DNS域名配置
<p> <strong>1、什么是DNS<br></strong></p><p> <strong>2、DNS层次介绍及基础内容</strong></p>
<p> <strong>3、DNS的工作原理及过程</strong></p>
<p><strong>域名服务器配置实战:</strong></p>
<p> <strong> 4、主域名服务器配置</strong></p>
<p><strong> 5、辅域名服务器配置</strong></p>
<p><strong> 6、缓存域名服务器配置</strong></p>
<p> </p>
<p><strong>1、什么是DNS?</strong><br>( Domain Name System)是“域名系统”的英文缩写,是一种组织成域层次结构的计算机和网络服务命名系统,它用于TCP/IP网络,它所提供的服务是用来将主机名和域名转换为IP地址的工作。DNS就是这样的一位“翻译官”,它的基本工作原理可用下图来表示。<br><img src="http://img1.51cto.com/attachment/201203/171327624.jpg" alt="" border="0"></p>
<p><strong>2、DNS简介</strong><br>域名系统作为一个层次结构和分布式数据库,包含各种类型的数据,包括主机名和域名。DNS数据库中的名称形成一个分层树状结构称为域命名空间。域名包含单个标签分隔点,例如:im.qq.com。<br>完全限定的域名 (FQDN) 唯一地标识在 DNS 分层树中的主机的位置,通过指定的路径中点分隔从根引用的主机的名称列表。 下图显示与主机称为 im 内 qq.com DNS 树的示例。 主机的 FQDN 是 im.qq.com。<br>DNS 域的名称层次结构<br><img src="http://img1.51cto.com/attachment/201203/171354709.jpg" alt="" border="0"></p>
<p><strong>DNS域名层次介绍:</strong><br>按其功能命名空间中用来描述 DNS 域名称的五个类别的介绍详见下表中,以及与每个名称类型的示例<br><img src="http://img1.51cto.com/attachment/201203/171409287.jpg" alt="" border="0"></p>
<p><strong>常见的顶级域名:</strong></p>
<p> </p>
<p>组织域:.com, .net, .org, .gov, .edu, .mil</p>
<p>国家域:.iq, .tw, .hk, .jp, .cn, ...</p>
<p>互联网域名系统由名称注册机构负责维护分配由组织和国家/地区的顶级域在 Internet 上进行管理。 这些域名按照国际标准 3166。 一些很多现有缩写,保留以供组织中,以及两个字母和三个字母的国家/地区使用的缩写使用下表所示。一些常见的DNS域名称如下图:<br><img src="http://img1.51cto.com/attachment/201203/171425985.jpg" alt="" border="0"></p>
<p><strong>3、DNS的工作原理及过程</strong></p>
<p>当我们打开浏览器输入某个网站,我们是如何通过网络找到主机的呢,下来我来说说域名解析的具体过程,看下图:</p>
<p><img title="DNS.jpg" src="http://s4.51cto.com/wyfs02/M00/8A/33/wKioL1gqxaSAeBUwAAjdXRskaSk352.jpg" alt="wKioL1gqxaSAeBUwAAjdXRskaSk352.jpg" width="650"></p>
<p>具体的过程说明:</p>
<p>我们以上图用户访问www.wlm.com为例</p>
<p>对于客户机</p>
<p>1.当用户以域名方式访问某个主机时,本地计算机首先会查看自己的DNS Cache里有没有该域名解析的缓存,有则直接解析;</p>
<p>2.如果本地缓存没有该域名解析,就查看hosts文件,看有没有该域名解析,有则给出解析结果;</p>
<p>3.如果没有就请求DNS Server服务器,通过递归查询,直接从NDS Server得出需要查询的结果。</p>
<p>对于DNS Server域名服务器</p>
<p>1.如果用户请求的是DNS Server掌管的域内服务器,则直接给出解析结果;</p>
<p>2.如果用户请求的不是本域内的服务器或者DNS Server是缓存服务器,没有自己掌握的域名;</p>
<p> (1)DNS Server会直接访问根域服务器,而不是访问自己的顶级域服务器,根域不知道www.wlm.com主机的IP地址,但是跟域会告诉DNS server,.com顶级域会知道www.wlm.com的IP,并返回.com的IP ; </p>
<p> (2)DNS Server请求.com顶级域解析,.com顶级域也不知道www.wlm.com主机,但是.com顶级域会返回wlm.com的地址;</p>
<p> (3)DNS Server 访问wlm.com主机,www.wlm.com属于wlm.com域内。wlm.com返回www.wlm.com的主机IP,DNS Server响应用户的请求,返回IP地址;用户计算机根据IP地址访问www.wlm.com主机。</p>
<p> </p>
<p><strong> </strong></p>
<p><strong>域名服务器配置实战:</strong></p>
<p><strong>部署的逻辑图如下:</strong></p>
<p><img title="1DNSserver.jpg" src="http://s5.51cto.com/wyfs02/M00/8A/40/wKioL1gsCpWgDT3IAAC48AgRrfU955.jpg" alt="wKioL1gsCpWgDT3IAAC48AgRrfU955.jpg" width="650"></p>
<p><strong> </strong></p>
<p><strong>配置说明:</strong></p>
<p><strong>主域名服务器:ns1.wlm.com. IP:10.10.10.3</strong></p>
<p><strong><strong>从域名服务器:<strong>ns2.wlm.com. IP:10.10.10.10</strong></strong></strong></p>
<p><strong>缓存域名服务器:<strong>ns3.wlm.com. IP:10.10.10.11</strong></strong></p>
<p><strong>所有的系统都为CentOS7</strong></p>
<p> </p>
<p><strong>在每台服务器上的准备工作:</strong></p>
<p><strong>这里以ns1.wlm.com为例</strong></p>
<p>(1)配置IP,将DNS指向自己</p>
<div>
<div id="highlighter_685676" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
<div class="line number17 index16 alt2">17</div>
<div class="line number18 index17 alt1">18</div>
<div class="line number19 index18 alt2">19</div>
<div class="line number20 index19 alt1">20</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">vim </code><code class="bash plain">/etc/sysconfig/network-scripts/ifcfg-eno16777736</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">TYPE=Ethernet</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">BOOTPROTO=none</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">IPADDR=10.10.10.3</code></div>
<div class="line number5 index4 alt2"><code class="bash plain">NETMASK=255.255.255.0</code></div>
<div class="line number6 index5 alt1"><code class="bash plain">GATEWAY=10.10.10.2</code></div>
<div class="line number7 index6 alt2"><code class="bash plain">DNS1=10.10.10.3</code></div>
<div class="line number8 index7 alt1"><code class="bash plain">DEFROUTE=</code><code class="bash functions">yes</code></div>
<div class="line number9 index8 alt2"><code class="bash plain">PEERDNS=</code><code class="bash functions">yes</code></div>
<div class="line number10 index9 alt1"><code class="bash plain">PEERROUTES=</code><code class="bash functions">yes</code></div>
<div class="line number11 index10 alt2"><code class="bash plain">IPV4_FAILURE_FATAL=no</code></div>
<div class="line number12 index11 alt1"><code class="bash plain">IPV6INIT=</code><code class="bash functions">yes</code></div>
<div class="line number13 index12 alt2"><code class="bash plain">IPV6_AUTOCONF=</code><code class="bash functions">yes</code></div>
<div class="line number14 index13 alt1"><code class="bash plain">IPV6_DEFROUTE=</code><code class="bash functions">yes</code></div>
<div class="line number15 index14 alt2"><code class="bash plain">IPV6_PEERDNS=</code><code class="bash functions">yes</code></div>
<div class="line number16 index15 alt1"><code class="bash plain">IPV6_PEERROUTES=</code><code class="bash functions">yes</code></div>
<div class="line number17 index16 alt2"><code class="bash plain">IPV6_FAILURE_FATAL=no</code></div>
<div class="line number18 index17 alt1"><code class="bash plain">NAME=eno16777736</code></div>
<div class="line number19 index18 alt2"><code class="bash plain">DEVICE=eno16777736</code></div>
<div class="line number20 index19 alt1"><code class="bash plain">ONBOOT=</code><code class="bash functions">yes</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>(2)重启网卡</p>
<div>
<div id="highlighter_769814" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">systemctl restart network.service</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>(3)关闭防火墙和selinux</p>
<div>
<div id="highlighter_958483" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">systemctl stop firewalld.service</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">systemctl disable firewalld.service </code><code class="bash comments">#开启自动关闭</code></div>
<div class="line number3 index2 alt2"> </div>
<div class="line number4 index3 alt1"><code class="bash plain">setenforce 0 </code><code class="bash comments"># 可以vim /etc/selinux/config将selinux改为disabled,设置为开机就关闭</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>(4)配置yum源(这里就不赘述了),yum安装bind</p>
<div>
<div id="highlighter_561642" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># yum install -y bind</code></div>
<div class="line number2 index1 alt1"><code class="bash plain"></code><code class="bash comments"># yum install -y bind-libs</code></div>
<div class="line number3 index2 alt2"><code class="bash plain"></code><code class="bash comments"># yum install -y bind-utils #这个非必要,需要dig命令,需要安装</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>程序包说明:</p>
<p> bind-libs:被bind和bind-utils包中的程序共同用到的库文件;</p>
<p> bind-utils:bind客户端程序集,例如dig, host, nslookup等;</p>
<p> </p>
<p> bind:提供的dns server程序、以及几个常用的测试程序</p>
<p> bind-chroot:选装,让named运行于jail模式下;</p>
<p>(5)修改配置文件</p>
<div>
<div id="highlighter_504050" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># vim /etc/named.conf</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">options {</code></div>
