目录
一.DNS域名系统
1.DNS系统的作用
正向解析:根据域名查找对应的IP地址
反向解析:根据IP地址查找对应的域名
DNS系统的分布式数据结构
2.DNS系统类型
(1)主域名服务器
负责维护一个区域的所有域名信息,是特定的所有信息的权威信息源,数据可以修改。构建主域名服务器时,需要自行建立所负责区域的地址数据文件
具有唯一性
(2)从域名服务器
当主域名服务器出现故障,关闭或负载过重时,从域名服务器作为备份服务提供域名解析服务。从域名服务器提供域名解析服务。从域名服务器提供的解析结果不是由自己决定的,而是来自主域名服务器。构建从域名服务器时,需要指定主域名服务器的位置,以便服务器能自动同步区域的地址数据库。
3.DNS查询类型
递归查询
客户机和DNS服务器之间属于递归查询。
查询的源和目标保持不变,为了查询结果只需要发起一次查询。
迭代查询
查询的源不变,但查询的目标不断变化,为查询结果一般需要发起多次查询。
4.DNS的域名结构
DNS系统的结构为分布式数据结构
-
根域:位于树状结构的最顶层,用“.”表示
-
顶级域:一般代表一种类型的组织机构或国家地区
net(网络供应商),com(工商企业),org(团体组织),edu(教育组织),gov(政府部门),cn(中国国家域名)
-
二级域:用来表明顶级域内的一个特定的组织,国家顶级域下面的二级域名由国家部门统一管理
-
子域:二级域下所创建的各级域统称为子域,各个组织或用户可以自由申请注册自己的域名
-
主机:主机位于域名空间的最下层,就算一台具体的计算机‘
域名与IP地址之间是多对一的关系,一个IP地址不一定只对应一个域名,且一个域名只可以对应一个IP地址
二.构建DNS域名解析服务器
1.正向解析
#systemctl stop firewalld.service //关闭防火墙
#setenforce 0 //关闭selinux
#yum install -y bind bind-utils //安装bind包
#rpm -qc bind //查看bind软件配置文件所在路径
/etc/logrotate.d/named
/etc/named.conf #修改主配置文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones #修改区域配置文件
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost #配置区域数据文件
/var/named/named.loopback
[root@localhost named]# systemctl start named
修改主配置文件
#vim /etc/named.conf
12 options {
13 listen-on port 53 { any; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 recursing-file "/var/named/data/named.recursing";
20 secroots-file "/var/named/data/named.secroots";
21 allow-query { any; };
[root@localhost named]# rndc reload //刷新服务
修改区域配置文件
# vim named.rfc1912.zones
13 zone "oyyy.com" IN {
14 type master;
15 file "oyyy.com.zone";
16 allow-update { none; };
17 };
18 zone "localhost.localdomain" IN {
19 type master;
20 file "named.localhost";
21 allow-update { none; };
22 };
[root@localhost named]# rndc reload //刷新服务
修改区域配置文件,添加正向区域配置
[root@localhost etc]# cd /var/named/
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp named.localhost oyyy.com.zone
[root@localhost named]# ls
data named.ca named.localhost oyyy.com.zone
dynamic named.empty named.loopback slaves
[root@localhost named]# vim oyyy.com.zone
1 $TTL 1D
2 @ IN SOA master.oyyy.com. admin.oyyy.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS master.oyyy.com.
9 master A 192.168.68.30
10 www A 192.168.68.40
11 MX 10 mail.oyyy.com.
12 mail A 192.168.68.50
13 ftp CNAME www
14 * A 192.168.68.40
15 @ A 192.168.68.40
[root@localhost named]# rndc reload //刷新服务
正向文件配置的验证
host www.oyyy.com
nslookup www.oyyy.com
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost named]# vim oyyy.com.zone
2.反向解析
修改区域配置文件
# vim named.rfc1912.zones
42 zone "0.in-addr.arpa" IN {
43 type master;
44 file "named.empty";
45 allow-update { none; };
46 };
47
48 zone "68.168.192.in-addr.arpa" IN {
49 type master;
50 file "oyyy1.com.zone";
51 allow-update { none; };
[root@localhost named]# rndc reload //刷新服务
修改区域配置文件,添加反向区域配置
[root@localhost named]# cp -p oyyy.com.zone oyyy1.com.zone
[root@localhost named]# chmod 640 oyyy1.com.zone ;chgrp named oyyy1.com.zone
[root@localhost named]# vim oyyy1.com.zone
1 $TTL 1D
2 @ IN SOA master.oyyy1.com. admin.oyyy1.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS master.oyyy1.com.
9 master A 192.168.68.30
10 100 IN PTR www.oyyy1.com.
11 99 IN PTR ftp.oyyy1.com.
[root@localhost named]# rndc reload //刷新服务
反向文件配置的验证
[root@localhost named]# host 192.168.68.100
100.68.168.192.in-addr.arpa domain name pointer www.oyyy1.com.
[root@localhost named]# host 192.168.68.99
99.68.168.192.in-addr.arpa domain name pointer ftp.oyyy1.com.
