############################# dns服务器部署 ###############################
?1.关于dns的名词解释
dns:
domain name service(域名解析服务)#关于客户端:#
/etc/resolv.conf?? ?##dns指向文件
nameserver 172.25.254.121#测试:
host www.baidu.com?? ?????????????? #地址解析命令
dig www.baidu.com?? ???????????????? #地址详细解析信息命令
A记录?? ??? ???? ????????????????????????? #ip地址叫做域名的Address 记录
SOA?? ??? ??? ???????????????????????????? #授权起始主机
www .? baidu .? com? .
三级??? 二级???? 顶级? 根
dns顶级
.? 13
次级
.com .net .edu .org ....baidu.com
#关于服务端#
bind?? ??? ?????????????????????????????????#安装包
named?? ??? ???????????????????????????? #服务名称
/etc/named.conf??? ?????????????????? #主配置文件
/var/named??? ????????????????????????? #数据目录
端口?? ??? ?????????????????????????????????#53关于报错信息:
1.no servers could be reached?? ?????????#服务无法访问(服务开启?火墙?网络?端口?)
2.服务启动失败?? ??? ??? ???????????????????? #配置文件写错 journalctl -xe查询错误
3.dig 查询状态
NOERROR?? ??? ??? ??? ?????????????????????? #表示查询成功
REFUSED?? ??? ??? ???? ????????????????????? #服务拒绝访问
SERVFAIL?? ??? ???? ????????????????????????? #查询记录失败,(dns服务器无法到达上级,拒绝缓存)
NXDOMAIN?? ??? ???? ????????????????????????#此域名A记录在dns中不存在
2 .dns服务的安装与启用
安装
dnf install bind.x86_64 -y启用
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --now --add-masquerade
firewall-cmd --reload
?
?
vim /etc/named.conf
11???????? listen-on port 53 { any; };?? ??? ?#在本地所有网络接口上开启53端口
19???????? allow-query???? { any; };?? ??? ? ? #允许查询A记录的客户端列表,允许查询IP域名的客户端列表
34???????? dnssec-validation no;?? ??? ? ? ? #禁用dns检测使dns能够缓存外部信息到本机?
?
?
systemctl restart named
3 .高速缓存dns
vim /etc/named.conf
主机中设置
20???????? forwarders { 114.114.114.114; };???? #当询问网址时,如果主机端没有数据,使主机不去访问上一级,而是去访问私有的DNS,当多个服务器都设置主机的DNS时,第一个客户端需要读取数据访问慢,后续其他的客户端不需要读取,访问快
服务端:
设置网关和nameserver
?
4.dns的正向解析?
vim /etc/named.conf
#forwarders {114.114.114.114;};???????????????? #把原先主机中设置的私有DNS注释掉
vim /etc/named.rfc1912.zones
zone "westos.org" IN {?? ??? ??? ??? ?????????????? #维护的域名
??????? type master;?? ??? ??? ??? ???????????????????? #当前服务器位主dns
??????? file "westos.org.zone";?? ??? ??? ??????? ?? #域名A记录文件
??????? allow-update { none; };?? ??? ??? ?????????? #允许更新主机列表
};?
?
?
?
cd /var/named/
cp -p named.localhost? westos.org.zone?????????? #注意复制权限
vim /var/named/westos.org.zone
$TTL 1D?? ??? ?#ME-TO-LIVE(dns地址保存时间长度)
@?????? IN SOA? dns.westos.org. root.westos.org (?? ?#SOA授权起始(Start of Authority)
??????????????????????????????????????? 0?????? ; serial?? ?????????#域名版本序列号
??????????????????????????????????????? 1D????? ; refresh?? ?? ?? #刷新时间(辅助dns)
??????????????????????????????????????? 1H????? ; retry?? ??? ???? #重试时间(辅助dns)
??????????????????????????????????????? 1W????? ; expire?? ????? #过期时间(辅助dns,查询失败过期停止对辅助域名的应答)
??????????????????????????????????????? 3H )??? ; minimum?? ?#A记录最短有效期
????????????? ? ? ? ?? NS??? ? ? dns.westos.org.
dns?????? ? ? ?? ???? A??? ? ?? 172.25.254.221
www????????? ? ?? ? CNAME? ??? ? westos.a.westos.com. ? ??? ??????? #规范域名
westos.a????? ? ?? A????? ?? 192.168.0.111?? ??? ????? ? ? #正向解析记录
westos.a????? ? ?? A???????? 192.168.0.112?? ??? ??? ?
westos.com.???? MX 1??? 172.25.254.121. ? ??? ??????? #邮件解析记录?
