一,基于rhel的dns正向解析
服务端
1,安装bind软件,启动软件,查看bind配置文件
[root@dns-server named]# yum install bind.x86_64 -y
[root@dns-server named]# systemctl start named
[root@dns-server named]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf <<<主配置文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
2,编辑主配置文件
[root@dns-server named]# vim /etc/named.conf
options {
listen-on port 53 { any; }; <<<<<允许所有人监听53端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; <<<<<允许所有人使用dns
dnssec-validation no; <<<<<不进行安全认证
3,编辑zone文件
[root@dns-server named]# vim /etc/named.rfc1912.zones <<<<这个文件是包含在主配置文件named.conf的最后几行
y5y,p复制模板 修改为下面
zone "westos.com" IN { <<<指定要维护的域
type master;
file "westos.com.zone"; <<<指定A记录文件
allow-update { none; };
};
4,复制模板,编辑A记录文件
[root@dns-server named]# cp -p named.localhost westos.com.zone <<<<<-p复制权限
[root@dns-server named]# ll
total 20
drwxrwx---. 2 named named 22 May 20 10:07 data
drwxrwx---. 2 named named 58 May 21 08:05 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 May 21 08:29 named.localhost <<<模板
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
-rw-r----- 1 root named 152 May 21 08:29 westos.com.zone <<<<A记录文件
[root@dns-server named]# vim westos.com.zone <<<<<修改模板文件为A记录文件
$TTL 1D
@ IN SOA dns.westos.com. zm.westso.com. ( <<<<dns.westos.com.是dns服务器主机名 注意 .
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com. <<<<注意点 .
dns A 172.25.254.100 <<<<指定dns主机的ip
www A 172.25.254.101 <<<<要添加的A记录
hehe A 172.25.254.201 <<<<要填加的A记录
客户端
1,编辑nameserver
[root@dns-server named]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.25.254.100 <<<服务端ip,这个一定要改
2,测试
[root@localhost ~]# dig hehe.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hehe.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4465
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION: <<<显示你要查询的域名
;hehe.westos.com. IN A
;; ANSWER SECTION: <<<答案,显示查询到的域名对应的IP
hehe.westos.com. 86400 IN A 172.25.254.201
;; AUTHORITY SECTION: <<<显示的是直接提供这个域名解析的DNS服务器,不包括更高级DNS服务器
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION: <<<显示的是这些直接提供解析的服务器的IP地址
dns.westos.com. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Mon May 21 08:49:57 EDT 2018
;; MSG SIZE rcvd: 94
注意:
86400是指ttl(time to live ,暂存时间),表示这次请求会在服务器上保存多久时间(单位:秒)
A指的是Address,即IP地址
IN是固定关键词
NS指的是服务器主机名,在AUTHORITY SECTION里面的服务器主机名,都会在ADDITIONAL SECTION里给出该主机的IP地址
CNAME是别名,意思是这个域名还有另外一个名字,两者指向同一个IP
例如:
当我们把服务端A记录文件改为
$TTL 1D
@ IN SOA dns.westos.com. zm.westso.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.100
www A 172.25.254.101
hehe A 172.25.254.201
lalala CNAME node1.westos.com. <<<添加CNAME
node1 A 172.25.254.111
node1 A 172.25.254.222
那么dig出来的就是
注意:这个就是dns的轮询机制.
[root@localhost ~]# dig lalala.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> lalala.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63222
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lalala.westos.com. IN A
;; ANSWER SECTION:
lalala.westos.com. 86400 IN CNAME node1.westos.com. <<<<别名
node1.westos.com. 86400 IN A 172.25.254.222 <<<<这两个ip出现的顺序不一样,有时候111在上,有时候222在上
node1.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Mon May 21 08:59:39 EDT 2018
;; MSG SIZE rcvd: 132
二,基于rhel的dns反向解析
服务端
1,安装bind软件,启动软件,查看bind配置文件
[root@dns-server named]# yum install bind.x86_64 -y
[root@dns-server named]# systemctl start named
[root@dns-server named]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf <<<主配置文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
2,编辑主配置文件
[root@dns-server named]# vim /etc/named.conf
options {
listen-on port 53 { any; }; <<<<<允许所有人监听53端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; <<<<<允许所有人使用dns
dnssec-validation no; <<<<<不进行安全认证
3,编辑zone文件
[root@dns-server named]# vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN { <<<<反向解析要反着写,指定网络位
type master;
file "westos.com.ptr"; <<<<指定反向解析文件
allow-update { none; };
};
4,复制模板,编辑反向解析文件
[root@dns-server named]# cp -p named.loopback westos.com.ptr
[root@dns-server named]# vim westos.com.ptr <<<<修改模板为反向解析文件
$TTL 1D
@ IN SOA dns.westos.com. zm.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.100 <<<<指定dns主机的ip
001 PTR www.westos.com. <<<<添加PTR
002 PTR hello.westos.com. <<<<添加PTR
5,重启服务
[root@dns-server named]# systemctl restart named
客户端
1,编辑nameserver
[root@dns-server named]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.25.254.100 <<<服务端ip,这个一定要改
2,测试
[root@localhost ~]# dig -x 172.25.254.002
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.002
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46325
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;002.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
002.254.25.172.in-addr.arpa. 86400 IN PTR hello.westos.com. <<<这与我们在反向解析文件里面添加的一致
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Mon May 21 11:29:11 EDT 2018
;; MSG SIZE rcvd: 120