linux[基礎]-33-[dns服務器]-[正反向域名解析]-[01]
阿新 • • 發佈:2017-10-17
master configure port nslookup style 特定 ip地址 spa ini
dns_bind_正反向域名解析
bind服務支持TSIG安全加密傳輸機制
dns域名解析服務用於解析域名與IP地址對應關系服務
正向解析:根據域名查找對應IP地址
反向解析:根據IP地址查找對應域名
dns結構模型:
但靠幾臺dns服務器不能滿足全球用戶的需求,所以工作形式分為主、從、緩存服務器
主服務器:在特定區域內具有唯一性,負責維護該區域內的域名與IP對應關系
從服務器:從主服務器獲取域名與IP對應關系並且維護,起備份作用
緩存服務器:通過向其他dns服務器查詢獲取域名與IP地址對應關系,提高重復查詢的效率
dns查詢分為遞歸查詢與叠代查詢:
遞歸查詢:用於客戶機向DNS服務器查詢
叠代查詢:用於dns服務器向其他dns服務器查詢
dns查詢流程圖:
安裝bind服務程序:
[[email protected] ~]# yum -y install bind-chroot Installed: bind-chroot.x86_64 32:9.9.4-14.el7 Dependency Installed: bind.x86_6432:9.9.4-14.el7 Complete!
域名解析服務bind的程序名叫named
主域名 |
/usr/sbin/named |
主配置文件 |
/etc/named.conf |
區域配置文件 |
/etc/named.rfc1912.zones |
查看配置文件(有兩處修改):
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; }; #修改為dns服務器的ip或者any listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; #修改為any,代表允許任何主機查詢 /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
一、正向域名解析
修改配置文件:
[[email protected] ~]# vim /etc/named.rfc1912.zones zone "dns.com" IN { type master; file "dns.com.zone"; allow-update { none; }; };
使用named-checkconf\named-checkzone查詢主配置和區域文件語法錯誤:
[[email protected] ~]# named-checkconf /etc/named.conf
配置解析數據信息:
使用正向文件解析模板文件:”/var/named/named.localhost“
[[email protected] ~]# cd /var/named/ [[email protected] named]# cp -a /var/named/named.localhost dns.com.zone [[email protected] named]# ll total 20 drwxr-x---. 7 root named 56 Oct 17 09:59 chroot drwxrwx---. 2 named named 6 Jan 29 2014 data -rw-r-----. 1 root named 152 Jun 21 2007 dns.com.zone drwxrwx---. 2 named named 6 Jan 29 2014 dynamic -rw-r-----. 1 root named 2076 Jan 28 2013 named.ca -rw-r-----. 1 root named 152 Dec 15 2009 named.empty -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback drwxrwx---. 2 named named 6 Jan 29 2014 slaves [[email protected] named]# vim dns.com.zone $TTL 1D @ IN SOA dns.com. root.dns.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.dns.com. ns A 192.168.200.102 www A 192.168.200.10 bbs A 192.168.200.20
檢查區域解析文件:
[[email protected] named]# named-checkzone dns.com dns.com.zone zone dns.com/IN: loaded serial 0 OK
重啟named服務且驗證結果:
[[email protected] named]# systemctl restart named [[email protected] named]# nslookup www.dns.com Server:::1 Address:::1#53 Name:www.dns.com Address: 192.168.200.10 [[email protected] named]# nslookup bbs.dns.com Server:::1 Address:::1#53
Name:bbs.dns.com Address: 192.168.200.20
二、反向解析(通過ip地址查詢域名)
配置區域數據信息:
[[email protected] named]# vim /etc/named.rfc1912.zones zone "200.168.192.in-addr.arpa" IN { type master; file "192.168.200.arpa"; };
配置解析數據信息:
反向解析使用反向解析模板文件:”/var/named/named.loopback“
[[email protected] named]# cp -a /var/named/named.loopback 192.168.200.arpa [[email protected] named]# vim 192.168.200.arpa $TTL 1D @ IN SOA dns.com. root.dns.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.dns.com. 102 PTR ns.dns.com. 10 PTR www.dns.com. 20 PTR bbs.dns.com. [[email protected] named]# named-checkzone 200.168.192.in-addr.arpa 192.168.200.arpa zone 200.168.192.in-addr.arpa/IN: loaded serial 0 OK
重啟named服務,驗證結果:
[[email protected] named]# systemctl restart named [[email protected] named]# nslookup 192.168.200.10 Server:::1 Address:::1#53 10.200.168.192.in-addr.arpaname = www.dns.com. [[email protected] named]# nslookup 192.168.200.20 Server:::1 Address:::1#53 20.200.168.192.in-addr.arpaname = bbs.dns.com.
linux[基礎]-33-[dns服務器]-[正反向域名解析]-[01]