LINUX DNS
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LINUX DNS相关的知识,希望对你有一定的参考价值。
######DNS######
linux中dns服务器分为三类:
1.缓存域名服务器,也叫高速缓存服务器。无负责解析的区域,只是缓存域名查询的结果到本地,提高客户访问时的速度。
2.主域名服务器,负责解析一个或多个区域,也可以起到缓存域名服务器的作用。
3.从域名服务器,主域名服务器的备份,所有的数据来源于主域名服务器。
A记录:说明一个域名对应的ip是多少
NS记录:说明区域内那些服务器负责解析。
SOA记录:说明负责解析的服务器哪一个时主服务器。
MX记录:邮件交换记录。
PTR记录:A记录的逆向记录。
CNAME记录:别名记录。
(1) SOA资源记录
每个数据库文件按的开始处都包含了一个起始授权记录(Start of Authority
Record),简称SOA记录。SOA定义了域的全局参数,进行整个域的管 理设置。一个
区域文件只允许存在唯一的SOA记录。
(2) NS资源记录
名称服务器(NS)资源记录表示该区的授权服务器,它 们表示SOA资源记录中指定
的该区的主和辅助服务器,也表示了任何授权区的服务器。每个区在区根处至 少包含
一个NS记录。
(3) A资源记录
地址(A)资源记录把FQDN映射到IP地址,因而解析器能查询FQDN对应的IP地址。
(4) PTR资源记录
相对于A资源记录,指针(PTR)记录把IP地址映射到FQDN。
(5) CNAME资源记录
规范名字(CNAME)资源记录创建特定FQDN的别名。用户可以通过定义的CANME
记录中的别名来访问
(6) MX资源记录
邮件交换(MX)资源记录为DNS域名指定邮件交换服务器。邮件交换服务器是为
DNS域名处理或转发邮件的主机。处理邮 件指把邮件投递到目的地或转交另一不同类
型的邮件传送者。转发邮件指把邮件发送到最终目的服务器。
(7) 泛域名解析记录
除了在数据库文件中定义的资源记录以为,其他的所有域名都可以被DNS所解析出
来。
客户端(ip:172.25.254.228):
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.128
在server端(ip:172.25.254.128)
###配置nds正向解析###
1.安装软件。
[[email protected] named]# yum install bind -y
[[email protected] named]# systemctl stop firewalld
或firewall-cmd --permanent --add-service=dns ###添加dns服务到火墙
firewall-cmd --reload
[[email protected] named]# systemctl start named
(注意:执行此命令时,因生成加密字符,需在server主机里面点一下才能启动)
[[email protected] named]# cat /dev/random
@gFM~?
S(u
[[email protected] named]# ll /etc/rndc.key
-rw-r-----. 1 root named 77 Dec 1 20:38 /etc/rndc.key
[[email protected] named]# cat /etc/rndc.key ###生成的钥匙
key "rndc-key" {
algorithm hmac-md5;
secret "C2mMI0hT1puWW68Ytt4CMQ==";
};
2.设置配置文件。
[[email protected] named]# vim /etc/named.conf ###编辑配置文件
10 options {
11 listen-on port 53 { any; }; ###从任意地址都可以访问53端口
12 listen-on-v6 port 53 { ::1; }; ###关闭ipv6选项
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query {any; }; ###允许所有人使用
18 forwarders { 172.25.254.250; }; ###缓存谁的内容
32 dnssec-validation no; ###在查询dns时是否加密
[[email protected] ~]# systemctl restart named
[[email protected] ~]# netstat -antlpe | grep 53
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 43075 2121/named
tcp 0 0 172.25.254.128:53 0.0.0.0:* LISTEN 25 43070 2121/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 43068 2121/named
tcp 0 0 172.25.254.128:22 172.25.254.28:55354 ESTABLISHED 0 25162 1407/sshd: [email protected]
tcp6 0 0 ::1:953 :::* LISTEN 25 43076 2121/named
tcp6 0 0 ::1:53 :::* LISTEN 25 43072 2121/named
[[email protected] etc]# vim /etc/named.rfc1912.zones
25 zone "westos.com" IN { ####指定要维护的域名
26 type master;
27 file "westos.com.zone"; ####指定A记录文件名
28 };
[[email protected] etc]# cp -p /var/named/named.localhost /var/named/westos.com.zone
[[email protected] named]# vim /var/named/westos.com.zone ####编写A记录文件
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com. ###指定dns主机
9 dns A 172.25.254.128 ###指定dns主机
10 music A 172.25.254.111
11 bbs CNAME music.westos.com.
