LINUX DNS

Posted 2020-08-22

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了LINUX DNS相关的知识，希望对你有一定的参考价值。

######DNS######

linux中dns服务器分为三类：

1.缓存域名服务器，也叫高速缓存服务器。无负责解析的区域，只是缓存域名查询的结果到本地，提高客户访问时的速度。

2.主域名服务器，负责解析一个或多个区域，也可以起到缓存域名服务器的作用。

3.从域名服务器，主域名服务器的备份，所有的数据来源于主域名服务器。

A记录：说明一个域名对应的ip是多少

NS记录：说明区域内那些服务器负责解析。

SOA记录：说明负责解析的服务器哪一个时主服务器。

MX记录：邮件交换记录。

PTR记录：A记录的逆向记录。

CNAME记录：别名记录。

(1) SOA资源记录

每个数据库文件按的开始处都包含了一个起始授权记录(Start of Authority

Record),简称SOA记录。SOA定义了域的全局参数,进行整个域的管理设置。一个

区域文件只允许存在唯一的SOA记录。

(2) NS资源记录

名称服务器(NS)资源记录表示该区的授权服务器,它们表示SOA资源记录中指定

的该区的主和辅助服务器,也表示了任何授权区的服务器。每个区在区根处至少包含

一个NS记录。

(3) A资源记录

地址(A)资源记录把FQDN映射到IP地址,因而解析器能查询FQDN对应的IP地址。

(4) PTR资源记录

相对于A资源记录,指针(PTR)记录把IP地址映射到FQDN。

(5) CNAME资源记录

规范名字(CNAME)资源记录创建特定FQDN的别名。用户可以通过定义的CANME

记录中的别名来访问

(6) MX资源记录

邮件交换(MX)资源记录为DNS域名指定邮件交换服务器。邮件交换服务器是为

DNS域名处理或转发邮件的主机。处理邮件指把邮件投递到目的地或转交另一不同类

型的邮件传送者。转发邮件指把邮件发送到最终目的服务器。

(7) 泛域名解析记录

除了在数据库文件中定义的资源记录以为,其他的所有域名都可以被DNS所解析出

来。

客户端（ip：172.25.254.228）:

[[email protected] ~]# vim /etc/resolv.conf

nameserver 172.25.254.128

在server端(ip:172.25.254.128)

###配置nds正向解析###

1.安装软件。

[[email protected] named]# yum install bind -y

[[email protected] named]# systemctl stop firewalld

或firewall-cmd --permanent --add-service=dns ###添加dns服务到火墙

firewall-cmd --reload

[[email protected] named]# systemctl start named

(注意：执行此命令时，因生成加密字符，需在server主机里面点一下才能启动)

[[email protected] named]# cat /dev/random

@gFM~?

S(u

[[email protected] named]# ll /etc/rndc.key

-rw-r-----. 1 root named 77 Dec 1 20:38 /etc/rndc.key

[[email protected] named]# cat /etc/rndc.key ###生成的钥匙

key "rndc-key" {

algorithm hmac-md5;

secret "C2mMI0hT1puWW68Ytt4CMQ==";

};

2.设置配置文件。

[[email protected] named]# vim /etc/named.conf ###编辑配置文件

10 options {

11 listen-on port 53 { any; }; ###从任意地址都可以访问53端口

12 listen-on-v6 port 53 { ::1; }; ###关闭ipv6选项

13 directory "/var/named";

14 dump-file "/var/named/data/cache_dump.db";

15 statistics-file "/var/named/data/named_stats.txt";

16 memstatistics-file "/var/named/data/named_mem_stats.txt";

17 allow-query {any; }; ###允许所有人使用

18 forwarders { 172.25.254.250; }; ###缓存谁的内容

32 dnssec-validation no; ###在查询dns时是否加密

[[email protected] ~]# systemctl restart named

[[email protected] ~]# netstat -antlpe | grep 53

tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 43075 2121/named

tcp 0 0 172.25.254.128:53 0.0.0.0:* LISTEN 25 43070 2121/named

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 43068 2121/named

tcp 0 0 172.25.254.128:22 172.25.254.28:55354 ESTABLISHED 0 25162 1407/sshd: [email protected]

tcp6 0 0 ::1:953 :::* LISTEN 25 43076 2121/named

tcp6 0 0 ::1:53 :::* LISTEN 25 43072 2121/named

[[email protected] etc]# vim /etc/named.rfc1912.zones

25 zone "westos.com" IN { ####指定要维护的域名

26 type master;

27 file "westos.com.zone"; ####指定A记录文件名

28 };

[[email protected] etc]# cp -p /var/named/named.localhost /var/named/westos.com.zone

[[email protected] named]# vim /var/named/westos.com.zone ####编写A记录文件

1 $TTL 1D

2 @ IN SOA dns.westos.com. root.westos.com. (

3 0 ; serial

4 1D ; refresh

5 1H ; retry

6 1W ; expire

7 3H ) ; minimum

8 NS dns.westos.com. ###指定dns主机

9 dns A 172.25.254.128 ###指定dns主机

10 music A 172.25.254.111

11 bbs CNAME music.westos.com.

