DNS:域名解析,BIND:Berkeley Internet Name Domain
SSL/TLS:http-->https,OpenSSl,CA,Digital Certificate,PKI
HTTP:HTTP协议,Apache,LAMP,Nginx(Engine X),LNMP(LEMP),MySQL,PHP,varnish(缓存服务器)
CND:DNS(View智能化DNS),varnish内容分发网络
File Server:NFS、SMB/CIFS、FTP
Netfilter:网络过滤器 iptables(filter,nat,mangle,raw)、tcp wrapper
NSSwitch:framework(框架),platform(平台),网络服务转换,名称服务转换,定义软件在实现名称解析的时候到什么地方来实现查找用户名称,PAM:可插入式认证模块;
SMTP/POP3/IMAP4:Mail Server
SELinux:Security Enhanced Linux安全加强Linux
C2-->SELinux--B1
MySQL:
DNS:Domain Name Service
域名:www.magedu.com(主机名,FQDN:Full Qualified Domain Name, 完全限定域名)
DNS:名称解析,Name Resolving 名称转换 (背后有查询过程,数据库)
FQDN<-->IP
172.16.0.1 www.magedu.com.
172.16.0.2 mail.magedu.com.
用户名:
swswitch:名称解析平台,并不负责实际上的名称解析;
libnss_files.so
libnss_dns.so
/etc/nsswitch.conf
hosts: files dns
file:/etc/hosts:
dns:DNS
stub resolver:名称解析器
ping www.magedu.com
hosts:
IPADDR FQDN Ailases
172.16.0.1 www.magedu.com www
A --> D
hosts
1、周期性任务
2、Server,Server
1KW
3、分布式数据库
IANA:互联网地址名称分配机构,IP,FQDN
ftp:hosts
ICANN:
TLD:Top Level Domain顶级域,一级域
组织域:.com,.org,.net,.cc
国家域:.cn,.tw,.hk,.iq,ir,jp
反向域:IP-->FQDN
反向:IP-->FQDN
正向:FQDN-->Ip
DNS查找方式:
递归:类似代理服务器,无论,我就问你了,无论如何得给我答案,根不给任何人递归;
迭代:类似重定向服务器,请求者最终要发出多次请求才能找到最终答案;
互联网的查询其实是两段的,对于客户端来讲是递归的,对于缓存服务器来讲是迭代的;
缓存服务的答案是非权威答案,非权威答案会出现错误,直接上级是权威答案,直接上级知道缓存多长时间,直接上级告诉缓存服务器缓存多长时间,每个服务在返回答案,还会返回超时时间,缓存时间越长直接上级服务器越空闲,缓存时间取决于变化频率;
查询模型:
内部主机查询外部主机
外部主机查询内部主机
内部主机查询内部主机
一台服务器可以给多个域解析,
IP-->FQDN:一个IP多个名字,一个FQDN管理多个域
FQDN-->IP:一个名字多个IP,轮流返回IP,应用负载均衡;
www.magedu.com. IP1
查询:
递归:直发出一次请求
迭代:发出多次请求
解析:
正向:FQDN-->IP
反向:IP-->FQDN
两段式:递归,迭代
DNS:分布式数据库
上级仅知道其直接下级;
下家只知道根的位置;
DNS服务器:
接收本地服务器客户端查询请求(递归)
外部客户端请求;请求权威答案
肯定答案:TTL
否定答案:TTL
外部客户端请求:非权威答案
[root@client ~]# cat /etc/passwd(查看/etc/passwd文件内容) root(用户名):x(密码占位符):0(uid):0(gid):root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin Smoke:x:500:500:Smoke:/home/Smoke:/bin/bash hadoop:x:501:501::/home/hadoop:/bin/bash oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin tom:x:502:502::/home/tom:/bin/csh jerry:x:503:503::/home/jerry:/bin/bash haddop:x:504:504::/home/haddop:/bin/bash 提示:/etc/passwd文件就是个数据库; [root@client ~]# vim /etc/resolv.conf(编辑dns设置配置文件) search localdomain nameserver 192.168.223.2 提示:这里的DNS服务器一定是允许递归的服务器;
全球根服务器一共有13台,这些根服务器大部分都在美国,日本1台,欧洲1台;
a.root-server.net-m.root-server.net:13台根服务器
DNS服务器类型:
主DNS服务器:数据修改;
辅助DNS服务器:请求数据同步;
serial number:主DNS服务器数据版本号;
refresh:刷新时间,每隔多长时间辅助DNS服务器检查一次主DNS服务器版本号;
retry:重试时间,小于refresh时间;
expire:过期时间;
nagative ansver TTL:否定答案缓存时长;
缓存DNS服务器:不负责任任何权威答案,只提供缓存;
转发器:不缓存,只转发请求;
推送:主DNS服务器主动推送数据更新给辅助DNS服务器;
拉取:辅助DNS服务器每隔一段时间检查主DNS服务器数据,如果有更新拉取更新到本地;
辅助DNS服务器数据同步:
每隔一段时间定期到主DNS服务器请求,比较数据文件有没有不同,改了,就把改的内容请求过来,没改就继续等待下次检查;
主DNS服务器挂掉,服务DNS服务器会每隔一段是时间来检查,如果在有效期内得不到回复,辅助DNS服务器会自杀;
数据库中的,每一个条目,资源记录(Resource Record,RR)
资源记录的格式:
TTL(全局定义TTL值) 600;
NAME(名称) {TTL}(可省略,如果所有TTL值都一样可以在全局定义TTL值) IN(internet) RRT(资源记录类型) VALUE(数据)
www.magedu.com.(.点必须写) IN A(A类型) 1.1.1.1
1.1.1.1 IN PTR(反向解析) www.magedu.com(FQDN)
资源记录类型:
SOA(Start Of Authority):起始授权记录,用于标明一个区域内部主从服务器之间如何同步数据,以及起始授权对象是谁的,必须出现区域数据的第一条,用于标明本区域内多个DNS服务器彼此之间是如何完成数据同步的;
ZONE NAME(区域) TTL IN SOA(资源记录类型) FQDN(起始授权主机,一般是主DNS服务器地址) ADMINISTRATOR_MAILBOX(邮箱地址)(五个属性)
serial number(主DNS服务器数据版本号)
refresh(刷新时间,每隔多长时间辅助DNS服务器检查一次主DNS服务器版本号)
retry(重试时间,小于refresh时间)
expire(过期时间)
na ttl(否定答案缓存时长)
时间单位:M(分钟)、H(小时)、D(天)、W(周),默认单位是秒
邮箱格式:admin@magedu.com -写为-> admin.magedu.com, ADMINISTRATOR_MAILBOX不能使用@符号,@符号在资源记录文件中有特殊意义,@标识ZONE NAME表示当前区域的区域名,它是通配符,用来通配当前区域名称,所以不能使用@,需要把@改成.点;
magedu.com. 600 IN SOA ns1.magedu.com. admin.magedu.com.(
2013040101(版本号,最长不能超过10位);serial number(分号;后面代表注释)
1H(刷新时间)
5M(重试时间)
1W(过期时间)
1D(否定回答缓存时间)
magedu.com. 600 IN SOA ns1.magedu.com. admin.magedu.com.2013040101 1H 5M 1W 1D(可以不用换行)
NS(Name Server):ZONE NAME --> FQDN,从域名到主机名的格式,那个片,片长是那个人,主从在区域内部指定主从;
magedu.com.(片名) 600(TTL) IN (internet) NS(资源记录类型) ns1.magedu.com.(FQDN,主机名)
magedu.com. 600 IN NS ns2.magedu.com.
