1.为什么需要域名?
在互联网中,使用ip地址与服务器进行通信是行不通的,因为IP地址不好记忆,同时IP地址可能会经常变更。
DNS主要用来管理域名与IP地址的对应关系表。
2.什么是DNS?
DNS(Domain Name System,域名系统):作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。
域名解析就是域名到IP地址的转换过程。
DNS协议工作在应用层,端口号:53。
作用:进行域名解析,我们人记ip地址比较难记住,记住名字比较容易。
每个IP地址都可以有一个主机名,主机名由一个或多个字符串组成,字符串之间用小数点隔开。
正向解析:根据域名查找对应的IP地址
反向解析:根据IP地址查找对应的域名
3.DNS的分类
主DNS服务器:就是一台存储着原始资料的DNS服务器。
从DNS服务器:使用自动更新方式从主DNS服务器同步数据的DNS服务器。
缓存服务器:不负责本地解析,采用递归方式转发客户机查询请求,并返回结果给客户机的DNS服务器,同时缓存查询回来的结果。
转发器:这台DNS发现非本机负责的查询请求时,不再向根域发起请求,而是直接转发给指定的一台或者多台服务器,自身并不缓存查询结果。
4.DNS域名结构
由于互联网中的域名和IP地址对应关系数据库过于庞大,DNS域名解析服务采用了类似于目录树的层次结构来记录域名和IP地址之间的对应关系,从而形成了一个分布式的数据库系统。
组织域
. | 根域 |
.com. | 商业 |
.edu. | 教育 |
.org. | 非盈利组织 |
.gov. | 政府 |
.mil. | 军队 |
.net. | 组织 |
根域:包含所有顶级域名服务器的域名和ip地址。
[root@sc ~]# dig -t NS .
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62997
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 559 IN NS m.root-servers.net.
. 559 IN NS d.root-servers.net.
. 559 IN NS k.root-servers.net.
. 559 IN NS a.root-servers.net.
. 559 IN NS h.root-servers.net.
. 559 IN NS i.root-servers.net.
. 559 IN NS c.root-servers.net.
. 559 IN NS j.root-servers.net.
. 559 IN NS g.root-servers.net.
. 559 IN NS e.root-servers.net.
. 559 IN NS f.root-servers.net.
. 559 IN NS b.root-servers.net.
. 559 IN NS l.root-servers.net.
;; Query time: 33 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: 五 7月 28 01:30:48 CST 2023
;; MSG SIZE rcvd: 239
国家域
FQDN:完全符合要求的域名 (Fully Qualified Domain Name)
主机名+域名
5.什么是bind
1984年,加州大学伯克利分校的几个学生完成了Unix名称服务的实现,起名叫做Berkeley Internet Name Domain(BIND)。
bind的发行版一般包含三个部分:域名服务器、域名解析器库、软件测试工具。
bind是一个开源的,稳定的,应用广泛的DNS服务。
6.域名哪里可以购买?
阿里云
腾讯云
华为云
等
1.先购买一个域名
2.阿里云里添加一条域名解析记录
3.测试刚添加的域名解析
[root@sc named]# nslookup scecs.sanchuangedu.cn
Server: 114.114.114.114
Address: 114.114.114.114#53
Non-authoritative answer:
Name: scecs.sanchuangedu.cn
Address: 59.110.14.42
7.dns域名查询命令
ping命令
[root@sc ~]# ping www.baidu.com
PING www.a.shifen.com (14.119.104.254) 56(84) bytes of data.
64 bytes from 14.119.104.254 (14.119.104.254): icmp_seq=1 ttl=128 time=24.7 ms
64 bytes from 14.119.104.254 (14.119.104.254): icmp_seq=2 ttl=128 time=20.9 ms
64 bytes from 14.119.104.254 (14.119.104.254): icmp_seq=3 ttl=128 time=73.9 ms
^C
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 20.903/39.895/73.987/24.158 ms
[root@sc ~]# ping www.baidu.com
PING www.a.shifen.com (14.119.104.189) 56(84) bytes of data.
