文章目录
何谓DNS单域名解析?
即DNS服务器仅仅支持查询一个域名信息
例如:只能搭建的DNS服务器只能查询www.selfdns.com这个域名,ip —> 域名
正反向单域名查询?
支持 “域名” ------> “ip”的查询
支持 “ip” ------> “域名”的查询
A)安装bind软件包:
yum install -y bind
B)修改主配置文件:
/etc/named.conf
options {
listen-on port 53 { any; }; //监听53端口,any代表所有
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //允许使用本DNS解析服务的网段,也可用any代表所有
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
C)修改域名控制配置文件,添加正反向区域配置:
/etc/named.rfc1912.zones
//正向域名解析配置:即ping yhqdns.com相关,返回对应的ip地址:
zone "yhqdns.com" IN {
type master;
file "yhqdns.com.zone";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
//反向域名解析配置:即ping ip相关,返回对应的域名:记得下面的 “ip配置” 需要反着写:
zone "3.168.192.in-addr.arpa" IN {
type master;
//对应/var/named/yhqdns.com.local文件,权限640,root:named数组相关:
file "yhqdns.com.local";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
【注意】:
/var/named/yhqdns.com.local文件,权限640,root:named数组相关:
D)配置正向DNS解析区域数据文件: /var/named/yhqdns.com.zone
权限:640 数组:root:named
1)复制
/var/named/named.localhost 为 /var/named/yhqdns.com.zone
2)编辑
/var/named/yhqdns.com.zone文件
$TTL 1D
@ IN SOA yhqdns.com. admin.yhqdns.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.2.112
ns1 IN A 192.168.3.111
www IN A 192.168.3.109
mail IN A 192.168.3.103
ftp IN CNAME www
* IN A 114.114.114.114
E)配置反向DNS解析区域数据文件:
/var/named/yhqdns.com.local
$TTL 1D
@ IN SOA yhqdns.com. admin.yhqdns.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.3.180
180 IN PTR yhqdns.com.
101 IN PTR ns1.yhqdns.com.
109 IN PTR www.yhqdns.com.
130 IN PTR main.yhqdns.com.
ftp IN CNAME www
【解析】:
上面配置中101寻找对应域名的原理:
A) 通过/etc/named.rfc1912.zones 找到zone "3.168.192.in-addr.arpa 与 file “yhqdns.com.local”;
然后知道ip大致范围:192.168.3.x对应是yhqdns.com.local然后去找这个文件
B)在/var/named下面找到yhqdns.com.local文件,其中“109 IN PTR www.yhqdns.com.”
109+192.168.3即为192.168.3.109对应的域名是www.yhqdns.com
F)关闭防火墙,重启name服务
G)找一台客户机配置DNS的域名解析信息到其/etc/resolv.conf中
H)验证命令ping/nslookup
、
扩展:怎么配置DNS多域名解析服务呢?
A)域名控制文件中 /etc/named.rfc1912.zones添加其他新增正反向域名信息:
//正向域名解析配置:即ping yhqdns.com相关,返回对应的ip地址:
zone "xxxdns.com" IN {
type master;
file "xxxdns.com.zone";
allow-update { none; };
};
//反向域名解析配置:即ping ip相关,返回对应的域名:记得下面的 “ip配置” 需要反着写:
zone "3.168.192.in-addr.arpa" IN {
type master;
//对应/var/named/yhqdns.com.local文件,权限640,root:named数组相关:
file "xxxqdns.com.local";
allow-update { none; };
};
B)配置正向/反向DNS解析区域数据文件:
/var/named/xxxdns.com.zone与/var/named/xxxdns.com.local
注意:这两文件权限640与属主:属组–> root:named即可