DNS查询过程及DNS服务器简单搭建

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了DNS查询过程及DNS服务器简单搭建相关的知识,希望对你有一定的参考价值。

1、描述DNS查询过程以及DNS服务器类别。

    DNS查询过程:

    一次完整的查询请求经过的流程:

    Client--> hosts文件 --> DNS Local Cache --> DNS Server (recursion) -->

         自己负责解析的域:直接查询数据库并返回答案;

         不是自己负责解析域:ServerCache --> iteration(迭代)

    DNS服务器类别:

         -DNS服务器:

         DNS服务器:维护所负责解析的域数据库的那台服务器;读写操作均可进行;

         DNS服务器:从主DNS服务器那里或其它的从DNS服务器那里“复制”一份解析库;但只能进行读操作;

             “复制”操作的实施方式:

               序列号:serial, 也即是数据库的版本号;主服务器数据库内容发生变化时,其版本号递增;

               刷新时间间隔:refresh,从服务器每多久到主服务器检查序列号更新状况;

               重试时间间隔:retry,从服务器从主服务器请求同步解析库失败时,再次发起尝试请求的时间间隔;

               过期时长:expire,从服务器始终联系不到主服务器时,多久之后放弃从主服务器同步数据;停止提供服务;

               否定答案的缓存时长:

2、搭建一套DNS服务器,负责解析magedu.com域名(自行设定主机名及IP

  (1)、能够对一些主机名进行正向解析和逆向解析;

  (2)、对子域cdn.magedu.com进行子域授权,子域负责解析对应子域中的主机名;

  (3)、为了保证DNS服务系统的高可用性,请设计一套方案,并写出详细的实施过程

 

         首先安装配置bind:

                   yuminstall bind -y

                   servicenamed start 

                            systemctlstart  named.servicecentos7)

                   ss-tunl |grep 53

         bind

                            主配置文件:/etc/named.conf

                                     或包含进来其它文件;

                                               /etc/named.iscdlv.key

                                               /etc/named.rfc1912.zones

                                               /etc/named.root.key

                            析库文件:

                                     /var/named/目录下;

                                               一般名字为:ZONE_NAME.zone

                                              

               注意:(1) 一台DNS服务器可同时为多个区域提供解析;

                     (2) 必须要有根区域解析库文件:named.ca

                     (3) 还应该有两个区域解析库文件:localhost127.0.0.1的正反向解析库;

                              正向:named.localhost

                              反向:named.loopback

A.解析一个正向区域

         1.缓存名称服务器的配置:

         [[email protected]~]# vim /etc/named.conf

 

         //

         //named.conf

         //

         //Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

         //server as a caching only nameserver (as a localhost DNS resolver only).

         //

         //See /usr/share/doc/bind*/sample/ for example named configuration files.

         //

         //See the BIND Administrator‘s Reference Manual (ARM) for details about the

         //configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

 

         options{

         //               listen-on port 53 { 127.0.0.1; };                 ###注销本行,注销本行,表示监听所有地址

         //               listen-on-v6 port 53 { ::1; };                         ###注销本行

                            directory       "/var/named";

                            dump-file      "/var/named/data/cache_dump.db";

                            statistics-file"/var/named/data/named_stats.txt";

                            memstatistics-file"/var/named/data/named_mem_stats.txt";

         //               allow-query     { localhost; };         ###关闭仅允许本地查询

    

   recursion yes;

 

   // dnssec-enable yes;                         ###学习时,建议关闭dnssecDNS安全认证

   // dnssec-validation yes;                     ###学习时,建议关闭dnssec

      修改完成后检查配置文件的语法错误

          named-checkconf   [/etc/named.conf]

         [[email protected]~]# named-checkconf           

         2.定义区域

         在主配置文件中或主配置文件辅助配置文件中实现

         [[email protected]~]# vim /etc/named.rfc1912.zones   ###编辑配置文件,添加以下内容

         zone"magedu.com" IN {                                                                     ###添加

       type master;

       file "magedu.com.zone";

         };

         3.建立区域数据文件(主要记录为AAAAA记录)

              /var/named目录下建立区域数据文件;

[[email protected]]# vim /var/named/magedu.com.zone

$TTL86400                                          ###缓存有效期86400=1

                   $ORIGINmagedu.com.                                                                   

                   @       IN     SOA     ns1.magedu.com.dnsadmin.magedu.com. (

                                     2017060601     ###序列号

                                     1H             ###刷新时间

                                     10M            ###重试时间

                                     3D             ###过期时间

                                     1D)            ###否定答案时间

                                     IN      NS     ns1

                                     IN      NS     ns2

                                     IN      MX 10  mx1

                                     IN      MX 20  mx2

                   ns1     IN     A       192.168.0.104

                   ns2     IN     A       192.168.0.105

                   mx1     IN     A       192.168.0.106

                   mx2     IN     A       192.168.0.107

                   www     IN      A      192.168.0.104

                   web     IN     CNAME   www

~    语法检查:

                   [[email protected]]# named-checkconf

                   [[email protected]]# named-checkzone magedu.com /var/named/magedu.com.zone

                   zonemagedu.com/IN: loaded serial 2017060601

                   OK

           权限修改:

                   [[email protected]]# chown :named /var/named/magedu.com.zone    ###修改属组为named

                   chmodo= /var/named/magedu.com.zone                                                               ###修改其他无权限

         4.让服务器重载配置文件和区域数据文件

                   #rndc  reload

                   #systemctl  reload  named.service

         测试:

                   dig-t A www.magedu.com @192.168.0.104

                  

同理,配置解析一个反向区域

         1.定义区域

                   在主配置文件中或主配置文件辅助配置文件中实现;

                   [[email protected]/]# vim /etc/named.rfc1912.zones

                   zone"0.168.192.in-addr.arpa" IN {

                            typemaster;

                            file"192.168.0.zone";

                   };

         2.定义区域解析库文件(主要记录为PTR

                   [[email protected]]# vim /var/named/192.168.0.zone

                   $TTL86400

                   $ORIGIN0.168.192.in-addr.arpa.

                   @       IN     SOA     ns1.magedu.com.nsadmin.magedu.com (

                                                        2017060601

                                                        1H

                                                        10M

                                                        3D

                                                        1D)

                                     IN      NS     ns1.magedu.com.

                   104     IN     PTR     ns1.magedu.com.

                   105     IN     PTR     ns2.magedu.com.

                   106     IN     PTR     mx1.magedu.com.

                   107     IN     PTR     mx2.magedu.com.

                   104     IN     PTR     www.magedu.com.

 

                   权限修改:    

                   [[email protected]]# chgrp named /var/named/192.168.0.zone

                   [[email protected]]# chmod o= /var/named/192.168.0.zone

                   语法检查:

                   [[email protected]]# named-checkconf

                   [[email protected]]# named-checkzone 0.168.192.in-addr.arpa /var/named/192.168.0.zone

                   zone0.168.192.in-addr.arpa/IN: loaded serial 2017060601

                   OK

        

                   #rndc  reload

                   #systemctl  reload  named.service

         3.让服务器重载配置文件和区域数据文件

                   #rndc  reload

                   #systemctl  reload  named.service

         测试;

         dig-x 192.168.0.104 @192.168.0.104

        

B.子域授权

         1.magedu.com解析库添加子域。

                   [[email protected]~]# vim /var/named/magedu.com.zone

                   $TTL86400

                   $ORIGINmagedu.com.

                   @       IN     SOA     ns1.magedu.com.dnsadmin.magedu.com. (

                                     2017060612

                                     1H

                                     10M

                                     3D

                                     1D)

                                     IN      NS     ns1

                                     IN      NS     ns2

                                     IN      MX 10  mx1

                                     IN      MX 20  mx2

                   ns1     IN     A       192.168.0.104

                   ns2     IN     A       192.168.0.150

                   mx1     IN     A       192.168.0.106

                   mx2     IN     A       192.168.0.107

                   www     IN     A       192.168.0.104

                   web     IN     CNAME   www

                   pop3    IN     A       192.168.0.108

                   cdn     IN     NS      ns1.cdn                                                   ###添加子域

                   cdn     IN     NS      ns2.cdn                                                   ###添加子域

                   ns1.cdnIN      A       192.168.0.103                                ###添加A记录

                   ns2.cdnIN      A       192.168.0.155                                ###添加A记录

         2.对子域服务器安装bind并改配置文件及添加解析库。

                   [[email protected]~]# yum install bind -y                              ###子域服务器安装

                   [[email protected]~]# vim /etc/named.conf

                   //Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

                   //server as a caching only nameserver (as a localhost DNS resolver only).

                   //

                   //See /usr/share/doc/bind*/sample/ for example named configuration files.

                   //

 

                   options{

                                     listen-onport 53 { 127.0.0.1; 192.168.0.103; };      ###添加与外部通信主机地址

                                     listen-on-v6port 53 { ::1; };

                                     directory       "/var/named";

                                     dump-file       "/var/named/data/cache_dump.db";

                                     statistics-file"/var/named/data/named_stats.txt";

                                     memstatistics-file"/var/named/data/named_mem_stats.txt";

                   //               allow-query     { localhost; };                                                      ###关闭仅允许本地查询

                                     recursionyes;

 

                                     dnssec-enableno;             ###改为no

                                     dnssec-validationno;       ###改为no

                                     .......

