一.DNS的解析过程
domain name system :域名解析系统,端口号是53, udp和tcp都用。
1.浏览器缓存
浏览器在第一次获取到IP地址后,会将其缓存起来。下次相同域名再次发起请求时,浏览器会先查找本地缓存。
2.系统缓存
如果浏览器中没有缓存,浏览器会查找操作系统缓存中是否有这个域名对应的DNS解析结果。
Windows系统中可以到C:\Windows\System32\drivers\etc\hosts文件中查看
Linux系统中可以到/etc/hosts文件中查看
3.路由器缓存
当系统缓存也没有时,浏览器会继续发送请求到路由器查找缓存。
4.ISP DNS缓存
当路由器中也没有时,浏览器就会向本地DNS服务器请求。本地域名服务器查询自己的 DNS 缓存,查找成功则返回结果。
5.根域名服务器查询
如果ISP DNS也没有缓存,首先ISP DNS 获取根域服务区的13个主机名[b-j].root-servers.net.本地域名服务器向其中一台根域名服务器请所解析域名的IP,它会返回.com顶级服务器的名称。本地域名服务器再向其中一台顶级域名服务器.com服务器发起请求,.com服务器返回下一级域名服务器和名称。本地域名服务器再向二级域名服务器发起请求,二级域名服务器返回了别名www.a.shifen.com。ISP DNS再重复刚才的步骤请求www.a.shifen.com的IP地址,最终返回别名的IP地址36.155.132.76给ISP DNS。
.-> com. ->baidu.com.->www.baidu.com.->www.a.shifen.com->.->com.->shifen.com->a.shifen.com->www.a.shifen.com->36.155.132.76
yum install bind-utils -y
[root@dhcp network-scripts]# dig +trace www.baidu.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> +trace www.baidu.com
;; global options: +cmd
. 474 IN NS b.root-servers.net.
. 474 IN NS h.root-servers.net.
. 474 IN NS g.root-servers.net.
. 474 IN NS f.root-servers.net.
. 474 IN NS a.root-servers.net.
. 474 IN NS l.root-servers.net.
. 474 IN NS c.root-servers.net.
. 474 IN NS e.root-servers.net.
. 474 IN NS k.root-servers.net.
. 474 IN NS d.root-servers.net.
. 474 IN NS i.root-servers.net.
. 474 IN NS j.root-servers.net.
. 474 IN NS m.root-servers.net.
;; Received 251 bytes from 114.114.114.114#53(114.114.114.114) in 28 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com. 86400 IN RRSIG DS 8 1 86400 20240109050000 20231227040000 46780 . eEimYPGMfhYDgBFQVa2ez2AOiQZGJulavOMHn68nDg+IWLOCQpnldhHR sg00GAzrzFN5uGGkXaGPMegNTyacFzmhPvLdgxXt1I8PbtNlmXIvJ1aQ smcY6Rz9vIolD5Jkihll6QE+lGoF39v98ppsEg8ceJ+TU+A2der8w9WE 728A+X/xiUyUPDhyiIp5Cvalc2mtqT2RCOdLWyUUVrwI9ZzhUzNOqoPI gWNvyn0zKcS+gmshs7MwrxGnxgn0Q20O+G4ICQPLDUjRvTeuspuuM9hT 6BrEzZTvYCa/tsvNUjl0gDmf/NYu4IzL9Mbf3DysNKDEsMBqtVQxRhp2 fQCErQ==
;; Received 1173 bytes from 198.97.190.53#53(h.root-servers.net) in 260 ms
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns1.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 13 2 86400 20240101052609 20231225041609 46171 com. szNQwwMmA2dHL1TDz7A/9vScomqNiEhUSBw2TAovHQVMKkVwg3qXkXfG qUX0oLbe4MP3UE1v6cstVpBNmKjO+g==
HPVV1UNKTCF9TD77I2AUR73709T975GH.com. 86400 IN NSEC3 1 1 0 - HPVVAN8CFKHHHMEIDVJHFNQEOI5G6C89 NS DS RRSIG
HPVV1UNKTCF9TD77I2AUR73709T975GH.com. 86400 IN RRSIG NSEC3 13 2 86400 20231231072945 20231224061945 46171 com. 0kpYmJLy1k/JJmWCFqY6o4CS58EW4cr5dtBlBP6+ggZ9Tw/Kv2WkTO1N vaj+Z5EAF5jVQ0ND0PxU+VXjaybTxw==
;; Received 657 bytes from 192.55.83.30#53(m.gtld-servers.net) in 284 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
;; Received 72 bytes from 111.45.3.226#53(ns4.baidu.com) in 35 ms
[root@dhcp network-scripts]# dig +trace www.a.shifen.com
www.a.shifen.com. 120 IN A 36.155.132.76
www.a.shifen.com. 120 IN A 36.155.132.3
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
;; Received 335 bytes from 153.3.238.162#53(ns3.a.shifen.com) in 29 ms
二. 缓存域名服务搭建
1.安装需要的软件,关闭防火墙和selinux
[root@dhcp network-scripts]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@dhcp network-scripts]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@dhcp network-scripts]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@dhcp network-scripts]# yum install bind* -y
2. 开启named进程(name daemon)并测试是否成功
如果想一直开启,就要设置开机自启。
[root@dhcp network-scripts]# systemctl start named
