DayDayUP_Linux运维学习_DNS安装与使用
来源:互联网 发布:在线数据库设计 编辑:程序博客网 时间:2024/06/04 19:44
DNS原理相关
DNS 为Domain Name System(域名系统)的缩写,它是一种将ip地址转换成对应的主机名或将主机名转换成与之相对应ip地址的一种服务机制。
其中通过域名解析出ip地址的叫做正向解析,通过ip地址解析出域名的叫做反向解析。 DNS使用TCP和UDP, 端口号都是53, 但它主要使用UDP,服务器之间备份使用TCP。
全世界只有13台“根”服务器,1个主根服务器放在美国,其他12台为辅根服务器,DNS服务器根据角色可以分为:主DNS, 从DNS, 缓存DNS服务器,DNS转发服务器。
使用bind搭建DNS服务器
安装
[root@www ~]# yum install -y bind
配置
[root@www ~]# cp /etc/named.conf /etc/named.conf.bak[root@www ~]# > /etc/named.conf[root@www ~]# vim /etc/named.confoptions { directory "/var/named";#定义子目录,配置文件放在/var/named文件夹下即可};zone "." IN { type hint; file "named.ca";};zone "localhost" IN { type master; file "localhost.zone"; #自定义,后面在/var/named下编辑即可};zone "0.0.127.in-addr.arpa" IN { type master; file "named.local";#自定义,后面在/var/named下编辑即可};[root@www ~]# chown named /etc/named.conf[root@www ~]# cd /var/named/[root@www named]# dig -t NS . > named.ca //用于寻找根服务器[root@www named]# cat named.ca [root@www named]# vim localhost.zone //前面配置文件所定义的@ IN SOA localhost. admin.localhost. ( 2015101901 1H 10M 7D 1D )@ IN NS localhost.localhost. IN A 127.0.0.1[root@www named]# vim named.local$TTL 86400@ IN SOA localhost. admin.localhost. ( 2015101901 1H 10M 7D 1 )@ IN NS localhost.1 IN PTR localhost[root@www named]# named-checkconf ////检测主配置文件[root@www named]# named-checkzone "localhost" /var/named/localhost.zone //检测正向解析/var/named/localhost.zone:1: no TTL specified; using SOA MINTTL insteadzone localhost/IN: loaded serial 2015101901OK[root@www named]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.local //检测反向解析zone 0.0.127.in-addr.arpa/IN: loaded serial 2015101901OK
启动
[root@www named]# rndc-confgen -r /dev/urandom -a //生成 rndc.key, 如果没有这个key namd 是启动不了的。wrote key file "/etc/rndc.key"[root@www named]# chown named:named /etc/rndc.key //更改key的权限[root@www named]# /etc/init.d/named start //启动named服务启动 named: 确定[root@www named]# netstat -lnp |grep named //检查named进程是否监听了53端口tcp 0 0 192.168.2.11:53 0.0.0.0:* LISTEN 15119/named tcp 0 0 192.168.1.110:53 0.0.0.0:* LISTEN 15119/named tcp 0 0 192.168.1.11:53 0.0.0.0:* LISTEN 15119/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15119/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15119/named tcp 0 0 ::1:953 :::* LISTEN 15119/named udp 0 0 192.168.2.11:53 0.0.0.0:* 15119/named udp 0 0 192.168.1.110:53 0.0.0.0:* 15119/named udp 0 0 192.168.1.11:53 0.0.0.0:* 15119/named udp 0 0 127.0.0.1:53 0.0.0.0:* 15119/named
正向测试和方向测试
[root@www named]# dig @127.0.0.1 localhost //格式为 dig @DNSServer 域名; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 localhost; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12472;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;localhost. IN A;; ANSWER SECTION:localhost. 86400 IN A 127.0.0.1;; AUTHORITY SECTION:localhost. 86400 IN NS localhost.;; Query time: 0 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Sun Oct 18 15:18:20 2015;; MSG SIZE rcvd: 57[root@www named]# dig @127.0.0.1 localhost; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 localhost; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12472;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;localhost. IN A;; ANSWER SECTION:localhost. 86400 IN A 127.0.0.1;; AUTHORITY SECTION:localhost. 86400 IN NS localhost.;; Query time: 0 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Sun Oct 18 15:18:20 2015;; MSG SIZE rcvd: 57[root@www named]# dig @127.0.0.1 -x 127.0.0.1 //测试反向解析,格式为 dig @DNSServer -x 域名
增加一个域名hehe.com
[root@www named]# vim /etc/named.confzone "hehe.com" IN { type master; #是一个主 file "hehe.com.zone";#域名配置文件};zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.zone";# 用于反向解析};[root@www named]# vim /var/named/hehe.com.zone //与上面的配置文件相对应$TTL 600 //时间 TTL@ IN SOA hehe.com. root.hehe.com. (//固定时间 2015101901 1H 10M 7D 1D) IN NS ns.hehe.com. IN MX 10 mail.hehe.com.ns IN A 192.168.1.11 //A记录www IN A 192.168.1.12mail IN A 192.168.1.12bbs IN CNAME www.hehe.com. //came [root@www named]# vim /var/named/192.168.zone$TTL 600@ IN SOA ns.hehe.com. root.hehe.com. ( 2015101901 1H 10M 7D 1D)@ IN NS ns.hehe.com.111 IN PTR ns.hehe.com.123 IN PTR mail.hehe.com.122 IN PTR www.hehe.com.