ns1.magedu.com. 600 IN A 1.1.1.2
ns2.magedu.com. 600 IN A 1.1.1.5
MX(Mail eXchangger邮件交换器):ZONE NAME --> FQDN,邮件服务器记录;
ZONE NAME(区域名称) TTL IN MX pri(优先级) VALUE(主机名)
优先级:0-99,数字越小级别越高,解决主从关系;
magedu.com. 600 IN MX 10 mai.magedu.com.
mail.magedu.com 600 IN A 1.1.1.3
A(address): FQDN-->IPv4(名称到IPv4地址解析)
AAAA: FQDN-->IPv6(名称到IPv6地址解析)
PTR(pointer):IP-->FQDN(指针记录,不区分IPv4和IPv6,根据IP地址查找主机名,目前是IPv4)
CNAME(Canonical NAME):FQDN-->FQDN,正式名称,用于标明一个FQDN另外一个名字是谁;
www.magedu.com. IN CNAME www.magedu.com.
TXT
CHAOS
SRV
域:Domain,逻辑概念
区域:Zone,物理概念
.com
magedu.com. IN NS ns.magedu.com.
ns.magedu.com. IN A 192.168.0.10
magedu.com. 192.168.0.0/24
www 192.168.0.1
mail 192.168.0.2, MX
建立两个区域文件:
正向区域文件:
magedu.com. IN SOA
www.magedu.com. IN A 192.168.0.1
简写为:简写主机名不能加.点;
www IN A 192.168.0.1
反向区域文件:
0.168.192.in-addr.arpa. IN SOA
1.0.168.192.in-addr.arpa. IN PRT www.magedu.com.(不能简写)
简写为:
1 N PTR www.magedu.com.
MX记录只能定义在正向区域当中,NS记录正向反向区域都可以定义,A记录只能定义在正向,PTR只能定义在反向;
区域传送的类型:
完全区域传送:axfr 传送所有的内容;
增量区域传送:ixfr 只传送改变的内容;
区域类型:传输数据的类型;
主区域:master 主DNS服务器
从区域:slave 从DNS服务器
提示区域:hint 指定根在什么地方
转发区域:forward 明确指定所要查询的域在什么地方
.com.
magedu.com.
DNS资源记录类型及意义:
SOA:起始授权记录
NS:名称服务器
MX:邮件交换器
CNAME:别名记录
A:FQDN-->IPv4
AAAA: FQDN-->IPv6
PTR:IP-->FQDN
递归:请求一次
迭代:请求多次,参考答案
DNS服务器类型:
主
辅助
缓存
转发器
ZONE DOMAIN
SOA:
mageedu.com 172.16.100.0/24
ns 172.16.100.1
www 172.16.100.1,172.16.100.3
mail 172.16.100.2
ftp www
DNS:BIND
Berkeley Internet Nam Domain
ISC:www.isc.org 互联网系统协会
bind97:服务器端
/etc/named.conf:主配置文件
BIND进程的工作属性
区域的定义
/etc/rndc.key
rndc:Remote Name Domain Controller 远程名称域控制器
密钥文件
配置信息:/etc/rndc.conf
/var/named/:区域数据文件目录,需要自己创建;
区域数据文件
/etc/rc.d/init.d/named:服务控制脚本
{start|stop|restart|status|reload(不重启服务重新加载配置文件)|configtest(测试配置文件是否有语法错误)}
二进制程序:named
bind-chroot:加强DNS服务器安全手段,用于将bind的工作环境限制在一个虚拟的根文件系统;
默认:named
用户:named
组:named
/var/named/chroot/
etc/named.conf
etc/rdnc.key
sbin/named
var/named/
缓存-->主-->从
named-checkconfig:检测配置文件命令
named-checkzone ZONENAME ZONEDATAFILE:检查区域配置文件命令,ZONENAME区域名称,ZONEDATAFILE区域数据文件;
dig:Domain Infomation Gropher 到域名服务器查找相关信息
DNS:
监听的协议及端口:
53/udp:默认情况查询过程,客户端发起的查询请求都是使用UDP协议,因为UDP协议速度快;
53/tdp:一般从服务器到主服务器传输数据的时候,为了保证数据的完整性可靠的传输会用到TCP;
953/tcp,rndc:远程名称域控制器
SOCKET:套接字
IP:PORT
C/S:Client/Server
127.0.0.1:53
172.16.100.1:53
192.168.0.13
192.168.0.12:53
172.16.100.1:53
0.0.0.0:53(所有地址的53号端口)
根区域:
zone "ZONE NAME"(区域名字) IN(关键字) {
type {master|slave|hint|forward};(区域类型,主、从、根、转发)
};
主区域:
file "区域数据文件";(如果是主区域需要通过file定义区域数据文件,这个数据文件路径相对于options全局选项directory指令所设置的目录参数而言)
从区域:
file "区域数据文件";(如果是从区域也需要通过files定义区域数据文件,不过它的数据文件不需要建立,需要同步)
masters { master1_ip; };(指定主DNS服务器IP地址,分号;结尾,花括号里面也需要加;分号,多个主DNS服务器,每个IP地址都需要加;分号,花括号前后要有空格)
临时性地关闭SELinux:
# getenforce:查看selinux当前状态
Enforcing(开启)
Permissive(自由,不受影响)
disable(关闭,更不受影响)
# setenforce 0:关闭selinux
# setenforce 1:启动selinux
永久关闭:
# vim /etc/selinux/config
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive(更改config文件中SELINUX变量)
dig -t RT NAME @IP:-t RT指定资源记录类型,NAME名称,@IP直接到网络上某个DNS服务器查找;
dig -t NS mageedu.com
dig -x IP:-x反向查询,根据IP查找FQDN,IP 查找IP地址的主机名;
host -t RT NAME:-t RT执行资源记录类型,NAME指定名称,查找某个名称的解析结果;
nslookup:交互式
nslookup>
server IP(设定DNS服务器IP地址,到那个DNS服务器查询)
set q=RT (设定资源记录类型)
NAME(所要查询的FQDN)
100.16.172.in-addr.arpa
godaddy.com:国外域名注册网站;
[root@Smoke ~]# ls /etc/yum.repos.d/(查看/etc/yum.repos.d目录文件及子目录)
redhat.repo rhel-debuginfo.repo smoke.repo
[root@Smoke ~]# cd !$(切换到/etc/yum.repos.d目录)
cd /etc/yum.repos.d/
[root@Smoke yum.repos.d]# wget ftp://172.16.0.1/pub/gls/server.repo(通过ftp服务器下载server.repo文件)
[root@Smoke yum.repos.d]# yum list all | grep "^bind"(显示所有yum源软件将结果送给管道只显示bind开头相关软件)
bind-libs.i386(子包) 30:9.3.6-20.P1.el5 installed(已安装,库文件)
bind-utils.i386(子包 30:9.3.6-20.P1.el5 installed(已安装,提供了DNS客户端工具)
bind.i386(主包) 30:9.3.6-20.P1.el5 Base
bind-chroot.i386(子包) 30:9.3.6-20.P1.el5 Base
bind-devel.i386 (子包) 30:9.3.6-20.P1.el5 Base
bind-libbind-devel.i386(子包) 30:9.3.6-20.P1.el5 Base
bind-sdb.i386(子包) 30:9.3.6-20.P1.el5 Base
bind97.i386(主包) 32:9.7.0-6.P2.el5_7.4 Base
bind97-chroot.i386(子包) 32:9.7.0-6.P2.el5_7.4 Base
bind97-devel.i386(子包,) 32:9.7.0-6.P2.el5_7.4 Base
bind97-libs.i386(子包) 32:9.7.0-6.P2.el5_7.4 Base
bind97-utils.i386(子包) 32:9.7.0-6.P2.el5_7.4 Base
提示:有两个系列,一个是bind,软件包版本是9.3.6的,另一个系列是bind97,软件包版本是9.7.0,RPM包有主包和子包;
[root@Smoke yum.repos.d]# rpm -ql bind-utils(查看bind-utils包安装了那些文件列表)
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
提示:dig、host、nslookup、nsupdate非常常用的DNS客户端命令行工具;
[root@Smoke yum.repos.d]# rpm -e bind-libs bind-utils(卸载bind-libs和bind-utils的RPM软件)
[root@Smoke yum.repos.d]# yum install -y bind97-libs bind97-utils(安装bind97-libs和bind97-utils的RPM软件包,所有询问回答yes)
[root@Smoke yum.repos.d]# rpm -qi bind97-devel(查看bind97-devel软件安装生成那些文件列表)
package bind97-devel is not installed
[root@Smoke yum.repos.d]# yum info bind97-devel(查看bind97-devel软件包的相关信息)
Loaded plugins: katello, product-id, security, subscription-manager
Updating certificate-based repositories.
