目录
解析流程
相关知识点
服务搭建
服务器端
客户端
DNS 主从同步
解析流程
以访问 www.baidu.com 为例子
1. 客户端首先查看本地 hosts 文件是否存在对应 ip
2. 如果没有, 则向 / etc/resolv.conf 文件中指定的 DNS 解析服务器发起查询请求
3.DNS 服务器首先查看自己本地有没有用缓存, 有就直接返回给客户端, 没有就向根域服务发起请求
4. 根域服务器收到请求后, 告诉 DNS 服务器去它下面的 com 域去查询
5.com 域服务器收到请求后, 让 DNS 服务器去它下面的 baidu.com 去找
6.baidu.com 服务器收到请求后, 发现确实有 www 主机的 ip, 于是将对应的 ip 地址返回给 DNS 服务器
7.DNS 服务器收到对应的 ip 地址后, 自己缓存一份, 然后发给客户端
8. 客户端再拿这个 ip 地址去访问 www.baidu.com
相关知识点
资源记录类型
SOA 指明起始授权机构, 设置超时时间等
NS 标识哪台服务器是 DNS 服务器
A 存储域内主机名对应的 IP 地址
PTR 存储 IP 地址对应的主机名
MX 域邮件服务器
CNAME 主机别名
服务搭建
服务器端
1. 首先关闭 selinux,iptables
- setenfore 0
- systemctl stop firewalld
上面是临时关闭, 永久关闭如下:
sed -ir 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config source /etc/selinux/config systemctl disable firewalld
2. 编辑 /etc/named.conf 文件
listen-on port 53 { any; };# 监听地址和端口 allow-query { any; }; #允许来解析的主机 dnssec-enable no;# 关闭 dns 安全检查
3. 修改 / etc/named.rfc1912.zones 定义正反解解区域, 增加以下内容
# 正解 zone "pl.com" IN { type master; file "named.pl.com"; } # 反解 zone "139.168.192.in-addr.arpa" IN { type master; file "named.192.168.139"; };
4. 创建正解文件 / var/named/named.pl.com, 反解文件 / var/named/named.192.168.139 切记一定要修改所有者及所属组!!!
[root@controller /var/named]# VIM named.pl.com $TTL 1D @ IN SOA dns.pl.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS dns.pl.com. dns.pl.com. IN A 192.168.139.105 www.pl.com. IN A 192.168.139.106 [root@controller /var/named]# VIM named.192.168.139 $TTL 1D @ IN SOA dns.pl.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS dns.pl.com. 105 IN PTR dns.pl.com. 106 IN PTR www.pl.com. [root@controller /var/named]# chown named.named named.pl.com named.192.168.139
5. 重启服务即可
systemctl restart named
客户端
1. 用 dig 命令测试
# 正解 [root@controller /var/named]# dig dns.pl.com @192.168.139.105 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> dns.pl.com @192.168.139.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34409 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dns.pl.com. IN A ;; ANSWER SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; AUTHORITY SECTION: pl.com. 86400 IN NS dns.pl.com. ;; Query time: 0 msec ;; SERVER: 192.168.139.105#53(192.168.139.105) ;; WHEN: Wed Feb 20 22:13:17 CST 2019 ;; MSG SIZE rcvd: 69 # 反解 [root@controller /var/named]# dig -x 192.168.139.106 @192.168.139.105 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.139.106 @192.168.139.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34174 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;106.139.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 106.139.168.192.in-addr.arpa. 86400 IN PTR www.pl.com. ;; AUTHORITY SECTION: 139.168.192.in-addr.arpa. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 0 msec ;; SERVER: 192.168.139.105#53(192.168.139.105) ;; WHEN: Wed Feb 20 22:27:57 CST 2019 ;; MSG SIZE rcvd: 115
2. 永久指定 DNS 服务器, 则修改 / etc/resolv.conf 文件
[root@node1 ~]# VIM /etc/resolv.conf nameserver 192.168.139.105
DNS 主从同步
1. 在主服务器上修改定义的正反区域, 如下
[root@controller /var/named]# VIM /etc/named.rfc1912.zones zone "pl.com" IN { type master; file "named.pl.com"; allow_transfer { 192.168.139.106; }; }; zone "139.168.192.in-addr.arpa" IN { type master; file "named.192.168.139"; allow_transfer { 192.168.139.106; }; };
2. 将从服务器的 NS 记录加到正反解文件中
[root@controller /var/named]# VIM named.pl.com $TTL 1D @ IN SOA dns.pl.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS dns.pl.com. @ IN NS dns1.pl.com dns.pl.com. IN A 192.168.139.105 www.pl.com. IN A 192.168.139.106 [root@controller /var/named]# VIM named.192.168.139 $TTL 1D @ IN SOA dns.pl.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS dns.pl.com. @ IN NS dns1.pl.com 105 IN PTR dns.pl.com. 106 IN PTR www.pl.com.
3. 从服务器配置
1. 修改 / etc/named.conf 与主一致
listen-on port 53 { any; };# 监听地址和端口 allow-query { any; }; #允许来解析的主机 dnssec-enable no;# 关闭 dns 安全检查
2. 修改定义区域与主服务器一致, type 为 slave ,file 放在 slaves 目录下, 正反解无需自己创建, 重启服务后会自动生成
zone "pl.com" IN { type slave; file "slaves/named.pl.com"; masters { 192.168.139.105; } ; }; zone "139.168.192.in-addr.arpa" IN { type slave; file "slaves/named.192.168.139"; masters { 192.168.139.105; } ; };
3. 重启服务即可
systemctl restart named
4. 测试
# 可以看到 / var/named/slaves 自动生成了两个与主服务器一样的正反解文件 [root@node1 /var/named/slaves]# ls named.192.168.139 named.pl.com # 用 dig 命令指定从服务器, 测试成功 # 正解 [root@controller /var/named]# dig www.pl.com @192.168.139.106 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.pl.com @192.168.139.106 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3356 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.pl.com. IN A ;; ANSWER SECTION: www.pl.com. 86400 IN A 192.168.139.106 ;; AUTHORITY SECTION: pl.com. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 3 msec ;; SERVER: 192.168.139.106#53(192.168.139.106) ;; WHEN: Wed Feb 20 22:54:48 CST 2019 ;; MSG SIZE rcvd: 89 # 反解 [root@controller /var/named]# dig -x 192.168.139.106 @192.168.139.106 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.139.106 @192.168.139.106 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42659 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;106.139.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 106.139.168.192.in-addr.arpa. 86400 IN PTR www.pl.com. ;; AUTHORITY SECTION: 139.168.192.in-addr.arpa. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 0 msec ;; SERVER: 192.168.139.106#53(192.168.139.106) ;; WHEN: Wed Feb 20 22:48:51 CST 2019 ;; MSG SIZE rcvd: 115
每次主服务器正反解有修改,都要更改设置的序列号 serial,并且主从服务器都需要重启 named 服务,从服务器才能同步 |
来源: https://www.cnblogs.com/fllf/p/10416431.html