三、反向区域配置及测试
反向区域:
区域名称:网络地址反写 .in-addr.arpa.
192.168.88.--> 88.168.192.in-addr.arpa.
1)、定义区域
zone "ZONE_NAME" IN {
type {master|slave|forward};
file "网络地址.zone";
};
2)、定义区域解析库文件
注意:不需要MX和A,以及AAAA记录;以PTR记录为主
示例:
$TTL 86400
$ORIGIN 88.168.192.in-addr.arpa.
@
IN
SOA
ns1.field.com. admin.field.com. (
2017111701
1H
5M
7D
1D )
IN
NS
ns1.field.com.
IN
NS
ns2.field.com.
131
IN
PTR
ns1.field.com.
131
IN
PTR
www.field.com.
131
IN
PTR
mx1.field.com.
130
IN
PTR
mx2.field.com.
(1)、在主配置文件中定义区域
zone "ZONE_NAME" IN {
type {master|slave|forward};
file "网络地址.zone";
};
[root@www named]# vim
/etc/named.rfc1912.zones
zone "localhost.localdomain" IN
{
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN
{
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "field.com" IN {
type master;
file "field.com.zone";
};
zone "88.168.192.in-addr.arpa" IN
{
type master;
file "192.168.88.zone";
};
"/etc/named.rfc1912.zones" 52L,
1102C 已写入
[root@www named]#
named-checkconf
//查看配置文件是否有语法错误
(2)、定义区域解析库文件
注意:不需要MX和A,以及AAAA记录;以PTR记录为主
[root@www named]# vim
192.168.88.zone
$TTL 86400
$ORIGIN
88.168.192.in-addr.arpa.
@
IN
SOA
ns1.field.com. admin.field.com. (
2017111701
1H
5M
7D
1D )
IN
NS
ns1.field.com.
IN
NS
ns2.field.com.
131
IN
PTR
ns1.field.com.
131
IN
PTR
www.field.com.
131
IN
PTR
mx1.field.com.
130
IN
PTR
mx2.field.com.
~
"192.168.88.zone" 14L, 302C
已写入
[root@www named]# named-checkzone
"88.168.192.in-addr.arpa" 192.168.88.zone
zone 88.168.192.in-addr.arpa/IN:
loaded serial 2017111701
OK
//查看区域解析库文件是否有语法错误
(3)、基于安全性考虑,修改区域解析库文件访问权限为640并将named加入属组。
[root@field named]# chmod 640
192.168.88.zone
[root@field named]# chown :named
192.168.88.zone
[root@www named]# ll
总用量 40
-rw-r-----. 1 root named 302
11月
18 00:08
192.168.88.zone
drwxr-x---. 7 root named 4096
11月
17 18:39
chroot
drwxrwx---. 2 named named 4096
11月
17 13:26 data
drwxrwx---. 2 named named 4096
11月
17 13:27
dynamic
-rw-r-----. 1 root named 361
11月
17 23:49
field.com.zone
-rw-r-----. 1 root named 3289
4月11 2017
named.ca
-rw-r-----. 1 root named 152
12月
15 2009
named.empty
-rw-r-----. 1 root named 152
6月21 2007
named.localhost
-rw-r-----. 1 root named 168
12月
15 2009
named.loopback
drwxrwx---. 2 named named 4096
7月5
17:55 slaves
[root@www named]#
[root@www named]# named-checkzone
"88.168.192.in-addr.arpa" 192.168.88.zone
zone 88.168.192.in-addr.arpa/IN:
loaded serial 2017111701
OK
[root@www named]# service named
reload
重新载入named:
[确定]
[root@www named]# rndc
status
version:
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4
CPUs found: 3
worker threads: 3
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients:
0/0/1000
tcp clients: 0/100
server is up and running
[root@www named]#
[root@www named]#
named-checkconf
[root@www named]# service named
reload
重新载入named:
[确定]
[root@www named]# clear
[root@www named]# tail
/var/log/messages
Nov 18 00:15:56 www named[4255]:
loading configuration from '/etc/named.conf'
Nov 18 00:15:56 www named[4255]:
using default UDP/IPv4 port range: [1024, 65535]
Nov 18 00:15:56 www named[4255]:
using default UDP/IPv6 port range: [1024, 65535]
Nov 18 00:15:56 www named[4255]:
sizing zone task pool based on 7 zones
Nov 18 00:15:57 www named[4255]:
Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling
RFC 1918 empty zones
Nov 18 00:15:59 www named[4255]:
reloading configuration succeeded
Nov 18 00:15:59 www named[4255]:
reloading zones succeeded
Nov 18 00:16:00 www named[4255]: zone
field.com/IN: zone serial (2017111701) unchanged. zone may fail to
transfer to slaves.