测试是否正确
[root@www named]# named-checkconf [root@www named]# named-checkzone "0.0.127.in-addr.arpa" 192.168.zone zone 0.0.127.in-addr.arpa/IN: loaded serial 2015101901OK[root@www named]# named-checkzone "hehe.com" /var/named/hehe.com.zone zone hehe.com/IN: loaded serial 2015101901OK
重启
[root@www named]# /etc/init.d/named restart
测试
[root@www named]# dig @192.168.1.11 www.hehe.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 www.hehe.com; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22136;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;www.hehe.com. IN A;; ANSWER SECTION:www.hehe.com. 600 IN A 192.168.1.122;; AUTHORITY SECTION:hehe.com. 600 IN NS ns.hehe.com.;; ADDITIONAL SECTION:ns.hehe.com. 600 IN A 192.168.1.111;; Query time: 2 msec;; SERVER: 192.168.1.11#53(192.168.1.11);; WHEN: Sun Oct 18 15:50:04 2015;; MSG SIZE rcvd: 79[root@www named]# dig @192.168.1.11 bbs.hehe.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 bbs.hehe.com; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42901;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;bbs.hehe.com. IN A;; ANSWER SECTION:bbs.hehe.com. 600 IN CNAME www.hehe.com.www.hehe.com. 600 IN A 192.168.1.122;; AUTHORITY SECTION:hehe.com. 600 IN NS ns.hehe.com.;; ADDITIONAL SECTION:ns.hehe.com. 600 IN A 192.168.1.111;; Query time: 3 msec;; SERVER: 192.168.1.11#53(192.168.1.11);; WHEN: Sun Oct 18 15:51:07 2015;; MSG SIZE rcvd: 97[root@www named]# dig @127.0.0.1 -x 192.168.1.111 //反向解析; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 -x 192.168.1.111; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21145;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;111.1.168.192.in-addr.arpa. IN PTR;; Query time: 1 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Sun Oct 18 15:53:03 2015;; MSG SIZE rcvd: 44
配置DNS转发
我们配置的DNS是只能解析我们定义的zone的,我们没有定义的是不能解析的。配置DNS转发就可以解析其他互联网上的域名了,前提是这个域名在互联网中的确在使用,也就是说这个域名已经被某个DNS服务器解析了。
[root@www named]# vim /etc/named.conf将options选项修改为options { directory "/var/named"; forward first; forwarders { 8.8.8.8; };};
测试
[root@www named]# named-checkconf [root@www named]# /etc/init.d/named restart停止 named: [确定]启动 named: [确定][root@www named]# dig @192.168.1.11 www.baidu.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @192.168.1.11 www.baidu.com; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18147;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;www.baidu.com. IN A;; ANSWER SECTION:www.baidu.com. 246 IN CNAME www.a.shifen.com.www.a.shifen.com. 104 IN A 61.135.169.125www.a.shifen.com. 104 IN A 61.135.169.121;; Query time: 1 msec;; SERVER: 192.168.1.11#53(192.168.1.11);; WHEN: Sun Oct 18 16:04:35 2015;; MSG SIZE rcvd: 90
配置主从
主 www 192.168.1.11 已安装bind(必须)
从 test 192.168.1.12 已安装bind(必须)
主
