DNS解析(双向解析,集群)

版权声明:本文为博主原创文章,遵循 CC 4.0 by-sa 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_36747237/article/details/80382047
DNS域名解析

我们知道互联网都是通过URL来发布和请求资源的,而URL中的域名需要解析成IP地址才能与远程主机建立连接,如何将域名解析成IP地址就属于DNS解析的工作范畴。

DNS域名解析过程

当我们在浏览器中输入www.abc.com时,DNS解析将会有将近10个步骤,这个过程大体大体由一张图可以表示:

这里写图片描述

名词解释

正向解析:从域名到ip地址的解析过程。
反向解析:从ip地址到域名的解析过程。
DNS缓存: DNS服务器在解析客户机的请求时,如果本地没有该DNS的信息,则可以会询问其他DNS服务器,当其他域名服务器返回查询记过时,该DNS服务器就会将结果记录在本地的缓存中,成为DNS缓存。
区(zone):是DNS名称空间的一个连续部分,其中包一组存储在DNS服务器上的资源记录。
资源记录:DNS服务器的信息数据,按照类进行存储,能够即系客户端的DNS请求
区文件:包含区资源记录的文件,选择DNS服务器为授权服务器,管理该区域。

DNS的解析

一、DNS的正向解析
1.安装DNS服务器软件(bind)
[root@localhost ~]# yum install bind.x86_64 -y
Loaded plugins: langpacks
software                                                 | 4.1 kB     00:00     
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-14.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
 Package       Arch            Version                  Repository         Size
================================================================================
Installing:
 bind          x86_64          32:9.9.4-14.el7          software          1.8 M
Transaction Summary
================================================================================
Install  1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Downloading packages:
bind-9.9.4-14.el7.x86_64.rpm                               | 1.8 MB   00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 32:bind-9.9.4-14.el7.x86_64                                  1/1 
  Verifying  : 32:bind-9.9.4-14.el7.x86_64                                  1/1 
Installed:
  bind.x86_64 32:9.9.4-14.el7                                          
Complete!
2.更改主配置文件
[root@localhost ~]# vim /etc/named.conf 


说明:根区域是互联网中所有域名的开始,使用句点(.)表示,缓存服务器只有能够访问DNS根服务器才能担供正常的域名解析服务。
options {
listen-on port 53 { any; }; 监听端口已经监听的地址
listen-on-v6 port 53 { ::1; };
directory “/var/named”; 区域文件存储目录,即bind服务器的工作目录
dump-file “/var/named/data/cache_dump.db”; 缓存保存
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; 允许本机发起查询 any :允许任何人向你发起查询
allow-query-cache { localhost; }; 允许那些查询有缓存
};
logging {
channel default_debug {
file “data/named.run”; 日志的保存路径
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; }; 匹配客户端的地址 ,改成any
match-destinations { localhost; }; 改成any
recursion yes; 允许递归,如果不递归,那么在找不到匹配的 域名解析是后,就会显示找不到,直接告诉你结果
include “/etc/named.rfc1912.zones”; 此文件主要定义了根区域,localdomain区域,localhost区域,及反向解析区域
};

在缓存域名服务器的named. caching-nameserver.conf文件中加载的named.rfc1912.zones文件对根区域进行了设置.
此文件中的type hint表示此区域类型是根区域;file “named.ca”设置区域文件名称,该文件保存在bind工作目录/var/named/中

  • 查看端口:
[root@localhost ~]# netstat -antlpe | grep named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      25         111456     32071/named         
tcp        0      0 172.25.254.141:53       0.0.0.0:*               LISTEN      25         111451     32071/named         
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      25         111449     32071/named         
tcp6       0      0 ::1:953                 :::*                    LISTEN      25         111457     32071/named         
tcp6       0      0 ::1:53                  :::*                    LISTEN      25         111453     32071/named   
3.更改子配置文件

在dns的子配置文件中添加需要解析的域名,如果在主配置文件中添加会过于繁琐,不利于主配置文件的阅读和查看

[root@localhost ~]# vim /etc/named.rfc1912.zones 

zone “test.com” IN{
type master;
file “testfile.com”;
allow-update{ none };
};

4.编辑域名解析文件
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost testfile.com
[root@localhost named]# vim testfile.com 

$TTL 1D @ IN SOA dns.test.com root.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.test.com.
dns A 172.25.7.8
www A 5.2.0.8

5.指定DNS服务器
[root@localhost named]# echo "nameserver 172.25.254.141" >> /etc/resolv.conf 
检验成果:
[root@localhost named]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6615
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A
;; ANSWER SECTION:
www.test.com.       86400   IN  A   5.2.0.8
;; AUTHORITY SECTION:
test.com.       86400   IN  NS  dns.test.com.
;; ADDITIONAL SECTION:
dns.test.com.       86400   IN  A   172.25.7.8
;; Query time: 0 msec
;; SERVER: 172.25.254.141#53(172.25.254.141)
;; WHEN: Wed May 23 03:30:41 EDT 2018
;; MSG SIZE  rcvd: 91
二、DNS反向解析
1.编辑主配置文件
[root@localhost ~]# vim /etc/named.conf 
2.在子配置文件中添加解析域
[root@localhost named]# vim /etc/named.rfc1912.zones 

zone “254.25.172.in-addr.arpa” IN {
type master;
file “test.com.ptr”;
allow-update{ none; };
};

3.更改域名解析文件
[root@localhost named]# cp -p named.localhost test.com.ptr
[root@localhost named]# vim test.com.ptr 

$TTL 1D
@ IN SOA dns.test.com. root.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.test.com.
dns A 172.25.254.141
250 PTR www.test.com

