dns
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了dns相关的知识,希望对你有一定的参考价值。
1.单台DNS,本机IP:192.168.56.13
2.系统版本
[[email protected] ~]# cat /etc/redhat-release CentOS release 6.8 (Final) [[email protected] ~]# uname -a Linux localhost.localdomain 2.6.32-642.13.1.el6.x86_64 #1 SMP Wed Jan 11 20:56:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [[email protected] ~]#
3.安装dns
yum install bind-utils bind bind-devel bind-chroot -y [[email protected] ~]# rpm -qa bind-utils bind bind-devel bind-chroot bind-chroot-9.8.2-0.62.rc1.el6_9.2.x86_64 bind-devel-9.8.2-0.62.rc1.el6_9.2.x86_64 bind-9.8.2-0.62.rc1.el6_9.2.x86_64 bind-utils-9.8.2-0.62.rc1.el6_9.2.x86_64 [[email protected] ~]#
4.修改DNS的主配置文件
[[email protected] ~]# >/etc/named.conf [[email protected] ~]# vim /etc/named.conf [[email protected] ~]# cat /etc/named.conf options { version "1.1.1"; listen-on port 53 {any;}; directory "/var/named/chroot/etc/"; pid-file "/var/named/chroot/var/run/named/named.pid"; allow-query { any; }; Dump-file "/var/named/chroot/var/log/binddump.db"; Statistics-file "/var/named/chroot/var/log/named_stats"; zone-statistics yes; memstatistics-file "log/mem_stats"; empty-zones-enable no; forwarders {202.106.196.115;8.8.8.8; }; }; key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; logging { channel warning { file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m; severity warning; print-category yes; print-severity yes; print-time yes; }; channel general_dns { file "/var/named/chroot/var/log/dns_log" versions 10 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category default { warning; }; category queries { general_dns; }; }; include "/var/named/chroot/etc/view.conf"; [[email protected] ~]#
5.修改rndc.key配置文件
[[email protected] ~]# vim /etc/rndc.key [[email protected] ~]# cat /etc/rndc.key key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; [[email protected] ~]#
6.修改rndc.conf 配置文件
[[email protected] ~]# vim /etc/rndc.conf [[email protected] ~]# cat /etc/rndc.conf key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; [[email protected] ~]#
7.修改域配置文件
[[email protected] ~]# cat /var/named/chroot/etc/view.conf view "View" { zone "sense.com" { type master; file "sense.com.zone"; allow-transfer { #默认是master DNS 允许哪台从的服务器来同步 10.255.253.211; }; notify yes; also-notify { #master的配置改变 通知哪台从的DNS来同步,待会部署从DNS在修改 10.255.253.211; }; }; }; [[email protected] ~]#
8.
此配置文件是/var/named/chroot/etc/view.conf包含的 默认是同一级的目录 [[email protected] etc]# vim sense.com.zone [[email protected] etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 [[email protected] etc]# pwd /var/named/chroot/etc [[email protected] etc]#
9.赋予权限并启动
cd /var && chown -R named.named named/ /etc/init.d/named start chkconfig named on
10.测试A记录
[[email protected] etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 #自己制定加了一个 [[email protected] etc]# pwd /var/named/chroot/etc [[email protected] etc]# [[email protected] etc]# rndc reload #除了named.conf修改其余 reload即可 WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful [[email protected] etc]#
[[email protected] etc]# dig @192.168.56.13 a.sense.com #指定DNS 否则默认/etc/resolv.conf ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> @192.168.56.13 a.sense.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44448 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;a.sense.com. IN A ;; ANSWER SECTION: a.sense.com. 3600 IN A 202.56.102.100 #可以看出 结果OK ;; AUTHORITY SECTION: sense.com. 3600 IN NS op.sense.com. ;; ADDITIONAL SECTION: op.sense.com. 3600 IN A 1.2.3.4 ;; Query time: 1 msec ;; SERVER: 192.168.56.13#53(192.168.56.13) ;; WHEN: Mon May 29 15:47:25 2017 ;; MSG SIZE rcvd: 78 [[email protected] etc]#
11.实现DNS负载均衡(一个域名多个IP)
[[email protected] etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 a A 202.56.102.100 [[email protected] etc]# rndc reload
设置成本机的IP DNS
[[email protected] etc]# cat /etc/resolv.conf nameserver 192.168.56.13 [[email protected] etc]#
[[email protected] etc]# ping a.sense.com PING a.sense.com (202.56.102.101) 56(84) bytes of data. ^C --- a.sense.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 771ms [[email protected] etc]# ping a.sense.com PING a.sense.com (202.56.102.100) 56(84) bytes of data. ^C --- a.sense.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 614ms [[email protected] etc]# ping a.sense.com PING a.sense.com (202.56.102.101) 56(84) bytes of data. ^C --- a.sense.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 535ms [[email protected] etc]# 可以看出虽然ping不通 但是已经实现了DNS负载均衡,而且RR轮询的算法
12.智能DNS(一个IP 对应多个域名 后端可以用nginx配置)
[[email protected] etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 a A 202.56.102.101 develop A 203.55.101.4 cms A 203.55.101.4 [[email protected] etc]# rndc reload [[email protected] etc]# ping cms.sense.com #可以看出已经解析 PING cms.sense.com (203.55.101.4) 56(84) bytes of data. ^C --- cms.sense.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 752ms [[email protected] etc]# ping develop.sense.com #可以看出已经解析 PING develop.sense.com (203.55.101.4) 56(84) bytes of data. ^C --- develop.sense.com ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1103ms [[email protected] etc]#
13.cname 测试(一个域名cname到另外一个域名)