Nov 18 00:16:00 www named[4255]: zone
field.com/IN: loaded serial 2017111701
Nov 18 00:16:00 www named[4255]: zone
field.com/IN: sending notifies (serial 2017111701)
(4)、测试反向解析:
dig -x IP @SERVER
模拟区域传送:
dig -t axfr ZONE_NAME @SERVER
例如: dig -t axfr field.com
@192.168.88.131
dig -t axfr 88.168.192.in-addr.arpa
@192.168.88.131
host命令:
host [-t type] name [SERVER]
nslookup命令:
nslookup [-option] [name | -] [server]
交互式模式;
nslookup>
server IP:指明使用哪个DNS server进行查询;
set q=RR_TYPE:指明查询的资源记录类型;
NAME:要查询的名称;
测试示例:
1)、查看PTR记录
[root@www named]# host -t PTR
192.168.88.131 192.168.88.131
Using domain server:
Name: 192.168.88.131
Address: 192.168.88.131#53
Aliases:
131.88.168.192.in-addr.arpa domain
name pointer www.field.com.
131.88.168.192.in-addr.arpa domain
name pointer mx1.field.com.
131.88.168.192.in-addr.arpa domain
name pointer ns1.field.com.
[root@www named]# dig -x
192.168.88.131 @192.168.88.131
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x
192.168.88.131 @192.168.88.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
QUERY, status: NOERROR, id: 4893
;; flags: qr aa rd ra; QUERY: 1,
ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;131.88.168.192.in-addr.arpa.
IN
PTR
;; ANSWER SECTION:
131.88.168.192.in-addr.arpa. 86400
IN
PTR
mx1.field.com.
131.88.168.192.in-addr.arpa. 86400
IN
PTR
ns1.field.com.
131.88.168.192.in-addr.arpa. 86400
IN
PTR
www.field.com.
;; AUTHORITY SECTION:
88.168.192.in-addr.arpa.
86400
IN
NS
ns2.field.com.
88.168.192.in-addr.arpa.
86400
IN
NS
ns1.field.com.
;; ADDITIONAL SECTION:
ns1.field.com.
86400
IN
A
192.168.88.131
ns2.field.com.
86400
IN
A
192.168.88.131
;; Query time: 1 msec
;; SERVER:
192.168.88.131#53(192.168.88.131)
;; WHEN: Sat Nov 18 00:24:31
2017
;; MSG SIZE rcvd: 172
2)、模拟区域传送:
dig -t axfr ZONE_NAME @SERVER
[root@www named]# dig -t axfr
field.com @192.168.88.131
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t axfr
field.com @192.168.88.131
;; global options: +cmd
field.com.
86400
IN
SOA
ns1.field.com. admin.field.com.field.com. 2017111701 3600 300
604800 86400
field.com.
86400
IN
NS
ns1.field.com.
field.com.
86400
IN
NS
ns2.field.com.
field.com.
86400
IN
MX
10 mx1.field.com.
field.com.
86400
IN
MX
20 mx2.field.com.
ftp.field.com.
86400
IN
CNAME
www.field.com.
mx1.field.com.
86400
IN
A
192.168.88.131
mx2.field.com.
86400
IN
A
192.168.88.130
ns1.field.com.
86400
IN
A
192.168.88.131
ns2.field.com.
86400
IN
A
192.168.88.131
www.field.com.
86400
IN
A
192.168.88.131
field.com.
