一、DNS
DNS:Domain Name System,域名系统
作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。
协议:
UDP:53
TCP:53
实现:BIND(Berkeley Internet Name Domain),PowerDNS,dnsmasq
MAC-->IP-->主机名称-->DNS
名称解析:将一种格式的信息转化为另外一种格式,以某关键字为标准查找某一数据库的过程
passwd <--> nsswitch转换
login:nsswitch为login提供服务
nsswitch配置文件在/etc/nsswitch
/etc/hosts:存放的为主机与ip、别名
namespace:名称空间
分布式数据库:将数据库切割,放在不同的服务器上
根域(.)-->一级域/顶级域(ICCNA)-->二级域(组织域)
一级域:
组织域:.com,.org,.mil,.gov,.edu,.net,
国家域:.cn,.hk,.tw,.jp,.ir(伊朗),.iq(伊拉克),.us,.uk
反向域:.in-addr.arpa,
二级域:申请
查询:
递归查询:只发起一次请求,最终能得到答案
迭(die)代查询:发起一次请求,不一定得到答案
客户端指向的DNS服务器,一定是允许给本地主机做递归的
根拒绝回答递归问题
区域传送:
辅助DNS服务器从主DNS服务器或其它的辅助DNS服务器请求传输数据的过程
完全区域传送:传送区域的所有数据,AXFR
增量区域传送:传送区域中改变的数据部分,IXFR
FQDN:Full Qualified Domain Name 完全域名解析
FQDN --> IP 正向解析
IP --> FQDN 反向解析
DNS服务器的类型
主DNS服务器
辅助DNS服务器
缓存名称服务器
资源记录(Resource Record):
数据库每一个条叫一个资源记录,资源记录有类型,用于表示资源的功能
SOA:Start Of Authority,起始授权
NS:Name Server,域名服务器
MX:mail eXchanger:邮件交换器
A:Address,(FQDN-->IP)地址记录
PTR: PoiTeR,(IP-->FQDN)
AAAA:Address,FQDN-->IPv6
CNAME:Canonical Name,正式名称(别名记录)
DNS:FQDN --> IP
正反向解析技术不同,因此不应该存放于同一个数据库文件中进行
域:Domain,逻辑概念
区域:zone,物理概念
DNS的数据库文件(区域数据文件,区域自身有名字):文本文件,只能包含资源记录或宏定义,每行一个
资源记录的格式:
name [ttl(缓存有效时间)] IN 资源记录类型(RRtype) Value
例子:
www 600(单位s) IN A 1.2.3.4
www.magedu.com. 600 IN A 1.2.3.4
SOA:
只能有一个
name:只能是区域名称,例如:magedu.com.通常可以简写为@,
value:有n个数值,最主要的是主DNS服务器的FQDN,点不可省略
注意:SOA必须是区域数据库文件第一条记录
例子:
@ 600 IN SOA na.magedu.com. 管理员邮箱(dnsadmin.magedu.com.)(
序列号(serial number) ;注释内容,十进制数据,不能超过10位,通常使用日期,例如2015092017
刷新时间(refresh time) ;即每隔多久到主服务器检查一次
重试时间(retry time) ;应该小于refresh time
过期时间(expire time)
netgative answer ttl ;否定答案的ttl
)
NS:
可以有多条
name:区域名称,通常可以简写为@
value:DNS服务器的FQDN(可以使用相对名称)
例子:
@ 600 IN NS ns
A:
只能定义在正向区域数据文件中
name:FQDN(可以使用相对名称)
value:IP
例子:
www 600(单位s) IN A 1.2.3.4
www 600(单位s) IN A 1.2.3.5
可做轮询,效果不好(缓存),
www 600(单位s) IN A 1.2.3.4
ftp 600(单位s) IN A 1.2.3.4
但凡以FQDN做为其值的记录,应该给这个值做一条A记录
AAAA:
MX:可以有多个
name:区域名称,用于标识smtp服务器
value:包含优先级和FQDN
优先级:0-99,数字越小,级别越高,
例子:
@ 600 IN MX 10 mail
@ 600 IN MX 20 mail2
CNAME:
name :FQDN
value :FQDN
例子:
ftp IN CNAME www
PTR:IP --> FQDN,指针记录,只能定义在反向区域数据文件中,反向区域名称为逆向网络地址加.in.addr.arpa.后缀组成
name:IP,逆向的主机地址,例如172.16.100.7的name为7.100,完全格式为7.100.16.172.in-addr-arpa.
value:FQDN
例子:
4.3.2 600 IN PTR www.magedu.com.