12 westos.com. MX 1 172.25.254.110.
注意:不加“.”的后面会自动加westos.com域
客户端执行效果:
第10条执行效果:
[[email protected] ~]# dig music.westos.com
;; ANSWER SECTION:
music.westos.com.86400INA172.25.254.111
第11条执行效果:
[[email protected] ~]# dig bbs.westos.com
bbs.westos.com.86400INCNAMEmusic.westos.com.
第12条执行效果:
[[email protected] ~]# mail [email protected] ###发送邮件
Subject: sdsf
afds
af
.
EOT
[[email protected] ~]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
6294926BADD 448 Fri Dec 2 21:21:14 [email protected]
(connect to 172.25.254.110[172.25.254.110]:25: No route to host)
[[email protected] ~]# postsuper -d 6294926BADD ###删除邮件
postsuper: 6294926BADD: removed
postsuper: Deleted: 1 message
####逆向解析#####
[[email protected] named]# vim /etc/named.rfc1912.zones
37 zone "1.0.0.127.in-addr.arpa" IN {
38 type master;
39 file "named.loopback";
40 allow-update { none; };
41 };
42
43 zone "254.25.172.in-addr.arpa" IN {
44 type master;
45 file "westos.comNaNr";
46 allow-update { none; };
47 };
[[email protected] named]# vim westos.comNaNr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.128
111 PTR www.westos.com.
[[email protected] named]# systemctl restart named
客户端执行效果:
[[email protected] ~]# dig -x 172.25.254.111
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.
###内外网限制访问###
[[email protected] named]# cp -p westos.com.zone westos.com.inter
[[email protected] named]# vim westos.com.inter
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 192.168.1.128
10 music A 192.168.1.111
11 bbs CNAME music.westos.com.
12 westos.com. MX 1 192.168.1.110.
[[email protected] named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
[[email protected] named]# vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 };
[[email protected] named]# vim /etc/named.conf
50 /*
51 zone "." IN {
52 type hint;
53 file "named.ca";
54 };
55
56 include "/etc/named.rfc1912.zones";
57 include "/etc/named.root.key";
58 */
59 view localnet {
60 match-clients { 172.25.254.228; }; ###只允许172.25.254.228访问/etc/named.rfc1912.zones(172.25.254.0/24此网段全部)
61
62 zone "." IN {
63 type hint;
64 file "named.ca";
65 };
66
67 include "/etc/named.rfc1912.zones";
68 };
69
70 view any {
71 match-clients { any; }; ###其他的访问/etc/named.rfc1912.zones.inter
72
73 zone "." IN {
74 type hint;
75 file "named.ca";
76 };
77
78 include "/etc/named.rfc1912.zones.inter";
79 };
[[email protected] named]# systemctl restart named
实验结果:
172.25.254.228用户:
[[email protected] ~]# dig music.westos.com
;; ANSWER SECTION:
music.westos.com.86400INA172.25.254.111
172.25.254.90用户:
[[email protected] ~]# dig music.westos.com
;; ANSWER SECTION:
music.westos.com.86400INA192.168.1.111
######辅助dns#####
###dns内容同步####
在辅助机安装bind。
[[email protected] slaves]# yum install bind -y
[[email protected] ~]# firewall-cmd --permanent --add-service=dns
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]# systemctl start named
[[email protected] ~]# vim /etc/named.conf
11 // listen-on port 53 { 127.0.0.1; };
17 // allow-query { localhost; };
32 dnssec-validation no;
[[email protected] slaves]# vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type slave;
27 masters { 172.25.254.128; };
28 file "slaves/westos.com.zone";
29 allow-update { none; };
30 };
[[email protected] ~]# systemctl restart named
[[email protected] ~]# cd /var/named/slaves/
[[email protected] slaves]# ls
westos.com.zone
[server机]
[[email protected] named]# vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 also-notify { 172.25.254.228; }; ####让172.25.254.228dns同步主的dns
30 };
注意:当serial前的数字“0”不同时,在可以同步。
3 0 ; serial
#####dns升级#####
[[email protected] named]# vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { 172.25.254.228; }; ###允许172.25.254.128对其dns添加A记录
29 };
[[email protected] named]# chmod 770 /var/named/
[[email protected] named]# setsebool -P named_write_master_zones 1
[[email protected] named]# nsupdate
> server 172.25.254.128
> update add www.westos.com 86400 A 172.25.254.111
> send
效果:
[[email protected] named]# systemctl restart named
[[email protected] named]# vim westos.com.zone
1 $ORIGIN .
