app开发者平台在数字化时代的重要性与发展趋势解析
952
2022-11-24
Linux ❀ RHCE自研教学笔记 - Redhat 8.2 DNS服务教研笔记
Linux ❀ RHCE自研教学笔记 - Redhat 8.2 DNS服务教研笔记
文章目录
1、安装服务2、配置文件3、根解析库4、服务配置
(1)正向解析配置(2)反向解析配置(3)正向批量解析(4)反向批量解析(5)区域传送
DNS - Domain Name System 域名系统:它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网;服务端口:TCP/UDP 53 对于每一级域名长度的限制是63个字符,域名总长度则不能超过253个字符;
WWW - World Wide Web 很多域名前面都有注:DNS解析baidu.com与baidu.com是处理两个不同域名,其原理为baidu.com通过HTTP服务301重定向指向baidu.com的对应IP地址;
hosts 本地解析文件,解析优先级高于DNS,也就是说我们在解析一个域名首先查找hosts文件内是否有解析信息,如果没有才会查询DNS服务器;Windows下文件路径:C:\Windows\System32\drivers\etc\hostsLinux下文件路径:/etc/hosts
1、安装服务
[root@localhost ~]# dnf install -y bindComputer![root@localhost ~]# rpm -qa bindbind-9.11.13-3.el8.x86_64[root@localhost ~]# rpm -qc bind/etc/logrotate.d/named/etc/named.conf /主配置文件;/etc/named.rfc1912.zones /定义zone的文件;/etc/named.root.key /etc/rndc.conf/etc/rndc.key/etc/sysconfig/named/var/named/named.ca /根解析库;/var/named/named.empty /var/named/named.localhost /本地主机解析库;/var/named/named.loopback[root@localhost ~]# ll /var/named/slaves/ /从DNS服务器目录#查看服务端口[root@localhost ~]# ss -lntup | grep 53udp UNCONN 0 0 192.168.14.131:53 0.0.0.0:* users:(("named",pid=5210,fd=525),("named",pid=5210,fd=524),("named",pid=5210,fd=523),("named",pid=5210,fd=522),("named",pid=5210,fd=521),("named",pid=5210,fd=520),("named",pid=5210,fd=519))
2、配置文件
格式:// /* */ ; 结尾
[root@localhost ~]# ll /etc/named.conf -rw-r-----. 1 root named 1705 Feb 27 23:11 /etc/named.conf[root@localhost ~]# vim /etc/named.conf options { listen-on port 53 { 127.0.0.1; }; /监听端口; listen-on-v6 port 53 { ::1; }; /监听端口; directory "/var/named"; /定以数据文件目录; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /统计档案、文件; memstatistics-file "/var/named/data/named_mem_stats.txt"; /分配统计劜 secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { localhost; }; /只允许本地主机查询; recursion yes; /允许递归; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; /* */ include "/etc/crypto-policies/back-ends/bind.config";};logging { /指定日志记录分类和他们的位置; channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN { /定义区域; type hint; file "named.ca";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";
3、根解析库
[root@localhost ~]# vim /var/named/named.ca;; ANSWER SECTION:. 518400 IN NS a.root-servers-.. 518400 IN NS b.root-servers-.. 518400 IN NS c.root-servers-.. 518400 IN NS d.root-servers-.. 518400 IN NS e.root-servers-.. 518400 IN NS f.root-servers-.. 518400 IN NS g.root-servers-.. 518400 IN NS h.root-servers-.. 518400 IN NS i.root-servers-.. 518400 IN NS j.root-servers-.. 518400 IN NS k.root-servers-.. 518400 IN NS l.root-servers-.. 518400 IN NS m.root-servers-.;; ADDITIONAL SECTION:a.root-servers-. 518400 IN A 198.41.0.4b.root-servers-. 518400 IN A 199.9.14.201c.root-servers-. 518400 IN A 192.33.4.12d.root-servers-. 518400 IN A 199.7.91.13e.root-servers-. 518400 IN A 192.203.230.10f.root-servers-. 518400 IN A 192.5.5.241g.root-servers-. 518400 IN A 192.112.36.4h.root-servers-. 518400 IN A 198.97.190.53i.root-servers-. 518400 IN A 192.36.148.17j.root-servers-. 518400 IN A 192.58.128.30k.root-servers-. 518400 IN A 193.0.14.129l.root-servers-. 518400 IN A 199.7.83.42m.root-servers-. 518400 IN A 202.12.27.33a.root-servers-. 518400 IN AAAA 2001:503:ba3e::2:30b.root-servers-. 518400 IN AAAA 2001:500:200::bc.root-servers-. 518400 IN AAAA 2001:500:2::cd.root-servers-. 518400 IN AAAA 2001:500:2d::de.root-servers-. 518400 IN AAAA 2001:500:a8::ef.root-servers-. 518400 IN AAAA 2001:500:2f::fg.root-servers-. 518400 IN AAAA 2001:500:12::d0dh.root-servers-. 518400 IN AAAA 2001:500:1::53i.root-servers-. 518400 IN AAAA 2001:7fe::53j.root-servers-. 518400 IN AAAA 2001:503:c27::2:30k.root-servers-. 518400 IN AAAA 2001:7fd::1l.root-servers-. 518400 IN AAAA 2001:500:9f::42m.root-servers-. 518400 IN AAAA 2001:dc3::35
