DNS之缓存服务器和正向+反向解析的构建
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了DNS之缓存服务器和正向+反向解析的构建相关的知识,希望对你有一定的参考价值。
构建一个DNS服务器
fade.com 网段为192.168.139.0/24
NS服务器为 ns1.fade.com 192.168.139.11
www.fade.com 为 192.168.139.12 和 192.168.139.13
mail.fade.com 为 192.168.139.14
ftp.fade.com 别名为www.fade.com
[[email protected] ~]# yum install bind bind-libs bind-utils
[[email protected] ~]# rpm -ql bind
/etc/named.conf bind的配置文件,可以定义bind进程的工作属性区域定义文件
/etc/rc.d/init.d/named 服务脚本启动文件
/etc/rndc.conf 远程名称服务控制工具的配置文件
/etc/rndc.key 密钥文件
/etc/sysconfig/named 服务脚本配置文件
/usr/lib64/bind 库文件
[email protected] ~]# cd /var/named/
[[email protected] named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
named.localhost 将127.0.0.1解析为localhost
named.loopback 将localhost解析为127.0.0.1
[[email protected] named]# cat named.ca
a.root-server.net -- m.root-server.net全球13台根服务器的A记录
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
;
; FORMERLY C.PSI.NET
.......
......
......
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file
[[email protected] bind]# dig -t NS .
如果联网的话可以用dig命令直接查找出DNS的所有根服务器
[[email protected] bind]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
注:DNS服务的服务名为named
DNS协议监听的协议/端口 : 53/udp 和 53/tcp(从服务器与主服务器之间进行区域传送为了安全为TCP) 953/tcp(rndc远程DNS服务控制工具监听的端口)
[[email protected] bind]# vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; }; 监听在本机的53好端口,这样只能给本机提供服务不能为远程客户端提供服务
listen-on-v6 port 53 { ::1; }; 监听调度ipv6端口
directory "/var/named"; *区域数据文件
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; }; 只允许本地进行查询
recursion yes; 允许递归
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[[email protected] bind]# vim /etc/named.conf
options { 全局段
directory "/var/named";
};
zone "." IN { 根区域段
type hint;提示区域
file "named.ca"; 区域文件为/var/named/name.ca
};
zone "localhost" IN { 正向区域段
type master; 主区域
file "named.localhost"; 系统自带的正向解析文件,也可 以自建一个
};
zone "0.0.127.in-addr.arpa" IN { 反向区域段
type master;
file "named.loopback";
};
[[email protected] bind]# chown root:named /etc/named.conf
[[email protected] bind]# chmod 640 /etc/named.conf 修改权限
[[email protected] bind]# named-checkconf 检查主配置文件语法
[[email protected] bind]# named-checkzone "." /var/named/named.ca 检查根区域语法
zone ./IN: has 0 SOA records
zone ./IN: not loaded due to errors. 提示有错误没有加载(不要紧)
[[email protected] bind]# named-checkzone "localhost" /var/named/named.localhost
zone localhost/IN: loaded serial 0 加载成功
OK
[[email protected] bind]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
OK
[[email protected] bind]# service named start
Starting named: [ OK ]
[[email protected] bind]# netstat -tunlp
udp 0 0 192.168.139.2:53 0.0.0.0:* 2804/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 804/named
tcp 0 0 192.168.139.2:53 0.0.0.0:* 2804/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* 2804/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* 2804/named
[[email protected] bind]# vim /etc/resolv.conf
search node1.com
nameserver 192.168.139.2 #本机的IP
测试一下这台主机能不能直接连接互联网进行DNS解析
[[email protected] bind]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=54 time=25.9 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=54 time=24.1 ms
64 bytes from 61.135.169.121: icmp_seq=3 ttl=54 time=22.1 ms
64 bytes from 61.135.169.121: icmp_seq=4 ttl=54 time=22.9 ms
64 bytes from 61.135.169.121: icmp_seq=5 ttl=54 time=22.2 ms
可以看到能够进行解析(本机会去请求根,再一次次的迭代找到www.baidu.com的IP),这样一个DNS缓存服务器就构成了
让本机也能进行DNS解析
[[email protected] bind]# chkconfig named on
[[email protected] bind]# vim /etc/named.conf
新加一个区域
zone "fade.com" IN { type master;
file "fade.com.zone";
};
[[email protected] bind]# vim /var/named/fade.com.zone
$TTL 600
fade.com. IN SOA ns1.fade.com admin.fade.com. (
2017022101
1H
5M
1D
6H)
fade.com. IN NS ns1.fade.com.