86400
IN
SOA
ns1.field.com. admin.field.com.field.com. 2017111701 3600 300
604800 86400
;; Query time: 38 msec
;; SERVER:
192.168.88.131#53(192.168.88.131)
;; WHEN: Sat Nov 18 00:27:15
2017
;; XFR size: 12 records (messages 1,
bytes 293)
[root@www named]# dig -t axfr
88.168.192.in-addr.arpa
@192.168.88.131
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t axfr
88.168.192.in-addr.arpa @192.168.88.131
;; global options: +cmd
88.168.192.in-addr.arpa.
86400
IN
SOA
ns1.field.com. admin.field.com. 2017111701 3600 300 604800
86400
88.168.192.in-addr.arpa.
86400
IN
NS
ns1.field.com.
88.168.192.in-addr.arpa.
86400
IN
NS
ns2.field.com.
130.88.168.192.in-addr.arpa. 86400
IN
PTR
mx2.field.com.
131.88.168.192.in-addr.arpa. 86400
IN
PTR
ns1.field.com.
131.88.168.192.in-addr.arpa. 86400
IN
PTR
www.field.com.
131.88.168.192.in-addr.arpa. 86400
IN
PTR
mx1.field.com.
88.168.192.in-addr.arpa.
86400
IN
SOA
ns1.field.com. admin.field.com. 2017111701 3600 300 604800
86400
;; Query time: 18 msec
;; SERVER:
192.168.88.131#53(192.168.88.131)
;; WHEN: Sat Nov 18 00:27:51
2017
;; XFR size: 8 records (messages 1,
bytes 240)
四、泛域名解析:(使用通配符)
//无论使用什么名字都不会出错
随便测试一个不存在的名称,无法解析
[root@www named]# dig -t A
pop3.field.com
@192.168.88.131
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A
pop3.field.com @192.168.88.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
QUERY, status: NXDOMAIN, id: 60214
;; flags: qr aa rd ra; QUERY: 1,
ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
0
;; QUESTION SECTION:
;pop3.field.com.
IN
A
;; AUTHORITY SECTION:
field.com.
86400
IN
SOA
ns1.field.com. admin.field.com.field.com. 2017111701 3600 300
604800 86400
;; Query time: 1 msec
;; SERVER:
192.168.88.131#53(192.168.88.131)
;; WHEN: Sat Nov 18 00:33:45
2017
;; MSG SIZE rcvd: 88
[root@www named]#
[root@www named]# vim
field.com.zone
$TTL 86400
$ORIGIN field.com.
@
IN
SOA
ns1.field.com. admin.field.com (
2017111701
1H
5M
7D
1D )
IN
NS
ns1
IN
NS
ns2
IN
MX 10
mx1
IN
MX 20
mx2
ns1
IN
A
192.168.88.131
ns2
IN
A
192.168.88.131
mx1
IN
A
192.168.88.131
mx2
IN
A
192.168.88.130
www
IN
A
192.168.88.131
ftp
IN
CNAME
www
*
IN
A
192.168.88.131
~
"field.com.zone" 19L, 383C
已写入
[root@www named]# rndc
reload
server reload successful
[root@www named]# dig -t A
pop3.field.com
@192.168.88.131
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A
pop3.field.com @192.168.88.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
QUERY, status: NOERROR, id: 41432
;; flags: qr aa rd ra; QUERY: 1,
ANSWER: 1, AUTHORITY: 2, ADDITIONAL:
2
;; QUESTION SECTION:
;pop3.field.com.
IN
A
;; ANSWER SECTION:
pop3.field.com.
86400
IN
A
192.168.88.131
;; AUTHORITY SECTION:
field.com.
86400
IN
NS
ns2.field.com.
field.com.
86400
IN
NS
ns1.field.com.
;; ADDITIONAL SECTION:
ns1.field.com.
86400
IN
A
192.168.88.131
ns2.field.com.
86400
IN
A
192.168.88.131
;; Query time: 1 msec
;; SERVER:
192.168.88.131#53(192.168.88.131)
;; WHEN: Sat Nov 18 00:38:41
2017
;; MSG SIZE rcvd: 116
[root@www named]# vim
field.com.zone
$TTL 86400
$ORIGIN field.com.