[root@dhcp network-scripts]# netstat -anplut|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2676/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2676/named
tcp6 0 0 ::1:53 :::* LISTEN 2676/named
tcp6 0 0 ::1:953 :::* LISTEN 2676/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 2676/named
udp6 0 0 ::1:53 :::* 2676/named
[root@dhcp network-scripts]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 127.0.0.1
[root@dhcp network-scripts]# nslookup
> www.qq.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.qq.com canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 112.53.42.52
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 112.53.42.114
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 2409:8c54:871:2::34
Name: ins-r23tsuuf.ias.tencent-cloud.net
Address: 2409:8c54:871:1::73
3. 修改配置文件将DNS服务放开
[root@dhcp named]# vim /etc/named.conf
options {
listen-on port 53 { any; }; 修改
listen-on-v6 port 53 { any; }; 修改
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; 修改
[root@dhcp named]# service named restart
Redirecting to /bin/systemctl restart named.service
[root@dhcp named]# !ne
netstat -anplut|grep named
tcp 0 0 192.168.249.160:53 0.0.0.0:* LISTEN 2729/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2729/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2729/named
tcp6 0 0 :::53 :::* LISTEN 2729/named
tcp6 0 0 ::1:953 :::* LISTEN 2729/named
udp 0 0 192.168.249.160:53 0.0.0.0:* 2729/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 2729/named
udp6 0 0 :::53 :::* 2729/named
4.用另一台机器测试
[root@localhost ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.249.160
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (36.155.132.3) 56(84) bytes of data.
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=1 ttl=128 time=37.5 ms
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=2 ttl=128 time=40.2 ms
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=3 ttl=128 time=37.2 ms
三.主域名服务器的搭建
存放数据的目录: /var/named
主配置文件: /etc/named.conf
次要配置文件:/etc/named.rfc1912.zones
named.ca 记录13台根域名服务器地址的文件
1.修改配置文件,告诉named为gala.com提供域名解析
[root@dhcp named]# vim /etc/named.rfc1912.zones
zone "gala.com" IN {
type master;
file "gala.com.zone";
allow-update { none; };
};
在 /var/named目录下
[root@dhcp named]# cp -a named.localhost gala.com.zone # cp -a 复制出一样的文件,所属组和用户也一样。
[root@dhcp named]# vim gala.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.249.160
www A 192.168.249.1
hhh A 36.155.132.3
~
[root@dhcp named]# !s
service named restart
Redirecting to /bin/systemctl restart named.service
2.验证域名解析是否成功
[root@localhost etc]# ping www.gala.com
PING www.gala.com (192.168.249.1) 56(84) bytes of data.
^C
--- www.gala.com ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8061ms
[root@localhost etc]# ping hhh.gala.com
PING hhh.gala.com (36.155.132.3) 56(84) bytes of data.
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=1 ttl=128 time=36.9 ms
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=2 ttl=128 time=37.4 ms
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=3 ttl=128 time=38.3 ms
^C
--- hhh.gala.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2926ms
rtt min/avg/max/mdev = 36.981/37.582/38.321/0.598 ms
[root@localhost etc]# ping gala.com
PING gala.com (192.168.249.160) 56(84) bytes of data.
64 bytes from 192.168.249.160 (192.168.249.160): icmp_seq=1 ttl=64 time=0.406 ms
64 bytes from 192.168.249.160 (192.168.249.160): icmp_seq=2 ttl=64 time=1.00 ms