DNS服务搭建

gala2002

于 2023-12-27 16:13:14 发布

阅读量945

点赞数 24

分类专栏：计算机网络文章标签：服务器网络运维

本文链接：https://blog.csdn.net/qq_64063925/article/details/135244388

版权

计算机网络专栏收录该内容

4 篇文章 0 订阅

订阅专栏

一.DNS的解析过程

domain name system ：域名解析系统，端口号是53， udp和tcp都用。

1.浏览器缓存

浏览器在第一次获取到IP地址后，会将其缓存起来。下次相同域名再次发起请求时，浏览器会先查找本地缓存。

2.系统缓存

如果浏览器中没有缓存，浏览器会查找操作系统缓存中是否有这个域名对应的DNS解析结果。

Windows系统中可以到C:\Windows\System32\drivers\etc\hosts文件中查看

Linux系统中可以到/etc/hosts文件中查看

3.路由器缓存

当系统缓存也没有时，浏览器会继续发送请求到路由器查找缓存。

4.ISP DNS缓存

当路由器中也没有时，浏览器就会向本地DNS服务器请求。本地域名服务器查询自己的 DNS 缓存，查找成功则返回结果。

5.根域名服务器查询

如果ISP DNS也没有缓存，首先ISP DNS 获取根域服务区的13个主机名[b-j].root-servers.net.本地域名服务器向其中一台根域名服务器请所解析域名的IP，它会返回.com顶级服务器的名称。本地域名服务器再向其中一台顶级域名服务器.com服务器发起请求，.com服务器返回下一级域名服务器和名称。本地域名服务器再向二级域名服务器发起请求，二级域名服务器返回了别名www.a.shifen.com。ISP DNS再重复刚才的步骤请求www.a.shifen.com的IP地址，最终返回别名的IP地址36.155.132.76给ISP DNS。
.-> com. ->baidu.com.->www.baidu.com.->www.a.shifen.com->.->com.->shifen.com->a.shifen.com->www.a.shifen.com->36.155.132.76

yum install bind-utils -y
[root@dhcp network-scripts]# dig  +trace www.baidu.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> +trace www.baidu.com
;; global options: +cmd
.			474	IN	NS	b.root-servers.net.
.			474	IN	NS	h.root-servers.net.
.			474	IN	NS	g.root-servers.net.
.			474	IN	NS	f.root-servers.net.
.			474	IN	NS	a.root-servers.net.
.			474	IN	NS	l.root-servers.net.
.			474	IN	NS	c.root-servers.net.
.			474	IN	NS	e.root-servers.net.
.			474	IN	NS	k.root-servers.net.
.			474	IN	NS	d.root-servers.net.
.			474	IN	NS	i.root-servers.net.
.			474	IN	NS	j.root-servers.net.
.			474	IN	NS	m.root-servers.net.
;; Received 251 bytes from 114.114.114.114#53(114.114.114.114) in 28 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			86400	IN	DS	19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com.			86400	IN	RRSIG	DS 8 1 86400 20240109050000 20231227040000 46780 . eEimYPGMfhYDgBFQVa2ez2AOiQZGJulavOMHn68nDg+IWLOCQpnldhHR sg00GAzrzFN5uGGkXaGPMegNTyacFzmhPvLdgxXt1I8PbtNlmXIvJ1aQ smcY6Rz9vIolD5Jkihll6QE+lGoF39v98ppsEg8ceJ+TU+A2der8w9WE 728A+X/xiUyUPDhyiIp5Cvalc2mtqT2RCOdLWyUUVrwI9ZzhUzNOqoPI gWNvyn0zKcS+gmshs7MwrxGnxgn0Q20O+G4ICQPLDUjRvTeuspuuM9hT 6BrEzZTvYCa/tsvNUjl0gDmf/NYu4IzL9Mbf3DysNKDEsMBqtVQxRhp2 fQCErQ==
;; Received 1173 bytes from 198.97.190.53#53(h.root-servers.net) in 260 ms

baidu.com.		172800	IN	NS	ns2.baidu.com.
baidu.com.		172800	IN	NS	ns3.baidu.com.
baidu.com.		172800	IN	NS	ns4.baidu.com.
baidu.com.		172800	IN	NS	ns1.baidu.com.
baidu.com.		172800	IN	NS	ns7.baidu.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 13 2 86400 20240101052609 20231225041609 46171 com. szNQwwMmA2dHL1TDz7A/9vScomqNiEhUSBw2TAovHQVMKkVwg3qXkXfG qUX0oLbe4MP3UE1v6cstVpBNmKjO+g==
HPVV1UNKTCF9TD77I2AUR73709T975GH.com. 86400 IN NSEC3 1 1 0 - HPVVAN8CFKHHHMEIDVJHFNQEOI5G6C89 NS DS RRSIG
HPVV1UNKTCF9TD77I2AUR73709T975GH.com. 86400 IN RRSIG NSEC3 13 2 86400 20231231072945 20231224061945 46171 com. 0kpYmJLy1k/JJmWCFqY6o4CS58EW4cr5dtBlBP6+ggZ9Tw/Kv2WkTO1N vaj+Z5EAF5jVQ0ND0PxU+VXjaybTxw==
;; Received 657 bytes from 192.55.83.30#53(m.gtld-servers.net) in 284 ms

www.baidu.com.		1200	IN	CNAME	www.a.shifen.com.
;; Received 72 bytes from 111.45.3.226#53(ns4.baidu.com) in 35 ms