64 bytes from 14.119.104.189 (14.119.104.189): icmp_seq=1 ttl=128 time=44.2 ms
64 bytes from 14.119.104.189 (14.119.104.189): icmp_seq=2 ttl=128 time=111 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1003ms
rtt min/avg/max/mdev = 44.281/78.019/111.758/33.739 ms
下载bind-utils(bind-utils 提供了很多的dns域名查询的命令))
[root@sc ~]# which nslookup
/usr/bin/nslookup
[root@sc ~]# rpm -qf /usr/bin/nslookup
bind-utils-9.11.4-26.P2.el7_9.13.x86_64
[root@sc ~]# yum install bind-utils -y
nslookup命令
[root@sc ~]# nslookup www.baidu.com
Server: 114.114.114.114
Address: 114.114.114.114#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.119.104.189
Name: www.a.shifen.com
Address: 14.119.104.254
host命令
[root@sc ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 14.119.104.254
www.a.shifen.com has address 14.119.104.189
dig命令
[root@sc ~]# dig www.baidu.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34961
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 367 IN CNAME www.a.shifen.com.
www.a.shifen.com. 127 IN A 14.119.104.189
www.a.shifen.com. 127 IN A 14.119.104.254
;; Query time: 66 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: 四 7月 27 16:13:52 CST 2023
;; MSG SIZE rcvd: 101
查询追踪整个域名解析的过程
[root@sc ~]# dig +trace www.baidu.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> +trace www.baidu.com
;; global options: +cmd
. 152507 IN NS f.root-servers.net.
. 152507 IN NS g.root-servers.net.
. 152507 IN NS h.root-servers.net.
. 152507 IN NS i.root-servers.net.
. 152507 IN NS j.root-servers.net.
. 152507 IN NS k.root-servers.net.
. 152507 IN NS l.root-servers.net.
. 152507 IN NS m.root-servers.net.
. 152507 IN NS a.root-servers.net.
. 152507 IN NS b.root-servers.net.
. 152507 IN NS c.root-servers.net.
. 152507 IN NS d.root-servers.net.
. 152507 IN NS e.root-servers.net.
;; Received 239 bytes from 114.114.114.114#53(114.114.114.114) in 28 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20230809050000 20230727040000 11019 . fz/KMJTfzUAbAi+zZgbBdZgvXsg0S/WREI/kdzBMAz/jml8dycdeXI+I LslXc9IaHtAkJmZuFjW0hzl+8viLGTjryBNUHXvRrCSsDBI71ntBR2eg hjltcYRJ2yKSFmJYuX25KC6OSxxVmXME50IdY63gnO2UB40oXHEMudtW 47J9I0sE9ekl5FvnPNn6BDlErV5VhI6bsDnUo6VjdKKkmTEtnhY+uAJK 1/sxgXpSvXvrLmFo2i+QOkzrV5ZLZhv/QVqX12SshB3ItKYy1TUASrmx DgZAb91ya2HQqboejibWbQs66/Jf1iTWq4NuMGA+hpqmx3TOG1udHeDC /I7HUQ==
;; Received 1173 bytes from 193.0.14.129#53(k.root-servers.net) in 26 ms
