一、域名
www.baidu.com = www.baidu.com.
(.)根域 (com)一级域名 (baidu)二级域名
二、DNS解析记录分类
A记录、CNAME、MX记录、NS记录
1、A记录
通过域名直接查询到IP
例如:www.test.com 查询到IP 172.29.30.88
2、CNAME记录
多个域名查询到同一个IP
例如:www.test.com和www.test.cz.com 查询到IP 172.29.30.88
3、NS记录
用户发送请求给bind服务,bind服务不能提供权威的解析,NS返回给用户,用户再发送请求给权威bind的服务器,最后返回IP给用户
4、MX记录
MX记录:针对邮件服务解析,配合A记录进行
三、安装配置BIND服务
1、安装bind
Redhat家族:yum -y install bind bind-chroot
Ubuntu家族:sudo apt-get install bind9
2、查看是否安装成功
rpm -qa | grep bind
3、查看安装的内容
rpm -ql bind | more
4、启动bind服务
/etc/init.d/named start
5、搜索进程是否启动成功
ps -aux | grep named
6、查看主配置文件
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options { # options{} - 整个BIND使用的全局选项
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named"; # 配置数据库的文件,以及主要的配置文件
dump-file "/var/named/data/cache_dump.db"; # DNS解析过的缓存位置
statistics-file "/var/named/data/named_stats.txt"; # 静态解析文件
memstatistics-file "/var/named/data/named_mem_stats.txt"; # 内存统计信息
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; }; #权限控制
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging { # logging{} - 服务日志选项
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { # zone.{} -DNS域解析
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
二、实战场景
1、将named.conf备份
mv /etc/named.conf /etc/named.conf_default
2、重新编写主配置文件named.conf
vi named.conf
options{
directory "/var/named";
};
zone "imooc.com" {
type master; # master类型表示bind服务是主DNS
file "imooc.com.zone"; # 解析记录的文件配置
};
3、在/var/named这个目录下创建imooc.com.zone文件
vi /var/named/imooc.com.zone
$TTL 7200 # 代表DNS失效时间,以秒为单位
mooc.com. IN SOA imooc.com. 289900168.qq.com. (222 1H 15M 1W 1D) #解析的起始记录,以及管理员的邮箱
imooc.com. IN NS dns1.imooc.com. # 设置bind服务是由哪台服务器解析
dns1.imooc.com. IN A 192.168.63.188 # 设置bind服务解析的IP
www.imooc.com. IN A 115.182.41.180 # 将www.imooc.com解析到 115.182.41.180
另外一种写法返回的结果是一样的
$TTL 7200
@ IN SOA imooc.com. 289900168.qq.com. (222 1H 15M 1W 1D)
imooc.com. IN NS dns1.imooc.com.
dns1 IN A 192.168.63.188
www IN A 115.182.41.180
4、重启bind服务
systemctl restart named
5、如果启动失败,可以使用下面的命令查看原因
tail -f /var/log/messages
6、安装dig命令
yum install bind-utils
7、测试
dig @192.168.63.186 www.imooc.com
@192.168.63.186 ——dns服务器,我用的是本机,就填写本机ip
8、配置文件书写规则
二、实战场景二(CNAME记录的用法)
1、修改主配置文件
vi /etc/named.conf
添加红色区域这段,保存
zone "iaskjob.com" {
type master;
file "iaskjob.com.zone";
};
2、在var/named/文件配置解析文件
vi /var/named/iaskjob.com.zone
添加下列内容保存
$TTL 7200
iaskjob.com. IN SOA imooc.com. 289900168.qq.com. (222 1H 15M 1W 1D)
iaskjob.com. IN NS dns1.iaskjob.com.
dns1.iaskjob.com. IN A 192.168.63.186
imooc.iaskjob.com. IN CNAME www.imooc.com.
重启bind服务
systemctl restart named
测试
dig @192.168.63.186 imooc.iaskjob.com
测试2
将电脑的dns服务器修改成192.168.63.188
打开cmd命令框,nslookup imooc.iaskjob.com
三、正向解析与反向解析
场景三(PTR记录)邮件服务器的解析