本地主机解析库
[root@localhost ~]# vim /var/named/named.localhost $TTL 1D@ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1
区域类型
主区域:master从区域:slave缓存区域:hint,在找不到相关信息的时候去从根查找,标识根的地址;转发区域:forward,转发到指定区域,而不是指向根;由于性能的考虑,DNS查询请求使用UDP协议交互并且每个请求的大小小于512字节,如果返回的请求大小大于512字节,双方会协商使用TCP协议;
资源记录名称
SOA:起始授权记录,记录相关DNS区域工作方式的信息(负责哪个区域的解析);NS:将自己的域名映射到DNS将域名最终映射到那一台主机(由那一台执行解析);A:主机名映射到IPv4地址;CNAME:记录域名别名;MX:邮件交换记录;PTR:指针记录,将IPv4地址或者IPv6地址映射到主机名(反向DNS);AAAA:主机名映射到IPv6地址;serial number:序列号,定义当前使用的数据序列号refresh:定义检查间隔时间;retry:重试时间;expire:过期时间,缓存多久过期;nagative enswer TTL:否定答案的缓存时间,规定时间内没有解析到答案会否定解析不到;时间单位:M-分钟、H-小时、D-天数、W-周数、s-秒级
4、服务配置
(1)正向解析配置
[root@localhost ~]# cat /etc/named.confoptions{ listen-on port 53{192.168.14.131;}; directory "/var/named";};zone "baidu.com" IN { type master; file "named.baidu.com";};[root@localhost ~]# cat /var/named/named.baidu.com $TTL 1D@ IN SOA ns.baidu.com. admin.baidu.com. ( 0907 1D 1H 1W 1W ) IN NS ns.baidu.com. IN MX 2 mail.baidu.com.ns IN A 192.168.14.131mail IN A 192.168.14.131 IN A 192.168.14.131 IN CNAME ~]# systemctl restart named[root@localhost ~]# named-checkzone "baidu.com" /var/named/named.baidu.com zone baidu.com/IN: loaded serial 907OK#关闭防火墙与SELinux[root@localhost ~]# systemctl stop firewalld[root@localhost ~]# setenforce 0#修改本地DNS服务器[root@localhost ~]# vim /etc/resolv.conf # Generated by NetworkManagersearch localdomainnameserver 192.168.14.131
查看配置结果:
[root@localhost ~]# host baidu.combaidu.com has address 192.168.14.131[root@localhost ~]# nslookup wbaidu.comServer: 192.168.14.131Address: 192.168.14.131#53wbaidu.com canonical name = baidu.com.Name: baidu.comAddress: 192.168.14.131
结果验证
[root@localhost ~]# dig -t A wbaidu.com; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> -t A wbaidu.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56805;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096; COOKIE: 704db00d55004587c31832b25f574cba7e8f56a748e91e57 (good);; QUESTION SECTION:;wbaidu.com. IN A;; ANSWER SECTION:wbaidu.com. 86400 IN CNAME baidu.com.baidu.com. 86400 IN A 192.168.14.131;; AUTHORITY SECTION:baidu.com. 86400 IN NS ns.baidu.com.;; ADDITIONAL SECTION:;; Query time: 0 msec;; SERVER: 192.168.14.131#53(192.168.14.131);; WHEN: Tue Sep 08 17:19:54 CST 2020;; MSG SIZE rcvd: 138
(2)反向解析配置
[root@localhost ~]# vim /etc/named.confoptions{ listen-on port 53{ 192.168.14.131; }; directory "/var/named";};zone "baidu.com" IN { type master; file "named.baidu.com";};zone "14.168.192.in-addr.arpa" IN { type master; file "named.192.168.14";};[root@localhost ~]# vim /var/named/named.192.168.14$TTL 1D@ IN SOA ns.baidu.com. admin.baidu.com. ( 0 1D 1H 1W 1W ) IN NS ns.baidu.com.131 IN PTR ns.baidu.com.131 IN PTR baidu.com.131 IN PTR mail.baidu.com.