12 westos.com. MX 1 172.25.254.110.

注意：不加“.”的后面会自动加westos.com域

客户端执行效果：

第10条执行效果：

[[email protected] ~]# dig music.westos.com

;; ANSWER SECTION:

music.westos.com.86400INA172.25.254.111

第11条执行效果：

[[email protected] ~]# dig bbs.westos.com

bbs.westos.com.86400INCNAMEmusic.westos.com.

第12条执行效果：

[[email protected] ~]# mail [email protected] ###发送邮件

Subject: sdsf

afds

EOT

[[email protected] ~]# mailq

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

6294926BADD 448 Fri Dec 2 21:21:14 [email protected]

(connect to 172.25.254.110[172.25.254.110]:25: No route to host)

[email protected]

[[email protected] ~]# postsuper -d 6294926BADD ###删除邮件

postsuper: 6294926BADD: removed

postsuper: Deleted: 1 message

####逆向解析#####

[[email protected] named]# vim /etc/named.rfc1912.zones

37 zone "1.0.0.127.in-addr.arpa" IN {

38 type master;

39 file "named.loopback";

40 allow-update { none; };

41 };

43 zone "254.25.172.in-addr.arpa" IN {

44 type master;

45 file "westos.comNaNr";

46 allow-update { none; };

47 };

[[email protected] named]# vim westos.comNaNr

$TTL 1D

@ IN SOA dns.westos.com. root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.128

111 PTR www.westos.com.

[[email protected] named]# systemctl restart named

客户端执行效果：

[[email protected] ~]# dig -x 172.25.254.111

;; ANSWER SECTION:

111.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.

###内外网限制访问###

[[email protected] named]# cp -p westos.com.zone westos.com.inter

[[email protected] named]# vim westos.com.inter

1 $TTL 1D

2 @ IN SOA dns.westos.com. root.westos.com. (

3 0 ; serial

4 1D ; refresh

5 1H ; retry

6 1W ; expire

7 3H ) ; minimum

8 NS dns.westos.com.

9 dns A 192.168.1.128

10 music A 192.168.1.111

11 bbs CNAME music.westos.com.

12 westos.com. MX 1 192.168.1.110.

[[email protected] named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter

[[email protected] named]# vim /etc/named.rfc1912.zones.inter

25 zone "westos.com" IN {

26 type master;

27 file "westos.com.inter";

28 allow-update { none; };

29 };

[[email protected] named]# vim /etc/named.conf

50 /*

51 zone "." IN {

52 type hint;

53 file "named.ca";

54 };

56 include "/etc/named.rfc1912.zones";

57 include "/etc/named.root.key";

58 */

59 view localnet {

60 match-clients { 172.25.254.228; }; ###只允许172.25.254.228访问/etc/named.rfc1912.zones（172.25.254.0/24此网段全部）

62 zone "." IN {

63 type hint;

64 file "named.ca";

65 };

67 include "/etc/named.rfc1912.zones";

68 };

70 view any {

71 match-clients { any; }; ###其他的访问/etc/named.rfc1912.zones.inter

73 zone "." IN {

74 type hint;

75 file "named.ca";

76 };

78 include "/etc/named.rfc1912.zones.inter";

79 };

[[email protected] named]# systemctl restart named

实验结果：

172.25.254.228用户：

[[email protected] ~]# dig music.westos.com

;; ANSWER SECTION:

music.westos.com.86400INA172.25.254.111

172.25.254.90用户：

[[email protected] ~]# dig music.westos.com

;; ANSWER SECTION:

music.westos.com.86400INA192.168.1.111

######辅助dns#####

###dns内容同步####

在辅助机安装bind。

[[email protected] slaves]# yum install bind -y

[[email protected] ~]# firewall-cmd --permanent --add-service=dns

success

[[email protected] ~]# firewall-cmd --reload

success

[[email protected] ~]# systemctl start named

[[email protected] ~]# vim /etc/named.conf

11 // listen-on port 53 { 127.0.0.1; };

17 // allow-query { localhost; };

32 dnssec-validation no;

[[email protected] slaves]# vim /etc/named.rfc1912.zones

25 zone "westos.com" IN {

26 type slave;

27 masters { 172.25.254.128; };

28 file "slaves/westos.com.zone";

29 allow-update { none; };

30 };

[[email protected] ~]# systemctl restart named

[[email protected] ~]# cd /var/named/slaves/

[[email protected] slaves]# ls

westos.com.zone

[server机]

[[email protected] named]# vim /etc/named.rfc1912.zones

25 zone "westos.com" IN {

26 type master;

27 file "westos.com.zone";

28 allow-update { none; };

29 also-notify { 172.25.254.228; }; ####让172.25.254.228dns同步主的dns

30 };

注意：当serial前的数字“0”不同时，在可以同步。

3 0 ; serial

#####dns升级#####

[[email protected] named]# vim /etc/named.rfc1912.zones

25 zone "westos.com" IN {

26 type master;

27 file "westos.com.zone";

28 allow-update { 172.25.254.228; }; ###允许172.25.254.128对其dns添加A记录

29 };

[[email protected] named]# chmod 770 /var/named/

[[email protected] named]# setsebool -P named_write_master_zones 1

[[email protected] named]# nsupdate

> server 172.25.254.128

> update add www.westos.com 86400 A 172.25.254.111

> send

效果：

[[email protected] named]# systemctl restart named

[[email protected] named]# vim westos.com.zone

1 $ORIGIN .