<div class="line number3 index2 alt2"><code class="bash spaces"> </code><code class="bash plain">listen-on port 53 { 127.0.0.1; 10.10.10.3; };</code><code class="bash comments"># 监听本机IP的53端口</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash plain">listen-on-v6 port 53 { ::1; };</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">directory </code><code class="bash string">"/var/named"</code><code class="bash plain">;</code></div>
<div class="line number6 index5 alt1"><code class="bash spaces"> </code><code class="bash plain">dump-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/cache_dump.db"</code><code class="bash plain">;</code></div>
<div class="line number7 index6 alt2"><code class="bash spaces"> </code><code class="bash plain">statistics-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/named_stats.txt"</code><code class="bash plain">;</code></div>
<div class="line number8 index7 alt1"><code class="bash spaces"> </code><code class="bash plain">memstatistics-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/named_mem_stats.txt"</code><code class="bash plain">;</code></div>
<div class="line number9 index8 alt2"><code class="bash plain">//</code> <code class="bash plain">allow-query { localhost; }; </code><code class="bash comments"># 这里代表只解析本机,//为注释</code></div>
<div class="line number10 index9 alt1"><code class="bash spaces"> </code><code class="bash plain">allow-transfer { 10.10.10.0</code><code class="bash plain">/24</code><code class="bash plain">; }; </code></div>
<div class="line number11 index10 alt2"><code class="bash spaces"> </code><code class="bash comments"># 配置里默认没有这一项配置,只允许的slave主机做数据传送</code></div>
<div class="line number12 index11 alt1"><code class="bash spaces"> </code><code class="bash comments"># 从服务器配置如下:allow-transfer { none; }; #从服务器不需要做传输</code></div>
<div class="line number13 index12 alt2"><code class="bash spaces"> </code><code class="bash plain">recursion </code><code class="bash functions">yes</code><code class="bash plain">;</code></div>
<div class="line number14 index13 alt1"> </div>
<div class="line number15 index14 alt2"><code class="bash spaces"> </code><code class="bash plain">dnssec-</code><code class="bash functions">enable</code> <code class="bash plain">no; </code><code class="bash comments"># 安全设置关闭</code></div>
<div class="line number16 index15 alt1"><code class="bash spaces"> </code><code class="bash plain">dnssec-validation no; </code><code class="bash comments"># 安全设置关闭</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>修改完毕,保存退出</p>
<p>语法检查:</p>
<div>
<div id="highlighter_684401" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">named-checkconf </code><code class="bash comments">#语法检查,默认检查/etc/named.conf文件,如果不是这个路径,在后面写路径</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>重启named服务器</p>
<div>
<div id="highlighter_551885" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># systemctl restart named.service</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>设置开机启动</p>
<div>
<div id="highlighter_189445" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># systemctl enable named.service</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> </p>
<p>(6)查看监听的IP和端口</p>
<div>
<div id="highlighter_245678" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># netstat -tunlp | grep 53</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">tcp 0 0 10.10.10.3:53 0.0.0.0:* LISTEN 5509</code><code class="bash plain">/named</code> </div>
<div class="line number3 index2 alt2"><code class="bash plain">tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5509</code><code class="bash plain">/named</code> </div>
<div class="line number4 index3 alt1"><code class="bash plain">tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2384</code><code class="bash plain">/dnsmasq</code> </div>
<div class="line number5 index4 alt2"><code class="bash plain">tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5509</code><code class="bash plain">/named</code> </div>
<div class="line number6 index5 alt1"><code class="bash plain">tcp6 0 0 ::1:53 :::* LISTEN 5509</code><code class="bash plain">/named</code> </div>
<div class="line number7 index6 alt2"><code class="bash plain">tcp6 0 0 ::1:953 :::* LISTEN 5509</code><code class="bash plain">/named</code> </div>
<div class="line number8 index7 alt1"><code class="bash plain">udp 0 0 0.0.0.0:5353 0.0.0.0:* 854</code><code class="bash plain">/avahi-daemon</code><code class="bash plain">: r </code></div>
<div class="line number9 index8 alt2"><code class="bash plain">udp 0 0 10.10.10.3:53 0.0.0.0:* 5509</code><code class="bash plain">/named</code> </div>
<div class="line number10 index9 alt1"><code class="bash plain">udp 0 0 127.0.0.1:53 0.0.0.0:* 5509</code><code class="bash plain">/named</code> </div>
<div class="line number11 index10 alt2"><code class="bash plain">udp 0 0 192.168.122.1:53 0.0.0.0:* 2384</code><code class="bash plain">/dnsmasq</code> </div>
<div class="line number12 index11 alt1"><code class="bash plain">udp6 0 0 ::1:53 :::* 5509</code><code class="bash plain">/named</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>(7)配置时间服务器,利用ntpdate同步时间使每台服务器时间一致(如果是练习,这不是必要步骤)。</p>
<p><strong>4、主域名服务器配置</strong></p>
<p><strong>具体配置步骤:</strong></p>
<p><strong>1)yum安装bind</strong></p>
<div>
<div id="highlighter_383841" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># yum install -y bind</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>2)修改配置文件</strong></p>
<div>
<div id="highlighter_953596" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># vim /etc/named.conf</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">options {</code></div>
<div class="line number3 index2 alt2"><code class="bash spaces"> </code><code class="bash plain">listen-on port 53 { 127.0.0.1; 10.10.10.3; };</code><code class="bash comments"># 监听本机IP的53端口</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash plain">listen-on-v6 port 53 { ::1; };</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">directory </code><code class="bash string">"/var/named"</code><code class="bash plain">;</code></div>
<div class="line number6 index5 alt1"><code class="bash spaces"> </code><code class="bash plain">dump-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/cache_dump.db"</code><code class="bash plain">;</code></div>
<div class="line number7 index6 alt2"><code class="bash spaces"> </code><code class="bash plain">statistics-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/named_stats.txt"</code><code class="bash plain">;</code></div>
<div class="line number8 index7 alt1"><code class="bash spaces"> </code><code class="bash plain">memstatistics-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/named_mem_stats.txt"</code><code class="bash plain">;</code></div>
<div class="line number9 index8 alt2"><code class="bash plain">//</code> <code class="bash plain">allow-query { localhost; }; </code><code class="bash comments"># 这里代表只解析本机,//为注释</code></div>
<div class="line number10 index9 alt1"><code class="bash spaces"> </code><code class="bash plain">allow-transfer { 10.10.10.0</code><code class="bash plain">/24</code><code class="bash plain">; }; </code></div>
