DNS服務之DNS正反向解析
阿新 • • 發佈:2019-04-23
ice addition oba loopback rfc 數據庫 pseudo com 應用 DNS服務之DNS正反向解析
作用:解析域名服務,用來解析互聯網中的域名,是基於應用層的協議
安裝
bind:服務端工具包,以named賬號來運行此軟件
bind-utils:客戶端工具包
配置文件詳解:
/etc/named.conf ##全局配置文件
/etc/named.rfc1912.zones ##指定區域配置文件
options { listen-on port 53 { 127.0.0.1; }; ##指定IP和端口與主機進行綁定 listen-on-v6 port 53 { ::1; }; ##指定的Ipv6的地址 directory "/var/named"; ##數據庫文件的所在位置 dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; }; ##限制查詢的主機
配置正反向解析
編輯/etc/named.conf,配置所有的主機都可以進行解析
options { listen-on port 53 { any; }; ##配置改主機所有ip可以提供解析服務 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; ##配置所有主機可以查詢
編輯/etc/named.rfc1912.zones,把所有配置刪除,並加入如下配置
zone "sunwukong.com" IN { ##指定要解析的域
type master; ##類型為主服務
file "suwukong.zone"; ##指解析域的文件名
};
zone "1.168.192.in-addr.arpa" IN { ##指定反向解析域
type master;
file "kongwusun.zone"; ##指定反向解析域的文件名
};
配置完成後可用named-checkconf來檢查配置文件是否存在語法錯誤
配置解析域的文件:
解析域文件的所在位置是/var/named,首先要進入此文件夾中,在其中有對應的模板,可以對照著模板進行改動。
[[email protected] ~] cd /var/named/
[[email protected] named] cp -p named.localhost sunwukong.zone ##拷貝正向解析文件模板,且文件名要和區域配置的文件名一樣
[[email protected] named] cp -p named.loopback kongwusun.zone ##拷貝方向區域模板
配置解析域文件:
$TTL 1D
@ IN SOA ns1.suwukong.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1
ns1 A 192.168.1.19
ftp A 192.168.1.20
smb A 192.168.1.21
反向解析域文件:
$TTL 1D
@ IN SOA ns1.sunwukong.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.sunwukong.com.
19 PTR ns1.sunwukong.com.
20 PTR ftp.sunwukong.com.
21 PTR smb.sunwukong.com.
用named-checkzone檢查配置文件是否存在錯誤
[[email protected] named] named-checkzone sunwukong.com sunwukong.zone ##檢查正向解析文件
zone sunwukong.com/IN: loaded serial 0
OK
[[email protected] named] named-checkzone 1.168.192.in-addr.arpa kongwusun.zone ##檢查方向配置文件是否存在錯誤
zone 1.168.192.in-addr.arpa/IN: loaded serial 0
OK
都檢查無誤後,即可啟動服務,如果沒有任何錯誤,則啟動服務時沒有任何提示(僅限centos7,centos6上啟動服務成功後會有成功的提示)
systemctl start named ##centos7上啟動
service start named ##centos6上啟動
測試域名解析是否生效:
可以用多個命令來進行域名解析,如nslookup,host,dig等,下面用dig命令來演示DNS的解析服務
1,檢查sunwukong.com域的ns
[[email protected] named]# dig -t ns sunwukong.com @192.168.1.19
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t ns sunwukong.com @192.168.1.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14217
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sunwukong.com. IN NS
;; ANSWER SECTION:
sunwukong.com. 86400 IN NS ns1.sunwukong.com. ##查詢到的ns記錄
;; ADDITIONAL SECTION:
ns1.sunwukong.com. 86400 IN A 192.168.1.19 ##查詢到的ns記錄的IP地址
;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Mon Apr 22 22:35:43 EDT 2019
;; MSG SIZE rcvd: 76
2,查詢ftp.sunwukong.com的IP地址
[[email protected] named]# dig -t A ftp.sunwukong.com @192.168.1.19
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A ftp.sunwukong.com @192.168.1.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36554
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.sunwukong.com. IN A
;; ANSWER SECTION:
ftp.sunwukong.com. 86400 IN A 192.168.1.20 ##查詢到的IP地址
;; AUTHORITY SECTION:
sunwukong.com. 86400 IN NS ns1.sunwukong.com.