[[email protected] etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 develop A 203.55.101.4 cms A 203.55.101.4 dw CNAME a.sense.com. [[email protected] etc]# 测试: [[email protected] etc]# dig @192.168.56.13 dw.sense.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> @192.168.56.13 dw.sense.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33977 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;dw.sense.com. IN A ;; ANSWER SECTION: dw.sense.com. 3600 IN CNAME a.sense.com. #测试成功 a.sense.com. 3600 IN A 202.56.102.100 ;; AUTHORITY SECTION: sense.com. 3600 IN NS op.sense.com. ;; ADDITIONAL SECTION: op.sense.com. 3600 IN A 1.2.3.4 ;; Query time: 3 msec ;; SERVER: 192.168.56.13#53(192.168.56.13) ;; WHEN: Mon May 29 16:12:42 2017 ;; MSG SIZE rcvd: 95 [[email protected] etc]#
14.mx记录(邮件服务器的地址)
[[email protected] etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 develop A 203.55.101.4 cms A 203.55.101.4 dw CNAME a.sense.com. mx MX 5 192.168.100.253 #增加的mx记录 [[email protected] etc]# [[email protected] etc]# host mx.sense.com mx.sense.com mail is handled by 5 192.168.100.253.sense.com. [[email protected] etc]#
15.DNS主从配置(192.168.56.13为maste主的DNS服务器 192.168.56.14为从的DNS服务器)
[[email protected] ~]# >/etc/named.conf [[email protected] ~]# vim /etc/named.conf [[email protected] ~]# cat /etc/named.conf options { version "1.1.1"; listen-on port 53 {any;}; directory "/var/named/chroot/etc/"; pid-file "/var/named/chroot/var/run/named/named.pid"; allow-query { any; }; Dump-file "/var/named/chroot/var/log/binddump.db"; Statistics-file "/var/named/chroot/var/log/named_stats"; zone-statistics yes; memstatistics-file "log/mem_stats"; empty-zones-enable no; forwarders {202.106.196.115;8.8.8.8; }; }; key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; logging { channel warning { file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m; severity warning; print-category yes; print-severity yes; print-time yes; }; channel general_dns { file "/var/named/chroot/var/log/dns_log" versions 10 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category default { warning; }; category queries { general_dns; }; }; include "/var/named/chroot/etc/view.conf"; [[email protected] ~]#
[[email protected] ~]# cat /etc/rndc.key key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; [[email protected] ~]#
[[email protected] ~]# vim /etc/rndc.key [[email protected] ~]# cat /etc/rndc.key key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; [[email protected] ~]# vim /etc/rndc.conf [[email protected] ~]# cat /etc/rndc.conf key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; [[email protected] ~]#
[[email protected] ~]# vim /var/named/chroot/etc/view.conf [[email protected] ~]# cat /var/named/chroot/etc/view.conf view "SlaveView" { zone "sense.com" { type slave; masters {192.168.56.13; }; file "slave.sense.com.zone"; }; }; [[email protected] ~]#
去192.168.56.13 修改配置文件
[[email protected] etc]# vim /var/named/chroot/etc/view.conf [[email protected] etc]# cat /var/named/chroot/etc/view.conf view "View" { zone "sense.com" { type master; file "sense.com.zone"; allow-transfer { 192.168.56.14; #此处改为192.168.56.14 }; notify yes; also-notify { 192.168.56.14;#此处改为192.168.56.14 }; }; }; [[email protected] etc]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful [[email protected] etc]#
启动192.168.56.14服务
[[email protected] ~]# cd /var && chown -R named.named named/ [[email protected] var]# /etc/init.d/named start Starting named: [ OK ] [[email protected] var]# chkconfig named on
校验在192.168.56.14上面,可以看出记录都同步过来了
[[email protected] etc]# cat slave.sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. a A 202.56.102.100 cms A 203.55.101.4 develop A 203.55.101.4 dw CNAME a mx MX 5 192.168.100.253 op A 1.2.3.4 shanks A 1.2.3.4 [[email protected] etc]# pwd /var/named/chroot/etc [[email protected] etc]#
错误点总结:
[[email protected] etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 b A 202.56.102.100 #新加的,如果是新加的 serial 得加一 否则从节点不成效 develop A 203.55.101.4 cms A 203.55.101.4 dw CNAME a.sense.com. mx MX 5 192.168.100.253 [[email protected] etc]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful [[email protected] etc]# [[email protected] etc]# cat slave.sense.com.zone #可以看出从节点没有生效 $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. a A 202.56.102.100 cms A 203.55.101.4 develop A 203.55.101.4 dw CNAME a mx MX 5 192.168.100.253 op A 1.2.3.4 shanks A 1.2.3.4 [[email protected] etc]# serial序列号加1主节点192.168.56.13 [[email protected] etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2001 ; serial #此处加一 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 b A 202.56.102.100 develop A 203.55.101.4 cms A 203.55.101.4 dw CNAME a.sense.com. mx MX 5 192.168.100.253 [[email protected] etc]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful [[email protected] etc]# 从节点192.168.56.14校验 可以看出很快就过来了 [[email protected] etc]# cat slave.sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2001 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. a A 202.56.102.100 b A 202.56.102.100 cms A 203.55.101.4 develop A 203.55.101.4 dw CNAME a mx MX 5 192.168.100.253 op A 1.2.3.4 shanks A 1.2.3.4 [[email protected] etc]#
本文出自 “砖家博客” 博客,请务必保留此出处http://wsxxsl.blog.51cto.com/9085838/1930586
以上是关于dns的主要内容,如果未能解决你的问题,请参考以下文章