<div class="line number11 index10 alt2"><code class="bash spaces"> </code><code class="bash comments"># 配置里默认没有这一项配置,只允许的slave主机做数据传送</code></div>
<div class="line number12 index11 alt1"><code class="bash spaces"> </code><code class="bash plain">recursion </code><code class="bash functions">yes</code><code class="bash plain">;</code></div>
<div class="line number13 index12 alt2"> </div>
<div class="line number14 index13 alt1"><code class="bash spaces"> </code><code class="bash plain">dnssec-</code><code class="bash functions">enable</code> <code class="bash plain">no; </code><code class="bash comments"># 安全设置关闭</code></div>
<div class="line number15 index14 alt2"><code class="bash spaces"> </code><code class="bash plain">dnssec-validation no; </code><code class="bash comments"># 安全设置关闭</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>修改完毕,保存退出</p>
<p>语法检查:</p>
<div>
<div id="highlighter_901394" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">named-checkconf </code><code class="bash comments">#语法检查,默认检查/etc/named.conf文件,如果不是这个路径,在后面写路径</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>重启named服务器</p>
<div>
<div id="highlighter_157435" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># systemctl restart named.service</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>bind不设置任何域名,默认是缓存服务器,配置里面默认有根域的地址,现在可以做域名解析了。</p>
<div>
<div id="highlighter_411118" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># dig -t A +trace www.baidu.com</code></div>
<div class="line number2 index1 alt1"> </div>
<div class="line number3 index2 alt2"><code class="bash plain">; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A +trace www.baidu.com</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">;; global options: +cmd</code></div>
<div class="line number5 index4 alt2"><code class="bash plain">. 457478 IN NS a.root-servers.net. </code><code class="bash comments"># 首先找到跟域</code></div>
<div class="line number6 index5 alt1"><code class="bash plain">com. 172800 IN NS a.gtld-servers.net. </code><code class="bash comments"># 再找.com</code></div>
<div class="line number7 index6 alt2"><code class="bash plain">baidu.com. 172800 IN NS dns.baidu.com. </code><code class="bash comments"># 最后找到dns</code></div>
<div class="line number8 index7 alt1"><code class="bash plain">ww.baidu.com. 1200 IN CNAME www.a.shifen.com. </code><code class="bash comments"># 找到最后的域名</code></div>
<div class="line number9 index8 alt2"> </div>
<div class="line number10 index9 alt1"><code class="bash plain">;; Received 239 bytes from 220.181.37.10</code><code class="bash comments">#53(ns3.baidu.com) in 13 ms # 解析的ip</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> </p>
<pre>dig命令介绍:
dig [-t RR_TYPE] name [@SERVER]
用于测试dns系统,因此其不会查询hosts文件;
查询选项:
+trace:跟踪解析过程;
+recurse:进行递归解析;
注意:反向解析测试
dig -x IP
模拟完全区域传送:
dig -t axfr DOMAIN [@server]
dig +trace -t A www.baidu.com
dig -x 61.135.169.121</pre>
<p><strong>3)配置一个正向解析区域</strong></p>
<p>(1)定义区域,我们以wlm.com为例 </p>
<p><strong> </strong>在主配置文件中或主配置文件辅助配置文件中实现(/etc/named.rfc1912.zones);<strong> </strong></p>
<div>
<div id="highlighter_252268" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">vim </code><code class="bash plain">/etc/named</code><code class="bash plain">.rfc1912.zones </code></div>
<div class="line number2 index1 alt1"><code class="bash comments"># 配置文件最后面添加</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">zone </code><code class="bash string">"wlm.com"</code> <code class="bash plain">IN {</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash functions">type</code> <code class="bash plain">master;</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash functions">file</code> <code class="bash string">"wlm.com.zone"</code><code class="bash plain">;</code></div>
<div class="line number6 index5 alt1"><code class="bash plain">};</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<pre>/etc/named.rfc1912.zones配置文件里的写法格式:
zone "ZONE_NAME" IN {
type {master|slave|hint|forward};
file "ZONE_NAME.zone";
};
注意:区域名字即为域名;</pre>
<p>(2)建立区域数据文件(主要记录为A或AAAA记录)</p>
<p> 在/var/named目录下建立区域数据文件;</p>
<div>
<div id="highlighter_666290" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
<div class="line number17 index16 alt2">17</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># vim /var/named/wlm.com.zone #这里定义的文件要跟上一步在配置里写的文件一致</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">$TTL 3600</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">$ORIGIN wlm.com.</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">@ IN SOA ns1.wlm.com. dnsadmin.wlm.com. (</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">2014100101</code></div>
<div class="line number6 index5 alt1"><code class="bash spaces"> </code><code class="bash plain">1H</code></div>
<div class="line number7 index6 alt2"><code class="bash spaces"> </code><code class="bash plain">10M</code></div>
<div class="line number8 index7 alt1"><code class="bash spaces"> </code><code class="bash plain">3D</code></div>
<div class="line number9 index8 alt2"><code class="bash spaces"> </code><code class="bash plain">1D )</code></div>
<div class="line number10 index9 alt1"><code class="bash spaces"> </code><code class="bash plain">IN NS ns1</code></div>
<div class="line number11 index10 alt2"><code class="bash spaces"> </code><code class="bash plain">IN MX 10 mx1</code></div>
<div class="line number12 index11 alt1"><code class="bash spaces"> </code><code class="bash plain">IN MX 20 mx2</code></div>
<div class="line number13 index12 alt2"><code class="bash plain">ns1 IN A 10.10.10.3</code></div>
<div class="line number14 index13 alt1"><code class="bash plain">mx1 IN A 10.10.10.100</code></div>
<div class="line number15 index14 alt2"><code class="bash plain">mx2 IN A 10.10.10.200</code></div>
<div class="line number16 index15 alt1"><code class="bash plain">www IN A 10.10.10.4</code></div>
<div class="line number17 index16 alt2"><code class="bash plain">web IN CNAME www</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> </p>
<pre>区域数据库文件说明;
$TTL 3600 # 设置客户端缓存时间
$ORIGIN wlm.com. # 定义当前区域的名字,下面的@就是替代这个值
@ IN SOA ns1.wlm.com. dnsadmin.wlm.com. (
# SOA:Start Of Authority,起始授权记录; 一个区域解析库有且只能有一个SOA记录,而且必须放在第一条;
# ns1.wlm.com. 该域的主域名服务器
# dnsadmin.wlm.com. 管理员邮箱
2014100101 # 序列号:serial
1H # 刷新时间间隔:refresh
10M # 重试时间间隔:retry,
3D # 过期时长:expire
1D ) # negative answer ttl:否定答案的缓存时长
IN NS ns1 # 域名服务记录;一个区域解析库可以有多个NS记录;其中一个为主的
IN MX 10 mx1 #邮件交换器 优先级:0-99,数字越小优先级越高
IN MX 20 mx2
ns1 IN A 10.10.10.3 #地址记录
mx1 IN A 10.10.10.100
mx2 IN A 10.10.10.200
www IN A 10.10.10.4
web IN CNAME www #别名记录
系统的介绍:
主-辅DNS服务器:
主DNS服务器:维护所负责解析的域数据库的那台服务器;读写操作均可进行;
从DNS服务器:从主DNS服务器那里或其它的从DNS服务器那里“复制”一份解析库;但只能进行读操作;
“复制”操作的实施方式:
序列号:serial, 也即是数据库的版本号;主服务器数据库内容发生变化时,其版本号递增;
刷新时间间隔:refresh, 从服务器每多久到主服务器检查序列号更新状况;
重试时间间隔:retry, 从服务器从主服务器请求同步解析库失败时,再次发起尝试请求的时间间隔;
过期时长:expire,从服务器始终联系不到主服务器时,多久之后放弃从主服务器同步数据;停止提供服务;
negative answer ttl:否定答案的缓存时长
主服务器”通知“从服务器随时更新数据;
区域传送:
全量传送:axfr, 传送整个数据库;
增量传送:ixfr, 仅传送变量的数据;
区域(zone)和域(domain):
magedu.com域:
FQDN --> IP
正向解析库;区域
IP --> FQDN
反向解析库;区域
区域数据库文件:
资源记录:Resource Record, 简称rr;
记录有类型:A, AAAA, PTR, SOA, NS, CNAME, MX
SOA:Start Of Authority,起始授权记录; 一个区域解析库有且只能有一个SOA记录,而且必须放在第一条;
NS:Name Service,域名服务记录;一个区域解析库可以有多个NS记录;其中一个为主的;
