Linux 配置DNS域名解析服务器
<p></p><div class="toc"><div class="toc-container-header">目录</div><ul><li>1. DNS分布式结构</li><li>2. 域名解析过程</li><li>3. 解析方式</li><li>4. bind 配置服务软件<ul><li>(1)安装bind软件</li><li>(2)配置文件</li></ul></li><li>5. 配置DNS主服务器<ul><li>(1)正向解析</li><li>(2)反向解析</li></ul></li><li>6. 配置DNS从服务器</li><li>(1)更改主服务器</li><li>(2)配置从服务器</li></ul></div><p></p><h3 id="1-dns分布式结构">1. DNS分布式结构</h3>
<table>
<thead>
<tr>
<th>结构</th>
<th>含义</th>
</tr>
</thead>
<tbody>
<tr>
<td>.</td>
<td>根(全球共13台)</td>
</tr>
<tr>
<td>cn. jp.</td>
<td>顶级域</td>
</tr>
<tr>
<td>com.cn.</td>
<td>com. 就是二级域</td>
</tr>
<tr>
<td>baidu.com.cn.</td>
<td>baidu. 就是子域(需要购买,全球唯一)</td>
</tr>
</tbody>
</table>
<h3 id="2-域名解析过程">2. 域名解析过程</h3>
<p>查询:</p>
<p>本地缓存 ------> dns域名服务器 ------> 根服务器 ------> 顶级域 ------> 二级域 ------> 子域</p>
<p>先查本地的dns缓存,如果没有,到dns域名解析服务器查找,若是还是没有,就到根服务器找,找不到就到顶级域,找不到就去二级域找,找不到再到子域</p>
<p>返回:</p>
<p>查询结果 ------> dns域名服务器 ------> 本地缓存 ------> 用户 ------> ip地址</p>
<p>将返回结果先发送至域名解析服务器,域名解析服务器将结果发送到本地,再发送给用户</p>
<p>迭代:</p>
<p>查询 --- 从根服务器到子域的查询过程</p>
<p>递归:</p>
<p>返回 --- 从dns域名服务器到返回ip地址的过程</p>
<h3 id="3-解析方式">3. 解析方式</h3>
<p><strong>三种解析方式</strong></p>
<p>正向解析:</p>
<p>从域名解析出ip地址</p>
<p>反向解析:</p>
<p>从ip地址解析出域名</p>
<p>主从服务器解析:</p>
<p>主服务器停止工作,从服务器可以继续承担任务</p>
<p><strong>解析命令:</strong></p>
<p>nslookup 域名/ip地址</p>
<p>可以正向解析也可以反向解析,但需要配置</p>
<h3 id="4-bind-配置服务软件">4. bind 配置服务软件</h3>
<p>bind 软件</p>
<p>开源软件</p>
<p>用于内网划分dns</p>
<p>外网地址划分需要注册、付费</p>
<p>内网地址划分不需要注册、免费,方便内部进行访问和使用</p>
<p>服务类型:</p>
<p>根区域 hint</p>
<p>主区域 master</p>
<p>从区域 slave</p>
<h4 id="1安装bind软件">(1)安装bind软件</h4>
<pre><code class="language-shell"># 本地yum源和在线yum源都可以安装
# yum -y install bind
</code></pre>
<h4 id="2配置文件">(2)配置文件</h4>
<p><strong>① 主区域配置文件</strong></p>
<p>作用:</p>
<p>用于配置服务、配置监听地址</p>
<p>位置:</p>
<p>/etc/named.conf</p>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729276-382636947.png" alt="" loading="lazy"><br>
<img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729312-1054050893.png" alt="" loading="lazy"><br>
<img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729268-384664805.png" alt="" loading="lazy"></p>
<p><strong>② 区域配置文件</strong></p>
<p>作用:</p>
<p>指定区域数据文件</p>
<p>位置:</p>
<p>/etc/named.rfc1912.zones</p>
<p><strong>③ 区域数据配置文件</strong></p>
<p>作用:</p>
<p>配置正向及反向解析</p>
<p>位置:</p>
<p>/var/named/named.localhost</p>
<h3 id="5-配置dns主服务器">5. 配置DNS主服务器</h3>
<p>配置主区域文件</p>
<pre><code class="language-shell"># 备份配置文件
# cd /etc
# cp named.conf named.conf.bak20230520
# vim named.conf
# 将解析服务器主机ip设置为本机的ip地址
# 允许所有网段的客户机访问
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729324-328417582.png" alt="" loading="lazy"></p>
<h4 id="1正向解析">(1)正向解析</h4>
<p>① 配置区域文件</p>
<pre><code class="language-shell"># 备份配置文件
# cd /etc
# cp named.rfc1912.zones named.rfc1912.zones.bak
# vim named.rfc1912.zones
# 设置域名为 host1.com
# 类型为master(主区域)
# 设置区域数据配置文件的文件名
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729310-550334428.png" alt="" loading="lazy"></p>
<p>② 配置区域数据配置文件</p>
<p>默认的区域数据配置文件在 /var/named/named.localhost</p>
<pre><code class="language-shell"># cd /var/named
# cp -a named.localhost host1.com.zone
# vim host1.com.zone
$TTL 1D
@ IN SOAhost1.com. admin.host1.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS host1.com.