2 $TTL 86400 ; 1 day

3 westos.com IN SOA dns.westos.com. root.westos.com. (

4 2 ; serial

5 86400 ; refresh (1 day)

6 3600 ; retry (1 hour)

7 604800 ; expire (1 week)

8 10800 ; minimum (3 hours)

9 )

10 NS dns.westos.com.

11 MX 1 172.25.254.110.

12 $ORIGIN westos.com.

13 bbs CNAME music

14 dns A 172.25.254.128

15 music A 172.25.254.234

16 A 172.25.254.111

17 www A 172.25.254.111

######dns的升级用密码#####

##key的制作与处理##

[[email protected] named]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST lalala ###生成钥匙

Klalala.+157+08891

[[email protected] named]# cat Klalala.+157+08891.private

Private-key-format: v1.3

Algorithm: 157 (HMAC_MD5)

Key: 0M/4AyXAN1Om5Uz9qexZZw==

Bits: AAA=

Created: 20161203075913

Publish: 20161203075913

Activate: 20161203075913

[[email protected] named]# cat Klalala.+157+08891.key

lalala. IN KEY 512 3 157 0M/4AyXAN1Om5Uz9qexZZw==

[[email protected] named]# cp -p /etc/rndc.key /etc/westos.key

[[email protected] named]# vim /etc/westos.key ###在文件中写入钥匙文件名，密码

1 key "lalala" {

2 algorithm hmac-md5;

3 secret "0M/4AyXAN1Om5Uz9qexZZw==";

4 };

[[email protected] named]# vim /etc/named.rfc1912.zones

25 zone "westos.com" IN { ###拥有钥匙文件lalala的才能对其dns进行升级

26 type master;

27 file "westos.com.zone";

28 allow-update { key lalala; };

[[email protected] named]# scp Klalala.+157+08891.* [email protected]:/mnt ###将钥匙给172.25.254.228

[[email protected] mnt]# nsupdate -k Klalala.+157+08891.key ####有密钥时对dns升级

> server 172.25.254.128

> update add www.westos.com 86400 A 172.25.254.111

> send

> quit

效果：

[[email protected] named]# systemctl restart named

1 $ORIGIN .

2 $TTL 86400 ; 1 day

3 westos.com IN SOA dns.westos.com. root.westos.com. (

4 2 ; serial

5 86400 ; refresh (1 day)

6 3600 ; retry (1 hour)

7 604800 ; expire (1 week)

8 10800 ; minimum (3 hours)

9 )

10 NS dns.westos.com.

11 MX 1 172.25.254.110.

12 $ORIGIN westos.com.

13 bbs CNAME music

14 dns A 172.25.254.128

15 music A 172.25.254.234

16 A 172.25.254.111

17 www A 172.25.254.111

#####在dhcp中使用key进行dns自动同步ip#####

[[email protected] named]# yum install dhcp -y

[[email protected] named]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y

[[email protected] named]# vim /etc/dhcp/dhcpd.conf

7 option domain-name "westos.com";

8 option domain-name-servers 172.25.254.128;

14 ddns-update-style interim;

30 subnet 172.25.254.0 netmask 255.255.255.0 {

31 range 172.25.254.227 172.25.254.240;

32 option routers 172.25.254.128;

33 }

[[email protected] named]# man 5 dhcpd.conf

找到

key DHCP_UPDATER {

algorithm hmac-md5;

secret pRP5FapFoJ95JEL06sv4PQ==;

};

zone EXAMPLE.ORG. {

primary 127.0.0.1;

key DHCP_UPDATER;

}

添加到/etc/dhcp/dhcpd.conf

35 key lalala {

36 algorithm hmac-md5;

37 secret 0M/4AyXAN1Om5Uz9qexZZw==;

38 };

40 zone westos.com. {

41 primary 127.0.0.1;

42 key lalala;

43 }

[[email protected] named]# cat /etc/westos.key

key "lalala" {

algorithm hmac-md5;

secret "0M/4AyXAN1Om5Uz9qexZZw==";

};

[[email protected] named]# rm -fr westos.com.zone westos.com.zone.jnl

本文出自 “12112684” 博客，请务必保留此出处http://12122684.blog.51cto.com/12112684/1879508

以上是关于LINUX DNS的主要内容，如果未能解决你的问题，请参考以下文章

Linux学习导航

Linux 文件/目录管理（初级）

Linux 内核Linux 内核源码结构 ( 下载 Linux 内核源码 | 使用 VSCode 阅读 Linux 内核源码 )

嵌入式linux怎么学

Linux一步一步学Linux——Linux发展史(01)

linux查看进程id命令(linux查看进程id)