A: Address, 地址记录,FQDN --> IPv4;
AAAA:地址记录, FQDN --> IPv6;
CNAME:Canonical Name,别名记录;
PTR:Pointer,IP --> FQDN
MX:Mail eXchanger,邮件交换器;
优先级:0-99,数字越小优先级越高;
资源记录的定义格式:
语法: name IN RR_TYPE value
客户端可以缓存的时间 资源记录
SOA:
name: 当前区域的名字;例如”magedu.com.”,或者“2.3.4.in-addr.arpa.”;
value:有多部分组成
(1) 当前区域的区域名称(也可以使用主DNS服务器名称);
(2) 当前区域管理员的邮箱地址;但地址中不能使用@符号,一般使用点号来替代;
(3) (主从服务协调属性的定义以及否定答案的TTL)
例如:
magedu.com. 86400 IN SOA magedu.com. admin.magedu.com. (
2017010801 ; serial
2H ; refresh
10M ; retry
1W ; expire
1D ; negative answer ttl
)
NS:
name: 当前区域的区域名称
value:当前区域的某DNS服务器的名字,例如ns.magedu.com.;
注意:一个区域可以有多个ns记录;
例如:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
MX:
name: 当前区域的区域名称
value:当前区域某邮件交换器的主机名;
注意:MX记录可以有多个;但每个记录的value之前应该有一个数字表示其优先级;
例如:
magedu.com. IN MX 10 mx1.magedu.com.
magedu.com. IN MX 20 mx2.magedu.com.
A:
name:某FQDN,例如www.magedu.com.
value:某IPv4地址;
例如:
www.magedu.com. IN A 1.1.1.1
www.magedu.com. IN A 1.1.1.2
bbs.magedu.com. IN A 1.1.1.1
AAAA:
name:FQDN
value: IPv6
PTR:
name:IP地址,有特定格式,IP反过来写,而且加特定后缀;例如1.2.3.4的记录应该写为4.3.2.1.in-addr.arpa.;
value:FQND
例如:
4.3.2.1.in-addr.arpa. IN PTR www.magedu.com.
CNAME:
name:FQDN格式的别名;
value:FQDN格式的正式名字;
例如:
web.magedu.com. IN CNAME www.magedu.com.
注意:
(1) TTL可以从全局继承;
(2) @表示当前区域的名称;
(3) 相邻的两条记录其name相同时,后面的可省略;
(4) 对于正向区域来说,各MX,NS等类型的记录的value为FQDN,此FQDN应该有一个A记录;</pre>
<p>权限及属组修改:</p>
<div>
<div id="highlighter_950191" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># chgrp named /var/named/wlm.com.zone </code></div>
<div class="line number2 index1 alt1"><code class="bash plain"></code><code class="bash comments"># chmod o= /var/named/wlm.com.zone</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> </p>
<p>检查语法错误:</p>
<div>
<div id="highlighter_273944" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># named-checkzone wlm.com /var/named/wlm.com.zone </code></div>
<div class="line number2 index1 alt1"><code class="bash plain">zone wlm.com</code><code class="bash plain">/IN</code><code class="bash plain">: loaded serial 2014100101</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">OK</code></div>
<div class="line number4 index3 alt1"><code class="bash plain"></code><code class="bash comments"># named-checkconf</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>(3)让服务器重载配置文件和区域数据文件</p>
<div>
<div id="highlighter_288463" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash comments"># rndc reload 或 systemctl reload named.service</code></div>
<div class="line number2 index1 alt1"><code class="bash plain"></code><code class="bash comments"># rndc reload</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">server reload successful</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>(4)验证</p>
<p># ping ns1.wlm.com</p>
<p>PING ns1.wlm.com (10.10.10.3) 56(84) bytes of data.</p>
<p>64 bytes from 10.10.10.3: icmp_seq=1 ttl=64 time=0.036 ms</p>
<p> </p>
<p># nslookup</p>
<p>> ns1.wlm.com </p>
<p>Server:<span class="Apple-tab-span">10.10.10.3</span></p>
<p>Address:<span class="Apple-tab-span">10.10.10.3#53</span></p>
<p>Name:<span class="Apple-tab-span">ns1.wlm.com</span></p>
<p>Address: 10.10.10.3</p>
<p> </p>
<p><strong>4)配置一个反向解析区域</strong></p>
<p>(1)定义区域</p>
<p> 在主配置文件中或主配置文件辅助配置文件中实现;</p>
<div>
<div id="highlighter_285250" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># vim /etc/named.rfc1912.zones</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">zone </code><code class="bash string">"10.10.10.in-addr.arpa"</code> <code class="bash plain">IN {</code></div>
<div class="line number3 index2 alt2"><code class="bash spaces"> </code><code class="bash functions">type</code> <code class="bash plain">master;</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash functions">file</code> <code class="bash string">"10.10.10.zone"</code><code class="bash plain">;</code></div>
<div class="line number5 index4 alt2"><code class="bash plain">};</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> </p>
<pre>zone "ZONE_NAME" IN {
type {master|slave|hint|forward};
file "ZONE_NAME.zone";
};
注意:反向区域的名字
反写的网段地址.in-addr.arpa
示例:100.16.172.in-addr.arpa</pre>
<p>(2) 定义区域解析库文件(主要记录为PTR)</p>
<p>在/var/named目录下建立区域数据文件;示例:区域名称为100.16.172.in-addr.arpa;(反过来写IP)</p>
<div>
<div id="highlighter_474480" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># vim /var/named/10.10.10.zone </code></div>
<div class="line number2 index1 alt1"><code class="bash plain">$TTL 3600</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">$ORIGIN 10.10.10.</code><code class="bash keyword">in</code><code class="bash plain">-addr.arpa.</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">@ IN SOA ns1.wlm.com. nsadmin.wlm.com. (</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">2014100801</code></div>
<div class="line number6 index5 alt1"><code class="bash spaces"> </code><code class="bash plain">1H</code></div>
<div class="line number7 index6 alt2"><code class="bash spaces"> </code><code class="bash plain">10M</code></div>
<div class="line number8 index7 alt1"><code class="bash spaces"> </code><code class="bash plain">3D</code></div>
<div class="line number9 index8 alt2"><code class="bash spaces"> </code><code class="bash plain">12H )</code></div>
<div class="line number10 index9 alt1"><code class="bash spaces"> </code><code class="bash plain">IN NS ns1.wlm.com.</code></div>
<div class="line number11 index10 alt2"><code class="bash plain">3 IN PTR ns1.wlm.com.</code></div>
<div class="line number12 index11 alt1"><code class="bash plain">100 IN PTR mx1.wlm.com.</code></div>
<div class="line number13 index12 alt2"><code class="bash plain">200 IN PTR mx2.wlm.com.</code></div>
<div class="line number14 index13 alt1"><code class="bash plain">4 IN PTR www.wlm.com.</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>权限及属组修改:</p>
<div>
<div id="highlighter_972956" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># chmod o= /var/named/10.10.10.zone</code></div>
<div class="line number2 index1 alt1"><code class="bash plain"></code><code class="bash comments"># chgrp named /var/named/10.10.10.zone</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> 检查语法错误:</p>
<div>
<div id="highlighter_127171" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">zone wlm.com</code><code class="bash plain">/IN</code><code class="bash plain">: loaded serial 2014100101</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">OK</code></div>
<div class="line number3 index2 alt2"><code class="bash plain"></code><code class="bash comments"># named-checkconf</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>(3) 让服务器重载配置文件和区域数据文件</p>
<div>
<div id="highlighter_949312" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash comments"># rndc reload 或</code></div>
<div class="line number2 index1 alt1"><code class="bash comments"># systemctl reload named.service</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>验证:</p>
<div>
<div id="highlighter_925381" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
<div class="line number17 index16 alt2">17</div>
<div class="line number18 index17 alt1">18</div>
<div class="line number19 index18 alt2">19</div>
<div class="line number20 index19 alt1">20</div>
<div class="line number21 index20 alt2">21</div>
<div class="line number22 index21 alt1">22</div>