二、BIND
isc(www,isc.org)
DNS,bind,named
案例:magelinux.com
192.168.100.
mail,172.16.100.21
pop-->mail 别名
ftp-->www 别名
dns:192.168.100.20
主配置文件:
主配置文件:定义区域,/etc/named.comf 属主root,数组named,权限:640
区域数据文件:/var/named/ 属主root,数组named,权限:640
至少有三个区域:
根
localhost
127.0.0.1
named:
用户:named
组:named
主配置文件:
options {
//全局选项
}
zone "ZONENAME" { #经测试这里区域名后面带不带.都可以
//定义区域
}
logging {
//定义日志系统
}
格式:以分号结尾,{}间有空格
type {hint|master|slave|forward}
配置示例:
1、bind主配置文件:/etc/named.conf添加解析区域
bind主配置文件:
[root@xxj ~]# cat /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "locahost" IN {
type master;
file "named.localhost";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
};
zone "1.0.0.127.in-addr.arpa." IN {
type master;
file "named.loopback";
};
zone "magelinux.com" IN {
type master;
file "magelinux.zone";
};
[root@xxj ~]# service named configtest #检测配置文件是否有错
zone locahost/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
[root@xxj ~]# named-c
named-checkconf named-checkzone named-compilezone
[root@xxj ~]# named-checkconf
[root@xxj named]# chown root:named named.conf #更改属主属组
[root@xxj named]# chmod 640 named.conf #更改权限
2、添加区域数据/资源记录/DNS数据库文件: [root@xxj named]# cat magelinux.zone $TTL 6000 @ IN SOA dns.magelinux.com admin.magelinux.com. ( 2015091019 2H 10M 7D 1D ) @ IN NS dns @ IN MX 10 mail dns IN A 192.168.100.20 mail IN A 192.168.100.21 WWW IN A 192.168.100.22 pop IN CNAME mail ftp IN CNAME www [root@xxj named]# chown root:named magelinux.zone [root@xxj named]# chmod 640 magelinux.zone [root@xxj named]# named-checkconf [root@xxj named]# named-checkzone [root@xxj named]# vi magelinux.zone [root@xxj named]# named-checkzone "magelinux.zone" /var/named/magelinux.zone zone magelinux.zone/IN: loaded serial 2015091019 OK [root@xxj named]# killall -1 named named: no process killed
测试命令:
dig:
dig [-t type] [-x addr] [name] [@server]
+[no]trace
+[no]recurse
+[no]tcp
host:
host [-t type] {name} {server}
nslookup:
nslookup>
server DNS_server_ip
set -q=TYPE
{name}
[root@xxx named]# dig -t NS magelinux.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t NS magelinux.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45888 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: #问题部分 ;magelinux.com. IN NS ;; ANSWER SECTION: #回答部分 magelinux.com. 6000 IN NS sbsb.magelinux.com. ;; ADDITIONAL SECTION: #附加部分 sbsb.magelinux.com. 6000 IN A 192.168.100.20 ;; Query time: 1 msec ;; SERVER: 192.168.100.20#53(192.168.100.20) ;; WHEN: Wed Sep 16 01:40:58 2015 ;; MSG SIZE rcvd: 66
[root@xxx named]# dig -t MX magelinux.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t MX magelinux.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41791 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;magelinux.com. IN MX ;; ANSWER SECTION: magelinux.com. 6000 IN MX 10 mail.magelinux.com. ;; AUTHORITY SECTION: #权威部分 magelinux.com. 6000 IN NS sbsb.magelinux.com. ;; ADDITIONAL SECTION: mail.magelinux.com. 6000 IN A 192.168.100.21 sbsb.magelinux.com. 6000 IN A 192.168.100.20 ;; Query time: 2 msec ;; SERVER: 192.168.100.20#53(192.168.100.20) ;; WHEN: Wed Sep 16 01:42:42 2015 ;; MSG SIZE rcvd: 103 [root@xxx named]# dig -t A mail.magelinux.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A mail.magelinux.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64745 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;mail.magelinux.com. IN A ;; ANSWER SECTION: mail.magelinux.com. 6000 IN A 192.168.100.21 ;; AUTHORITY SECTION: magelinux.com. 6000 IN NS sbsb.magelinux.com. ;; ADDITIONAL SECTION: sbsb.magelinux.com. 6000 IN A 192.168.100.20 ;; Query time: 1 msec ;; SERVER: 192.168.100.20#53(192.168.100.20) ;; WHEN: Wed Sep 16 01:43:49 2015 ;; MSG SIZE rcvd: 87