[root@dhcp network-scripts]# dig  +trace www.a.shifen.com

www.a.shifen.com.	120	IN	A	36.155.132.76
www.a.shifen.com.	120	IN	A	36.155.132.3
a.shifen.com.		1200	IN	NS	ns4.a.shifen.com.
a.shifen.com.		1200	IN	NS	ns5.a.shifen.com.
a.shifen.com.		1200	IN	NS	ns1.a.shifen.com.
a.shifen.com.		1200	IN	NS	ns2.a.shifen.com.
a.shifen.com.		1200	IN	NS	ns3.a.shifen.com.
;; Received 335 bytes from 153.3.238.162#53(ns3.a.shifen.com) in 29 ms

二. 缓存域名服务搭建

1.安装需要的软件，关闭防火墙和selinux

[root@dhcp network-scripts]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@dhcp network-scripts]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@dhcp network-scripts]#  sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

[root@dhcp network-scripts]# yum install bind* -y

2. 开启named进程（name daemon）并测试是否成功

如果想一直开启，就要设置开机自启。

[root@dhcp network-scripts]#  systemctl start named 
[root@dhcp network-scripts]# netstat -anplut|grep named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2676/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      2676/named          
tcp6       0      0 ::1:53                  :::*                    LISTEN      2676/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN      2676/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2676/named          
udp6       0      0 ::1:53                  :::*                                2676/named 

[root@dhcp network-scripts]# vim /etc/resolv.conf 
# Generated by NetworkManager
nameserver 127.0.0.1
[root@dhcp network-scripts]# nslookup
> www.qq.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
www.qq.com	canonical name = ins-r23tsuuf.ias.tencent-cloud.net.
Name:	ins-r23tsuuf.ias.tencent-cloud.net
Address: 112.53.42.52
Name:	ins-r23tsuuf.ias.tencent-cloud.net
Address: 112.53.42.114
Name:	ins-r23tsuuf.ias.tencent-cloud.net
Address: 2409:8c54:871:2::34
Name:	ins-r23tsuuf.ias.tencent-cloud.net
Address: 2409:8c54:871:1::73

3. 修改配置文件将DNS服务放开

[root@dhcp named]# vim /etc/named.conf
options {
        listen-on port 53 { any; };  修改
        listen-on-v6 port 53 { any; }; 修改
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; }; 修改
[root@dhcp named]# service named restart
Redirecting to /bin/systemctl restart named.service
[root@dhcp named]# !ne
netstat -anplut|grep named
tcp        0      0 192.168.249.160:53      0.0.0.0:*               LISTEN      2729/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2729/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      2729/named          
tcp6       0      0 :::53                   :::*                    LISTEN      2729/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN      2729/named          
udp        0      0 192.168.249.160:53      0.0.0.0:*                           2729/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2729/named          
udp6       0      0 :::53                   :::*                                2729/named

4.用另一台机器测试

[root@localhost ~]# vim /etc/resolv.conf 
# Generated by NetworkManager
search localdomain
nameserver 192.168.249.160

[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (36.155.132.3) 56(84) bytes of data.
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=1 ttl=128 time=37.5 ms
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=2 ttl=128 time=40.2 ms
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=3 ttl=128 time=37.2 ms

三.主域名服务器的搭建

存放数据的目录： /var/named
主配置文件： /etc/named.conf
次要配置文件：/etc/named.rfc1912.zones
named.ca 记录13台根域名服务器地址的文件

1.修改配置文件，告诉named为gala.com提供域名解析

[root@dhcp named]# vim /etc/named.rfc1912.zones
zone "gala.com" IN {
        type master;
        file "gala.com.zone";
        allow-update { none; };
};
在 /var/named目录下
[root@dhcp named]# cp -a  named.localhost gala.com.zone # cp -a 复制出一样的文件，所属组和用户也一样。
[root@dhcp named]# vim gala.com.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       192.168.249.160

www A 192.168.249.1
hhh A 36.155.132.3
~                     

[root@dhcp named]# !s
service named restart
Redirecting to /bin/systemctl restart named.service

2.验证域名解析是否成功

[root@localhost etc]# ping www.gala.com
PING www.gala.com (192.168.249.1) 56(84) bytes of data.
^C
--- www.gala.com ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8061ms

[root@localhost etc]# ping hhh.gala.com
PING hhh.gala.com (36.155.132.3) 56(84) bytes of data.
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=1 ttl=128 time=36.9 ms
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=2 ttl=128 time=37.4 ms
64 bytes from 36.155.132.3 (36.155.132.3): icmp_seq=3 ttl=128 time=38.3 ms
^C
--- hhh.gala.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2926ms
rtt min/avg/max/mdev = 36.981/37.582/38.321/0.598 ms
[root@localhost etc]# ping gala.com
PING gala.com (192.168.249.160) 56(84) bytes of data.
64 bytes from 192.168.249.160 (192.168.249.160): icmp_seq=1 ttl=64 time=0.406 ms
64 bytes from 192.168.249.160 (192.168.249.160): icmp_seq=2 ttl=64 time=1.00 ms