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns1.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20230802042347 20230726031347 4459 com. TQo8cNBQzpUrRY5zycCGkruueR+2zr8P4EhiCIQE37AS2Z1G2fS3YfPT +iaSvYUh6qoGPrA5wS4evnw0JHBnk9uJzQyImSVOX6H6ZDL5md3ZYTY9 MWFlqTyQvQrMjbRcGrpr7EshwDcblpyY9+KleAEYz/EcQBuEbz1erSeM wvkOMuLv0FvduWQGBH8jQB0lz1lXV0FgXdmmhU2BefHKmg==
HPVV0C47Q7CQMTAJM90K1FBFJBRP4B4D.com. 86400 IN NSEC3 1 1 0 - HPVVAN8CFKHHHMEIDVJHFNQEOI5G6C89 NS DS RRSIG
HPVV0C47Q7CQMTAJM90K1FBFJBRP4B4D.com. 86400 IN RRSIG NSEC3 8 2 86400 20230801060304 20230725045304 4459 com. YQSOLLh7mvusRsF+/Yq4Ke4omP3xtB4+bL7D7LxIRYzxZBniguZuYyZB DNQSEQirmUEwG3aNoJ8W00RC5hPYJQOMppy3AwlwjCdxgskFH4izGlCN GGzdv/daw2v5Rn21/e4rYy6fp4fwgOFKbJ3Ddb4RoZdPXW0lv7k5+n+T jK4kzmTUF8o0FAI+mqt7BAHqvJ0Y1XiehsXHPiG8+vmXJQ==
;; Received 849 bytes from 192.12.94.30#53(e.gtld-servers.net) in 249 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
;; Received 72 bytes from 180.76.76.92#53(ns7.baidu.com) in 30 ms
8.DNS的解析过程
递归查询
如果主机查询的本地域名服务器不知道被查询域名的IP地址,那么本地域名服务器就会向根域名服务器发送请求报文(即替该主机继续查询)。因此,递归查询的结果只有两种,一是查询到该IP地址;二是无法查询到该IP地址。
迭代查询
当根域名服务器收到本地域名服务器发出的迭代查询的请求报文时,一是告诉本地域名服务器要查询的IP地址;二是告诉本地域名服务器下一步去那个顶级域名服务器继续查询,而不是替本地域名服务器进行查询,接着本地域名服务器去请求顶级域名服务器,顶级域名服务器收到请求后,要么给出查询的IP地址,要么告诉本地域名服务器下一步去那个二级域名服务器查询,本地域名服务器就这样进行迭代查询,最后把结果返回给主机。
DNS域名解析
DNS的解析过程
以www.baidu.com为例:
1.浏览器有缓存,首先查看浏览器缓存里是否有对应的dns域名解析或者本机里是否有dns缓存 --》浏览器缓存和客户机系统缓存,都可以缓存dns域名解析。
2.操作系统缓存
3.客户机先查看本机的hosts文件是否有对应的域名解析。
4.如果缓存和hosts文件里都没有对应的域名解析记录,就会向本地dns服务器(本地的路由器)发起域名解析的请求,本地路由器会在缓存里查找。
5.本地域名服务器先查看缓存,如果缓存里有就直接给用户,如果没有就会问根域名服务器要(或者向ISP DNS 服务器请求域名,如果ISP DNS 服务器里没有,就会向根域名服务器发起请求)
6.根域名服务器获得了本地dns服务器需要查询的域名www.baidu.com后,会告诉本地dns域名服务器下一级的域名服务器.com.的ip地址,接着本地dns服务器就会向.com服务器查询www.baidu.com域名,.com服务器查询出baidu.com这个域名对应的dns服务器,会告诉本地dns服务器,然后本地dns服务器去访问baidu.com.域名服务器,查询www对应的ip,最后本地dns服务器获取到www.baidu.com对应的ip后,马上添加到缓存里,接着告诉客户机www.baidu.com域名的ip地址。
7.客户机访问www.baidu.com域名对应的ip地址的服务器
浏览器缓存--》操作系统缓存--》hosts文件---》本地的路由器缓存---》ISP DNS服务器--》根服务器
简单来说,一条域名的DNS记录会在本地有两种缓存:浏览器缓存和操作系统(OS)缓存。在浏览器中访问的时候,会优先访问浏览器缓存,如果浏览器缓存里没有则访问OS缓存,最后再访问DNS服务器(一般是ISP提供)。
DNS记录会有一个ttl值(time to live),单位是秒,意思是这个记录最大有效期是多少。经过实验,OS缓存会参考ttl值,但是不完全等于ttl值,而浏览器DNS缓存的时间跟ttl值无关,每种浏览器都使用一个固定值。
无线路由器也是一个dns服务器(缓存的dns服务器),当它不知道的时候,就会问根域名服务器要。
hosts文件路径
Linux里hosts文件路径
[root@sc named]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
windows里hosts文件路径
C:\Windows\System32\drivers\etc\hosts
dns解析的过程:先看hosts文件里是否有对应的域名,如果没有就问dns服务器要,进行域名解析。
hosts文件的缺点: 只能给自己做域名解析
dns的好处: 整个互联网里的机器都可以解析,服务的范围要广。
DNS服务器出现问题会导致什么结果
会导致大面积的人上不网,但是能登陆QQ。
什么是DNS劫持?
