DNS伺服器架構
阿新 • • 發佈:2018-11-04
DNS拓撲架構圖: 1,主域名伺服器配置: ~]# yum install bind –y ~]# systemctl start named.service ~]# systemctl enable named.service 檢視named程序關埠號 修改配置檔案(僅列出有修改配置) ~]# vim /etc/named.conf options { listen-on port 53 { 127.0.0.1;172.16.100.67; }; // allow-query { localhost; }; dnssec-enable no; dnssec-validation no; 檢查配置檔案語法錯誤(預設/etc/named.conf) ~]# named-checkconf 重讀配置檔案 ~]# rndc reload dig命令 查詢www.baidu.com A記錄 [[email protected] ~]# dig -t A www.baidu.com 跟蹤解析過程 [[email protected] ~]# dig +trace -t A www.baidu.com Host命令查詢A記錄 [[email protected] ~]# host -t A www.baidu.com 檢視NS域名伺服器記錄 [[email protected]~]# host -t NS baidu.com 查詢MX郵件伺服器記錄 [[email protected] ~]# host -t MX baidu.com Nslookup命令用法 查詢A記錄 [[email protected] ~]# nslookup > server 172.16.100.67(指定dns解析) Default server: 172.16.100.67 Address: 172.16.100.67#53 > set q=A(指定查詢記錄型別) > www.baidu.com(查詢內容) Server: 172.16.100.67 Address: 172.16.100.67#53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 14.215.177.38 Name: www.a.shifen.com Address: 14.215.177.39 配置解析一個正向區域: (1) 定義區域 vim /etc/named.rfc1912.zones zone "iecentury.com" IN { type master; file "iecentury.com.zone"; }; 注意:區域名字即為域名; (2) 建立區域資料檔案(主要記錄為A或AAAA記錄,在/var/named目錄下建立區域資料檔案;) [[email protected] ~]# vim /var/named/iecentury.com.zone $TTL 3600 $ORIGIN iecentury.com. @ IN SOA ns1.iecentury.com. dnsadmin.iecentury.com. ( 201812031 1H 10M 3D 1D ) IN NS ns1 IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 172.16.100.67 mx1 IN A 172.16.100.68 mx2 IN A 172.16.100.69 www IN A 172.16.100.67 web IN CNAME www 許可權及屬組修改: # chgrp named /var/named/iecentury.com.zone # chmod o= /var/named/iecentury.com.zone 檢查語法錯誤 ]# named-checkconf ]# named-checkzone iecentury.com /var/named/iecentury.com.zone (3) 讓伺服器過載配置檔案和區域資料檔案 # rndc reload 或 # systemctl reload named.service [[email protected] ~]# rndc status version: 9.9.4-RedHat-9.9.4-61.el7_5.1 <id:8f9657aa> CPUs found: 8 worker threads: 8 UDP listeners per interface: 8 number of zones: 102 成功+1(預設101) debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running 配置解析一個反向區域 (1) 定義區域 (在主配置檔案中或主配置檔案輔助配置檔案中實現); ~]# vim /etc/named.rfc1912.zones zone "100.16.172.in-addr.arpa" IN { type master; file "100.16.172.zone"; }; 注意:反向區域的名字 反寫的網段地址.in-addr.arpa 示例:100.16.172.in-addr.arpa (2) 定義區域解析庫檔案(主要記錄為PTR) 在/var/named目錄下建立區域資料檔案;示例:區域名稱為100.16.172.in-addr.arpa;(反過來寫IP) [[email protected] ~]# vim /var/named/100.16.172.zone $TTL 3600 $ORIGIN 100.16.172.in-addr.arpa. @ IN SOA ns1.iecentury.com. nsadmin.iecentury.com. ( 2014100801 1H 10M 3D 12H ) IN NS ns1.iecentury.com. 67 IN PTR ns1.iecentury.com. 68 IN PTR mx1.iecentury.com. 69 IN PTR mx2.iecentury.com. 67 IN PTR www.iecentury.com. 許可權及屬組修改: ~]# chmod o= /var/named/100.16.172.zone ~]# chgrp named /var/named/100.16.172.zone 檢查語法錯誤: ~]# named-checkzone 100.16.172.zone /var/named/100.16.172.zone ~]# named-checkconf ~]#rndc reload [[email protected] ~]# rndc status version: 9.9.4-RedHat-9.9.4-61.el7_5.1 <id:8f9657aa> CPUs found: 8 worker threads: 8 UDP listeners per interface: 8 number of zones: 103 成功+1 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running 測試正向解析及反向解析 ~]# dig -t A www.iecentury.com ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A www.iecentury.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45698 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.iecentury.com. IN A ;; ANSWER SECTION: www.iecentury.com. 3600 IN A 172.16.100.67 ;; AUTHORITY SECTION: iecentury.com. 3600 IN NS ns1.iecentury.com. ;; ADDITIONAL SECTION: ns1.iecentury.com. 3600 IN A 172.16.100.67 ;; Query time: 21 msec ;; SERVER: 172.16.100.67#53(172.16.100.67) ;; WHEN: 日 11月 04 00:14:56 CST 2018 ;; MSG SIZE rcvd: 96 ~]# dig -x 172.16.100.67 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -x 172.16.100.67 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56457 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;67.100.16.172.in-addr.arpa. IN PTR ;; ANSWER SECTION: 67.100.16.172.in-addr.arpa. 3600 IN PTR ns1.iecentury.com. 67.100.16.172.in-addr.arpa. 3600 IN PTR www.iecentury.com. ;; AUTHORITY SECTION: 100.16.172.in-addr.arpa. 3600 IN NS ns1.iecentury.com. ;; ADDITIONAL SECTION: ns1.iecentury.com. 3600 IN A 172.16.100.67 ;; Query time: 1 msec ;; SERVER: 172.16.100.67#53(172.16.100.67) ;; WHEN: 日 11月 04 00:15:13 CST 2018 ;; MSG SIZE rcvd: 134