IN MX 10 mail
ns1 IN A 192.168.139.11
mail IN A 192.168.139.14
www IN A 192.168.139.12
www IN A 192.168.139.13
ftp IN CNAME www
[[email protected] bind]# chmod 640 /var/named/fade.com.zone
[[email protected] bind]# chown root.named /var/named/fade.com.zone
[[email protected] bind]# service named restart
[[email protected] bind]# dig -t A www.fade.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> -t A www.fade.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13925
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION: 你的问题
;www.fade.com.INA
;; ANSWER SECTION: 给你的答案
www.fade.com.600INA192.168.139.12
www.fade.com.600INA192.168.139.13
;; AUTHORITY SECTION: 提供权威答案的服务器是ns1.fade.com
fade.com.600INNSns1.fade.com.
;; ADDITIONAL SECTION: ns1的A记录
ns1.fade.com.600INA192.168.139.11
;; Query time: 1 msec
;; SERVER: 192.168.139.2#53(192.168.139.2)
;; WHEN: Tue Feb 21 12:57:26 2017
;; MSG SIZE rcvd: 96
[[email protected] bind]#dig -x 192.168.139.12(进行反向查询,但我还没配置反向查询段)
host命令的用法
[[email protected] bind]# host -t A www.fade.com
www.fade.com has address 192.168.139.12
www.fade.com has address 192.168.139.13
[[email protected] bind]# host -t NS fade.com
fade.com name server ns1.fade.com.
让能进行发向DNS解析
[[email protected] bind]# vim /etc/named.conf
加入正向解析段
zone "139.168.192.in-addr.arpa" IN {
type master;
file "192.168.139.zone";
};
[[email protected] bind]# vim /var/named/192.168.139.zone
$TTL 600
@ IN SOA ns1.fade.com admin.fade.com.(
2017022101
1H
5M
1D
6H)
IN NS ns1.fade.com.
11 IN PTR ns1.fade.com.
12 IN PTR www.fade.com.
13 IN PTR www.fade.com.
14 IN PTR mail.fade.com.
[[email protected] bind]# named-checkzone "139.168.192.in-addr.arpa" /var/named/192.168.139.zone
zone 139.168.192.in-addr.arpa/IN: loaded serial 2017022101
OK
[[email protected] bind]# service named restart
用Windows进行测试
泛域名解析(当用户访问了一个不从在的页面时,可以用URL重定向到一个默认的错误页面,提醒用户出错了)
在正向解析文件/var/named/fade.com.zone中加入
*.fade IN A 192.168.139.12
则用户访问*.fade 时就会自动转换到192.168.139.12这台服务器
到此我们的这台主机既可以进行正向解析,也能够进行反向解析,还能够作为DNS缓存服务器使用
想要建立网站,可以在godaddy.com(在这个网站进行注册不用在中国政府进行备案)上注册一个域名,再买一个虚拟机,就可以建立自己的网站了
本文出自 “11097124” 博客,请务必保留此出处http://11107124.blog.51cto.com/11097124/1899793
以上是关于DNS之缓存服务器和正向+反向解析的构建的主要内容,如果未能解决你的问题,请参考以下文章
企业dns服务器部署详解(上)—高速缓存dns搭建/dns正反向解析