@
IN
SOA
ns1.field.com. admin.field.com (
2017111701
1H
5M
7D
1D )
IN
NS
ns1
IN
NS
ns2
IN
MX 10
mx1
IN
MX 20
mx2
ns1
IN
A
192.168.88.131
ns2
IN
A
192.168.88.131
mx1
IN
A
192.168.88.131
mx2
IN
A
192.168.88.130
www
IN
A
192.168.88.131
ftp
IN
CNAME
www
field.com.
IN
A
192.168.88.131
~
[root@www named]# rndc
reload
server reload successful
[root@www named]#
[root@www named]# dig -t A
field.com
@192.168.88.131
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A
field.com @192.168.88.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
QUERY, status: NOERROR, id: 65503
;; flags: qr aa rd ra; QUERY: 1,
ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;field.com.
IN
A
;; ANSWER SECTION:
field.com.
86400
IN
A
192.168.88.131
;; AUTHORITY SECTION:
field.com.
86400
IN
NS
ns1.field.com.
field.com.
86400
IN
NS
ns2.field.com.
;; ADDITIONAL SECTION:
ns1.field.com.
86400
IN
A
192.168.88.131
ns2.field.com.
86400
IN
A
192.168.88.131
;; Query time: 1 msec
;; SERVER:
192.168.88.131#53(192.168.88.131)
;; WHEN: Sat Nov 18 00:51:27
2017
;; MSG SIZE rcvd: 111
[root@www named]# vim
field.com.zone
$TTL 86400
$ORIGIN field.com.
@
IN
SOA
ns1.field.com. admin.field.com (
2017111701
1H
5M
7D
1D )
IN
NS
ns1
IN
NS
ns2
IN
MX 10
mx1
IN
MX 20
mx2
ns1
IN
A
192.168.88.131
ns2
IN
A
192.168.88.131
mx1
IN
A
192.168.88.131
mx2
IN
A
192.168.88.130
www
IN
A
192.168.88.131
ftp
IN
CNAME
www
field.com.
IN
A
192.168.88.131
*
IN
A
192.168.88.131
~
[root@www named]# rndc
reload
server reload successful
[root@www named]# dig -t A
pop3.field.com
@192.168.88.131
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A
pop3.field.com @192.168.88.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
QUERY, status: NOERROR, id: 47811
;; flags: qr aa rd ra; QUERY: 1,
ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;pop3.field.com.
IN
A
;; ANSWER SECTION:
pop3.field.com.
86400
IN
A
192.168.88.131
;; AUTHORITY SECTION:
field.com.
86400
IN
NS
ns2.field.com.
field.com.
86400
IN
NS
ns1.field.com.
;; ADDITIONAL SECTION:
ns1.field.com.
86400
IN
A
192.168.88.131
ns2.field.com.
86400
IN
A
192.168.88.131
;; Query time: 1 msec
;; SERVER:
192.168.88.131#53(192.168.88.131)
;; WHEN: Sat Nov 18 00:52:42
2017
;; MSG SIZE rcvd: 116
[root@www named]# dig -t A
field.com
@192.168.88.131
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A
field.com @192.168.88.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
QUERY, status: NOERROR, id: 41284
;; flags: qr aa rd ra; QUERY: 1,
ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;field.com.
IN
A
;; ANSWER SECTION:
field.com.
86400
IN
A
192.168.88.131
;; AUTHORITY SECTION:
field.com.
86400
IN
NS
ns2.field.com.
field.com.
86400
IN
NS
ns1.field.com.
;; ADDITIONAL SECTION:
ns1.field.com.
86400
IN
A
192.168.88.131
ns2.field.com.
86400
IN
A
192.168.88.131
;; Query time: 1 msec
;; SERVER:
192.168.88.131#53(192.168.88.131)
;; WHEN: Sat Nov 18 00:52:47
2017
;; MSG SIZE rcvd: 111
五、配置为dns服务器提供解析功能:
(1)、设置为客户机Windows的dns服务器,为其提供解析功能:
(2)、在Windows7上访问DNS主从 服务器上的tomcat主页面:
以及从服务器上192.168.88.130的test.field.com:8080和ns2.field.com:8080
(3)、在Windows7上访问网易主页面(www.163.com),测试是否能解析: