Linux dns服務器介紹
阿新 • • 發佈:2018-05-11
linux dnsDNS(Domain Name System),域名解析,簡單說就是域名查找ip,也可以是ip查找域名,可以相互解析。
正向解析 :FQDN --> IP
反向解析 :IP --> FQDN
解析過程大致如下:
正向解析 :FQDN --> IP
反向解析 :IP --> FQDN
解析過程大致如下:
資源記錄:Resource Record, 簡稱rr; 記錄有類型:A, AAAA, PTR, SOA, NS, CNAME, MX
SOA:Start Of Authority,起始授權記錄; 一個區域解析庫有且只能有一個SOA記錄,而且必須放在第一條;
NS:Name Service,域名服務記錄;一個區域解析庫可以有多個NS記錄;其中一個為主的;A: Address, 地址記錄,FQDN --> IPv4;
AAAA:地址記錄, FQDN --> IPv6;
CNAME:Canonical Name,別名記錄;
PTR:Pointer,IP --> FQDN
MX:Mail eXchanger,郵件交換器;優先級:0-99,數字越小優先級越高;
基本配置
1、安裝
[root@node1 certs]# yum install bind #可能安裝 [root@node1 certs]# yum install bind-libs #依賴庫 [root@node1 certs]# yum install bind-utils #dns 工具 dig host等
2、配置主配置文件
[root@ns1 named]# vim /etc/named.conf acl allow_querys { localhost; }; acl allow_transfers { none; }; acl allow_recursions { any; }; acl allow_updates { none; }; options { listen-on port 53 { 192.168.1.102; }; //綁定ip 端口 //listen-on-v6 port 53 { ::1; }; //ipv6 不用註釋 allow-query { allow_querys; }; //允許查詢的主機;白名單; allow-recursion { allow_recursions; }; //允許遞歸查詢白名單 dnssec-enable no; dnssec-validation no; //其余不變 } #檢查配置文件 [root@ns1 named]# named-checkconf
3、啟動
[root@ns1 named]# systemctl start named
[root@ns1 named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2018-05-11 12:04:26 EDT; 19s ago
.....
[root@ns1 named]# netstat -lntup|grep named
tcp 0 0 192.168.1.102:53 0.0.0.0:* LISTEN 26195/named #用戶主從等其他服務
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 26195/named #rndc 端口,這個進程不能對外開放,dns進程管理
tcp6 0 0 ::1:953 :::* LISTEN 26195/named
udp 0 0 192.168.1.102:53 0.0.0.0:* 26195/named #dns解析進程4、測試
#dig [+(no)trace] -t 資源類型 查詢對象 [dns serverip]
[root@ns1 named]# dig -t A www.baidu.com @192.168.1.102 #如果本機dns指向 不是本機的話
[root@node1 test]# vim /etc/resolv.conf #dns指向本機
search localdomain zander.com
nameserver 192.168.1.106
#host 工具
[root@node1 test]# host -t A www.baidu.com
www.baidu.com has address 183.232.231.173
www.baidu.com has address 183.232.231.172
[root@node1 test]# host -t NS www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
[root@node1 test]# host -t NS www.a.shifen.com.區域配置
正向區域配置
1、配置文件添加zone
#這個文件在/etc/named.conf 中被引入
[root@node1 certs]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
type master;
file "zander.com.zone";
allow-transfer { allow_transfers; };
allow-update { allow_updates; };
};
[root@node1 named]# named-checkconf2、具體區域配置添加
[root@ns1 named]# cd /var/named/
[root@ns1 named]# vim zander.com.zone
$TTL 3600
$ORIGIN zander.com.