4.重启named服务并测试
[root@localhost named]# systemctl restart named
[root@localhost named]# dig -x 172.25.254.141
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.141
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61540
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;141.254.25.172.in-addr.arpa.   IN  PTR
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 10800  IN  SOA dns.test.com. root.test.com. 0 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.25.254.141#53(172.25.254.141)
;; WHEN: Wed May 23 04:52:51 EDT 2018
;; MSG SIZE  rcvd: 109

三、DNS双向解析

目标:实现内网主机和外网主机访问同一网站域名,定义到不同服务器

1.更改主配置文件
[root@localhost named]# vim /etc/named.conf

56 view indns{
57 match-clients{ 172.25.254.79; };
58 zone “.” IN {
59 type hint;
60 file “named.ca”;
61 };
62
63
64 include “/etc/named.rfc1912.zones”;
65 include “/etc/named.root.key”;
66 };
67 view outdns{
68 match-clients{ any;};
69 zone “.” IN {
70 type hint;
71 file “named.ca”;
72 };
73 include “/etc/named.rfc1912.zones.out”;
74 include “/etc/named.root.key”;
76 };

2.编辑DNS子配置文件
[root@localhost named]# cp -p named.localhost testfile.com.out
[root@localhost named]# vim testfile.com.out

$TTL 1D
@ IN SOA dns.test.com root.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.test.com.
dns A 1.2.6.8
www A 30.60.90.255

3.编辑域名文件
[root@localhost named]# cp -p /etc/named.rfc1912.zones 
[root@localhost named]# vim /etc/named.rfc1912.zones.out 

/etc/named.rfc1912.zones.out
zone “test.com” IN{
type master;
file “testfile.com.out”;
allow-update{ none; };
};

4.开启dns服务并进行检测
[root@localhost named]# systemctl start named
[root@localhost named]# systemctl stop firewalld
DNS服务器:
[root@localhost named]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39949
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A
;; ANSWER SECTION:
www.test.com.       86400   IN  A   30.60.90.255
;; AUTHORITY SECTION:
test.com.       86400   IN  NS  dns.test.com.
;; ADDITIONAL SECTION:
dns.test.com.       86400   IN  A   1.2.6.8
;; Query time: 0 msec
;; SERVER: 172.25.254.141#53(172.25.254.141)
;; WHEN: Wed May 23 07:34:47 EDT 2018
;; MSG SIZE  rcvd: 91

客户端:

[root@foundation79 ~]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31642
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A
;; Query time: 14 msec
;; SERVER: 172.25.254.141#53(172.25.254.141)
;; WHEN: Wed May 23 18:13:12 CST 2018
;; MSG SIZE  rcvd: 41

四、主从DNS配置(集群)

辅助dns可以缓解主dns的压力,当外网主机访问主dns所维护的域名时,都可以看到域名针对外网解析的ip。

主DNS配置:
1.主配置文件
[root@localhost named]# vim /etc/named.conf 

11 listen-on port 53 { any; };

17 allow-query { any; };

2.子配置文件的更新
[root@localhost named]# vim /etc/named.rfc1912.zones.out

zone “test.com” IN{
type master;
file “testfile.com.out”;
allow-update{ none; };
also-notify {172.25.254.79; };
};

3.传输域名解析文件
[root@localhost named]# scp -p testfile.com.out root@172.25.254.79:/var/named/
testfile.com.out                                    100%  210     0.2KB/s   00:00    
从DNS服务器的部署:
1.安装并开启DNS
[root@foundation79 ~]# yum install bind.x86_64 -y
 10 options {
 11         listen-on port 53 { any; };
 12         listen-on-v6 port 53 { ::1; };
 13         directory       "/var/named";
 14         dump-file       "/var/named/data/cache_dump.db";
 15         statistics-file "/var/named/data/named_stats.txt";
 16         memstatistics-file "/var/named/data/named_mem_stats.txt";
 17         allow-query     { any; };
 [root@foundation79 named]# systemctl start named
 [root@foundation79 named]# systemctl stop firewalld

防火墙注意关闭。

2.主配置文件:
[root@foundation79 named]# vim /etc/named.conf 

11 listen-on port 53 { any; };

17 allow-query { any; };

3.子配置文件:
[root@foundation79 named]# vim /etc/named.rfc1912.zones 

zone “test.com” IN {
type slave;
masters { 172.25.254.141; };
file “slave:s/testfile.com.out”;
allow-update {none;};
};

4.指定DNS服务器
[root@foundation79 named]# echo "nameserver 172.25.254.141" >> /etc/resolv.conf 
检验结果:

客户机:

[root@localhost named]# dig www.test.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48749
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       86400   IN  A   30.60.90.255
;; AUTHORITY SECTION:
test.com.       86400   IN  NS  dns.test.com.
;; ADDITIONAL SECTION:
dns.test.com.       86400   IN  A   1.2.6.8
;; Query time: 0 msec
;; SERVER: 172.25.254.141#53(172.25.254.141)
;; WHEN: Wed May 23 08:54:01 EDT 2018
;; MSG SIZE  rcvd: 91
启动虚拟机检验主DNS:
[root@localhost ~]# echo "nameserver 172.25.254.79" >> /etc/resolv.conf 
[root@localhost ~]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36063
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A
;; ANSWER SECTION:
www.test.com.       86400   IN  A   30.60.90.255
;; AUTHORITY SECTION:
test.com.       86400   IN  NS  dns.test.com.
;; ADDITIONAL SECTION:
dns.test.com.       86400   IN  A   1.2.6.8
;; Query time: 1 msec
;; SERVER: 172.25.254.141#53(172.25.254.141)
;; WHEN: Wed May 23 09:03:46 EDT 2018
;; MSG SIZE  rcvd: 91
展开阅读全文

没有更多推荐了,返回首页