<div class="line number23 index22 alt2">23</div>
<div class="line number24 index23 alt1">24</div>
<div class="line number25 index24 alt2">25</div>
<div class="line number26 index25 alt1">26</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># dig -x 10.10.10.3</code></div>
<div class="line number2 index1 alt1"> </div>
<div class="line number3 index2 alt2"><code class="bash plain">; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 10.10.10.3</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">;; global options: +cmd</code></div>
<div class="line number5 index4 alt2"><code class="bash plain">;; Got answer:</code></div>
<div class="line number6 index5 alt1"><code class="bash plain">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, </code><code class="bash functions">id</code><code class="bash plain">: 25014</code></div>
<div class="line number7 index6 alt2"><code class="bash plain">;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2</code></div>
<div class="line number8 index7 alt1"> </div>
<div class="line number9 index8 alt2"><code class="bash plain">;; OPT PSEUDOSECTION:</code></div>
<div class="line number10 index9 alt1"><code class="bash plain">; EDNS: version: 0, flags:; udp: 4096</code></div>
<div class="line number11 index10 alt2"><code class="bash plain">;; QUESTION SECTION:</code></div>
<div class="line number12 index11 alt1"><code class="bash plain">;3.10.10.10.</code><code class="bash keyword">in</code><code class="bash plain">-addr.arpa. IN PTR</code></div>
<div class="line number13 index12 alt2"> </div>
<div class="line number14 index13 alt1"><code class="bash plain">;; ANSWER SECTION:</code></div>
<div class="line number15 index14 alt2"><code class="bash plain">3.10.10.10.</code><code class="bash keyword">in</code><code class="bash plain">-addr.arpa. 3600 IN PTR ns1.wlm.com.</code></div>
<div class="line number16 index15 alt1"> </div>
<div class="line number17 index16 alt2"><code class="bash plain">;; AUTHORITY SECTION:</code></div>
<div class="line number18 index17 alt1"><code class="bash plain">10.10.10.</code><code class="bash keyword">in</code><code class="bash plain">-addr.arpa. 3600 IN NS ns1.wlm.com.</code></div>
<div class="line number19 index18 alt2"> </div>
<div class="line number20 index19 alt1"><code class="bash plain">;; ADDITIONAL SECTION:</code></div>
<div class="line number21 index20 alt2"><code class="bash plain">ns1.wlm.com. 3600 IN A 10.10.10.3</code></div>
<div class="line number22 index21 alt1"> </div>
<div class="line number23 index22 alt2"><code class="bash plain">;; Query </code><code class="bash functions">time</code><code class="bash plain">: 26 msec</code></div>
<div class="line number24 index23 alt1"><code class="bash plain">;; SERVER: 10.10.10.3</code><code class="bash comments">#53(10.10.10.3)</code></div>
<div class="line number25 index24 alt2"><code class="bash plain">;; WHEN: 三 11月 16 13:55:13 CST 2016</code></div>
<div class="line number26 index25 alt1"><code class="bash plain">;; MSG SIZE rcvd: 107</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>至此,主域名服务器已经配置好了。已经可以使用了。</p>
<p><strong>5、辅域名服务器配置</strong></p>
<p><strong>在准备工作已经说过了,这里在添加上/etc/named.conf的配置</strong></p>
<div>
<div id="highlighter_622145" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
<div class="line number17 index16 alt2">17</div>
<div class="line number18 index17 alt1">18</div>
<div class="line number19 index18 alt2">19</div>
<div class="line number20 index19 alt1">20</div>
<div class="line number21 index20 alt2">21</div>
<div class="line number22 index21 alt1">22</div>
<div class="line number23 index22 alt2">23</div>
<div class="line number24 index23 alt1">24</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">options {</code></div>
<div class="line number2 index1 alt1"><code class="bash spaces"> </code><code class="bash plain">listen-on port 53 { 127.0.0.1; 10.10.10.10; };</code></div>
<div class="line number3 index2 alt2"><code class="bash spaces"> </code><code class="bash plain">listen-on-v6 port 53 { ::1; };</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash plain">directory </code><code class="bash string">"/var/named"</code><code class="bash plain">;</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">dump-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/cache_dump.db"</code><code class="bash plain">;</code></div>
<div class="line number6 index5 alt1"><code class="bash spaces"> </code><code class="bash plain">statistics-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/named_stats.txt"</code><code class="bash plain">;</code></div>
<div class="line number7 index6 alt2"><code class="bash spaces"> </code><code class="bash plain">memstatistics-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/named_mem_stats.txt"</code><code class="bash plain">;</code></div>
<div class="line number8 index7 alt1"><code class="bash plain">//</code> <code class="bash plain">allow-query { localhost; };</code></div>
<div class="line number9 index8 alt2"><code class="bash spaces"> </code><code class="bash plain">allow-transfer { none; };</code></div>
<div class="line number10 index9 alt1"> </div>
<div class="line number11 index10 alt2"><code class="bash spaces"> </code><code class="bash plain">/* </code></div>
<div class="line number12 index11 alt1"><code class="bash spaces"> </code><code class="bash plain">- If you are building an AUTHORITATIVE DNS server, </code><code class="bash keyword">do</code> <code class="bash plain">NOT </code><code class="bash functions">enable</code> <code class="bash plain">recursion.</code></div>
<div class="line number13 index12 alt2"><code class="bash spaces"> </code><code class="bash plain">- If you are building a RECURSIVE (caching) DNS server, you need to </code><code class="bash functions">enable</code> </div>
<div class="line number14 index13 alt1"><code class="bash spaces"> </code><code class="bash plain">recursion. </code></div>
<div class="line number15 index14 alt2"><code class="bash spaces"> </code><code class="bash plain">- If your recursive DNS server has a public IP address, you MUST </code><code class="bash functions">enable</code> <code class="bash plain">access </code></div>
<div class="line number16 index15 alt1"><code class="bash spaces"> </code><code class="bash plain">control to limit queries to your legitimate </code><code class="bash functions">users</code><code class="bash plain">. Failing to </code><code class="bash keyword">do</code> <code class="bash plain">so will</code></div>
<div class="line number17 index16 alt2"><code class="bash spaces"> </code><code class="bash plain">cause your server to become part of large scale DNS amplification </code></div>
<div class="line number18 index17 alt1"><code class="bash spaces"> </code><code class="bash plain">attacks. Implementing BCP38 within your network would greatly</code></div>
<div class="line number19 index18 alt2"><code class="bash spaces"> </code><code class="bash plain">reduce such attack surface </code></div>
<div class="line number20 index19 alt1"><code class="bash spaces"> </code><code class="bash plain">*/</code></div>
<div class="line number21 index20 alt2"><code class="bash spaces"> </code><code class="bash plain">recursion </code><code class="bash functions">yes</code><code class="bash plain">;</code></div>