;; ADDITIONAL SECTION:
ns1.sunwukong.com. 86400 IN A 192.168.1.19
;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Mon Apr 22 22:54:42 EDT 2019
;; MSG SIZE rcvd: 96
3,查詢反向域的ns的域名
[[email protected] named]# dig -x 192.168.1.19 @192.168.1.19
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -x 192.168.1.19 @192.168.1.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6464
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;19.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
19.1.168.192.in-addr.arpa. 86400 IN PTR ns1.sunwukong.com. ##查詢到反向域的ns的域名
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS ns1.sunwukong.com.
;; ADDITIONAL SECTION:
ns1.sunwukong.com. 86400 IN A 192.168.1.19
;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Mon Apr 22 22:59:25 EDT 2019
;; MSG SIZE rcvd: 115
4,查詢方向域中對應的域名
[[email protected] named]# dig -x 192.168.1.20 @192.168.1.19
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -x 192.168.1.20 @192.168.1.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52555
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;20.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
20.1.168.192.in-addr.arpa. 86400 IN PTR ftp.sunwukong.com. ##查詢到IP地址的域名
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS ns1.sunwukong.com.
;; ADDITIONAL SECTION:
ns1.sunwukong.com. 86400 IN A 192.168.1.19
;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Mon Apr 22 23:24:55 EDT 2019
;; MSG SIZE rcvd: 119
擴展:指定某一臺主機,或某個網段可以查詢
指定某臺主機查詢:
編輯配置文件/etc/named.conf,指定可查詢的主機的IP地址
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { 192.168.1.35; }; ##指定主機IP
重啟服務,並用192.168.1.35的主機進行測試
[[email protected] named]# dig -t A ftp.sunwukong.com @192.168.1.19
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A ftp.sunwukong.com @192.168.1.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 249
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.sunwukong.com. IN A
;; ANSWER SECTION:
ftp.sunwukong.com. 86400 IN A 192.168.1.20
;; AUTHORITY SECTION:
sunwukong.com. 86400 IN NS ns1.sunwukong.com.
;; ADDITIONAL SECTION:
ns1.sunwukong.com. 86400 IN A 192.168.1.19
;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Mon Apr 22 23:31:19 EDT 2019
;; MSG SIZE rcvd: 96
從結果中看到該主機可以查詢,那麽用主機IP為192.168.1.20的進行查詢,看是否能夠查詢成功
[[email protected] ~]# dig -t A ftp.sunwukong.com @192.168.1.19
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A ftp.sunwukong.com @192.168.1.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 36738
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.sunwukong.com. IN A
;; Query time: 2 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Mon Apr 22 23:33:41 EDT 2019
;; MSG SIZE rcvd: 46
指定某個網段可以查詢:
編輯配置文件/etc/named.conf,指定可查詢的網段
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { 192.168.1.1/24; }; ##指定可查詢的網段
改動配置文件後重啟服務,拿剛才無法查詢,IP為192.168.1.20的主機進行測試,看能否查詢
[[email protected] ~]# dig -t A ftp.sunwukong.com @192.168.1.19
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A ftp.sunwukong.com @192.168.1.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16118
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.sunwukong.com. IN A
;; ANSWER SECTION:
ftp.sunwukong.com. 86400 IN A 192.168.1.20 ##查看該域名的IP地址
;; AUTHORITY SECTION:
sunwukong.com. 86400 IN NS ns1.sunwukong.com.
;; ADDITIONAL SECTION:
ns1.sunwukong.com. 86400 IN A 192.168.1.19
;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Mon Apr 22 23:36:17 EDT 2019
;; MSG SIZE rcvd: 96
DNS服務之DNS正反向解析