123.com. 86400 IN A 111.111.111.111
## 查看到从上的 123.com.zone文件也发生了变化
[root@y2 ~]# cat /var/named/slaves/123.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
123.com IN SOA 123.com. admin.123.com. (
2016112002 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns.123.com.
MX 5 mail.123.com.
$ORIGIN 123.com.
aming A 111.111.111.111
bbs CNAME www
mail A 192.168.219.128
ns A 192.168.219.129
www A 11.11.11.11