Repository 'Cluster' is missing name in configuration, using id
Repository 'ClusterStorage' is missing name in configuration, using id
Unable to read consumer identity
Available Packages
Name : bind97-devel
Arch : i386
Epoch : 32
Version : 9.7.0
Release : 6.P2.el5_7.4
Size : 324 k
Repo : Base
Summary : Header files and libraries needed for BIND DNS development
URL : http://www.isc.org/products/BIND/
License : ISC
Description: The bind-devel package contains all the header files and libraries(bind-devel包含了头文件和库文件)
: required for development with ISC BIND 9 and BIND 8(针对bind9和bind8来实现二次开发的时候需要用到这些头文件和库文件)
提示:因此对我们运维工作人员不需要安装bind97-devel软件包,除非创建开发环境的时候;
[root@Smoke yum.repos.d]# cd(切换到用户家目录)
[root@Smoke ~]# yum list all | grep caching(查看yum源软件包列表将结果送给管道只显示包含caching字符串的软件)
caching-nameserver.i386 30:9.3.6-20.P1.el5 Base
[root@Smoke ~]# yum info caching-nameserver(查看caching-nameserver软件包相关信息)
Available Packages
Name : caching-nameserver
Arch : i386
Epoch : 30
Version : 9.3.6
Release : 20.P1.el5
Size : 63 k
Repo : Base
Summary : Default BIND configuration files for a caching nameserver
URL : http://www.isc.org/products/BIND/
License : BSD-like
Description: The caching-nameserver package includes the configuration files which will make
: the ISC BIND named DNS name server act as a simple caching nameserver.
: A caching nameserver is a DNS Resolver, as defined in RFC 1035, section 7.
: ISC BIND named(8) provides a very efficient, flexible and robust resolver as
: well as a server of authoritative DNS data - many users use this package
: along with BIND to implement their primary system DNS resolver service.
: If you would like to set up a caching name server, you'll need to install
: bind, bind-libs, and bind-utils along with this package.(能够让DNS服务器立马成为缓存服务器)
[root@Smoke ~]# yum install -y bind97(安装bind97服务器软件包)
[root@Smoke ~]# rpm -ql bind97(查看bind97软件生成那些文件列表)
/etc/NetworkManager/dispatcher.d/13-named
/etc/logrotate.d/named
/etc/named
/etc/named.conf(主配置文件,已经相当于安装了caching-nameserver,这个bind97特性)
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rc.d/init.d/named(服务运行脚本)
/etc/rndc.conf(rndc配置文件)
/etc/rndc.key(rndc的密钥文件)
/etc/sysconfig/named(服务脚本配置文件)
/usr/lib/bind
/usr/sbin/arpaname
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named(主程序)
/usr/sbin/named-checkconf(检查配置文件语法命令)
/usr/sbin/named-checkzone(检查区域文件语法命令)
/usr/sbin/named-compilezone(编译zone,将区域文件编译成其他格式)
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc(远程控制工具)
/usr/sbin/rndc-confgen(配置文件rndc.conf生成工具)
/usr/share/doc/bind97-9.7.0
/usr/share/doc/bind97-9.7.0/CHANGES
/usr/share/doc/bind97-9.7.0/COPYRIGHT
/usr/share/doc/bind97-9.7.0/Copyright
/usr/share/doc/bind97-9.7.0/README
/usr/share/doc/bind97-9.7.0/arm
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM-book.xml
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch01.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch02.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch03.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch04.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch05.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch06.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch07.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch08.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch09.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.ch10.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.html
/usr/share/doc/bind97-9.7.0/arm/Bv9ARM.pdf
/usr/share/doc/bind97-9.7.0/arm/README-SGML
/usr/share/doc/bind97-9.7.0/arm/dnssec.xml
/usr/share/doc/bind97-9.7.0/arm/isc-logo.eps
/usr/share/doc/bind97-9.7.0/arm/isc-logo.pdf
/usr/share/doc/bind97-9.7.0/arm/latex-fixup.pl
/usr/share/doc/bind97-9.7.0/arm/libdns.xml
/usr/share/doc/bind97-9.7.0/arm/man.arpaname.html
/usr/share/doc/bind97-9.7.0/arm/man.ddns-confgen.html
/usr/share/doc/bind97-9.7.0/arm/man.dig.html
/usr/share/doc/bind97-9.7.0/arm/man.dnssec-dsfromkey.html
/usr/share/doc/bind97-9.7.0/arm/man.dnssec-keyfromlabel.html
/usr/share/doc/bind97-9.7.0/arm/man.dnssec-keygen.html
/usr/share/doc/bind97-9.7.0/arm/man.dnssec-revoke.html
/usr/share/doc/bind97-9.7.0/arm/man.dnssec-settime.html
/usr/share/doc/bind97-9.7.0/arm/man.dnssec-signzone.html
/usr/share/doc/bind97-9.7.0/arm/man.genrandom.html
/usr/share/doc/bind97-9.7.0/arm/man.host.html
/usr/share/doc/bind97-9.7.0/arm/man.isc-hmac-fixup.html
/usr/share/doc/bind97-9.7.0/arm/man.named-checkconf.html
/usr/share/doc/bind97-9.7.0/arm/man.named-checkzone.html
/usr/share/doc/bind97-9.7.0/arm/man.named-journalprint.html
/usr/share/doc/bind97-9.7.0/arm/man.named.html
/usr/share/doc/bind97-9.7.0/arm/man.nsec3hash.html
/usr/share/doc/bind97-9.7.0/arm/man.nsupdate.html
/usr/share/doc/bind97-9.7.0/arm/man.rndc-confgen.html
/usr/share/doc/bind97-9.7.0/arm/man.rndc.conf.html
/usr/share/doc/bind97-9.7.0/arm/man.rndc.html
/usr/share/doc/bind97-9.7.0/arm/managed-keys.xml
/usr/share/doc/bind97-9.7.0/arm/pkcs11.xml
/usr/share/doc/bind97-9.7.0/draft
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-6man-text-addr-representation-01.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-behave-dns64-01.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-axfr-clarify-13.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-dns-tcp-requirements-02.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-dnssec-bis-updates-09.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-dnssec-gost-06.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-ecc-key-07.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-interop3597-02.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-rfc3597-bis-00.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsop-bad-dns-res-05.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsop-default-local-zones-09.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsop-inaddr-required-07.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt
/usr/share/doc/bind97-9.7.0/draft/draft-ietf-dnsop-respsize-06.txt
/usr/share/doc/bind97-9.7.0/draft/draft-kato-dnsop-local-zones-00.txt
/usr/share/doc/bind97-9.7.0/draft/update
/usr/share/doc/bind97-9.7.0/misc
/usr/share/doc/bind97-9.7.0/misc/dnssec
/usr/share/doc/bind97-9.7.0/misc/format-options.pl
/usr/share/doc/bind97-9.7.0/misc/ipv6
/usr/share/doc/bind97-9.7.0/misc/migration
/usr/share/doc/bind97-9.7.0/misc/migration-4to9
/usr/share/doc/bind97-9.7.0/misc/options
/usr/share/doc/bind97-9.7.0/misc/rfc-compliance
/usr/share/doc/bind97-9.7.0/misc/roadmap
/usr/share/doc/bind97-9.7.0/misc/sdb
/usr/share/doc/bind97-9.7.0/misc/sort-options.pl
/usr/share/doc/bind97-9.7.0/named.conf.default
/usr/share/doc/bind97-9.7.0/rfc
/usr/share/doc/bind97-9.7.0/rfc/index.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1032.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1033.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1034.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1035.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1101.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1122.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1123.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1183.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1348.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1535.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1536.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1537.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1591.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1611.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1612.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1706.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1712.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1750.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1876.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1886.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1912.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1982.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1995.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc1996.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2052.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2104.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2119.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2133.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2136.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2137.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2163.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2168.