DNS劫持就是通过各种技术手段取得域名的解析控制权,进而修改域名的解析记录,将域名指向的服务器IP修改为受控制的IP地址,从而将用户引导至虚假网站,实现窃取用户信息,破坏正常服务的目的。
DNS域名污染
网域服务器缓存污染(DNS cache pollution),又称域名服务器缓存投毒(DNS cache poisoning),是指一些刻意制造或无意中制造出来的域名服务器数据包,把域名指往不正确的IP地址。
什么是CDN?
CDN的全称是Content Delivery Network,即内容分发网络。其基本思路是尽可能避开互联网上有可能影响数据传输速度和稳定性的瓶颈和环节,使内容传输得更快、更稳定。
通过在网络各处放置节点服务器所构成的在现有的互联网基础之上的一层智能虚拟网络,CDN系统能够实时地根据网络流量和各节点的连接、负载状况以及到用户的距离和响应时间等综合信息将用户的请求重新导向离用户最近的服务节点上。
其目的是使用户可就近取得所需内容,解决 Internet网络拥挤的状况,提高用户访问网站的响应速度。
CDN的作用: 缓存,加速
9.搭建缓存域名服务器
准备工作:关闭防火墙服务和selinux
# 关闭防火墙
[root@sc ~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@sc ~]# systemctl disable firewalld
# 查看iptables防火墙规则
[root@sc ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#临时关闭seLinux
[root@sc ~]# setenforc 0
# 永久关闭seLinux
[root@sc ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled # 修改disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@sc ~]# getenforce
Disabled
1.安装软件bind(bind是历史非常悠久,而且性能非常好的dns域名系统的软件)
yum install bind* -y
2.设置named服务开机启动,并且立马启动DNS服务。
name deamon --》named 提供域名服务的进程的名字
守护进程: 一直在内存里运行的,除非人为的停止
named 是dns的服务的名字
# 设置开机启动named进程
[root@sc ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
# 立马启动named进程
[root@sc ~]# systemctl start named
查看进程和端口号
[root@sc ~]# ps aux|grep named
named 32293 0.7 3.1 169860 59328 ? Ssl 17:57 0:00 /usr/sbin/named -u named -c /etc/named.conf
root 32305 0.0 0.0 112828 984 pts/0 R+ 17:57 0:00 grep --color=auto named
[root@sc ~]# netstat -anplut|grep named
tcp 0 0 172.17.0.1:53 0.0.0.0:* LISTEN 32293/named
tcp 0 0 172.18.0.1:53 0.0.0.0:* LISTEN 32293/named
tcp 0 0 192.168.102.141:53 0.0.0.0:* LISTEN 32293/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 32293/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 32293/named
tcp6 0 0 ::1:53 :::* LISTEN 32293/named
tcp6 0 0 ::1:953 :::* LISTEN 32293/named
udp 0 0 172.17.0.1:53 0.0.0.0:* 32293/named
udp 0 0 172.18.0.1:53 0.0.0.0:* 32293/named
udp 0 0 192.168.102.141:53 0.0.0.0:* 32293/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 32293/named
udp6 0 0 ::1:53 :::* 32293/named
# 127.0.0.1 代表本机的地址,任何机器都有
# 本地回环接口地址 lookback
修改/etc/resolv.conf文件
[root@sc ~]# vim /etc/resolv.conf
# Generated by NetworkManager
#nameserver 114.114.114.114
nameserver 127.0.0.1
本机测试查询
[root@sc ~]# nslookup www.qq.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.201
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.221
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:3003::6a
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:3003::77
[root@sc ~]# nslookup www.baidu.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.119.104.254
Name: www.a.shifen.com
Address: 14.119.104.189
[root@sc ~]# nslookup
> zhangyaping.sanchuangedu.cn
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: zhangyaping.sanchuangedu.cn
Address: 175.8.134.145
> scecs.sanchuangedu.cn
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: scecs.sanchuangedu.cn
Address: 59.110.14.42
存放了根服务器信息的文件(named.ca)
named.ca 记录13台根域名服务器地址的文件
# 进入dns服务的数据存放目录
[root@sc named]# cd /var/named
[root@sc named]# ls
chroot chroot_sdb data dynamic dyndb-ldap named.ca named.empty named.localhost named.loopback sc.com.zone slaves
