dns服务器可以划分4种:
-
1,缓存域名服务器 (帮你去找域名解析,本身并不能解析)
-
2,主域名解析服务器
也就是他自己维护一个域名的解析记录本(主机名:baidu.com) -
3,从域名解析服务器
-
4,智能解析服务器(cdn),不同的地方,返回不同的结果
记录本
分为俩种
- 1,正向解析记录
(1)A记录
(2)Cname (别名解析):多个域名同一个ip地址解析
域名======>IP
- 2,反向解析记录
PTR反向解析
反向追踪ip地址的,看ip地址是否合法的
IP=========>域名
DNS的俩种查询方式
1,递归查询
2,递归查询
缓存域名服务器的配置
[root@localhost ~]# yum install -y bind bind-chroot #安装关于dns的关系包
[root@localhost ~]# rpm -qa | grep bind #然后看看都那些包
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
[root@localhost ~]# vim /etc/named.conf #配置文件的绝对路径
options {
listen-on port 53 { 192.168.182.134; }; #监听的ip地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #允许连接我的范围
forwarders { 202.106.0.20; }; #指定是去那台域名解析服务器拿 (这个是自己加的)
recursion yes; 是否迭代查询
dnssec-enable yes;
dnssec-validation no; #把yes改成no就能ping通好像百度是加密的
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#检测语法
[root@localhost ~]# named-checkconf /etc/named.conf
[root@localhost ~]#
[root@localhost ~]# /etc/init.d/named start #启动服务
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@localhost ~]#
#打开客户端
[root@localhost named]# vim /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain
nameserver 192.168.182.134
[root@localhost ~]# ping www.baidu.com
PING www.baidu.com (61.135.169.125) 56(84) bytes of data.
64 bytes from 61.135.169.125: icmp_seq=1 ttl=128 time=1922 ms
主域名服务器
options {
listen-on port 53 { 192.168.182.135; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
farwarders { 202.106.0.20; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "yunjisuan.com" IN { #添加一个zone区域 这是一个正向解析
type master; #类型为主 如果是从的话那就"slave"
file "yunjisuan.com.zone"; #记录本的路径
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@localhost named]# cd /var/named/ #进入named日志目录下
[root@localhost named]# cp -p named.empty yunjisuan.com.zone #复制正向解析记录本叫yunjisuan.com.zone
$TTL 3H #生存时间
@ IN SOA @ yunjisuan.com.root.ns1.yunjisuan.com. ( #@后面是解析的域名以.为结尾后面的是管理的邮箱,ns1:是你当前主机名后面
20181205 ; serial #日期:从和主的日期必须一样,否则就得更新记录本,一样的话就不更新记录本,主是被动的
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.yunjisuan.com. #位置
ns1 A 192.168.182.12
www A 192.168.182.13
news A 192.168.182.14
bbs CNAME news #别名 着俩个域名都能访问192.168.182.14
* A 192.168.182.20 #上面都没有就去到了192.168.182.20
[root@localhost named]# named-checkzone yunjisuan.com yunjisuan.com.zone #检查域名解析记录本是否正确
zone yunjisuan.com/IN: loaded serial 20181205
OK
[root@localhost named]# /etc/init.d/named restart #启动服务
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@localhost named]#
#反向解析记录本
[root@localhost named]# cp -p named.empty 192.168.182.arpa
[root@localhost named]# vim 192.168.182.arpa
$TTL 3H
@ IN SOA @ yunjisuan.com.root.ns1.yunjisuan.com. (
20181206 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.yunjisuan.com.
108 PTR ns1.yunjisuan.com.
13 PTR www.yunjisuan.com.
14 PTR news.yunjisuan.com.
14 PTR bbs.yunjisuan.com.
[root@localhost named]# named-checkzone named.empty 192.168.182.arpa #检测脚本是否有错误
zone named.empty/IN: loaded serial 20181206
OK
############重启服务
#客户端测试
#解析域名
[root@localhost etc]# nslookup www.yunjisuan.com
Server: 192.168.182.135
Address: 192.168.182.135#53
Name: www.yunjisuan.com
Address: 192.168.182.13
[root@localhost etc]# nslookup ns1.yunjisuan.com
Server: 192.168.182.135
Address: 192.168.182.135#53
Name: ns1.yunjisuan.com
Address: 192.168.182.135
[root@localhost etc]# nslookup bbs.yunjisuan.com
Server: 192.168.182.135
Address: 192.168.182.135#53
bbs.yunjisuan.com canonical name = news.yunjisuan.com.
Name: news.yunjisuan.com
Address: 192.168.182.14
[root@localhost etc]# nslookup new.yunjisuan.com
Server: 192.168.182.135
Address: 192.168.182.135#53
Name: new.yunjisuan.com
Address: 192.168.182.20
[root@localhost etc]# nslookup new.yunjisuan.com
#解析ip
[root@localhost etc]# nslookup 192.168.182.135
Server: 192.168.182.135
Address: 192.168.182.135#53
** server can't find 135.182.168.192.in-addr.arpa.: NXDOMAIN
[root@localhost etc]# nslookup 192.168.182.13
Server: 192.168.182.135
Address: 192.168.182.135#53
13.182.168.192.in-addr.arpa name = www.yunjisuan.com.
[root@localhost etc]# nslookup 192.168.182.14
Server: 192.168.182.135
Address: 192.168.182.135#53
14.182.168.192.in-addr.arpa name = news.yunjisuan.com.
14.182.168.192.in-addr.arpa name = bbs.yunjisuan.com.
[root@localhost etc]#
扫一扫
3653
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