@ IN SOA zander.com. admin.zander.com. ( ;Start Of Authority,起始授權記錄,只能第一條,且唯一
20180530 ;每次修改配置文件都要修改序列號
1H ;refresh
10M ;retry
3D ;expire
1D) ; 放棄
IN NS ns1 ;Name Service,域名服務記錄;一個區域解析庫可以有多個NS記錄;其中一個為主的;
IN MX 10 mx1 ;Mail eXchanger,郵件交換器;
ns1 IN A 192.168.1.102 ;Address, 地址記錄,FQDN --> IPv4;
mx1 IN A 192.168.1.106
www IN A 192.168.1.106
web IN CNAME www ;別名
bbs IN A 192.168.1.103
bbs IN A 192.168.1.106
#修改文件屬性
[root@node1 named]# chgrp named /var/named/zander.com.zone
[root@node1 named]# chmod o= /var/named/zander.com.zone
[root@ns1 named]# named-checkzone zander.com /var/named/zander.com.zone 3、配置重載
[root@ns1 named]# rndc reload
#或者
[root@ns1 named]# systemctl reload named4、測試
[root@ns1 named]# host -t A www.zander.com
www.zander.com has address 192.168.1.106
#輪詢
[root@node1 named]# host -t A bbs.zander.com
bbs.zander.com has address 192.168.1.106
bbs.zander.com has address 192.168.1.103
[root@node1 named]# host -t A bbs.zander.com
bbs.zander.com has address 192.168.1.103
bbs.zander.com has address 192.168.1.106
#別名
[root@ns1 named]# host -t A web.zander.com
web.zander.com is an alias for www.zander.com.
www.zander.com has address 192.168.1.106
#
[root@ns1 named]# dig -t A www.zander.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8271
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zander.com. IN A
;; ANSWER SECTION:
www.zander.com. 3600 IN A 192.168.1.106
;; AUTHORITY SECTION:
zander.com. 3600 IN NS ns1.zander.com.
zander.com. 3600 IN NS ns2.zander.com.
;; ADDITIONAL SECTION:
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102) #註意解析服務地址
;; WHEN: Fri May 11 12:25:02 EDT 2018
;; MSG SIZE rcvd: 127反向區域配置
1、配置文件添加
[root@ns1 named]# vim /etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN{
type master;
file "192.168.1.zone";
allow-transfer { allow_transfers; };
allow-update { allow_updates; };
};
[root@node1 named]# named-checkconf2、反向區域配置
[root@ns1 named]# vim 192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA ns1.zander.com. admin.zander.com. (
20180513
1H
10M
3D
1D)
IN NS ns1.zander.com.
102 IN PTR ns1.zander.com.
106 IN PTR mx1.zander.com.
106 IN PTR www.zander.com.
103 IN PTR bbs.zander.com.
106 IN PTR bbs.zander.com.
[root@node1 named]# chgrp named 192.168.1.zone
[root@node1 named]# chmod o= 192.168.1.zone
[root@ns1 named]# named-checkzone 1.168.192.in-addr.arpa 192.168.1.zone3、重載
[root@node1 named]# rndc reload4、測試
[root@ns1 named]# dig -x 192.168.1.106
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -x 192.168.1.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
106.1.168.192.in-addr.arpa. 3600 IN PTR mx1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR pop3.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR www.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR bbs.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR ns1.zander.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS ns1.zander.com.
1.168.192.in-addr.arpa. 3600 IN NS ns2.zander.com.
;; ADDITIONAL SECTION:
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Fri May 11 12:47:49 EDT 2018
;; MSG SIZE rcvd: 220從節點配置
1、同步時間
2、 從節點配置
[root@ns1 slaves]# vim /etc/named.conf
參考基本配置
[root@localhost named]# named-checkconf
[root@ns1 slaves]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
type slave;
file "slaves/zander.com.zone";
masters { 192.168.1.102; };
allow-transfer { allow_transfers; }; #none 從節點必須none
};
zone "1.168.192.in-addr.arpa" IN{
type slave;
file "slaves/192.168.1.zone";
masters { 192.168.1.102; };
allow-transfer { allow_transfers; }; #none 從節點必須none
};
[root@ns1 slaves]# named-checkconf3、主節點配置
[root@ns1 named]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
type master;
file "zander.com.zone";
allow-transfer { allow_transfers; }; # 添加 節點
allow-update { allow_updates; };
};
zone "1.168.192.in-addr.arpa" IN{
type master;
file "192.168.1.zone";
allow-transfer { allow_transfers; };# 添加 節點
allow-update { allow_updates; };
};
[root@ns1 named]# vim /etc/named.conf
acl allow_transfers {
192.168.1.114;
};
[root@ns1 named]# vim /var/named/zander.com.zone
$TTL 3600
$ORIGIN zander.com.