[root@sc named]# cat named.ca
; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 518400 IN A 198.41.0.4
b.root-servers.net. 518400 IN A 199.9.14.201
c.root-servers.net. 518400 IN A 192.33.4.12
d.root-servers.net. 518400 IN A 199.7.91.13
e.root-servers.net. 518400 IN A 192.203.230.10
f.root-servers.net. 518400 IN A 192.5.5.241
g.root-servers.net. 518400 IN A 192.112.36.4
h.root-servers.net. 518400 IN A 198.97.190.53
i.root-servers.net. 518400 IN A 192.36.148.17
j.root-servers.net. 518400 IN A 192.58.128.30
k.root-servers.net. 518400 IN A 193.0.14.129
l.root-servers.net. 518400 IN A 199.7.83.42
m.root-servers.net. 518400 IN A 202.12.27.33
a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 518400 IN AAAA 2001:500:200::b
c.root-servers.net. 518400 IN AAAA 2001:500:2::c
d.root-servers.net. 518400 IN AAAA 2001:500:2d::d
e.root-servers.net. 518400 IN AAAA 2001:500:a8::e
f.root-servers.net. 518400 IN AAAA 2001:500:2f::f
g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d
h.root-servers.net. 518400 IN AAAA 2001:500:1::53
i.root-servers.net. 518400 IN AAAA 2001:7fe::53
j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 518400 IN AAAA 2001:7fd::1
l.root-servers.net. 518400 IN AAAA 2001:500:9f::42
m.root-servers.net. 518400 IN AAAA 2001:dc3::35
;; Query time: 24 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Thu Apr 05 15:57:34 CEST 2018
;; MSG SIZE rcvd: 811
3.修改/etc/named.conf配置文件,重启服务允许其他电脑能过来查询dns域名
[root@sc ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; # 修改
listen-on-v6 port 53 { any; }; # 修改
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; # 修改
# 重启named服务
[root@sc ~]# service named restart
Redirecting to /bin/systemctl restart named.service
# 看端口
[root@sc ~]# netstat -anpult|grep named
tcp 0 0 172.17.0.1:53 0.0.0.0:* LISTEN 32630/named
tcp 0 0 172.18.0.1:53 0.0.0.0:* LISTEN 32630/named
tcp 0 0 192.168.102.141:53 0.0.0.0:* LISTEN 32630/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 32630/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 32630/named
tcp6 0 0 :::53 :::* LISTEN 32630/named
tcp6 0 0 ::1:953 :::* LISTEN 32630/named
udp 0 0 172.17.0.1:53 0.0.0.0:* 32630/named
udp 0 0 172.18.0.1:53 0.0.0.0:* 32630/named
udp 0 0 192.168.102.141:53 0.0.0.0:* 32630/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 32630/named
udp6 0 0 :::53 :::* 32630/named
客户机测试dns服务器
1.查看dns服务器地址
[root@mysql ~]# cat /etc/resolv.conf
# Generated by NetworkManager
# nameserver 114.114.114.114
nameserver 192.168.102.141
2.查看路由表--》网关
[root@mysql ~]# ip route
default via 192.168.102.2 dev ens33 proto static metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-f3be814253e9 proto kernel scope link src 172.18.0.1
192.168.102.0/24 dev ens33 proto kernel scope link src 192.168.102.136 metric 100
3.查看ip地址
[root@mysql ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:75:3d:42 brd ff:ff:ff:ff:ff:ff
inet 192.168.102.136/24 brd 192.168.102.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe75:3d42/64 scope link
valid_lft forever preferred_lft forever
测试
[root@mysql ~]# ping www.baidu.com
PING www.a.shifen.com (14.119.104.189) 56(84) bytes of data.
