dns配置基础
类型 | 值 |
---|
软件包 | bind, bind-libs, bind-utils |
配置重载 | rndc reload /systemctl reload named |
配置语法检测 | named-checkconf, named-checkzone my.com /var/named/my.com.zone |
具体配置详情 | /etc/named.conf -->/etc/named.rfc1912.zones: 定义某域名 -->此域的解析库文件 |
指定dns服务器的方法 | 特点 |
---|
编辑 /etc/resolv.conf: nameserver | 重启无效 |
编辑网卡配置文件: /etc/sysconfig/network-scripts/ifcfg-enxx: DNS1 | 重启有效 |
1, dns正向解析
- /etc/named.conf --> /etc/named.rfc1912.zones
- 域zone “my.com” --> /var/named/my.com.zone
- A资源解析:www IN A 192.168.56.104
a, 配置详情
[root@c7 ~]
// 反向解析
zone "56.168.192.in-addr.arpa" IN {
type master;
file "56.168.192.zone";
};
// 正向解析
zone "my.com" IN {
type master;
file "my.com.zone";
};
[root@c7 named]
;;; ======资源记录类型(resource record): ======
;;; SOA :start of authority
;;; NS :name server (域名解析服务器,可有多个,1主多从)
;;; A :ipv4 Address
;;; AAAA:ipv6 Address
;;; CNAME: cononical name 别名
;;; PTR: pointer ip地址
;;; =======MX: mail exechange (优先级:0-99: 越小->level越高) ==============
; 注释: TTL: time to live(缓存时长)
$TTL 1D
;注释:非.结尾的资源记录后面自动补上 zone的名称
; $REGION my.com.
; @: 当前域的名称
@ IN SOA ns1.my.com. myemail.com. (
20191228; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.56.104
mx1 IN A 192.168.56.105
mx2 IN A 192.168.56.106
www IN A 192.168.56.104
web IN CNAME www
[root@c7 named]
data dynamic my.com.zone named.ca named.empty named.localhost named.loopback slaves
[root@c7 named]
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
b, 测试dns服务: dig, host
[root@c7 ~]
[root@c7 ~]
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
....
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
[root@c7 named]
options {
//listen-on port 53 { 127.0.0.1; };
listen-on port 53 { 192.168.56.104; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
[root@c7 ~]
nameserver 192.168.56.104
[root@c7 ~]
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 61.135.169.121
www.a.shifen.com has address 61.135.169.125
[root@c7 ~]
[root@c7 ~]
[root@c7 ~]
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> +trace www.baidu.com
;; global options: +cmd
. 517408 IN NS f.root-servers.net.
. 517408 IN NS k.root-servers.net.
. 517408 IN NS j.root-servers.net.
. 517408 IN NS l.root-servers.net.
. 517408 IN NS a.root-servers.net.
. 517408 IN NS h.root-servers.net.
. 517408 IN NS g.root-servers.net.
. 517408 IN NS i.root-servers.net.
. 517408 IN NS d.root-servers.net.
. 517408 IN NS e.root-servers.net.
. 517408 IN NS m.root-servers.net.
. 517408 IN NS b.root-servers.net.
. 517408 IN NS c.root-servers.net.
. 517408 IN RRSIG NS 8 0 518400 20200111050000 20191229040000 22545 . Pn5ohIfzeV0JxULOspkQ6tYYMfnWQN6GAWJauIqJ1/LuEyR4NENFurB0 IwiNm62I4axzWEpVD0zIuBaw2z7URs3AwDv2YBSFKmRQFVyUv7Bqj9s2 A7xXlqjuAuoNw+YAG72S78Mf1L2fjChvDFZZjTwLDeMnW1wogOppAJEw oaNUqGxFiKJ//i1fQp/NZO48DO9it2vv0zPaTNrUhCsuKqhx5T2u8yDB EvN85+p2dI/R7g9xrJyniKEj/fMyKTbdOc2IHTPK5pP9JDMkiubRRAAU d11xFyKtzhy2Esfa70Kej0enqj6c7NJfRdqpKIT/jOLBdB9XX859U2IU Xlmdlg==
;; Received 1097 bytes from 192.168.56.104
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20200111050000 20191229040000 22545 . YT51a7sayHoEdZByf40buEQfUYzapxyvAwfPV12AwfWRh4crg9jIVcY6 V79GO4Yb+ezclS4ZTvT+WZ9yLdwuWnzAGVTD0fd9RLvK03nk45ZK42LP MNSHwwUOjv338vqcubwqNOyjxpEukQF3TPXgKAV/ltpGzQYmnDofCd+S uLAssjpag59wPWruFItrIvE6qD7xaDXv+oVsO/bTp7pVb7NOi+KOCpMI D8aP4xm+624JWxLZ59YXOLOy3q1YVfLiVCe4ghtJS4/6BIuRhQ3CAOmj w4QfJVrTDnyn/RY3z41BnRT8K6CkUyuDc5Nc4NlU5KX3HxdiphW1w6JM oWNrPQ==