[root@localhost ~]# systemctl restart named[root@localhost ~]# cat /etc/resolv.conf # Generated by NetworkManagersearch localdomainnameserver 192.168.14.131[root@localhost ~]# named-checkzone "14.168.192.ip-addr.apra" /var/named/named.192.168.14 zone 14.168.192.ip-addr.apra/IN: loaded serial 0OK[root@localhost ~]# dig -x 192.168.14.131 @192.168.14.131; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> -x 192.168.14.131 @192.168.14.131;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62062;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096; COOKIE: a5d1c0d9f7bd75d214363e015f5773afd10ea402e984a070 (good);; QUESTION SECTION:;131.14.168.192.in-addr.arpa. IN PTR;; ANSWER SECTION:131.14.168.192.in-addr.arpa. 86400 IN PTR baidu.com.131.14.168.192.in-addr.arpa. 86400 IN PTR ns.baidu.com.131.14.168.192.in-addr.arpa. 86400 IN PTR mail.baidu.com.;; AUTHORITY SECTION:14.168.192.in-addr.arpa. 86400 IN NS ns.baidu.com.;; ADDITIONAL SECTION:ns.baidu.com. 86400 IN A 192.168.14.131;; Query time: 0 msec;; SERVER: 192.168.14.131#53(192.168.14.131);; WHEN: Tue Sep 08 20:06:07 CST 2020;; MSG SIZE rcvd: 177
(3)正向批量解析
[root@localhost ~]# cat /var/named/named.baidu.com $TTL 1D@ IN SOA ns.baidu.com. admin.baidu.com. ( 0907 1D 1H 1W 1W ) IN NS slave.baidu.com. IN NS ns.baidu.com. IN MX 2 mail.baidu.com.ns IN A 192.168.14.131mail IN A 192.168.14.131slave IN A 192.168.14.131IN A 192.168.14.131 IN CNAME 10-20 $.baidu.com. IN A 192.168.14.$[root@localhost ~]# systemctl restart named[root@localhost ~]# cat /etc/resolv.conf # Generated by NetworkManagersearch localdomainnameserver 192.168.14.131[root@localhost ~]# nslookup 10.baidu.comServer: 192.168.14.131Address: 192.168.14.131#53Name: 10.baidu.comAddress: 192.168.14.10[root@localhost ~]# nslookup 13.baidu.comServer: 192.168.14.131Address: 192.168.14.131#53Name: 13.baidu.comAddress: 192.168.14.13
(4)反向批量解析
[root@localhost ~]# cat /var/named/named.192.168.14 $TTL 1D@ IN SOA ns.baidu.com. admin.baidu.com. ( 0 1D 1H 1W 1W ) IN NS ns.baidu.com.131 IN PTR ns.baidu.com.131 IN PTR baidu.com.131 IN PTR mail.baidu.com.$GENERATE 10-20 $ IN PTR $.haha.com[root@localhost ~]# systemctl restart named[root@localhost ~]# cat /etc/resolv.conf # Generated by NetworkManagersearch localdomainnameserver 192.168.14.131[root@localhost ~]# nslookup 192.168.14.11 11.14.168.192.in-addr.arpa name = 11.haha.com.14.168.192.in-addr.arpa.[root@localhost ~]# nslookup 192.168.14.1313.14.168.192.in-addr.arpa name = 13.haha.com.14.168.192.in-addr.arpa.
(5)区域传送
将一个区域文件复制到多个服务器上的过程叫做区域传送。将主服务器上的信息复制到辅助服务器上来实现。
#主DNS服务器-192.168.14.131[root@localhost ~]# vim /etc/named.confoptions{ listen-on port 53{ 192.168.14.131; }; directory "/var/named"; allow-transfer { 192.168.14.132; }; /从DNS服务器地址;};zone "baidu.com" IN { type master; file "named.baidu.com";};zone "14.168.192.in-addr.arpa" IN { type master; file "named.192.168.14";};[root@localhost ~]# vim /var/named/named.baidu.com $TTL 1D@ IN SOA ns.baidu.com. admin.baidu.com. ( 0907 1D 1H 1W 1W ) IN NS slave.baidu.com.slave IN A 192.168.14.131[root@localhost ~]# cat /etc/resolv.conf # Generated by NetworkManagersearch localdomainnameserver 192.168.14.131#关闭防火墙[root@localhost ~]# systemctl stop firewalld[root@localhost ~]# setenforce 0[root@localhost ~]# systemctl restart named#从DNS服务器-192.168.14.132[root@localhost ~]# vim /etc/named.confoptions { listen-on port 53 { 192.168.14.132; }; directory "/var/named";};zone "baidu.com" IN { type slave; file "slaves/named.baidu.com"; masters { 192.168.14.131; };};zone "14.168.192.in-addr.arpa" IN { type slave; file "slaves/named.192.168.14"; masters { 192.168.14.131; };};#关闭防火墙[root@localhost ~]# systemctl stop firewalld[root@localhost ~]# setenforce 0[root@localhost ~]# systemctl restart named
验证结果
[root@localhost ~]# ll /var/named/slaves/total 8-rw-r--r--. 1 named named 1240 Sep 9 13:57 named.192.168.14-rw-r--r--. 1 named named 884 Sep 9 13:57 named.baidu.com
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
最近发表
推荐文章
热评文章
暂时没有评论,来抢沙发吧~