A 192.168.23.5
www INA 192.168.23.10
INMX10 mail.host1.com.
mail IN A 192.168.23.15
AAAA ::1
# 重启named服务
# systemctl restart named
# 修改DNS域名解析配置文件(192.168.23.5 、23.10 、23.15 主机都要更改)
# vim /etc/resolv.conf
nameserver 192.168.23.5
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729438-69890683.png" alt="" loading="lazy"></p>
<p>③ 重启named服务</p>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729288-1383983130.png" alt="" loading="lazy"></p>
<p>④ 修改DNS域名解析配置文件(192.168.23.5 、23.10 、23.15 主机都要更改)</p>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729284-35207097.png" alt="" loading="lazy"></p>
<p>⑤ 正向解析检测</p>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729338-447259142.png" alt="" loading="lazy"></p>
<h4 id="2反向解析">(2)反向解析</h4>
<p>① 配置区域文件</p>
<pre><code class="language-shell"># 进入区域配置文件
# vim /etc/named.rfc1912.zones
# 添加反向解析配置
zone "23.168.192.in-addr.arpa" IN {
type master;
file "host1.com.zone.local";
allow-update { none; };
};
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729344-1778586594.png" alt="" loading="lazy"></p>
<p>② 配置区域数据文件</p>
<pre><code class="language-shell"># 创建反向解析区域配置文件
# cd /var/named
# cp -a host1.com.zone host1.com.zone.local
# 进入配置反向解析区域配置文件
# vim host1.com.zone.local
$TTL 1D
@ IN SOAhost1.com. admin.host1.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS host1.com.
A 192.168.23.5
10 INPTR www.host1.com.
15 INPTR mail.host1.com.
AAAA ::1
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729347-2088602878.png" alt="" loading="lazy"></p>
<p>③ 重启named服务</p>
<pre><code class="language-shell"># systemctl restart named
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729324-449515428.png" alt="" loading="lazy"><br>
④ 修改DNS域名解析配置文件(192.168.23.5 、23.10 、23.15 主机都要更改)</p>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729538-2096788452.png" alt="" loading="lazy"></p>
<p>⑤ 反向解析检测</p>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729320-869250404.png" alt="" loading="lazy"></p>
<h3 id="6-配置dns从服务器">6. 配置DNS从服务器</h3>
<h3 id="1更改主服务器">(1)更改主服务器</h3>
<pre><code class="language-shell"># 更改主服务器
# vim /etc/named.rfc1912.zones
zone "host1.com" IN {
type master;
file "host1.com.zone";
allow-transfer { 192.168.23.20; };
};
zone "23.168.192.in-addr.arpa" IN {
type master;
file "host1.com.zone.local";
allow-transfer { 192.168.23.20; }
};
# 重启主服务器named服务
# systemctl restart named
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729387-1901215807.png" alt="" loading="lazy"><br>
<img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729310-1581379064.png" alt="" loading="lazy"></p>
<h3 id="2配置从服务器">(2)配置从服务器</h3>
<p>① 配置主区域配置文件</p>
<pre><code class="language-shell"># 从服务器安装bind软件
# yum -y install bind
# 配置从服务器的主区域配置文件
# vim /etc/named.conf
# 监听所有网段的客户机
# 允许所有网段的客户机访问
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729346-2038075387.png" alt="" loading="lazy"></p>
<p>② 配置区域配置文件</p>
<pre><code class="language-shell"># vim /etc/named.rfc1912.zones
# 添加正向解析和反向解析配置
zone "host1.com" IN {
type slave;
file "slaves/host1.com.zone";
masters { 192.168.23.5; };
};
zone "23.168.192.in-addr.arpa" IN {
type slave;
file "slaves/host1.com.zone.local";
masters { 192.168.23.5; };
};
# 重启named服务
# systemctl restart named
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729358-622200833.png" alt="" loading="lazy"><br>
<img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729484-1633156133.png" alt="" loading="lazy"><br>
③ 分别配置主、从服务器的DNS配置文件</p>
<pre><code class="language-shell">root@localhost ~]# vim /etc/resolv.conf
nameserver 192.168.168.5
nameserver 192.168.168.20
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729339-1060244950.png" alt="" loading="lazy"></p>
<p>④ 检验主、从服务器的区域数据配置文件是否同步</p>
<pre><code class="language-shell"># cd /var/named
# ls
datadynamicnamed.canamed.emptynamed.localhostnamed.loopbackslaves
# cd slaves/
# ls
host1.com.zonehost1.com.zone.local
</code></pre>
<p><img src="https://img2023.cnblogs.com/blog/3180498/202305/3180498-20230529024729351-552868102.png" alt="" loading="lazy"></p><br><br>
来源:https://www.cnblogs.com/m-zhuang/p/17422187.html
頁:
[1]