<div class="line number22 index21 alt1"> </div>
<div class="line number23 index22 alt2"><code class="bash spaces"> </code><code class="bash plain">dnssec-</code><code class="bash functions">enable</code> <code class="bash plain">no;</code></div>
<div class="line number24 index23 alt1"><code class="bash spaces"> </code><code class="bash plain">dnssec-validation no;</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> </p>
<p><strong>配置一个从区域:</strong></p>
<p><strong>1)在master DNS上添加NS记录和A记录</strong></p>
<p>在Master上,确保区域数据文件中为每个从服务配置NS记录,并且在正向区域文件需要每个从服务器的NS记录的主机名配置一个A记录,且此A后面的地址为真正的从服务器的IP地址;</p>
<div>
<div id="highlighter_203434" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
<div class="line number17 index16 alt2">17</div>
<div class="line number18 index17 alt1">18</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">$TTL 3600</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">$ORIGIN wlm.com.</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">@ IN SOA ns1.wlm.com. dnsadmin.wlm.com. (</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash plain">2014100101 </code><code class="bash comments">#如果slave要重载配置,这需要变更序列号</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">1H</code></div>
<div class="line number6 index5 alt1"><code class="bash spaces"> </code><code class="bash plain">10M</code></div>
<div class="line number7 index6 alt2"><code class="bash spaces"> </code><code class="bash plain">3D</code></div>
<div class="line number8 index7 alt1"><code class="bash spaces"> </code><code class="bash plain">1D )</code></div>
<div class="line number9 index8 alt2"><code class="bash spaces"> </code><code class="bash plain">IN NS ns1</code></div>
<div class="line number10 index9 alt1"><code class="bash spaces"> </code><code class="bash plain">IN NS ns2 </code><code class="bash comments">#NS记录</code></div>
<div class="line number11 index10 alt2"><code class="bash spaces"> </code><code class="bash plain">IN MX 10 mx1</code></div>
<div class="line number12 index11 alt1"><code class="bash spaces"> </code><code class="bash plain">IN MX 20 mx2</code></div>
<div class="line number13 index12 alt2"><code class="bash plain">ns2 IN A 10.10.10.10 </code><code class="bash comments">#A记录</code></div>
<div class="line number14 index13 alt1"><code class="bash plain">ns1 IN A 10.10.10.3</code></div>
<div class="line number15 index14 alt2"><code class="bash plain">mx1 IN A 10.10.10.100</code></div>
<div class="line number16 index15 alt1"><code class="bash plain">mx2 IN A 10.10.10.200</code></div>
<div class="line number17 index16 alt2"><code class="bash plain">www IN A 10.10.10.4</code></div>
<div class="line number18 index17 alt1"><code class="bash plain">web IN CNAME www</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>语法检查并重新配置</p>
<div>
<div id="highlighter_108988" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># named-checkzone wlm.com /var/named/wlm.com.zone </code></div>
<div class="line number2 index1 alt1"><code class="bash plain">zone wlm.com</code><code class="bash plain">/IN</code><code class="bash plain">: loaded serial 2014100101</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">OK</code></div>
<div class="line number4 index3 alt1"><code class="bash plain"></code><code class="bash comments"># rndc reload</code></div>
<div class="line number5 index4 alt2"><code class="bash plain">server reload successful</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> <strong>2) 在slave DNS上定义区域</strong></p>
<div>
<div id="highlighter_979728" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># vim /etc/named.rfc1912.zones </code></div>
<div class="line number2 index1 alt1"><code class="bash plain">zone </code><code class="bash string">"wlm.com"</code> <code class="bash plain">IN {</code></div>
<div class="line number3 index2 alt2"><code class="bash spaces"> </code><code class="bash functions">type</code> <code class="bash plain">slave; </code><code class="bash comments">#slave标记为从服务器</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash functions">file</code> <code class="bash string">"slaves/wlm.com.zone"</code><code class="bash plain">; </code><code class="bash comments">#代办区域文件在/var/named/slaves目录下,特定的</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">masters { 10.10.10.3; }; </code><code class="bash comments">#填写主域名服务器IP</code></div>
<div class="line number6 index5 alt1"><code class="bash plain">};</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> </p>
<pre>书写格式:
zone "ZONE_NAME" IN {
type slave;
file "slaves/ZONE_NAME.zone";
masters { MASTER_IP; };
};</pre>
<p><strong>3) 重载配置</strong></p>
<div>
<div id="highlighter_193387" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">配置文件语法检查</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">named-checkconf</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div id="highlighter_493151" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">重载配置</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">rndc reload</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">systemctl reload named.service</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>说明:当主域名服务器里添加了新记录,只需要主域名服务器重载配置,从域名服务器自动同步。</p>
<p>验证:</p>
<p>(1)在/var/named/slaves目录下自动同步wlm.com.zone文件</p>
<div>
<div id="highlighter_627228" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># pwd</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">/var/named/slaves</code></div>
<div class="line number3 index2 alt2"><code class="bash plain"></code><code class="bash comments"># ls</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">wlm.com.zone</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>(2)可以解析域名</p>
<div>
<div id="highlighter_91832" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
<div class="line number17 index16 alt2">17</div>
<div class="line number18 index17 alt1">18</div>
<div class="line number19 index18 alt2">19</div>
<div class="line number20 index19 alt1">20</div>
<div class="line number21 index20 alt2">21</div>
<div class="line number22 index21 alt1">22</div>
<div class="line number23 index22 alt2">23</div>
<div class="line number24 index23 alt1">24</div>
<div class="line number25 index24 alt2">25</div>
<div class="line number26 index25 alt1">26</div>
<div class="line number27 index26 alt2">27</div>
<div class="line number28 index27 alt1">28</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># dig -t A www.wlm.com</code></div>
<div class="line number2 index1 alt1"> </div>
<div class="line number3 index2 alt2"><code class="bash plain">; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A www.wlm.com</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">;; global options: +cmd</code></div>
<div class="line number5 index4 alt2"><code class="bash plain">;; Got answer:</code></div>
<div class="line number6 index5 alt1"><code class="bash plain">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, </code><code class="bash functions">id</code><code class="bash plain">: 27069</code></div>
<div class="line number7 index6 alt2"><code class="bash plain">;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3</code></div>
<div class="line number8 index7 alt1"> </div>