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2181.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2230.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2308.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2317.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2373.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2374.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2375.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2418.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2535.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2536.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2537.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2538.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2539.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2540.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2541.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2553.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2671.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2672.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2673.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2782.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2825.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2826.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2845.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2874.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2915.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2929.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2930.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc2931.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3007.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3008.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3071.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3090.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3110.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3123.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3152.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3197.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3225.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3226.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3258.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3363.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3364.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3425.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3445.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3467.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3490.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3491.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3492.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3493.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3513.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3596.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3597.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3645.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3655.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3658.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3755.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3757.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3833.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3845.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc3901.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4025.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4033.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4034.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4035.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4074.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4159.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4193.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4255.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4294.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4339.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4343.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4367.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4398.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4408.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4431.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4470.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4471.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4472.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4509.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4634.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4635.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4641.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4648.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4697.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4701.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4892.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4955.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc4956.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc5001.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc5011.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc5155.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc5205.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc5452.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc5507.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc5625.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc5702.txt.gz
/usr/share/doc/bind97-9.7.0/rfc/rfc952.txt.gz
/usr/share/doc/bind97-9.7.0/rfc1912.txt
/usr/share/doc/bind97-9.7.0/sample
/usr/share/doc/bind97-9.7.0/sample/etc
/usr/share/doc/bind97-9.7.0/sample/etc/named.conf
/usr/share/doc/bind97-9.7.0/sample/etc/named.rfc1912.zones
/usr/share/doc/bind97-9.7.0/sample/var
/usr/share/doc/bind97-9.7.0/sample/var/named
/usr/share/doc/bind97-9.7.0/sample/var/named/data
/usr/share/doc/bind97-9.7.0/sample/var/named/my.external.zone.db
/usr/share/doc/bind97-9.7.0/sample/var/named/my.internal.zone.db
/usr/share/doc/bind97-9.7.0/sample/var/named/named.ca
/usr/share/doc/bind97-9.7.0/sample/var/named/named.empty
/usr/share/doc/bind97-9.7.0/sample/var/named/named.localhost
/usr/share/doc/bind97-9.7.0/sample/var/named/named.loopback
/usr/share/doc/bind97-9.7.0/sample/var/named/slaves
/usr/share/doc/bind97-9.7.0/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind97-9.7.0/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/var/log/named.log
/var/named(区域数据文件目录)
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
/var/run/named
提示:我们配置named只需要提供主配置文件和修改区域数据文件即可;
[root@Smoke ~]# vim /etc/named.conf(编辑named主配置文件)
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options(全局选项) {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging(定义日志) {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone(定义区域) "." IN {
type hint;
file "named.ca";
};
include(把其他文件包含进来,意味着这个文件被分成片,另外还有很多内容在/etc/named.rfc1912.zones文件当中) "/etc/named.rfc1912.zones";
[root@Smoke ~]# vim /etc/named.rfc1912.zones(编辑named.rfc.1912.zones文件)
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone(区域定义) "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
[root@Smoke ~]# cd /var/named/(切换到/var/named目录)
[root@Smoke named]# ls(查看当前目录文件及子目录)
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@Smoke named]# cat named.ca(查看named.ca文件内容)
; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35
;; Query time: 147 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Feb 18 13:29:18 2008
;; MSG SIZE rcvd: 615
提示:13个根节点服务器的地址,这个文件named.ca如果没有,可以手动生成;
[root@Smoke named]# rpm -ql bind97-utils(查看bind97-utils软件生成那些文件列表)
/usr/bin/dig(Domain Infomation Gropher到域名服务器查找相关信息)
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
[root@Smoke named]# man dig(查看dig命令的man帮助文档)
dig - DNS lookup utility
dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name]
[-t type](指定资源记录类型) [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]
[root@Smoke named]# dig -t NS .(查看根域的NS记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23761
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 5 IN NS l.root-servers.net.
. 5 IN NS c.root-servers.net.
. 5 IN NS a.root-servers.net.
. 5 IN NS d.root-servers.net.
. 5 IN NS f.root-servers.net.
. 5 IN NS e.root-servers.net.
. 5 IN NS k.root-servers.net.
. 5 IN NS i.root-servers.net.
. 5 IN NS b.root-servers.net.
. 5 IN NS g.root-servers.net.
. 5 IN NS m.root-servers.net.
. 5 IN NS j.root-servers.net.
. 5 IN NS h.root-servers.net.