[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost named]# vim oyyy1.com.zone
3.主从复制
主服务器配置
#systemctl stop firewalld.service //关闭防火墙
#setenforce 0 //关闭selinux
#yum install -y bind //安装bind包
#rpm -qc bind //查看bind软件配置文件所在路径
/etc/logrotate.d/named
/etc/named.conf #修改主配置文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones #修改区域配置文件
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost #配置区域数据文件
/var/named/named.loopback
修改主配置文件
[root@localhost ~]# vim /etc/named.conf
12 options {
13 listen-on port 53 { any; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 recursing-file "/var/named/data/named.recursing";
20 secroots-file "/var/named/data/named.secroots";
21 allow-query { any; };
修改区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
12 zone "oyyy.com" IN {
13 type master;
14 file "oyyy.com.zone";
15 allow-update { none; };
16 };
修改区域数据文件
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost oyyy.com.zone
[root@localhost named]# vim oyyy.com.zone
1 $TTL 1D
2 @ IN SOA master admin.oyyy.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS master
9 master A 192.168.68.30
10 www A 192.168.68.33
[root@localhost named]# systemctl restart named
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost named]# vim oyyy.com.zone
从服务器配置
#systemctl stop firewalld.service //关闭防火墙
#setenforce 0 //关闭selinux
#yum install -y bind //安装bind包
#rpm -qc bind //查看bind软件配置文件所在路径
/etc/logrotate.d/named
/etc/named.conf #修改主配置文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones #修改区域配置文件
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost #配置区域数据文件
/var/named/named.loopback
修改主配置文件
[root@localhost ~]# vim /etc/named.conf
12 options {
13 // listen-on port 53 { any; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 recursing-file "/var/named/data/named.recursing";
20 secroots-file "/var/named/data/named.secroots";
21 // allow-query { any; };
修改区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
12 zone "oyyy.com" IN {
13 type slave;
14 file "slaves/oyyy.com.zone";
15 masters { 192.168.68.30; };
16 };
[root@hostname ~]# systemctl start named
[root@hostname ~]# host www.oyyy.com
www.oyyy.com is an alias for 21717.bodis.com.
21717.bodis.com has address 199.59.242.153
[root@hostname ~]# dig www.oyyy.com @192.168.68.30
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> www.oyyy.com @192.168.68.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47727
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.oyyy.com. IN A
;; ANSWER SECTION:
www.oyyy.com. 86400 IN A 192.168.68.33
;; AUTHORITY SECTION:
oyyy.com. 86400 IN NS master.oyyy.com.
;; ADDITIONAL SECTION:
master.oyyy.com. 86400 IN A 192.168.68.30
;; Query time: 0 msec
;; SERVER: 192.168.68.30#53(192.168.68.30)
;; WHEN: 三 9月 29 23:13:34 CST 2021
;; MSG SIZE rcvd: 94
[root@hostname ~]# vim /etc/named.conf
[root@hostname ~]# vim /etc/named.rfc1912.zones
4.分离解析
xshell
#systemctl stop firewalld.service //关闭防火墙
#setenforce 0 //关闭selinux
#yum install -y bind //安装bind包
#rpm -qc bind //查看bind软件配置文件所在路径
/etc/logrotate.d/named
/etc/named.conf #修改主配置文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones #修改区域配置文件
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost #配置区域数据文件
/var/named/named.loopback
centos
[root@localhost ~] # vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost network-scripts]# vim ifcfg-ens37
windows 10
win+R键进入cmd
windows 7
xshell或者centos
[root@localhost ~]# vim /etc/named.conf
12 options {
13 // listen-on port 53 { 127.0.0.1; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 recursing-file "/var/named/data/named.recursing";
20 secroots-file "/var/named/data/named.secroots";
21 // allow-query { localhost; };
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# vim /etc/named.rfc1912.zones
12 view "lan" {
13 match-clients { 192.168.68.0/24; };
14 zone "oyyy.com" IN {
15 type master;
16 file "oyyy.com.lan";
17 };
18 zone "." IN {
19 type hint;
20 file "named.ca";
21 };
22
23 };
24 view "wan" {
25 match-clients { 12.0.0.0/24; };
26 zone "oyyy.com" IN {
27 type master;
28 file "oyyy.com.wan";
29 };
30 zone "." IN {
31 type hint;
32 file "named.ca";
33 };
34
35 };
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost oyyy.com.lan
[root@localhost named]# ls
data named.ca named.localhost oyyy.com.lan
dynamic named.empty named.loopback slaves
[root@localhost named]# vim oyyy.com.lan
1 $TTL 1D
2 @ IN SOA master admin.oyyy.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS master
9 master A 192.168.68.1
10 www A 192.168.68.10
[root@localhost named]# cp -p oyyy.com.lan oyyy.com.wan
[root@localhost named]# vim oyyy.com.wan
1 $TTL 1D
2 @ IN SOA master admin.oyyy.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS master
9 master A 12.0.0.1
10 www A 12.0.0.1
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost named]# vim oyyy.com.lan
[root@localhost named]# vim oyyy.com.wan
测试结果
windows 10
windows 7