<div class="line number9 index8 alt2"><code class="bash plain">;; OPT PSEUDOSECTION:</code></div>
<div class="line number10 index9 alt1"><code class="bash plain">; EDNS: version: 0, flags:; udp: 4096</code></div>
<div class="line number11 index10 alt2"><code class="bash plain">;; QUESTION SECTION:</code></div>
<div class="line number12 index11 alt1"><code class="bash plain">;www.wlm.com. IN A</code></div>
<div class="line number13 index12 alt2"> </div>
<div class="line number14 index13 alt1"><code class="bash plain">;; ANSWER SECTION:</code></div>
<div class="line number15 index14 alt2"><code class="bash plain">www.wlm.com. 3600 IN A 10.10.10.4</code></div>
<div class="line number16 index15 alt1"> </div>
<div class="line number17 index16 alt2"><code class="bash plain">;; AUTHORITY SECTION:</code></div>
<div class="line number18 index17 alt1"><code class="bash plain">wlm.com. 3600 IN NS ns1.wlm.com.</code></div>
<div class="line number19 index18 alt2"><code class="bash plain">wlm.com. 3600 IN NS ns2.wlm.com.</code></div>
<div class="line number20 index19 alt1"> </div>
<div class="line number21 index20 alt2"><code class="bash plain">;; ADDITIONAL SECTION:</code></div>
<div class="line number22 index21 alt1"><code class="bash plain">ns1.wlm.com. 3600 IN A 10.10.10.3</code></div>
<div class="line number23 index22 alt2"><code class="bash plain">ns2.wlm.com. 3600 IN A 10.10.10.10</code></div>
<div class="line number24 index23 alt1"> </div>
<div class="line number25 index24 alt2"><code class="bash plain">;; Query </code><code class="bash functions">time</code><code class="bash plain">: 1 msec</code></div>
<div class="line number26 index25 alt1"><code class="bash plain">;; SERVER: 10.10.10.10</code><code class="bash comments">#53(10.10.10.10)</code></div>
<div class="line number27 index26 alt2"><code class="bash plain">;; WHEN: 三 11月 16 14:20:52 CST 2016</code></div>
<div class="line number28 index27 alt1"><code class="bash plain">;; MSG SIZE rcvd: 124</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>至此,辅域名服务器配置完毕</p>
<p><strong>6、缓存域名服务器配置</strong></p>
<p>在上面的准备工作做完了,默认就配置好了缓存域名服务器。</p>
<p>但是我们这里还有在做两点,为大家更好的理解域名服务器的配置。</p>
<p> </p>
<p>定义转发:</p>
<p>注意:被转发的服务器必须允许为当前服务做递归;</p>
<p><strong>1) 区域转发:</strong>仅转发对某特定区域的解析请求;</p>
<pre>配置格式:
zone "ZONE_NAME" IN {
type forward;
forward {first|only};
forwarders { SERVER_IP; };
};
first:首先转发;转发器不响应时,自行去迭代查询;
only:只转发;</pre>
<p> </p>
<p>具体配置:</p>
<div>
<div id="highlighter_256821" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># vim /etc/named.rfc1912.zones #在最后面添加</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">zone </code><code class="bash string">"wlm.com"</code> <code class="bash plain">IN {</code></div>
<div class="line number3 index2 alt2"><code class="bash spaces"> </code><code class="bash functions">type</code> <code class="bash plain">forward;</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash plain">forward first;</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">forwarders { 10.10.10.3; };</code></div>
<div class="line number6 index5 alt1"><code class="bash spaces"> </code><code class="bash plain">};</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>语法检查,重启bind</p>
<div>
<div id="highlighter_788550" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># named-checkconf </code></div>
<div class="line number2 index1 alt1"><code class="bash plain"></code><code class="bash comments"># systemctl restart named.service</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>验证:</p>
<div>
<div id="highlighter_493893" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
<div class="line number17 index16 alt2">17</div>
<div class="line number18 index17 alt1">18</div>
<div class="line number19 index18 alt2">19</div>
<div class="line number20 index19 alt1">20</div>
<div class="line number21 index20 alt2">21</div>
<div class="line number22 index21 alt1">22</div>
<div class="line number23 index22 alt2">23</div>
<div class="line number24 index23 alt1">24</div>
<div class="line number25 index24 alt2">25</div>
<div class="line number26 index25 alt1">26</div>
<div class="line number27 index26 alt2">27</div>
<div class="line number28 index27 alt1">28</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># dig -t A www.wlm.com</code></div>
<div class="line number2 index1 alt1"> </div>
<div class="line number3 index2 alt2"><code class="bash plain">; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A www.wlm.com</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">;; global options: +cmd</code></div>
<div class="line number5 index4 alt2"><code class="bash plain">;; Got answer:</code></div>
<div class="line number6 index5 alt1"><code class="bash plain">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, </code><code class="bash functions">id</code><code class="bash plain">: 5158</code></div>
<div class="line number7 index6 alt2"><code class="bash plain">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3</code></div>
<div class="line number8 index7 alt1"> </div>
<div class="line number9 index8 alt2"><code class="bash plain">;; OPT PSEUDOSECTION:</code></div>
<div class="line number10 index9 alt1"><code class="bash plain">; EDNS: version: 0, flags:; udp: 4096</code></div>
<div class="line number11 index10 alt2"><code class="bash plain">;; QUESTION SECTION:</code></div>
<div class="line number12 index11 alt1"><code class="bash plain">;www.wlm.com. IN A</code></div>
<div class="line number13 index12 alt2"> </div>
<div class="line number14 index13 alt1"><code class="bash plain">;; ANSWER SECTION:</code></div>
<div class="line number15 index14 alt2"><code class="bash plain">www.wlm.com. 3600 IN A 10.10.10.4</code></div>
<div class="line number16 index15 alt1"> </div>
<div class="line number17 index16 alt2"><code class="bash plain">;; AUTHORITY SECTION:</code></div>
<div class="line number18 index17 alt1"><code class="bash plain">wlm.com. 3600 IN NS ns2.wlm.com.</code></div>
<div class="line number19 index18 alt2"><code class="bash plain">wlm.com. 3600 IN NS ns1.wlm.com.</code></div>
<div class="line number20 index19 alt1"> </div>
<div class="line number21 index20 alt2"><code class="bash plain">;; ADDITIONAL SECTION:</code></div>
<div class="line number22 index21 alt1"><code class="bash plain">ns1.wlm.com. 3600 IN A 10.10.10.3</code></div>
<div class="line number23 index22 alt2"><code class="bash plain">ns2.wlm.com. 3600 IN A 10.10.10.10</code></div>
<div class="line number24 index23 alt1"> </div>
<div class="line number25 index24 alt2"><code class="bash plain">;; Query </code><code class="bash functions">time</code><code class="bash plain">: 53 msec</code></div>
<div class="line number26 index25 alt1"><code class="bash plain">;; SERVER: 10.10.10.11</code><code class="bash comments">#53(10.10.10.11)</code></div>
<div class="line number27 index26 alt2"><code class="bash plain">;; WHEN: 三 11月 16 15:20:59 CST 2016</code></div>
<div class="line number28 index27 alt1"><code class="bash plain">;; MSG SIZE rcvd: 124</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p> </p>
<p> </p>
<p><strong>2) 全局转发:</strong>针对凡本地没有通过zone定义的区域查询请求,通通转给某转发器;</p>
<pre>配置格式:
options {
... ...
forward {only|first};
forwarders { SERVER_IP; };
.. ...