;; ADDITIONAL SECTION:
c.root-servers.net. 5 IN AAAA 2001:500:2::c
a.root-servers.net. 5 IN A 198.41.0.4
m.root-servers.net. 5 IN A 202.12.27.33
m.root-servers.net. 5 IN AAAA 2001:dc3::35
;; Query time: 27 msec
;; SERVER: 192.168.17.2#53(192.168.17.2)
;; WHEN: Sun Dec 14 04:43:40 2014
;; MSG SIZE rcvd: 316
提示:能够帮我们查找出来根域所有DNS服务器,前提是这台主机要能访问互联网;
[root@Smoke named]# vim /etc/resolv.conf(编辑DNS设置文件)
search localdomain
nameserver 192.168.0.1
[root@Smoke named]# dig -t NS . @a.root-servers.net.(如果使用dig -t NS .担心查找的根域DNS服务器不够全名,可以使用@a.root-servers.net.)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t NS . @a.root-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29250
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 15
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 518400 IN A 198.41.0.4
b.root-servers.net. 518400 IN A 192.228.79.201
c.root-servers.net. 518400 IN A 192.33.4.12
d.root-servers.net. 518400 IN A 199.7.91.13
e.root-servers.net. 518400 IN A 192.203.230.10
f.root-servers.net. 518400 IN A 192.5.5.241
g.root-servers.net. 518400 IN A 192.112.36.4
h.root-servers.net. 518400 IN A 128.63.2.53
i.root-servers.net. 518400 IN A 192.36.148.17
j.root-servers.net. 518400 IN A 192.58.128.30
k.root-servers.net. 518400 IN A 193.0.14.129
l.root-servers.net. 518400 IN A 199.7.83.42
m.root-servers.net. 518400 IN A 202.12.27.33
a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 518400 IN AAAA 2001:500:84::b
;; Query time: 546 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun Dec 14 04:50:55 2014
;; MSG SIZE rcvd: 492
提示:dig -t NS . @a.root-servers.net.不借助于本地服务器,直接到a.root-servers.net.服务器查找;
[root@Smoke ~]# cd /var/named/(切换到/var/named目录)
[root@Smoke named]# ls(查看当前目录文件及子目录)
data dynamic named.ca(互联网根名称服务器地址) named.empty named.localhost(本地主机) named.loopback slaves
[root@Smoke named]# cat named.localhost(查看named.localhost文件内容)
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1(将localhost解析成127.0.0.1)
AAAA ::1(将localohost解析成::1)
提示:为了避免DNS服务器配置错误将localhost解析成一个正常地址,所以定义一个独特的区域交localhost区域,专门负责将localhost解析为127.0.0.1以及ipv6的::1;
[root@Smoke named]# cat named.loopback(查看named.loopback文件内容)
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.(将127.0.0.1解析为localhost.)
提示:named.loopback是本地主机名的正反向解析;
[root@Smoke named]# vim /etc/named.conf(编辑DNS主配置文件)
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {(全局选项,定义DNS服务器工作属性,对每个zone都能生效)
listen-on port 53 { 127.0.0.1; };(监听那个端口上)
listen-on-v6 port 53 { ::1; };(监听ipv6那个端口)
directory "/var/named";(数据文件目录)
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };(只允许本地查询)
recursion yes;(允许递归)
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
[root@Smoke named]# mv /etc/named.conf /etc/named.conf.orig(备份DNS主配置文件)
[root@Smoke named]# ll /etc/named.conf.orig(查看named.conf.orig文件详细信息)
-rw-r----- 1 root named 930 Feb 15 2010 /etc/named.conf.orig
提示:named.conf.orig的属主是root,属组是named,只有组有读权限,这个文件不允许其他人查看。
[root@Smoke named]# vim /etc/named.conf(编辑DNS主配置文件named.conf)
options {(全局选项)
directory "/var/named";
};
zone "." IN {(定义根区域)
type hint;(区域类型,根区域)
file "named.ca";(通过file指定区域数据文件为/var/named/named.ca互联网根名称解析服务器地址文件)
};
zone "localhost" IN {(定义localhost区域)
type master;(区域类型,主区域)
file "named.localhost";(通过file指定区域数据文件为/var/named/named.localhost)
};
zone "0.0.127.in-addr.arpa" IN {(定义0.0.127反向区域)
type master;(区域类型,主区域)
file "named.loopback";(通过file指定区域数据文件为/var/named/named.loopback)
};
提示:这个文件语法:每一个完整的语句都必须要使用;分号结尾,花括号的前后需要有空格,只要不是在同一行中,花括号前面有字符得有空格,后面没字符就无所谓,花括
号后面是;分号也无所谓,因为是结束符,中间任何一个指令都必须要以分号结尾;
[root@Smoke ~]# chown root:named /etc/named.conf(更改named.conf属主属组)
[root@Smoke ~]# chmod 640 /etc/named.conf(更改named.conf文件权限为640)
[root@Smoke ~]# named-checkconf(检测DNS主配置文件语法)
[root@Smoke ~]# named-checkzone "." /var/named/named.ca(检测.根区域数据文件named.ca语法)
zone ./IN: has 0 SOA records
zone ./IN: not loaded due to errors.
提示:没有装载,因为有错误,其实没错误,因为是.根区域;
[root@Smoke ~]# named-checkzone "localhost" /var/named/named.localhost(检测localhost区域数据文件named.localhost语法)
zone localhost/IN: loaded serial 0
OK
[root@Smoke ~]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback(检测0.0.127反向区域数据文件named.loopback语法)
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
OK
[root@Smoke ~]# service named configtest(检测named服务主配置文件和区域数据文件语法)
Usage: /etc/init.d/named {start|stop|status|restart|try-restart|reload|force-reload}
提示:现在不支持configtest;
[root@Smoke ~]# service named start(启动named 服务器)
Starting named: [ OK ]
[root@Smoke ~]# tail /var/log/messages(查看/var/log/messages文件内容)
Dec 14 08:25:57 Smoke named[7546]: automatic empty zone: 8.E.F.IP6.ARPA
Dec 14 08:25:57 Smoke named[7546]: automatic empty zone: 9.E.F.IP6.ARPA
Dec 14 08:25:57 Smoke named[7546]: automatic empty zone: A.E.F.IP6.ARPA
Dec 14 08:25:57 Smoke named[7546]: automatic empty zone: B.E.F.IP6.ARPA
Dec 14 08:25:57 Smoke named[7546]: command channel listening on 127.0.0.1#953
Dec 14 08:25:57 Smoke named[7546]: command channel listening on ::1#953
Dec 14 08:25:57 Smoke named[7546]: the working directory is not writable(工作目录不能写,本来就不能写)
Dec 14 08:25:57 Smoke named[7546]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Dec 14 08:25:57 Smoke named[7546]: zone localhost/IN: loaded serial 0
Dec 14 08:25:57 Smoke named[7546]: running(named启动)
提示:named服务启动过程中所产生的信息都会记录到/var/log/messages文件;
临时关闭selinux:
[root@Smoke ~]# setenforce 0(关闭selinux)
[root@Smoke ~]# getenforce(查看selinux启动状态)
Permissive
提示:需要确保selinux不要启动起来;
永久关闭selinux:
[root@Smoke ~]# vim /etc/selinux/config(编辑/etc/selinux/config)
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive(自由,不受selinux影响)
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
提示:永久关闭不会立即生效,只是保证下次启动有效,可以使用setenforce 0再次临时关闭;
[root@Smoke ~]# netstat -tunlp(查看系统服务,-t代表tcp,-u代表udp,-n代表以数字显示,-l显示监听状态,-p显示服务名称)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3577/./hpiod
tcp 0 0 0.0.0.0:931 0.0.0.0:* LISTEN 3293/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3254/portmap
tcp 0 0 192.168.17.128:53 0.0.0.0:* LISTEN 7546/named
tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 7546/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 7546/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3598/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3610/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 7546/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3647/sendmail
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 7758/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3582/python
tcp 0 0 :::22 :::* LISTEN 3598/sshd
tcp 0 0 ::1:953 :::* LISTEN 7546/named
tcp 0 0 ::1:6010 :::* LISTEN 7758/sshd
udp 0 0 0.0.0.0:514 0.0.0.0:* 3172/syslogd
udp 0 0 0.0.0.0:925 0.0.0.0:* 3293/rpc.statd
udp 0 0 0.0.0.0:928 0.0.0.0:* 3293/rpc.statd
udp 0 0 192.168.17.128:53 0.0.0.0:* 7546/named
udp 0 0 172.16.100.1:53 0.0.0.0:* 7546/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 7546/named
udp 0 0 0.0.0.0:68 0.0.0.0:* 6013/dhclient
udp 0 0 0.0.0.0:48102 0.0.0.0:* 3785/avahi-daemon
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3785/avahi-daemon
udp 0 0 0.0.0.0:111 0.0.0.0:* 3254/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3610/cupsd
udp 0 0 :::48070 :::* 3785/avahi-daemon
udp 0 0 :::5353 :::* 3785/avahi-daemon
提示:tcp和udp的53号端口就被监听,还有tcp的953远程名称域控制器,说明DNS服务器已经启动起来;
[root@Smoke ~]# ping www.baidu.com(测试能否访问互联网)
PING www.a.shifen.com (180.97.33.107) 56(84) bytes of data.