                   [[email protected]~]# service named start

                   Generating/etc/rndc.key:                                 [确定]

                   启动 named   

                   [[email protected]~]# vim /etc/named.rfc1912.zones                       ###编辑配置文件添加解析库

                   zone"cdn.magedu.com" IN {

       type master;

       file "cdn.magedu.com.zone";

                   };

       [[email protected] ~]# vim /var/named/cdn.magedu.com.zone                 ###编辑解析库数据

                   $TTL3600

                   $ORIGINcdn.magedu.com.

                   @       IN     SOA     ns1.cdn.magedu.com.     nsadmin.cdn.magedu.com. (

                                                        2017060601

                                                        1H

                                                        10M

                                                        1D

                                                        2H)

                                     IN      NS     ns1

                   ns1     IN     A       192.168.0.103

                   www     IN     A       192.168.0.10                  

                   [[email protected]~]# chgrp named /var/named/cdn.magedu.com.zone ###修改属组为named

                   [[email protected]~]# chmod o= /var/named/cdn.magedu.com.zone          ###修改其他无权限

                   [[email protected]~]# rndc reload

                   serverreload successful

                   测试使用dig

                   [[email protected]~]# dig -t A www.cdn.magedu.com @192.168.0.103

                   定义转发

                   [[email protected]~]# vim /etc/named.rfc1912.zones                                  ###编辑配置文件增加区域转发

                   zone"magedu.com" IN {

       type forward;                                                                                                                  ###定义转发

       forward only;                                                                                                                   ###只转发                                                                                                             

       forwarders { 192.168.0.104; 192.168.0.150; };

                   };

                   [[email protected]~]# named-checkconf                                                                    ###检查

                   [[email protected]~]# rndc reload                                                                                ###重载

                   [[email protected]~]# dig -t A www,magedu.com @192.168.0.103                   ###测试子域解析父域

                  

                   ;<<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> -tA www.magedu.com @192.168.0.103

                   ;;global options: +cmd

                   ;;Got answer:

                   ;;->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56294

                   ;;flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

 

                   ;;QUESTION SECTION:

                   ;www.magedu.com.                           IN     A

 

                   ;;ANSWER SECTION:

                   www.magedu.com.                   86400       IN     A       192.168.0.110

 

                   ;;AUTHORITY SECTION:

                   magedu.com.           86400       IN     NS    ns1.magedu.com.

                   magedu.com.           86400       IN     NS    ns2.magedu.com.

 

                   ;;ADDITIONAL SECTION:

                   ns1.magedu.com.             86400       IN     A       192.168.0.104

                   ns2.magedu.com.             86400       IN     A       192.168.0.150

 

                   ;;Query time: 4 msec

                   ;;SERVER: 192.168.0.103#53(192.168.0.103)

                   ;;WHEN: Thu Jun  8 20:50:31 2017

                   ;;MSG SIZE  rcvd: 116

C.全局转发:针对凡本地没有通过zone定义的区域查询请求,通通转给某转发器;

                                     options{

                                               ......

                                               forward  {only|first};

                                               forwarders  { SERVER_IP; };

                                               .....

                                      };

主从同步:

         从服务器配置与主服务器配置安装相同:

         1.[[email protected]~]# yum install bind -y                 ###安装

         2.编辑/etc/named.conf文件,与前面安装一致

         3.[[email protected]~]# vim /etc/named.rfc1912.zones          ###编辑添加从服务

           zone "0.168.192.in-addr.arpa" IN {

       type slave;                                                                                            ###类型为从服务器

       file "slaves/192.168.0.zone";

       masters { 192.168.0.104; };                                                   ###主服务器地址

                   };

         4.在主服务器解析文件/var/named/magedu.zone中新增NS NS记录有个A地址为从服务器地址。

         主服务器 rndcreload

         5.从服务器检查配置文件并重启服务  systemctl restartnamed.service

         6.服务启动后,会在/var/named/slaves/自动添加magedu.com.zone文件

         主从配置完成

         注意:时间需同步   ntpdate命令


本文出自 “11290766” 博客,请务必保留此出处http://rylan.blog.51cto.com/11290766/1934047

以上是关于DNS查询过程及DNS服务器简单搭建的主要内容,如果未能解决你的问题,请参考以下文章

dns搭建及实验

linux架构学习第二十四天-DNS详解及bind搭建各种DNS测试

DNS(BIND)服务搭建

Linux之DNS服务器搭建及常见DNS攻击和防御

DNS域名解析系统

2-7-搭建DNS服务器实现域名解析