?
?
?
?
?
?
?
?
systemctl restart named
?
dig www.westos.org?? ?????????????????????????????????? ? ?? #查询正向解析
?5.dns的反向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
?? ?type master;
?? ?file "172.25.254.ptr";
?? ?allow-update { none; };
};cd /var/named/
cp -p named.loopback 172.25.254.ptrvim 172.25.254.ptr
$TTL 1D
@?? ?IN SOA?? ?dns.westos.org. root.westos.org. (
?? ??? ??? ??? ??? ?0?? ?? ; serial
?? ??? ??? ??? ??? ?1D?? ?; refresh
?? ??? ??? ??? ??? ?1H?? ?; retry
?? ??? ??? ??? ??? ?1W?? ; expire
?? ??? ??? ??? ??? ?3H )? ; minimum
?? ?NS?? ?dns.westos.org.
dns?? ?A?? ?172.25.254.121
121?? ?PTR?? ?mail.westos.org.systemctl restart named
测试:
dig -x 172.25.254.121
?
?
?
?
6.dns的双向解析?
实验环境:
客户端2台
1.1.1.网段?? ???? ????????#ifconfig ens160 1.1.1.221 netmask 255.255.255.0
172.25.254网段 ?? ??? #ifconfig ens160 172.25.2541.221 netmask 255.255.255.0服务端1台2个网段的ip
1.1.1.121?? ???? ????????#ifconfig ens160 1.1.1.121 netmask 255.255.255.0
172.25.254.121?? ??? #ifconfig ens160 172.25.254.121 netmask 255.255.255.0
在1.1.1.0网段的客户主机中
vim /etc/resolv.conf
nameserver 1.1.1.121在172.25.254网段的客户主机中
vim /etc/resolv.conf
nameserver 172.25.254.121配置方式:
cd /var/named/
cp -p westos.org.zone westos.com.inter
vim westos.com.inter
$TTL 1D
@?? ?IN SOA?? ?dns.westos.com. root.westos.com. (
?? ??? ??? ??? ??? ?0?? ?; serial
?? ??? ??? ??? ??? ?1D?? ?; refresh
?? ??? ??? ??? ??? ?1H?? ?; retry
?? ??? ??? ??? ??? ?1W?? ?; expire
?? ??? ??? ??? ??? ?3H )?? ?; minimum
?? ??? ?????????????????NS?? ?????????dns.westos.com.
dns?? ??? ? ?????????? A?? ????????? 1.1.1.121
www?? ??? ?????????? CNAME?? ?westos.a.westos.com.
westos.a?? ?????????A???????? ??? 1.1.1.111
westos.a?? ?????????A?? ????????? 1.1.1.112
westos.com.?? ?MX 1?? ?????? 1.1.1.121.?? ?#mail exchangercp -p /etc/named.rfc1912.zones? /etc/named.rfc1912.inters
vim /etc/named.rfc1912.inters
zone "westos.com" IN {
?? ?type master;
?? ?file "westos.com.inter";
?? ?allow-update { none; };
};vim /etc/named.conf
#zone "." IN {
##?????? type hint;
##?????? file "named.ca";
##};
#
##include "/etc/named.rfc1912.zones";
##include "/etc/named.root.key";
view localnet {
??????? match-clients { 1.1.1.0/24; };
??????? zone "." IN {
??????????????? type hint;
??????????????? file "named.ca";
??????? };
??????? include "/etc/named.rfc1912.inters";
};view anyone {
??????? match-clients { any; };
??????? zone "." IN {
??????????????? type hint;
??????????????? file "named.ca";
??????? };
??????? include "/etc/named.rfc1912.zones";
};
???? ?
systemctl restart named测试:
分别在2个网段的主机中作同样域名的地址解析
得到的A记录不同?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