64 bytes from 180.97.33.107: icmp_seq=1 ttl=128 time=50.6 ms
64 bytes from 180.97.33.107: icmp_seq=2 ttl=128 time=49.1 ms
64 bytes from 180.97.33.107: icmp_seq=3 ttl=128 time=48.8 ms
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 48.879/49.557/50.652/0.822 ms
[root@Smoke ~]# vim /etc/resolv.conf(编辑主机DNS指向文件)
search localdomain
nameserver 172.16.100.1
提示:将nameserver指向自己的IP地址172.16.100.1;
[root@Smoke ~]# dig -t NS .(查找根域NS记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6346
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 516354 IN NS f.root-servers.net.
. 516354 IN NS g.root-servers.net.
. 516354 IN NS k.root-servers.net.
. 516354 IN NS b.root-servers.net.
. 516354 IN NS l.root-servers.net.
. 516354 IN NS m.root-servers.net.
. 516354 IN NS h.root-servers.net.
. 516354 IN NS a.root-servers.net.
. 516354 IN NS j.root-servers.net.
. 516354 IN NS c.root-servers.net.
. 516354 IN NS d.root-servers.net.
. 516354 IN NS i.root-servers.net.
. 516354 IN NS e.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 516354 IN A 198.41.0.4
a.root-servers.net. 516354 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 516354 IN A 192.228.79.201
b.root-servers.net. 516354 IN AAAA 2001:500:84::b
c.root-servers.net. 516354 IN A 192.33.4.12
c.root-servers.net. 516354 IN AAAA 2001:500:2::c
d.root-servers.net. 516354 IN A 199.7.91.13
d.root-servers.net. 516354 IN AAAA 2001:500:2d::d
e.root-servers.net. 516354 IN A 192.203.230.10
f.root-servers.net. 516354 IN A 192.5.5.241
f.root-servers.net. 516354 IN AAAA 2001:500:2f::f
g.root-servers.net. 516354 IN A 192.112.36.4
h.root-servers.net. 516354 IN A 128.63.2.53
;; Query time: 3 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 09:24:59 2014
;; MSG SIZE rcvd: 496
[root@Smoke ~]# dig -t NS . @A.root-servers.net(直接从A.root-servers.net服务器查找根域NS记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t NS . @A.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10405
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS l.root-servers.net.
;; ADDITIONAL SECTION:
f.root-servers.net. 3600000 IN A 192.5.5.241
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
g.root-servers.net. 3600000 IN A 192.112.36.4
d.root-servers.net. 3600000 IN A 199.7.91.13
d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
j.root-servers.net. 3600000 IN A 192.58.128.30
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
k.root-servers.net. 3600000 IN A 193.0.14.129
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
m.root-servers.net. 3600000 IN A 202.12.27.33
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 311 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun Dec 14 10:41:05 2014
;; MSG SIZE rcvd: 508
[root@Smoke ~]# ping www.magedu.com(测试www.magedu.com地址解析)
PING www.magedu.com (122.10.114.6) 56(84) bytes of data.
64 bytes from 122.10.114.6: icmp_seq=1 ttl=128 time=128 ms
64 bytes from 122.10.114.6: icmp_seq=2 ttl=128 time=80.0 ms
64 bytes from 122.10.114.6: icmp_seq=3 ttl=128 time=80.6 ms
--- www.magedu.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 80.054/96.417/128.507/22.694 ms
[root@Smoke ~]# chkconfig --list named(查看named服务在各系统级别下启动情况)
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@Smoke ~]# chkconfig named on(让named服务在下次开机自动启动)
[root@Smoke ~]# chkconfig --list named(查看named服务在各系统级别下启动情况)
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
提示:此时的DNS服务器仅仅是个缓存服务器;
让DNS服务器负责域的解析:假如在互联网注册mageedu.com域,而且在.com已经授权给当前主机解析,如何让当前主机扮演成一个互联网DNS服务器;
实现正向解析:
[root@Smoke ~]# vim /etc/named.conf(编辑named服务主配置文件)
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "mageedu.com" IN {(建立mageedu.com区域)
type master;(区域类型,主区域)
file "mageedu.com.zone";(区域数据文件/var/named/mageedu.com.zone)
};
[root@Smoke ~]# named-checkconf(检测named主配置文件语法)
[root@Smoke ~]# service named restart(重新启动named服务)
Stopping named: [ OK ]
Starting named:
Error in named configuration:
zone localhost/IN: loaded serial 0
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
zone mageedu.com/IN: loading from master file mageedu.com.zone failed: file not found
zone mageedu.com/IN: not loaded due to errors.
_default/mageedu.com/IN: file not found
[FAILED]
提示:失败,mageedu.com区域没有数据文件;
[root@Smoke ~]# named-checkconf /etc/named.conf(检测named主配置文件语法)
提示:这不是语法错误,而是逻辑错误;
[root@Smoke ~]# vim /etc/named.conf(编辑named服务主配置文件)
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "mageedu.com" IN {
type master;
file "mageedu.com.zone";
}
提示:去掉最后一行花括号后面的;分号;
[root@Smoke ~]# named-checkconf(检查named服务主配置文件语法)
/etc/named.conf:25: missing ';' before end of file
提示:文件25行少;分号,所以逻辑错误named-checkconfig检查不出来,它只能检查语法错误,逻辑错误是在重启服务器的时候是可以检查出来的,因此不要贸然重启,不
然正在工作的服务器也无法正常工作了;
[root@Smoke ~]# vim /etc/named.conf(编辑named服务主配置文件)
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "mageedu.com" IN {
type master;
file "mageedu.com.zone";
};
[root@Smoke ~]# cd /var/named/(切换到/var/named目录)
[root@Smoke named]# ls(查看当前目录文件及子目录)
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@Smoke named]# vim mageedu.com.zone(编辑mageedu.com区域数据文件)
TTL 600(全局定义TTL值为10分钟)
mageedu.com.(区域名,可以使用@代替/etc/named.conf文件中定义的区域名) IN SOA(SOA记录) ns1.mageedu.com.(主DNS服务器名称)
admin.mageedu.com.(管理员邮箱,点.代替@) (
2013040101(版本号,最长不能超过10位)
1H(刷新时间)
5M(重试时间)
2D(过期时间)
6H ) (否定回答缓存时间)
(区域名,可以不写,不写代表从上条直接继承) IN NS(NS记录) ns1(ns1.mageedu.com.简写,会自动补全mageedu.com.区域名字,
简写不用加.点)
IN MX(MX记录) 10(优先级) mail(mail.mageedu.com.简写,会自动补全mageedu.com.区域名字,简写不用加.点)
ns1 IN A 172.16.100.1(ns服务器A记录)
mail IN A 172.16.100.2(邮件服务器A记录)
www IN A 172.16.100.1(www服务器A记录)
www IN A 172.16.100.3(www服务器A记录)
ftp IN CNAME www(www别名)
提示:区域数据文件里面只能放资源记录,第一条一定要是SOA记录,再下来是NS记录,得先说明这样一个域的域名服务器是谁;
[root@Smoke named]# ll(查看当前目录文件及子目录详细信息)
total 64
drwxrwx--- 2 named named 4096 Nov 17 2011 data
drwxrwx--- 2 named named 4096 Nov 17 2011 dynamic
-rw-r--r-- 1 root root 251 Dec 14 12:06 mageedu.com.zone
-rw-r----- 1 root named 1892 Feb 18 2008 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Nov 17 2011 slaves
提示:查看这个目录文件权限,一般属主是root,属组是named,权限是640;
[root@Smoke named]# chmod 640 mageedu.com.zone(更改mageedu.com.zone文件权限为640)
[root@Smoke named]# chown root:named mageedu.com.zone(更改mageedu.com.zone文件属主属组)
[root@Smoke named]# named-checkzone "mageedu.com" /var/named/mageedu.com.zone(检查mageedu.com区域数据文件mageedu.com.zone语法)
dns_master_load: /var/named/mageedu.com.zone:2: unexpected end of line
dns_master_load: /var/named/mageedu.com.zone:1: unexpected end of input
/var/named/mageedu.com.zone:8: using RFC1035 TTL semantics
zone mageedu.com/IN: loading from master file /var/named/mageedu.com.zone failed: unexpected end of input
zone mageedu.com/IN: not loaded due to errors.