[root@www named]# vim /etc/named.confoptions { directory "/var/named"; forward first; forwarders { 8.8.8.8; };};zone "." IN { type hint; file "named.ca";};zone "localhost" IN { type master; file "localhost.zone";};zone "0.0.127.in-addr.arpa" IN { type master; file "named.local";};zone "hehe.com" IN { type master; file "hehe.com.zone"; notify yes;//增加访问速度,一旦修改立即告诉从 also-notify { 192.168.1.12; }; //从的ip地址};zone "137.168.192.in-addr.arpa" IN { type master; file "192.168.zone"; notify yes; also-notify { 192.168.1.11; };};[root@www named]# named-checkconf [root@www named]# scp /etc/named.conf 192.168.1.12:/etc/[root@www named]# scp /var/named/localhost.zone 192.168.1.12:/var/named/[root@www named]# scp /var/named/named.local 192.168.1.12:/var/named/
从上
[root@test ~]# vim /etc/named.confoptions { directory "/var/named"; forward first; forwarders { 8.8.8.8; };};zone "." IN { type hint; file "named.ca";};zone "localhost" IN { type master; file "localhost.zone";};zone "0.0.127.in-addr.arpa" IN { type master; file "named.local";};zone "hehe.com" IN { type slave; file "slaves/hehe.com.zone"; masters { 192.168.1.11; };};zone "137.168.192.in-addr.arpa" IN { type slave; file "slaves/192.168.zone"; masters { 192.168.1.11; };};[root@test ~]# named-checkconf [root@test ~]# rndc-confgen -r /dev/urandom -awrote key file "/etc/rndc.key"[root@test ~]# chown named:named /etc/rndc.key [root@test ~]# /etc/init.d/named start启动 named: [确定]启动后将会发现在/var/named/slaves有[root@test slaves]# ls -l /var/named/slaves/总用量 8-rw-r--r-- 1 named named 385 10月 18 16:31 192.168.zone-rw-r--r-- 1 named named 385 10月 18 16:31 hehe.com.zone两个文件
注意:
必须同步时间
[root@www named]# ntpdate 202.120.2.101
测试主从同步
在主上执行
[root@www named]# vim /var/named/hehe.com.zone // 在最后增加一行并改变顺列号,使序列号大于原来的 2015101902>2015101901cangls IN A 192.168.1.222root@www named]# /etc/init.d/named restart停止 named: [确定]启动 named: [确定]
说明:
从设备的内容可以修改,但是从变动,主不变,如从变动后,又同步了主的,则以主的为主
但是如过主设备的zone文件的时间小于或等于从设备的zone则会导致文件不会同步
其中2015101902>2015101901
从
[root@test slaves]# vim /var/named/slaves/hehe.com.zone增加一行ccc A 1.2.4.3 并加大序列号 2015101903$ORIGIN .$TTL 600 ; 10 minuteshehe.com IN SOA hehe.com. root.hehe.com. ( 2015101903 ; serial 3600 ; refresh (1 hour) 600 ; retry (10 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns.hehe.com. MX 10 mail.hehe.com.$ORIGIN hehe.com.bbs CNAME wwwcangls A 192.168.1.222mail A 192.168.1.123ns A 192.168.1.111www A 192.168.1.122ccc A 1.2.4.3 [root@test slaves]# /etc/init.d/named restart[root@test slaves]# dig @localhost ccc.hehe.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com; (2 servers found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55988;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;ccc.hehe.com. IN A;; ANSWER SECTION:ccc.hehe.com. 600 IN A 1.2.4.3;; AUTHORITY SECTION:hehe.com. 600 IN NS ns.hehe.com.;; ADDITIONAL SECTION:ns.hehe.com. 600 IN A 192.168.1.111;; Query time: 0 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Sun Oct 18 17:02:13 2015;; MSG SIZE rcvd: 79