};</pre>
<p>具体配置:</p>
<div>
<div id="highlighter_825070" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
<div class="line number14 index13 alt1">14</div>
<div class="line number15 index14 alt2">15</div>
<div class="line number16 index15 alt1">16</div>
<div class="line number17 index16 alt2">17</div>
<div class="line number18 index17 alt1">18</div>
<div class="line number19 index18 alt2">19</div>
<div class="line number20 index19 alt1">20</div>
<div class="line number21 index20 alt2">21</div>
<div class="line number22 index21 alt1">22</div>
<div class="line number23 index22 alt2">23</div>
<div class="line number24 index23 alt1">24</div>
<div class="line number25 index24 alt2">25</div>
<div class="line number26 index25 alt1">26</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain">vim </code><code class="bash plain">/etc/named</code><code class="bash plain">.conf</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">options {</code></div>
<div class="line number3 index2 alt2"><code class="bash spaces"> </code><code class="bash plain">listen-on port 53 { 127.0.0.1; 10.10.10.11; }; </code><code class="bash comments"># 监听本机的IP端口</code></div>
<div class="line number4 index3 alt1"><code class="bash spaces"> </code><code class="bash plain">listen-on-v6 port 53 { ::1; };</code></div>
<div class="line number5 index4 alt2"><code class="bash spaces"> </code><code class="bash plain">directory </code><code class="bash string">"/var/named"</code><code class="bash plain">;</code></div>
<div class="line number6 index5 alt1"><code class="bash spaces"> </code><code class="bash plain">dump-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/cache_dump.db"</code><code class="bash plain">;</code></div>
<div class="line number7 index6 alt2"><code class="bash spaces"> </code><code class="bash plain">statistics-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/named_stats.txt"</code><code class="bash plain">;</code></div>
<div class="line number8 index7 alt1"><code class="bash spaces"> </code><code class="bash plain">memstatistics-</code><code class="bash functions">file</code> <code class="bash string">"/var/named/data/named_mem_stats.txt"</code><code class="bash plain">;</code></div>
<div class="line number9 index8 alt2"><code class="bash plain">//</code> <code class="bash plain">allow-query { localhost; }; </code><code class="bash comments"># 允许为其他主机解析</code></div>
<div class="line number10 index9 alt1"><code class="bash spaces"> </code><code class="bash plain">allow-transfer { none; }; </code><code class="bash comments"># 从服务器不需要传送</code></div>
<div class="line number11 index10 alt2"><code class="bash spaces"> </code><code class="bash plain">forward first; </code><code class="bash comments"># 本机不能解析的转发给10.10.10.3做解析</code></div>
<div class="line number12 index11 alt1"><code class="bash spaces"> </code><code class="bash plain">forwarders { 10.10.10.3; }; </code><code class="bash comments"># 被转发的服务器IP</code></div>
<div class="line number13 index12 alt2"><code class="bash spaces"> </code><code class="bash plain">/* </code></div>
<div class="line number14 index13 alt1"><code class="bash spaces"> </code><code class="bash plain">- If you are building an AUTHORITATIVE DNS server, </code><code class="bash keyword">do</code> <code class="bash plain">NOT </code><code class="bash functions">enable</code> <code class="bash plain">recursion.</code></div>
<div class="line number15 index14 alt2"><code class="bash spaces"> </code><code class="bash plain">- If you are building a RECURSIVE (caching) DNS server, you need to </code><code class="bash functions">enable</code> </div>
<div class="line number16 index15 alt1"><code class="bash spaces"> </code><code class="bash plain">recursion. </code></div>
<div class="line number17 index16 alt2"><code class="bash spaces"> </code><code class="bash plain">- If your recursive DNS server has a public IP address, you MUST </code><code class="bash functions">enable</code> <code class="bash plain">access </code></div>
<div class="line number18 index17 alt1"><code class="bash spaces"> </code><code class="bash plain">control to limit queries to your legitimate </code><code class="bash functions">users</code><code class="bash plain">. Failing to </code><code class="bash keyword">do</code> <code class="bash plain">so will</code></div>
<div class="line number19 index18 alt2"><code class="bash spaces"> </code><code class="bash plain">cause your server to become part of large scale DNS amplification </code></div>
<div class="line number20 index19 alt1"><code class="bash spaces"> </code><code class="bash plain">attacks. Implementing BCP38 within your network would greatly</code></div>
<div class="line number21 index20 alt2"><code class="bash spaces"> </code><code class="bash plain">reduce such attack surface </code></div>
<div class="line number22 index21 alt1"><code class="bash spaces"> </code><code class="bash plain">*/</code></div>
<div class="line number23 index22 alt2"><code class="bash spaces"> </code><code class="bash plain">recursion </code><code class="bash functions">yes</code><code class="bash plain">;</code></div>
<div class="line number24 index23 alt1"> </div>
<div class="line number25 index24 alt2"><code class="bash spaces"> </code><code class="bash plain">dnssec-</code><code class="bash functions">enable</code> <code class="bash plain">no; </code><code class="bash comments">#关闭 </code></div>
<div class="line number26 index25 alt1"><code class="bash spaces"> </code><code class="bash plain">dnssec-validation no; </code><code class="bash comments">#关闭</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>语法检查然后重启bind</p>
<div>
<div id="highlighter_760635" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># systemctl restart named.service</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>验证:</p>
<div>
<div id="highlighter_159036" class="syntaxhighlighterbash">
<table border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
<div class="line number4 index3 alt1">4</div>
<div class="line number5 index4 alt2">5</div>
<div class="line number6 index5 alt1">6</div>
<div class="line number7 index6 alt2">7</div>
<div class="line number8 index7 alt1">8</div>
<div class="line number9 index8 alt2">9</div>
<div class="line number10 index9 alt1">10</div>
<div class="line number11 index10 alt2">11</div>
<div class="line number12 index11 alt1">12</div>
<div class="line number13 index12 alt2">13</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># ping www.baidu.com</code></div>
<div class="line number2 index1 alt1"><code class="bash plain">PING www.a.shifen.com (220.181.112.244) 56(84) bytes of data.</code></div>
<div class="line number3 index2 alt2"><code class="bash plain">64 bytes from 220.181.112.244: icmp_seq=1 ttl=128 </code><code class="bash functions">time</code><code class="bash plain">=6.67 ms</code></div>
<div class="line number4 index3 alt1"><code class="bash plain">p64 bytes from 220.181.112.244: icmp_seq=2 ttl=128 </code><code class="bash functions">time</code><code class="bash plain">=6.60 ms</code></div>
<div class="line number5 index4 alt2"><code class="bash plain">^C</code></div>
<div class="line number6 index5 alt1"><code class="bash plain">--- www.a.shifen.com </code><code class="bash functions">ping</code> <code class="bash plain">statistics ---</code></div>
<div class="line number7 index6 alt2"><code class="bash plain">2 packets transmitted, 2 received, 0% packet loss, </code><code class="bash functions">time</code> <code class="bash plain">1005ms</code></div>
<div class="line number8 index7 alt1"><code class="bash plain">rtt min</code><code class="bash plain">/avg/max/mdev</code> <code class="bash plain">= 6.608</code><code class="bash plain">/6</code><code class="bash plain">.640</code><code class="bash plain">/6</code><code class="bash plain">.672</code><code class="bash plain">/0</code><code class="bash plain">.032 ms</code></div>
<div class="line number9 index8 alt2"><code class="bash plain"></code><code class="bash comments"># ping www.wlm.com</code></div>
<div class="line number10 index9 alt1"><code class="bash plain">PING www.wlm.com (10.10.10.4) 56(84) bytes of data.</code></div>
<div class="line number11 index10 alt2"><code class="bash plain">^C</code></div>
<div class="line number12 index11 alt1"><code class="bash plain">--- www.wlm.com </code><code class="bash functions">ping</code> <code class="bash plain">statistics ---</code></div>
<div class="line number13 index12 alt2"><code class="bash plain">2 packets transmitted, 0 received, 100% packet loss, </code><code class="bash functions">time</code> <code class="bash plain">1001ms</code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>总结:总体上,DNS的配置还是比较简单的。虽然在日常运维中,可能不需要进行实战,毕竟企业内部部署域名服务器的不多,即使有,也是后期的维护了。但是作为运维人员,熟悉DNS的工作原理是非常必要的,通过这些配置,我相信你已经真正的熟悉了DNS。</strong></p><br><br>
来源:https://www.cnblogs.com/duanlinxiao/p/10808677.html
頁:
[1]