提示:/var/named/mageedu.com.zone文件第2、1、8行没有给TTL值;
[root@Smoke named]# vim mageedu.com.zone(编辑mageedu.com.zone文件)
$TTL 600(TTL需要加$符号,因为它是个宏,不是条记录,必须要使用$符号引用,任何声明这样宏的时候要加$符号)
mageedu.com. IN SOA ns1.mageedu.com. admin.mageedu.com. (
2013040101
1H
5M
2D
6H )
IN NS ns1
IN MX 10 mail
ns1 IN A 172.16.100.1
mail IN A 172.16.100.2
www IN A 172.16.100.1
www IN A 172.16.100.3
ftp IN CNAME www
[root@Smoke named]# named-checkzone "mageedu.com" /var/named/mageedu.com.zone(检测mageedu.com区域数据文件mageedu.com.zone语法)
zone mageedu.com/IN: loaded serial 2013040101
OK
[root@Smoke named]# service named restart(重启named服务)
Stopping named: [ OK ]
Starting named: [ OK ]
[root@Smoke named]# vim /etc/resolv.conf(编辑DNS指向配置文件)
search localdomain
nameserver 172.16.100.1
[root@Smoke named]# dig -t A www.mageedu.com(查找www.mageedu.com名称A记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A www.mageedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57766
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:(问题,找www.mageedu.com.的A记录)
;www.mageedu.com. IN A
;; ANSWER SECTION:(答案)
www.mageedu.com. 600 IN A 172.16.100.3
www.mageedu.com. 600 IN A 172.16.100.1
;; AUTHORITY SECTION:(权威区域段,明确告诉那个DNS服务器是这个区域的权威DNS服务器)
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:(补充段,任何一个NS记录都有一个A记录与之相随,NS服务器的A记录)
ns1.mageedu.com. 600 IN A 172.16.100.1
;; Query time: 3 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 20:21:49 2014
;; MSG SIZE rcvd: 99
[root@Smoke named]# dig -t A www.mageedu.com(查找www.mageedu.com名称A记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A www.mageedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21103
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.mageedu.com. IN A
;; ANSWER SECTION:
www.mageedu.com. 600 IN A 172.16.100.1
www.mageedu.com. 600 IN A 172.16.100.3
;; AUTHORITY SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.16.100.1
;; Query time: 2 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 20:25:34 2014
;; MSG SIZE rcvd: 99
提示:再来一次,www.mageedu.com.名称的A记录两个IP地址颠倒,这就是负载均衡;
[root@Smoke named]# dig -t CNAME ftp.mageedu.com(查找ftp.mageedu.com的CNAME记录,正式名称)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t CNAME ftp.mageedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38711
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;ftp.mageedu.com. IN CNAME
;; ANSWER SECTION:
ftp.mageedu.com. 600 IN CNAME www.mageedu.com.(ftpmageedu.com.的正式名称是www.mageedu.com.)
;; AUTHORITY SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.16.100.1
;; Query time: 0 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 20:28:19 2014
;; MSG SIZE rcvd: 85
[root@Smoke named]# dig -t NS mageedu.com.(查找mageedu.com.区域NS记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t NS mageedu.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55615
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mageedu.com. IN NS
;; ANSWER SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.(mageedu.com.区域的DNS服务器是ns1.mageedu.com.)
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.16.100.1(ns1.mageedu.com.的A记录是172.16.100.1)
;; Query time: 2 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 20:29:53 2014
;; MSG SIZE rcvd: 63
[root@Smoke named]# dig -t MX mageedu.com.(查找mageedu.com.区域的MX记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t MX mageedu.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53615
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;mageedu.com. IN MX
;; ANSWER SECTION:
mageedu.com. 600 IN MX 10 mail.mageedu.com.(mageedu.com.区域的MX记录是mail.mageedu.com.)
;; AUTHORITY SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
mail.mageedu.com. 600 IN A 172.16.100.2(mail.mageedu.com.的A记录是172.16.100.2)
ns1.mageedu.com. 600 IN A 172.16.100.1
;; Query time: 2 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 20:31:21 2014
;; MSG SIZE rcvd: 100
[root@Smoke named]# host -t A www.mageedu.com(查找www.mageedu.com名称A记录)
www.mageedu.com has address 172.16.100.3
www.mageedu.com has address 172.16.100.1
[root@Smoke named]# host -t A www.mageedu.com(查找www.mageedu.com名称A记录)
www.mageedu.com has address 172.16.100.1
www.mageedu.com has address 172.16.100.3
提示:两次通过host查询www.mageedu.com名称的A记录返回的值相互颠倒,这就是负载均衡;
[root@Smoke named]# host -t NS mageedu.com(查找mageedu.com名称NS记录)
mageedu.com name server ns1.mageedu.com.
[root@Smoke named]# host -t MX mageedu.com(查找mageedu.com名称的MX记录)
mageedu.com mail is handled by 10 mail.mageedu.com.