64 bytes from 14.119.104.189 (14.119.104.189): icmp_seq=1 ttl=128 time=29.9 ms
64 bytes from 14.119.104.189 (14.119.104.189): icmp_seq=2 ttl=128 time=27.1 ms
64 bytes from 14.119.104.189 (14.119.104.189): icmp_seq=3 ttl=128 time=28.3 ms
64 bytes from 14.119.104.189 (14.119.104.189): icmp_seq=4 ttl=128 time=29.3 ms
64 bytes from 14.119.104.189 (14.119.104.189): icmp_seq=5 ttl=128 time=26.5 ms
^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4013ms
rtt min/avg/max/mdev = 26.520/28.273/29.974/1.300 ms
[root@mysql ~]# nslookup
-bash: nslookup: 未找到命令
[root@mysql ~]# yum install bind-utils -y
[root@mysql ~]# nslookup
> www.qq.com
Server: 192.168.102.141
Address: 192.168.102.141#53
Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.221
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 121.14.77.201
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:3003::77
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 240e:97c:2f:3003::6a
主配置文件:/etc/named.conf
次配置文件:/etc/named.rfc1912.zones
主进程名字:named
10.记录类型
A: 一个名字对应一个ip address --》ipv4
AAAA --》ipv6
NS: 某个域名里的dns server 服务器 name server --》dns服务器记录
CNAME: 别名记录,一个域名指向另外一个名字
MX: 执行本公司的邮件服务器 mail exchange
txt:如果希望对域名进行标识和说明,可以使用 TXT 记录, TXT 记录多用来做 SPF 记录(反垃圾邮件)。
11.搭建主域名服务器(正向解析)
/etc/named.rfc1912.zones 是存放本机能进行域名解析的区域数据(域名)
/var/named/ 存放dns域名解析的数据文件
1.修改配置文件,告诉named为sc.com提供域名解析
[root@sc named]# vim /etc/named.rfc1912.zones
zone "sc.com" IN {
type master;
file "sc.com.zone";
allow-update { none; };
};
添加上面的配置,建议在localhost的后面
2. 创建sc.com.zone的数据文件
[root@sc named]# pwd
/var/named
[root@sc named]# ls
chroot chroot_sdb data dynamic dyndb-ldap named.ca named.empty named.localhost named.loopback slaves
复制产生一个sc.com.zone的数据文件
[root@sc named]# cp -a named.localhost sc.com.zone
[root@sc named]# ls
chroot chroot_sdb data dynamic dyndb-ldap named.ca named.empty named.localhost named.loopback sc.com.zone slaves
[root@sc named]# ll
总用量 20
drwxr-x--- 7 root named 61 12月 5 11:55 chroot
drwxr-x--- 7 root named 61 12月 5 11:55 chroot_sdb
drwxrwx--- 2 named named 23 12月 5 11:57 data
drwxrwx--- 2 named named 60 12月 5 15:17 dynamic
drwxrwx--- 2 root named 6 4月 1 2020 dyndb-ldap
-rw-r----- 1 root named 2253 4月 5 2018 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
-rw-r----- 1 root named 152 6月 21 2007 sc.com.zone
drwxrwx--- 2 named named 6 10月 4 15:06 slaves
3.编写sc.com.zone
[root@sc named]# cat sc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
MX 10 mail.sc.com # 邮件交换记录
A 127.0.0.1
AAAA ::1
www A 47.110.83.240 # 集群记录
www A 192.168.2.1
www A 192.168.2.3
ftp A 192.168.2.2
web CNAME www #是web指向www ,所以我们说web是www的别名
* A 192.168.2.89 # 泛域名解析记录
mail A 192.168.2.2
# 通过添加多条A记录相同的名字对应不同的ip地址,实现dns域名的负载均衡,把流量分散到不同的服务器上
检查数据文件是否有错误
[root@sc named]# named-checkzone sc.com /var/named/sc.com.zone
zone sc.com/IN: loaded serial 0
OK
刷新named服务
[root@sc named]# service named restart
4.在本机或者其他的机器上将dns服务器指向我们搭建的dns服务器。
[root@sc named]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.102.141
5.使用nslookup或者dig、host、ping命令进行测试。
[root@sc named]# nslookup www.sc.com
Server: 192.168.102.141
Address: 192.168.102.141#53
Name: www.sc.com
Address: 47.110.83.240
Name: www.sc.com
Address: 192.168.2.3
Name: www.sc.com
Address: 192.168.2.1
[root@sc named]# nslookup web.sc.com
Server: 192.168.102.141
Address: 192.168.102.141#53
web.sc.com canonical name = www.sc.com.