2 $TTL 86400 ; 1 day
3 westos.com IN SOA dns.westos.com. root.westos.com. (
4 2 ; serial
5 86400 ; refresh (1 day)
6 3600 ; retry (1 hour)
7 604800 ; expire (1 week)
8 10800 ; minimum (3 hours)
9 )
10 NS dns.westos.com.
11 MX 1 172.25.254.110.
12 $ORIGIN westos.com.
13 bbs CNAME music
14 dns A 172.25.254.128
15 music A 172.25.254.234
16 A 172.25.254.111
17 www A 172.25.254.111
######dns的升级用密码#####
##key的制作与处理##
[[email protected] named]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST lalala ###生成钥匙
Klalala.+157+08891
[[email protected] named]# cat Klalala.+157+08891.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: 0M/4AyXAN1Om5Uz9qexZZw==
Bits: AAA=
Created: 20161203075913
Publish: 20161203075913
Activate: 20161203075913
[[email protected] named]# cat Klalala.+157+08891.key
lalala. IN KEY 512 3 157 0M/4AyXAN1Om5Uz9qexZZw==
[[email protected] named]# cp -p /etc/rndc.key /etc/westos.key
[[email protected] named]# vim /etc/westos.key ###在文件中写入钥匙文件名,密码
1 key "lalala" {
2 algorithm hmac-md5;
3 secret "0M/4AyXAN1Om5Uz9qexZZw==";
4 };
[[email protected] named]# vim /etc/named.rfc1912.zones
25 zone "westos.com" IN { ###拥有钥匙文件lalala的才能对其dns进行升级
26 type master;
27 file "westos.com.zone";
28 allow-update { key lalala; };
[[email protected] named]# scp Klalala.+157+08891.* [email protected]:/mnt ###将钥匙给172.25.254.228
[[email protected] mnt]# nsupdate -k Klalala.+157+08891.key ####有密钥时对dns升级
> server 172.25.254.128
> update add www.westos.com 86400 A 172.25.254.111
> send
> quit
效果:
[[email protected] named]# systemctl restart named
1 $ORIGIN .
2 $TTL 86400 ; 1 day
3 westos.com IN SOA dns.westos.com. root.westos.com. (
4 2 ; serial
5 86400 ; refresh (1 day)
6 3600 ; retry (1 hour)
7 604800 ; expire (1 week)
8 10800 ; minimum (3 hours)
9 )
10 NS dns.westos.com.
11 MX 1 172.25.254.110.
12 $ORIGIN westos.com.
13 bbs CNAME music
14 dns A 172.25.254.128
15 music A 172.25.254.234
16 A 172.25.254.111
17 www A 172.25.254.111
#####在dhcp中使用key进行dns自动同步ip#####
[[email protected] named]# yum install dhcp -y
[[email protected] named]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
[[email protected] named]# vim /etc/dhcp/dhcpd.conf
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.128;
14 ddns-update-style interim;
30 subnet 172.25.254.0 netmask 255.255.255.0 {
31 range 172.25.254.227 172.25.254.240;
32 option routers 172.25.254.128;
33 }
[[email protected] named]# man 5 dhcpd.conf
找到
key DHCP_UPDATER {
algorithm hmac-md5;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
zone EXAMPLE.ORG. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
添加到/etc/dhcp/dhcpd.conf
35 key lalala {
36 algorithm hmac-md5;
37 secret 0M/4AyXAN1Om5Uz9qexZZw==;
38 };
39
40 zone westos.com. {
41 primary 127.0.0.1;
42 key lalala;
43 }
[[email protected] named]# cat /etc/westos.key
key "lalala" {
algorithm hmac-md5;
secret "0M/4AyXAN1Om5Uz9qexZZw==";
};
[[email protected] named]# rm -fr westos.com.zone westos.com.zone.jnl
本文出自 “12112684” 博客,请务必保留此出处http://12122684.blog.51cto.com/12112684/1879508
以上是关于LINUX DNS的主要内容,如果未能解决你的问题,请参考以下文章
Linux 内核Linux 内核源码结构 ( 下载 Linux 内核源码 | 使用 VSCode 阅读 Linux 内核源码 )