提示:返回还说明MX记录的优先级是10;
[root@Smoke named]# host -t SOA mageedu.com(查找mageedu.com的SOA记录)
mageedu.com has SOA record ns1.mageedu.com. admin.mageedu.com. 2013040101 3600 300 172800 21600
[root@Smoke named]# dig -t SOA mageedu.com(查询mageedu.com的SOA记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t SOA mageedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46622
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mageedu.com. IN SOA
;; ANSWER SECTION:
mageedu.com. 600 IN SOA ns1.mageedu.com. admin.mageedu.com. 2013040101 3600 300 172800 21600
;; AUTHORITY SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.16.100.1
;; Query time: 4 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 20:40:21 2014
;; MSG SIZE rcvd: 105
使用windows的CMD命令提示符通过nslookup查询:
C:\Users\Smoke>nslookup
默认服务器: XiaoQiang
Address: 192.168.31.1(默认DNS服务器)
> server 172.16.100.1(通过server切换DNS服务器为172.16.100.1)
默认服务器: [172.16.100.1]
Address: 172.16.100.1
> set q=A(通过set设置q=A查询A资源记录类型)
> www.mageedu.com(查找www.mageedu.com的A记录)
服务器: [172.16.100.1]
Address: 172.16.100.1
名称: www.mageedu.com
Addresses: 172.16.100.3
172.16.100.1
> set q=NS(通过set设置q=NS查找NS资源记录类型)
> mageedu.com(查找mageedu.com的NS记录)
服务器: [172.16.100.1]
Address: 172.16.100.1
mageedu.com nameserver = ns1.mageedu.com(mageedu.com区域的NS服务器是ns1.mageedu.com)
ns1.mageedu.com internet address = 172.16.100.1(ns1mageedu.com的IP地址是172.16.100.1)
实现反向查询:
[root@Smoke named]# vim /etc/named.conf(编辑named服务主配置文件)
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
zone "mageedu.com" IN {
type master;
file "mageedu.com.zone";
};
zone "100.16.172.in-addr.arpa" IN {(建立100.16.172.in-addr.arpa反向区域)
type master;(区域类型,主区域)
file "172.16.100.zone";(区域数据文件/var/named/172.16.100.zone)
};
[root@Smoke named]# ls(查看当前目录文件及子目录)
data dynamic mageedu.com.zone named.ca named.empty named.localhost named.loopback slaves
[root@Smoke named]# cp -p mageedu.com.zone 172.16.100.zone(复制mageedu.com.zone文件,并重命名为172.16.100.zone,-p保留源文件或目录的属性)
[root@Smoke named]# ll(查看当前目录文件及子目录详细信息)
total 72
-rw-r----- 1 root named 252 Dec 14 12:12 172.16.100.zone
drwxrwx--- 2 named named 4096 Nov 17 2011 data
drwxrwx--- 2 named named 4096 Nov 17 2011 dynamic
-rw-r----- 1 root named 252 Dec 14 12:12 mageedu.com.zone
-rw-r----- 1 root named 1892 Feb 18 2008 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Nov 17 2011 slaves
提示:通过cp -p复制的172.16.100.zone文件的属主属组及权限保留;
[root@Smoke named]# vim 172.16.100.zone(编辑172.16.100.zone反向区域数据文件)
$TTL 600
@(使用@代替/etc/named.conf文件中所对应区域名称) IN SOA(SOA记录) ns1.mageedu.com.(主DNS服务器名称) admin.mageedu.com.
(管理员邮箱,点.代替@)(
2013040101(版本号,最长不能超过10位)
1H(刷新时间)
5M(重试时间)
2D(过期时间)
6H )(否定回答缓存时间)
(区域名,可以不写,代表从上条记录直接继承) IN NS(NS记录) ns1.mageedu.com.(反向记录,这里必须写成完成格式FQDN)
1 IN PTR(PTR记录) ns1.mageedu.com.
1 IN PTR www.mageedu.com.
2 IN PTR mail.mageedu.com.
3 IN PTR www.mageedu.com.
提示:在反向记录数据文件里面FQDN必须写成完整格式,不需要MX记录,也不需要A记录,别名记录也不需要,可以有别名,但是很少用到;
[root@Smoke named]# named-checkconf(检查named服务主配置文件语法)
[root@Smoke named]# named-checkzone "100.16.172.in-addr.arpa" 172.16.100.zone(检查100.16.172.in-addr.arpa区域的数据文件172.16.100.zone
语法)
zone 100.16.172.in-addr.arpa/IN: loaded serial 2013040101
OK
[root@Smoke named]# service named restart(重启named服务)
Stopping named: [ OK ]
Starting named: [ OK ]
测试:使用windows系统的CMD命令提示符,通过nsloopup命令测试;
> set q=PTR(通过set设置资源类型为PTR)
> 172.16.100.1(查找172.16.100.1地址FQDN)
服务器: [172.16.100.1]
Address: 172.16.100.1
1.100.16.172.in-addr.arpa name = ns1.mageedu.com(172.16.100.1的PTR记录为ns1.mageedu.com)
1.100.16.172.in-addr.arpa name = www.mageedu.com(172.16.100.1的PTR记录为www.mageedu.com)
100.16.172.in-addr.arpa nameserver = ns1.mageedu.com
ns1.mageedu.com internet address = 172.16.100.1
> set q=PTR(通过set设置资源类型为PTR)
> 172.16.100.3(查找172.16.100.3地址FQDN)
服务器: [172.16.100.1]
Address: 172.16.100.1
3.100.16.172.in-addr.arpa name = www.mageedu.com(172.16.100.3的PTR记录为www.mageedu.com)
100.16.172.in-addr.arpa nameserver = ns1.mageedu.com
ns1.mageedu.com internet address = 172.16.100.1
> set q=NS(通过set设置资源类型为NS)
> 100.16.172.in-addr.arpa(查找100.16.172.in-addr.arpa的NS记录)
服务器: [172.16.100.1]
Address: 172.16.100.1
100.16.172.in-addr.arpa nameserver = ns1.mageedu.com(100.16.172.in-addr.arpa的NS服务器是ns1.mageedu.com)
ns1.mageedu.com internet address = 172.16.100.1
[root@Smoke named]# dig -x 172.16.100.1(查找172.16.100.1的PTR记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -x 172.16.100.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32890
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;1.100.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.100.16.172.in-addr.arpa. 600 IN PTR www.mageedu.com.(172.16.100.1的PTR记录为www.mageedu.com.)
1.100.16.172.in-addr.arpa. 600 IN PTR ns1.mageedu.com.(172.16.100.1的PTR记录为ns1.mageedu.com.)
;; AUTHORITY SECTION:
100.16.172.in-addr.arpa. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.16.100.1
;; Query time: 3 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 21:25:35 2014
;; MSG SIZE rcvd: 120
[root@Smoke named]# dig -x 172.16.100.2(查找172.16.100.2的PTR记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -x 172.16.100.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;2.100.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
2.100.16.172.in-addr.arpa. 600 IN PTR mail.mageedu.com.(172.16.100.2的PTR记录为mail.mageedu.com.)
;; AUTHORITY SECTION:
100.16.172.in-addr.arpa. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.16.100.1
;; Query time: 2 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sun Dec 14 21:27:13 2014
;; MSG SIZE rcvd: 107
重要提示:使用windows系统的CMD命令提示符,通过nslookup命令解析域名,需要通过server指令指向那台主机解析的,如果不指server,通过默认的服务器192.168.31.1
解析www.mageed.com的A记录,是不能解析到的,因为192.168.31.1不是负责www.mageedu.com这个域的,不是就会找根域名服务器,根会找.com域,.com找mageedu,在
互联网上.com是没有mageedu.com域名,因此这是我们测试使用的,在互联网是没法用的,要想在互联网上能用,需要向.com注册mageedu.com域名;
C:\Users\Smoke>nslookup
DNS request timed out.
timeout was 2 seconds.
默认服务器: UnKnown
Address: 192.168.31.1
> set q=A
> www.mageedu.com
浙公网安备 33010602011771号