DNS原理及其配置

Posted 2020-10-03

DNS----Domain Name System域名系统 

工作原理：

                   

作用： 

1）将域名， 主机名解析成对应的IP地址 正向解析

2）将IP地址解析成对应的主机名，域名        反向解析 

DNS解析方式：

递归

客户端只需要向DNS服务器发送一次请求

迭代

客户端需要发送多次DNS请求

区域zone

正向区域xxx.com

反向区域X.X.X.in-addr.arpa  

记录Record

A记录主机记录

www.uplooking.comA192.168.1.1 

NS记录标识DNS服务器自身的名称 

                NSdns1.uplooking.com.

dns1.uplooking.comA192.168.1.2

MX记录标识邮件服务器的名称 

MX 10mail.uplooking.com. 

mail.uplooking.com.A192.168.1.3

CNAME记录别名记录 

m.mail.com.CNAMEmail.uplooking.com. 

PTR记录反向指针记录 

192.168.1.1PTRwww.uplooking.com.

部署DNS服务器

软件： bind, bind-chroot

伪根/var/named/chroot 

/etc/named.conf ------>  /var/named/chroot/etc/named.conf

配置文件：

主配置文件/var/named/chroot/etc/named.conf建立区域

记录文件/var/named/chroot/var/named/*

服务： named, named-chroot 

端口： 

53/udp负责接收客户端DNS请求

53/tcp负责主从服务器数据同步

示例：搭建DNS服务器 

web.uplooking.com192.168.1.1网站服务器

ftp.uplooking.com192.168.1.2FTP服务器

mail.uplooking.com192.168.1.3 邮件服务器 

准备工作：

关闭SELinux, 防火墙 

配置YUM源 

1安装软件 

[[email protected] ~]# yum install -y bind bind-chroot

2编辑DNS的主配置文件，创建区域uplooking.com 

[[email protected] ~]# vim /var/named/chroot/etc/named.conf

options {

   directory "/var/named";

};

zone "uplooking.com" {

   type master; 

   file "uplooking.com.zone";

};

区域类型：

hint根域

master  主区域

slave从区域

3复制记录文件的模板，并编辑 

[[email protected] ~]# cp /usr/share/doc/bind-9.8.2/sample/var/named/named.localhost /var/named/chroot/var/named/uplooking.com.zone

[[email protected] ~]# vim /var/named/chroot/var/named/uplooking.com.zone

$TTL 1D

@       IN SOA  uplooking.com. 454452000.qq.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns1.uplooking.com.

dns1    A       192.168.122.105

web     A       192.168.1.1

ftp     A       192.168.1.2

        MX  5   mail.uplooking.com.

mail    A       192.168.1.3                                             

4启动named服务 

[[email protected] ~]# systemctl start named-chroot

[[email protected] ~]# systemctl start named

[[email protected] ~]# systemctl enable named

Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

[[email protected] ~]# systemctl enable named-chroot

Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.

[[email protected] ~]# 

[[email protected] ~]# ss -antp | grep named

LISTEN     0      10     192.168.122.105:53                       *:*                   users:(("named",pid=2249,fd=21))

[[email protected] ~]# ss -anup | grep named

UNCONN     0      0      192.168.122.105:53                       *:*                   users:(("named",pid=2249,fd=513))

5测试 

注意：

配置方法如下： 

[[email protected] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 

# Generated by dracut initrd

NAME="eth0"

ONBOOT=yes

BOOTPROTO=none

TYPE=Ethernet

IPADDR=192.168.122.121

NETMASK=255.255.255.0

GATEWAY=192.168.122.1

DNS1=192.168.122.105

[[email protected] ~]# cat /etc/resolv.conf 

# Generated by NetworkManager

nameserver 192.168.122.105

[[email protected] ~]# 

测试工具：

1) nslookup  

[[email protected] ~]# nslookup 

> server

Default server: 192.168.122.105

Address: 192.168.122.105#53

> 

> web.uplooking.com

Server:192.168.122.105

Address:192.168.122.105#53

Name:web.uplooking.com

Address: 192.168.1.1

> 

> ftp.uplooking.com

Server:192.168.122.105

Address:192.168.122.105#53

Name:ftp.uplooking.com

Address: 192.168.1.2

> 

> mail.uplooking.com

Server:192.168.122.105

Address:192.168.122.105#53

Name:mail.uplooking.com

Address: 192.168.1.3

> exit

2) dig  

# dig -t <TYPE> <host> 

[[email protected] ~]# dig -t A web.uplooking.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A web.uplooking.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39100

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;web.uplooking.com.INA

;; ANSWER SECTION:

web.uplooking.com.86400INA192.168.1.1

;; AUTHORITY SECTION:

uplooking.com.86400INNSdns1.uplooking.com.

;; ADDITIONAL SECTION:

dns1.uplooking.com.86400INA192.168.122.105

;; Query time: 1 msec

;; SERVER: 192.168.122.105#53(192.168.122.105)

;; WHEN: 三 2月 22 11:45:42 CST 2017

;; MSG SIZE  rcvd: 97

利用DNS记录实现负载均衡效果：

webA192.168.1.1

webA192.168.1.4

泛域名记录 

uplooking.com.  A       192.168.1.1

*.uplooking.com.A192.168.1.1

本文出自 “lyw666” 博客，请务必保留此出处http://lyw666.blog.51cto.com/12823216/1957483