Linux的DNS正向解析和转发配置
DNS是Domain Name System(域名系统)的简称,用来解析域名和ip的对应关系。关于域名的定义以及解析原理大家都知道。
DNS搭建非常简单,所需软件:bind(服务主程序)、bind-utils(提供dns查询命令,如dig、host、nslookup)
[root@sed ~]# yum install bind bind-utils -y
bind的程序名称叫做named,服务的程序配置文件如下:
主程序 /usr/sbin/named
主配置文件 /etc/named.conf
区域配置文件 /etc/namd.rfc.1912.zones
配置域名myzdl.xin的解析配置参考,且DNS为企业内部DNS:
1、修改主配置文件
[root@sed ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.104; }; #开启监听接口
# listen-on-v6 port 53 { ::1; }; #关闭ipv6
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
# forward only; #只做转发用
forwarders { 114.114.114.114;8.8.8.8; }; #添加转发DNS
allow-query { any; }; #允许哪些地址查询,可写地址网段
dnssec-enable no; #optins中的安全机制,对域名签名检查
dnssec-validation no; #关闭
include "/etc/named.rfc1912.zones";
include "/etc/named.myzdl.xin"; #添加自己新文件
include "/etc/named.root.key";
2、创建区域文件,添加配置
[root@sed ~]# vim /etc/named.myzdl.xin
zone “myzdl.xin” IN {
type master;
file “named.myzdl.xin”;
allow-update { none; };
};
3、修改解析文件
[root@sed ~]# cp /var/named/named.localhost /var/named/named.myzdl.xin
[root@sed ~]# chmod o+r /var/named/named.myzdl.xin
[root@sed ~]# vim /var/named/named.myzdl.xin
$TTL 1D #表示解析后的dns缓存期为1天
@ IN SOA @ rname.invalid. (
0 ; serial #更新序列号,主从服务器之间根据此值是否一致来决定数据同步
1D ; refresh #更新一次的时间
1H ; retry #重试的间隔时间
1W ; expire #失效时间,1周
3H ) ; minimum #无效记录的缓存时间
NS @
A 127.0.0.1
AAAA ::1
解释参数:
SOA #表示本机器为该域的权威服务器
@ #代表区域,这里代表 myzdl.xin ,上面刚才自己定义了的域名
rname.invalid. #代表管理员邮箱地址(本来应该是rname@invalid. ,但是@被服务器用了,因此用"."来表示)
NS #表示是一个域服务器。后面跟域名
A #正向解析记录,后面跟IP地址
PTR #反向解析,后面跟域名
CNAME #别名记录,后面跟域名
MX #邮件记录,后面有邮件服务器的优先级,后面跟域名
$
TTL 1D
@ IN SOA @ yourself.sina.com. ( ;邮箱@被使用,这里用'.'代替@
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @ ;NS指域名服务器,myzdl.xin.
A 127.0.0.1
; AAAA ::1
www A 172.16.1.10 ;如果后面加'.',代表是完整的域名.
ftp A 172.16.1.20
@ NS dns1
@ NS dns2
dns1 A 192.168.1.104
dns2 A 192.168.1.105
@ MX 10 mail1
@ MX 20 mail2
mail1 A 192.168.2.100
mail2 A 192.168.2.200
web CNAME www
[root@sed ~]# systemctl enable named
[root@sed ~]# systemctl start named
---------------------------------------------------------------
测试:
C:\Users\Administrator>nslookup
默认服务器: UnKnown
Address: 192.168.1.1
> server 192.168.1.104
默认服务器: [192.168.1.104]
Address: 192.168.1.104
> myzdl.xin
服务器: [192.168.1.104]
Address: 192.168.1.104
名称: myzdl.xin
Address: 127.0.0.1
> www.myzdl.xin
服务器: [192.168.1.104]
Address: 192.168.1.104
名称: www.myzdl.xin
Address: 172.16.1.10
> set type=ns
> myzdl.xin
服务器: [192.168.1.104]
Address: 192.168.1.104
myzdl.xin nameserver = myzdl.xin
myzdl.xin nameserver = dns2.myzdl.xin
myzdl.xin nameserver = dns1.myzdl.xin
myzdl.xin internet address = 127.0.0.1
dns1.myzdl.xin internet address = 192.168.1.104
dns2.myzdl.xin internet address = 192.168.1.105
> set type=mx
> myzdl.xin
服务器: [192.168.1.104]
Address: 192.168.1.104
myzdl.xin MX preference = 10, mail exchanger = mail1.myzdl.xin
myzdl.xin MX preference = 20, mail exchanger = mail2.myzdl.xin
myzdl.xin nameserver = dns2.myzdl.xin
myzdl.xin nameserver = dns1.myzdl.xin
myzdl.xin nameserver = myzdl.xin
mail1.myzdl.xin internet address = 192.168.2.100
mail2.myzdl.xin internet address = 192.168.2.200
myzdl.xin internet address = 127.0.0.1
dns1.myzdl.xin internet address = 192.168.1.104
dns2.myzdl.xin internet address = 192.168.1.105
> set type=a
> web.myzdl.xin
服务器: [192.168.1.104]
Address: 192.168.1.104
名称: www.myzdl.xin
Address: 172.16.1.10
Aliases: web.myzdl.xin
> www.qq.com
服务器: [192.168.1.104]
Address: 192.168.1.104
非权威应答:
名称: public.sparta.mig.tencent-cloud.net
Addresses: 14.18.175.154
113.96.232.215
Aliases: www.qq.com
> www.sina.com
服务器: [192.168.1.104]
Address: 192.168.1.104
非权威应答:
名称: spool.grid.sinaedge.com
Address: 117.21.216.80
Aliases: www.sina.com
us.sina.com.cn
>