;; Received 1173 bytes from 199.9.14.201
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns1.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200102054825 20191226043825 12163 com. J8V3FpilA7JdIt7GBym3CCORYjgGlHAazZlLNBiJ0bFa92n4PrX0hPYo oUHtAA4lEaw9eSJjOIVXhnKq9AR7EgQFfMxcT8OvbBVJ4eErF1vBjd1B x4EkZM2IHIVPPv8XlziufAhiSVMnYHcZnuO8BpDaXrasvlW3U9vv/VQU dCs79XwjQR/XkFvJKvldj2EZd3FXLlRDdnwESxhlpLZmIg==
HPVUNU64MJQUM37BM3VJ6O2UBJCHOS00.com. 86400 IN NSEC3 1 1 0 - HPVVN3Q5E5GOQP2QFE2LEM4SVB9C0SJ6 NS DS RRSIG
HPVUNU64MJQUM37BM3VJ6O2UBJCHOS00.com. 86400 IN RRSIG NSEC3 8 2 86400 20200105052237 20191229041237 12163 com. amqguR13x/lQ0oKwxGN1KzHI+NqPG2IWHrwDuQPaQ7FjhhkTA5Qs0Hta LTHvnbplZsvTNp+LR1JVM0u2oz540IBv+MOvoi8Z1LH9bDENe3Orpzfm O7iIDS5KdbLkUnet2O1ZtlnfhAhu9ncjWdUC9cfSmNC1vxtHREt7QKRC 60bFhyECdVu7dpJFZ3Jwa/kLgLNq1Ts92jqt/IAAJ4SQoQ==
;; Received 761 bytes from 192.26.92.30
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
;; Received 239 bytes from 220.181.33.31
c, 测试dns服务: nslookup
[root@c7 ~]
> server 192.168.56.104
Default server: 192.168.56.104
Address: 192.168.56.104
> set q=A
> www.sohu.com
Server: 192.168.56.104
Address: 192.168.56.104
Non-authoritative answer:
www.sohu.com canonical name = gs.a.sohu.com.
gs.a.sohu.com canonical name = fdxtjxq.a.sohu.com.
Name: fdxtjxq.a.sohu.com
Address: 118.244.253.70
Name: fdxtjxq.a.sohu.com
Address: 118.244.253.69
Name: fdxtjxq.a.sohu.com
Address: 118.244.253.68
> exit
[root@c7 named]
[root@c7 named]
[root@c7 named]
[root@c7 named]
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t A www.my.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19082
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.my.com. IN A
;; ANSWER SECTION:
www.my.com. 86400 IN A 192.168.56.104
;; AUTHORITY SECTION:
my.com. 86400 IN NS ns1.my.com.
;; ADDITIONAL SECTION:
ns1.my.com. 86400 IN A 192.168.56.104
;; Query time: 0 msec
;; SERVER: 192.168.56.104
;; WHEN: 日 12月 29 18:16:21 CST 2019
;; MSG SIZE rcvd: 89
2, dns反向解析
- /etc/named.conf --> /etc/named.rfc1912.zones
- 域zone “56.168.192.in-addr.arpa” --> /var/named/56.168.192.zone
- apr资源解析:104 IN PTR ns1.my.com.
[root@c7 named]
// 正向解析
zone "my.com" IN {
type master;
file "my.com.zone";
};
// 反向解析
zone "56.168.192.in-addr.arpa" IN {
type master;
file "56.168.192.zone";
};
[root@c7 named]
$TTL 1D
$ORIGIN 56.168.192.in-addr.arpa.
@ IN SOA ns1.my.com nsadmin.my.com. (
20191228; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.my.com.
104 IN PTR ns1.my.com.
104 IN PTR web.my.com.
104 IN PTR www.my.com.
105 IN PTR mx1.my.com.
106 IN PTR mx2.my.com.
[root@c7 named]
[root@c7 named]
[root@c7 named]
[root@c7 named]
zone 56.168.192.in-addr.arpa/IN: loaded serial 20191228
OK
[root@c7 named]
server reload successful
[root@c7 named]
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -x 192.168.56.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13834
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.56.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
104.56.168.192.in-addr.arpa. 86400 IN PTR web.my.com.
104.56.168.192.in-addr.arpa. 86400 IN PTR ns1.my.com.
104.56.168.192.in-addr.arpa. 86400 IN PTR www.my.com.
;; AUTHORITY SECTION:
56.168.192.in-addr.arpa. 86400 IN NS ns1.my.com.
;; ADDITIONAL SECTION:
ns1.my.com. 86400 IN A 192.168.56.104
;; Query time: 0 msec
;; SERVER: 192.168.56.104
;; WHEN: 日 12月 29 19:57:23 CST 2019
;; MSG SIZE rcvd: 146