[@more@]Normal07.8 磅02falsefalsefalseMicrosoftInternetExplorer4
DNS(Domain Name System)
一、DNS 查询方式
1. 递归查询
2. 迭代查询
递归查询和迭代查询差别:
递归:客户端与各个服务端进行了多次交互
常用DNS软件:bind9版本
二、主从(基于IP)
1.254为主服务器
1.3为从服务器
在主服务器上:
[root@up_server ~]# cat /etc/named.caching-nameserver.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@up_server ~]# cat /etc/named.rfc1912.zones
zone "sina.com" IN {
type master;
file "sina.com.zone";
allow-transfer { 192.168.1.3; };
};
[root@up_server ~]# cat /var/named/chroot/var/named/sina.com.zone
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns
ns IN A 192.168.1.254
www IN CNAME ns
[root@up_server ~]#
在从服务器上:
[root@client02 slaves]# cat /etc/named.caching-nameserver.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@client02 slaves]# cat /etc/named.rfc1912.zones
zone "sina.com" IN {
type slave;
file "slaves/sina.com.zone";
allow-update { none; };
masters { 192.168.1.254; };
};
在从服务器上重启服务,得到结果:
[root@client02 slaves]# pwd
/var/named/chroot/var/named/slaves
[root@client02 slaves]# ll
总计 4
-rw-r--r-- 1 named named 313 07-17 22:08 sina.com.zone
[root@client02 slaves]# cat sina.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
sina.com IN SOA sina.com. root.sina.com. (
42 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.sina.com.
$ORIGIN sina.com.
ns A 192.168.1.254
www CNAME ns
[root@client02 slaves]#
三、主从(基于认证key,事物签名)
在主服务器上:
[root@up_server ~]# dnssec-keygen -a hmac-md5 -b 128 -n HOST abc
Kabc.+157+36140
[root@up_server ~]# ll Kabc.+157+36140.*
-rw------- 1 root root 47 07-17 22:13 Kabc.+157+36140.key
-rw------- 1 root root 81 07-17 22:13 Kabc.+157+36140.private
[root@up_server ~]#
查看以private为“扩展名”的文件内容
[root@up_server ~]# cat Kabc.+157+36140.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 2jZtTYFNW5dd+gjdxKs3ow==
[root@up_server ~]#
找到Key:后面的内容,即2jZtTYFNW5dd+gjdxKs3ow==,是md5加密的key
然后修改zone文件
[root@up_server ~]# cat -n /etc/named.rfc1912.zones
8 // See /usr/share/doc/bind*/sample/ for example named configuration files.
9 //
10
11 key abcKey {
12 algorithm hmac-md5;
13 secret "2jZtTYFNW5dd+gjdxKs3ow==";
14 };
15
16 zone "." IN {
17 type hint;
18 file "named.ca";
19 };
57 zone "sina.com" IN {
58 type master;
59 file "sina.com.zone";
60 allow-transfer { key abckey; };
61 };
62
在从服务器上:
[root@client02 slaves]# cat /etc/named.rfc1912.zones -n
50
51 key abcKey {
52 algorithm hmac-md5;
53 secret "2jZtTYFNW5dd+gjdxKs3ow==";
54 };
55
56 zone "sina.com" IN {
57 type slave;
58 file "slaves/sina.com.zone";
59 allow-update { none; };
60 masters { 192.168.1.254 key abckey; };
61 };
62
最后重启服务,得到结果:
[root@client02 slaves]# pwd
/var/named/chroot/var/named/slaves
[root@client02 slaves]# ls
sina.com.zone
[root@client02 slaves]# cat sina.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
sina.com IN SOA sina.com. root.sina.com. (
42 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.sina.com.
$ORIGIN sina.com.
ns A 192.168.1.254
www CNAME ns
[root@client02 slaves]#
四、转发
1.254作为转发服务器,转发的目标是1.3服务器
在1.254服务器上:
[root@up_server ~]# cat /etc/named.caching-nameserver.conf -n
1 options {
2 listen-on port 53 { any; };
3 directory "/var/named";
4 dump-file "/var/named/data/cache_dump.db";
5 statistics-file "/var/named/data/named_stats.txt";
6 memstatistics-file "/var/named/data/named_mem_stats.txt";
7
8 forward only;
9 Forwarders { 192.168.1.3; };
10 allow-query { any; };
11 };
在1.3服务器上:
多建立一个zone,名为baidu.com,让1.254来访问该域名
[root@client02 named]# cat /etc/named.rfc1912.zones -n
63 zone "baidu.com" IN {
64 type master;
65 file "baidu.com.zone";
66 allow-update { none; };
67 };
重启服务器后,在1.254服务器上:
[root@up_server named]# host www.baidu.com
www.baidu.com is an alias for ns.baidu.com.
ns.baidu.com has address 192.168.1.3
[root@up_server named]#
发现域名正常解析,如果没有做转发,域名是解析不了的,注意这里并不是通过改写/etc/resolve.conf文件来达到解析的目的。
五、泛域名解析
在1.3服务器上做该实验:
[root@client02 named]# tail -n 3 baidu.com.zone
ns IN A 192.168.1.3
www IN CNAME ns
$GENERATE 234-240 stu$ IN A 192.168.1.$
[root@client02 named]#
修改完zone文件后,然后测试结果
[root@client02 named]# host stu235.baidu.com
stu235.baidu.com has address 192.168.1.235
[root@client02 named]# host stu236.baidu.com
stu236.baidu.com has address 192.168.1.236
[root@client02 named]# host stu240.baidu.com
stu240.baidu.com has address 192.168.1.240
[root@client02 named]# host stu241.baidu.com
Host stu241.baidu.com not found: 3(NXDOMAIN)
六、子域授权
在1.254服务器上:
[root@up_server ~]# cat /etc/resolv.conf
nameserver 192.168.1.254
[root@up_server ~]#
[root@up_server named]# cat sina.com.zone
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns
ns IN A 192.168.1.254
www IN CNAME ns
sgy IN NS ns.sgy
ns.sgy IN A 192.168.1.3
[root@up_server named]#
在1.3服务器上:
[root@client02 named]# cat /etc/resolv.conf
nameserver 192.168.1.3
[root@client02 named]#
[root@client02 named]# cat sgy.sina.com.zone
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns
ns IN A 192.168.1.3
www IN A 192.168.1.101
[root@client02 named]# tail -n 6 /etc/named.rfc1912.zones
zone "sgy.sina.com" IN {
type master;
file "sgy.sina.com.zone";
allow-update { none; };
};
[root@client02 named]#
七、多视图(解决南北互通问题)(基于ip)
1.254服务器上做view,利用1.2服务器和1.3服务器来做测试
1.254服务器上:
[root@up_server ~]# tail -n 21 /etc/named.caching-nameserver.conf
view tel {
match-clients { 192.168.1.3; };
match-destinations { any; };
recursion yes;
zone "sina.com" IN {
type master;
file "tel/sina.com.zone";
};
};
view cnc {
match-clients { 192.168.1.2; };
match-destinations { any; };
recursion yes;
zone "sina.com" IN {
type master;
file "cnc/sina.com.zone";
};
};
[root@up_server ~]#
[root@up_server named]# ls -R tel/ cnc/
cnc/:
sina.com.zone
tel/:
sina.com.zone
[root@up_server named]# pwd
/var/named/chroot/var/named
[root@up_server named]# cat tel/sina.com.zone
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns
ns IN A 192.168.1.254
www IN A 192.168.1.111
[root@up_server named]# cat cnc/sina.com.zone
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns
ns IN A 192.168.1.254
www IN A 192.168.222
[root@up_server named]#
验证结果:
1.2客户端上:
[root@client01 ~]# host www.sina.com
www.sina.com has address 192.168.0.222
[root@client01 ~]#
1.3客户端上:
[root@client02 named]# host www.sina.com
www.sina.com has address 192.168.1.111
[root@client02 named]#
八、多视图(基于文件)
1.254服务器上做view,利用1.2服务器和1.3服务器来做测试
1.254服务器上:
[root@up_server ~]# cat -n /etc/named.caching-nameserver.conf | tail -n 27
23
24 include "/tel/tel.cfg";
25 include "/cnc/cnc.cfg";
26
27 view tel {
28 // match-clients { 192.168.1.3; };
29 match-clients { tel; };
30 match-destinations { any; };
31 recursion yes;
32
33 zone "sina.com" IN {
34 type master;
35 file "tel/sina.com.zone";
36 };
37 };
38
39 view cnc {
40 // match-clients { 192.168.1.2; };
41 match-clients { cnc; };
42 match-destinations { any; };
43 recursion yes;
44
45 zone "sina.com" IN {
46 type master;
47 file "cnc/sina.com.zone";
48 };
49 };
[root@up_server ~]#
[root@up_server chroot]# pwd
/var/named/chroot
[root@up_server chroot]# cat tel/tel.cfg
acl tel { 192.168.1.2; };
[root@up_server chroot]# cat cnc/cnc.cfg
acl cnc { 192.168.1.3; };
[root@up_server chroot]#
验证结果:
1.2客户端上:
[root@client01 ~]# host www.sina.com
www.sina.com has address 192.168.1.111
[root@client01 ~]#
1.3客户端上:
[root@client02 named]# host www.sina.com
www.sina.com has address 192.168.0.222
[root@client02 named]#
九、基于多视图的主从
从机上也得搞个对应的视图
include “/etc/dx.cfg”;
include “/etc/wt.cfg”;
view “tel” {
match-clients {tel; 192.168.1.3; !192.168.1.4; };
transfer-source 192.168.1.3;
recursion yes;
zone “uplooking.com” {
type slave ;
masters {192.168.1.254;};
file “tel/uplooking.com.zone”
};
};
view “cnc” {
match-clients { cnc;!192.168.1.3; 192.168.1.4;};
transfer-source 192.168.1.4;
recursion yes;
zone “uplooking.com” {
type slave ;
masters {192.168.1.254;};
file “cnc/uplooking.com.zone”;
};
};
总结:
Forwarders 后面的ip一般是公网的DNS
forward first 先进行本地解析,若本地解析不了,进行转发
forward only 不进行本地解析直接转发
利用转发的好处是可以避免每个用户都修改自己的hosts文件,可以让所有用户都访问转发服务器,来实现集体修改DNS
DNS视图,主要解决南北互通问题
泛域名解析作用:满足个性化域名
在里面多个A记录的作用就是简单的负载均衡,当有一台不可用,还有一半的用户可访问,这就是继续学习集群的原因,解决那些不能因为这个原因不能访问服务器的用户问题,因为没有健康检查,所以要引入nginx的简单负载集群,lvs 等等
Ping host 哪个好?
当然host,因为ping先走host的文件,ping只返回一个ip地址,host可以返回多个
DNS结构,树状结构,以根为中心,向下蔓延
DNS有哪些资源记录 A PTR CNAME NS SOA MX
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/23168012/viewspace-1052654/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/23168012/viewspace-1052654/