[root@xxx named]# host -t NS magelinux.com magelinux.com name server sbsb.magelinux.com. [root@xxx named]# host -t mx magelinux.com magelinux.com mail is handled by 10 mail.magelinux.com. [root@xxx named]# host -t A www.magelinux.com www.magelinux.com has address 192.168.100.22 [root@xxx named]# host -t A www.magedu.com 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: www.magedu.com has address 101.200.188.230 [root@xxx named]# host -t A www.magedu.com 192.168.100.20 Using domain server: Name: 192.168.100.20 Address: 192.168.100.20#53 Aliases: www.magedu.com has address 101.200.188.230 [root@xxx named]# host -t A www.baidu.com 192.168.100.20 Using domain server: Name: 192.168.100.20 Address: 192.168.100.20#53 Aliases: www.baidu.com is an alias for www.a.shifen.com. www.a.shifen.com has address 112.80.248.73 www.a.shifen.com has address 112.80.248.74 [root@xxx named]# host -t A www.magelinux 192.168.100.20 Using domain server: Name: 192.168.100.20 Address: 192.168.100.20#53 Aliases: Host www.magelinux not found: 3(NXDOMAIN) [root@xxx named]# host -t A www.magelinux.com 192.168.100.20 Using domain server: Name: 192.168.100.20 Address: 192.168.100.20#53 Aliases: www.magelinux.com has address 192.168.100.22
[root@xxx named]# nslookup > server 192.168.100.20 Default server: 192.168.100.20 Address: 192.168.100.20#53 > set q=A > www.magelinux.com Server: 192.168.100.20 Address: 192.168.100.20#53 Name: www.magelinux.com Address: 192.168.100.22 > set q=a > mail.magelinux.com Server: 192.168.100.20 Address: 192.168.100.20#53 Name: mail.magelinux.com Address: 192.168.100.21 >
[root@xxx ~]# dig -x 192.168.100.20 [root@xxx ~]# dig -x 192.168.100.21 #因为还没有配置反向解析,所以这里解析不了 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -x 192.168.100.21 ;; global options: +cmd ;; connection timed out; no servers could be reached [root@xxx ~]# dig -x 127.0.0.1 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -x 127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59577 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 86400 IN PTR localhost. ;; AUTHORITY SECTION: 1.0.0.127.in-addr.arpa. 86400 IN NS 1.0.0.127.in-addr.arpa. ;; ADDITIONAL SECTION: 1.0.0.127.in-addr.arpa. 86400 IN A 127.0.0.1 1.0.0.127.in-addr.arpa. 86400 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 192.168.100.20#53(192.168.100.20) ;; WHEN: Wed Sep 16 12:07:58 2015 ;; MSG SIZE rcvd: 121
添加反向解析:
1、先添加反向解析区域
[root@xxx ~]# cat /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "locahost" IN {
type master;
file "named.localhost";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
};
zone "1.0.0.127.in-addr.arpa." IN {
type master;
file "named.loopback";
};
zone "magelinux.com." IN {
type master;
file "magelinux.zone";
};
zone "100.168.192.in-addr.arpa." IN {
type master;
file "192.168.100.zone";
};
2、添加资源记录
[root@xxx named]# cat 192.168.100.zone $TTL 6000 @ IN SOA sbsb.magelinux.com admin.magelinux.com. ( 2015091019 2H 10M 7D 1D ) IN NS sbsb.magelinux.com. 20 IN PTR sbsb.magelinux.com. 21 IN PTR mail.magelinux.com. 22 IN PTR www.magelinux.com. [root@xxx named]# [root@xxx named]# dig -x 192.168.100.20 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -x 192.168.100.20 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33192 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;20.100.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 20.100.168.192.in-addr.arpa. 6000 IN PTR sbsb.magelinux.com. ;; AUTHORITY SECTION: 100.168.192.in-addr.arpa. 6000 IN NS sbsb.magelinux.com. ;; ADDITIONAL SECTION: sbsb.magelinux.com. 6000 IN A 192.168.100.20 ;; Query time: 0 msec ;; SERVER: 192.168.100.20#53(192.168.100.20) ;; WHEN: Wed Sep 16 15:22:25 2015 ;; MSG SIZE rcvd: 107 [root@xxx named]# dig -x 127.0.0.1 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -x 127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49959 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 86400 IN PTR localhost. ;; AUTHORITY SECTION: 1.0.0.127.in-addr.arpa. 86400 IN NS 1.0.0.127.in-addr.arpa. ;; ADDITIONAL SECTION: 1.0.0.127.in-addr.arpa. 86400 IN A 127.0.0.1 1.0.0.127.in-addr.arpa. 86400 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 192.168.100.20#53(192.168.100.20) ;; WHEN: Wed Sep 16 15:22:33 2015 ;; MSG SIZE rcvd: 121
反向解析区域数据库文件:区域名称以逆向的网络地址,并以.in-addr.arpa为后缀
第一条必须为SOA
应该具有NS记录,但不能出现MX和A记录
较常见的即为PTR记录
名称为逆向的主机地址,
转载于:https://blog.51cto.com/xiexiaojun/1696585
1027
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