可以看到解析为1.2.4.3
主上
root@www named]# vim hehe.com.zone 增加一行ccc IN A 1.2.3.4并且不改变序列号$TTL 600@ IN SOA hehe.com. root.hehe.com. ( 2015101902 1H 10M 7D 1D) IN NS ns.hehe.com. IN MX 10 mail.hehe.com.ns IN A 192.168.1.111www IN A 192.168.1.122mail IN A 192.168.1.123bbs IN CNAME www.hehe.com.cangls IN A 192.168.1.222ccc IN A 1.2.3.4[root@www named]# /etc/init.d/named restart
从上执行
[root@test slaves]# dig @localhost ccc.hehe.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com; (2 servers found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49573;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;ccc.hehe.com. IN A;; ANSWER SECTION:ccc.hehe.com. 600 IN A 1.2.4.3;; AUTHORITY SECTION:hehe.com. 600 IN NS ns.hehe.com.;; ADDITIONAL SECTION:ns.hehe.com. 600 IN A 192.168.1.111;; Query time: 0 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Sun Oct 18 17:06:19 2015;; MSG SIZE rcvd: 79
可以看到解析的为1.2.4.3
因为主上序列号小于从上的,从并不跟随主上的修改
主上执行
[root@www named]# vim hehe.com.zone 增大序列号$TTL 600@ IN SOA hehe.com. root.hehe.com. ( 2015101904 1H 10M 7D 1D) IN NS ns.hehe.com. IN MX 10 mail.hehe.com.ns IN A 192.168.1.111www IN A 192.168.1.122mail IN A 192.168.1.123bbs IN CNAME www.hehe.com.cangls IN A 192.168.1.222ccc IN A 1.2.3.4[root@www named]# /etc/init.d/named restart
从上执行
[root@test slaves]# dig @localhost ccc.hehe.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @localhost ccc.hehe.com; (2 servers found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49573;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;ccc.hehe.com. IN A;; ANSWER SECTION:ccc.hehe.com. 600 IN A 1.2.3.4;; AUTHORITY SECTION:hehe.com. 600 IN NS ns.hehe.com.;; ADDITIONAL SECTION:ns.hehe.com. 600 IN A 192.168.1.111;; Query time: 0 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Sun Oct 18 17:06:19 2015;; MSG SIZE rcvd: 79
可以看到解析的为1.2.3.4
因为主上序列号大于从上的,从跟随主上的修改
- DayDayUP_Linux运维学习_DNS安装与使用
- DayDayUP_Linux运维学习_ftp安装使用
- DayDayUP_Linux运维学习_c.vim插件安装和使用
- DayDayUP_Linux运维学习_NFS搭建与使用
- DayDayUP_Linux运维学习_sqlite3安装
- DayDayUP_Linux运维学习_LAMP的安装
- DayDayUP_Linux运维学习_cobbler安装教程
- DayDayUP_Linux运维学习_oracle11g安装教程
- DayDayUP_linux运维学习_lrzsz安装过程
- DayDayUP_Linux运维学习_mysql安装(源码编译安装)
- DayDayUP_Linux运维学习_linux下安装gcc环境
- DayDayUP_Linux运维学习_MySQL 5.6.27 源码编译安装
- DayDayUP_Linux运维学习_MySQL 主从配置
- DayDayUP_Linux运维学习_linux下Tomcat的安装(包含jdk的安装)
- DayDayUP_Linux运维学习_Jsp 相关环境的搭建
- DayDayUP_Linux运维学习_VMware克隆后找不到eth0
- DayDayUP_Linux运维学习_查看linux的版本信息
- DayDayUP_Linux运维学习_交叉编译环境的搭建
- web.xml中listener, filter, servlet加载顺序
- Linux网卡切换测试
- 每周更新知识
- opencv 2 学习笔记1
- shell let expr $(()) 命令
- DayDayUP_Linux运维学习_DNS安装与使用
- 用整数类型处理货币
- CAS单点登录那点事(一)
- CocoaPods安装和使用
- 【IOS 开发学习总结-OC-56】故事板storyborad的segue
- 获取最新的、趋势性的、专业性的信息,保持竞争力
- NUC.2015.秋.队内训练赛-第一场
- Objective-C Foundation框架实践——NSMutableArray(一)
- 在Spring中缓存applicationContext