Name: www.sc.com
Address: 47.110.83.240
Name: www.sc.com
Address: 192.168.2.1
Name: www.sc.com
Address: 192.168.2.3
[root@sc named]# dig ns sc.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> ns sc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39928
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sc.com. IN NS
;; ANSWER SECTION:
sc.com. 86400 IN NS sc.com.
;; ADDITIONAL SECTION:
sc.com. 86400 IN A 127.0.0.1
sc.com. 86400 IN AAAA ::1
;; Query time: 0 msec
;; SERVER: 192.168.102.141#53(192.168.102.141)
;; WHEN: 六 7月 29 01:12:36 CST 2023
;; MSG SIZE rcvd: 93
[root@sc named]# dig mx sc.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> mx sc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65472
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sc.com. IN MX
;; ANSWER SECTION:
sc.com. 86400 IN MX 10 mail.sc.com.sc.com.
;; AUTHORITY SECTION:
sc.com. 86400 IN NS sc.com.
;; ADDITIONAL SECTION:
mail.sc.com.sc.com. 86400 IN A 192.168.2.89
sc.com. 86400 IN A 127.0.0.1
sc.com. 86400 IN AAAA ::1
;; Query time: 0 msec
;; SERVER: 192.168.102.141#53(192.168.102.141)
;; WHEN: 六 7月 29 01:13:14 CST 2023
;; MSG SIZE rcvd: 137
[root@sc named]#
[root@sc named]# host www.sc.com
www.sc.com has address 192.168.2.1
www.sc.com has address 192.168.2.3
www.sc.com has address 47.110.83.240
当服务启动不了的时候,如何排错?
1.看日志(/var/log/messages 日志文件)
[root@sc named]# tail -f /var/log/messages
Jul 29 00:55:18 sc named[1115]: network unreachable resolving 'www.scecs.com/A/IN': 2001:503:eea3::30#53
Jul 29 00:55:21 sc named[1115]: network unreachable resolving 'dnse1.sce.com/AAAA/IN': 2001:503:eea3::30#53
Jul 29 00:55:23 sc named[1115]: network unreachable resolving 'dnse1.sce.com/AAAA/IN': 2001:502:7094::30#53
Jul 29 00:55:24 sc dockerd: time="2023-07-29T00:55:24.997256210+08:00" level=info msg="NetworkDB stats sc(2b71c9c88a50) - netID:7h617gwnxo9xf6h8cmqn50e14 leaving:false netPeers:1 entries:2 Queue qLen:0 netMsg/s:0"
Jul 29 01:00:01 sc systemd: Started Session 49 of user root.
Jul 29 01:00:25 sc dockerd: time="2023-07-29T01:00:25.196732988+08:00" level=info msg="NetworkDB stats sc(2b71c9c88a50) - netID:7h617gwnxo9xf6h8cmqn50e14 leaving:false netPeers:1 entries:2 Queue qLen:0 netMsg/s:0"
Jul 29 01:01:01 sc systemd: Started Session 50 of user root.
Jul 29 01:05:25 sc dockerd: time="2023-07-29T01:05:25.198022962+08:00" level=info msg="NetworkDB stats sc(2b71c9c88a50) - netID:7h617gwnxo9xf6h8cmqn50e14 leaving:false netPeers:1 entries:2 Queue qLen:0 netMsg/s:0"
Jul 29 01:10:01 sc systemd: Started Session 51 of user root.
Jul 29 01:10:25 sc dockerd: time="2023-07-29T01:10:25.397995717+08:00" level=info msg="NetworkDB stats sc(2b71c9c88a50) - netID:7h617gwnxo9xf6h8cmqn50e14 leaving:false netPeers:1 entries:2 Queue qLen:0 netMsg/s:0"
2.使用检测工具(named-checkzone)
检测配置文件和数据文件
[root@sc named]# named-checkconf /etc/named.rfc1912.zones
[root@sc named]#
[root@sc named]# named-checkzone sc.com /var/named/sc.com.zone
zone sc.com/IN: loaded serial 0
OK