@ IN SOA zander.com. admin.zander.com. (
20180530
1H
10M
3D
1D)
IN NS ns1
IN NS ns2 #添加從節點 名字隨便取,跟節點真正名字無關
IN MX 10 mx1
ns2 IN A 192.168.1.114 #從節點指向
ns1 IN A 192.168.1.102
mx1 IN A 192.168.1.106
www IN A 192.168.1.106
web IN CNAME www
bbs IN A 192.168.1.103
bbs IN A 192.168.1.106
[root@ns1 named]# vim /var/named/192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA ns1.zander.com. admin.zander.com. (
20180513
1H
10M
3D
1D)
IN NS ns1.zander.com.
IN NS ns2.zander.com. #添加從節點
114 IN PTR ns2.zander.com. #從節點指向
102 IN PTR ns1.zander.com.
106 IN PTR mx1.zander.com.
106 IN PTR www.zander.com.
103 IN PTR bbs.zander.com.
106 IN PTR bbs.zander.com.
[root@ns1 named]# named-checkconf
[root@ns1 named]# named-checkzone zander.com /var/named/zander.com.zone
[root@ns1 named]# named-checkzone 1.168.192.in-addr.arpa 192.168.1.zone
[root@ns1 named]# rndc reload4、從節點重啟
[root@ns1 slaves]# systemctl restart named
[root@ns1 slaves]# ls
192.168.1.zone zander.com.zone5、從各自節點測試
[root@ns1 slaves]# dig -t A www.zander.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33358
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zander.com. IN A
;; ANSWER SECTION:
www.zander.com. 3600 IN A 192.168.1.106
;; AUTHORITY SECTION:
zander.com. 3600 IN NS ns2.zander.com.
zander.com. 3600 IN NS ns1.zander.com.
;; ADDITIONAL SECTION:
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
;; Query time: 0 msec
;; SERVER: 192.168.1.114#53(192.168.1.114)
;; WHEN: 五 5月 11 14:19:22 CST 2018
;; MSG SIZE rcvd: 127
# 從節點
[root@ns1 slaves]# dig -x 192.168.1.106
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.1.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
106.1.168.192.in-addr.arpa. 3600 IN PTR mx1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR pop3.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR ns1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR www.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR bbs.zander.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS ns1.zander.com.
1.168.192.in-addr.arpa. 3600 IN NS ns2.zander.com.
;; ADDITIONAL SECTION:
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
;; Query time: 0 msec
;; SERVER: 192.168.1.114#53(192.168.1.114)
;; WHEN: 五 5月 11 14:24:50 CST 2018
;; MSG SIZE rcvd: 2206、在主節點添加一條記錄
[root@ns1 named]# vim /var/named/zander.com.zone
pop3 IN A 192.168.1.106
更新序列號
[root@node1 named]# named-checkconf
[root@ns1 named]# rndc reload7、從服務器查看
[root@ns1 slaves]# dig -t A pop3.zander.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A pop3.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42653
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pop3.zander.com. IN A
;; ANSWER SECTION:
pop3.zander.com. 3600 IN A 192.168.1.106
.....8、模擬測試區域傳送
#從主的地方拉
[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.102
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr zander.com @192.168.1.102
;; global options: +cmd
zander.com. 3600 IN SOA zander.com. admin.zander.com. 20180530 3600 600 259200 86400
zander.com. 3600 IN NS ns1.zander.com.
zander.com. 3600 IN NS ns2.zander.com.
bbs.zander.com. 3600 IN A 192.168.1.103
bbs.zander.com. 3600 IN A 192.168.1.106
mx1.zander.com. 3600 IN A 192.168.1.106
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
ops.zander.com. 3600 IN NS ns2.ops.zander.com.
ops.zander.com. 3600 IN MX 10 mx1.zander.com.
ns2.ops.zander.com. 3600 IN A 192.168.1.125
pop3.zander.com. 3600 IN A 192.168.1.106
web.zander.com. 3600 IN CNAME www.zander.com.
www.zander.com. 3600 IN A 192.168.1.106
zander.com. 3600 IN SOA zander.com. admin.zander.com. 20180530 3600 600 259200 86400
;; Query time: 1 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: 五 5月 11 14:26:51 CST 2018
;; XFR size: 15 records (messages 1, bytes 343)
#從 從節點拉,因為從節點關閉拉節點傳輸功能
[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.104
^C[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.114
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr zander.com @192.168.1.114
;; global options: +cmd
; Transfer failed.子域配置 轉發
1、主節點
[root@ns1 named]# vim /etc/named.conf
acl allow_querys {
any; #配置查詢白名單
};
[root@ns1 named]# vim zander.com.zone
ops.zander.com. IN NS ns2.ops.zander.com.
ns2.ops.zander.com. IN A 192.168.1.125
修改序列號
[root@ns1 named]# named-checkconf
[root@ns1 named]# rndc reload2、子節點配置
[root@localhost named]# vim /etc/named.conf
acl allow_querys {
any;
};
acl allow_transfers {
none;
};
acl allow_recursions {
any;
};
acl allow_updates {
none;
};
options {
listen-on port 53 { 192.168.1.125; };
allow-query { allow_querys; };
rallow-recursion { allow_recursions; };
}
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "ops.zander.com" IN {
type master;
file "ops.zander.com.zone";
allow-update { allow_updates; };
allow-transfer { allow_transfers; };
};
#子域轉發父域
zone "zander.com" IN {
type forward;
forward only;
forwarders { 192.168.1.102; 192.168.1.114; };
};
[root@localhost named]# cd /var/named/
[root@localhost named]# vim ops.zander.com.zone
$TTL 3600
$ORIGIN ops.zander.com.
@ IN SOA ops.zander.com. admin.ops.zander.com. (
20180512
1H
10M
3D
1D)
IN NS ns1
ns1 IN A 192.168.1.125
www IN A 192.168.1.125
[root@localhost named]# chgrp named ops.zander.com.zone
[root@localhost named]# chmod o= ops.zander.com.zone
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone ops.zander.com ops.zander.com.zone
[root@localhost named]# systemctl restart named3、測試
#子域自測
[root@localhost named]# host -t A www.ops.zander.com
www.ops.zander.com has address 192.168.1.125
#子域轉發到父域
[root@localhost named]# host -t A www.zander.com
www.zander.com has address 192.168.1.106
#父域解析子域
[root@ns1 named]# host -t A www.ops.zander.com
www.ops.zander.com has address 192.168.1.125
[root@ns1 named]# dig -t A www.ops.zander.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.ops.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55064
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ops.zander.com. IN A
;; ANSWER SECTION:
www.ops.zander.com. 3591 IN A 192.168.1.125
;; AUTHORITY SECTION:
ops.zander.com. 3591 IN NS ns1.ops.zander.com.
;; ADDITIONAL SECTION:
ns1.ops.zander.com. 3591 IN A 192.168.1.125
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Fri May 11 13:35:51 EDT 2018
;; MSG SIZE rcvd: 97測壓
測壓使用queryperf工具,rpm默認沒編譯
1、安裝
[root@ns1 ~]# wget http://ftp.isc.org/isc/bind9/9.9.4/bind-9.9.4.tar.gz
[root@ns1 ~]# tar xf bind-9.9.4.tar.gz
[root@ns1 ~]# cd bind-9.9.4/contrib/queryperf/
[root@ns1 queryperf]# sh configure
[root@ns1 queryperf]# make
[root@ns1 queryperf]# ls
config.h config.log configure input Makefile.in queryperf queryperf.o README
config.h.in config.status configure.in Makefile missing queryperf.c querytest.txt utils2、解析條目
[root@ns1 queryperf]# vim querytest.txt
www.baidu.com A
www.163.com A
www.taobao.com A
www.zander.com A
bbs.zander.com A
www.ops.zander.com A
#復制2w行3、測壓
[root@ns1 queryperf]# wc -l querytest.txt
23646 querytest.txt
[root@ns1 queryperf]# ./queryperf -d querytest.txt -s 192.168.1.102
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 192.168.1.102)
[Timeout] Query timed out: msg id 146
[Timeout] Query timed out: msg id 147
[Timeout] Query timed out: msg id 149
[Timeout] Query timed out: msg id 150
[Timeout] Query timed out: msg id 151
[Timeout] Query timed out: msg id 152
[Timeout] Query timed out: msg id 153
[Timeout] Query timed out: msg id 167
[Timeout] Query timed out: msg id 171
[Timeout] Query timed out: msg id 176
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 23646 queries #發送個數
Queries completed: 23646 queries #成功
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.012205 sec
RTT min: 0.000022 sec
RTT average: 0.000239 sec
RTT std deviation: 0.000275 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Fri May 11 14:01:27 2018
Finished at: Fri May 11 14:01:32 2018
Ran for: 5.009058 seconds
Queries per second: 4720.648074 qps #每秒執行Linux dns服務器介紹