10 Linux启动和DNS域名服务
10 Linux启动和DNS域名服务
1 Linux系统启动流程【前面文档的内容基本上可以嵌入到当前的流程当中】
-
开机加电自检
-
属性定制
-
硬件检测
-
系统启动自举程序
-
找到系统所在的硬盘
-
系统引导程序--bootloader
-
MBR找到OS在哪里:硬盘区域当中的第一个扇区(512字节【446字节的内容+64字节的分区表】)
-
1~2047扇区(1MB),必备的最少的程序文件,给下一步骤使用
-
找OS启动程序
-
加载Linux内核/boot/vmlinuz-xxx【找内核,从文件系统里找,但内核是os启动的起始点】
- grub
- 加载initramfs虚拟文件系统,用以支持Linux内核的运行
- 退出initramfs
-
Linux内核启动
-
启动的配置【只读】
- OS里面的第一个进程【init|systemd】
- 通过父进程开始创建子进程,其它程序正常运行【systemd以target的方式来管理(较新的系统)systemctl get-default】
- 用户自定义的开机启动的定制程序配置文件:/etc/rc.local(设置为执行权限,默认是没有执行权限的)【Rocky还有,Ubuntu目前没有,但可以自建】
- 登录OS
- 加载shell环境,开始操作
-
-
-
-
-
还可以进入到光盘当中,进入救援模式,解决正常启动的时候出现的问题
-
2 域名解析DNS服务
DNS:Domain Name System域名解析系统。
主要用于阐述域名和IP地址的关系,是一种分布式的数据库。
网络早期(没有DNS之前),用hosts来记录IP和域名【长域名、短域名、fqdn名(真正的名字)、主机名、子域名】的关系。
FQDN:以百度域名为例:
www . baidu . com .
主机名 域名 顶级域名 根域【dns-search默认值为.。所以一般不用输入】
公司运维工作人员 域名注册商 Verisign
bj .www.baidu.com. 【一般内部人员管理的时候使用】
子域名
公司运维工作人员管理
DNS污染
主站资源被替换,镜像站也出问题,导致cn域名访问出现故障,被称之为DNS污染
IPv6的根DNS,一共25个,我国1主3辅
2.1 DNS解析原理
递归查询和迭代查询的示意图
2.2 DNS服务器里面的配置
| 名称 | 作用 | 备注 |
|---|---|---|
| A记录 | 域名解析成IPv4地址 | 正向解析 |
| AAAA记录 | 域名解析成IPv6地址 | |
| PTR记录 | IP地址解析成网站域名 | 反向解析 |
| NS记录 | 证明该服务器是DNS服务器 | 证明之后才能被DNS识别 |
| CNAME记录 | 域名指向到另一个域名(别名) | |
| SOA记录 | 所有记录的第一条 | |
| MX记录 | 邮件场景 | |
| SRV记录 | 服务发现场景、目录服务场景等 |
zone文件--承载DNS解析记录的文件,分正向解析和反向解析
2.3 常见的DNS服务器地址
-
公共的
- 国家的
- 学校的
- 企业的
- XX组织的
-
本地的
-
临时设定:/etc/resolv.conf
-
永久设定:各系统的网卡配置文件
2.4 查看DNS地址信息
整体查看:
resolvectl -- 依赖于服务--systemd-resolved
解析查看:
dig、nslookup、host
缓存查看:
windows:
ipconfig/displaydns
ipconfig/flushdns
Linux:
nscd
resolvectl
2.5 whois
安全场景下查看域名相关信息
2.6 DNS配置实践
2.6.1 rocky为例
#更新数据库并安装bind
[root@localhost ~]# yum makecache
.
.
.
[root@localhost ~]# dnf install bind
.
.
.
.
已安装:
bind-32:9.18.33-10.el10_1.2.x86_64 bind-dnssec-utils-32:9.18.33-10.el10_1.2.x86_64
bind-libs-32:9.18.33-10.el10_1.2.x86_64 bind-license-32:9.18.33-10.el10_1.2.noarch
bind-utils-32:9.18.33-10.el10_1.2.x86_64 fstrm-0.6.1-12.el10.x86_64
libmaxminddb-1.9.1-4.el10.x86_64 libuv-1:1.51.0-1.el10_0.x86_64
protobuf-c-1.5.0-6.el10.x86_64
完毕!
#查看dns服务,并且启动它和设置成开机启动
[root@localhost ~]# systemctl status named
○ named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; preset: disabled)
Active: inactive (dead)
[root@localhost ~]# systemctl start named
[root@localhost ~]# systemctl enable named
Created symlink '/etc/systemd/system/multi-user.target.wants/named.service' → '/usr/lib/systemd/system/named.service'.
#查看端口,发现默认的监听地址为127.0.0.1:53,只能默认监听本机地址
[root@localhost ~]# ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1519,fd=17))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=778,fd=5))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=1519,fd=20))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=778,fd=6))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1519,fd=18))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=820,fd=7))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=1519,fd=22))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=1519,fd=23))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=820,fd=8))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=1519,fd=21))
#配置文件
[root@localhost ~]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf #主配置文件
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
.
.
.
.
.
/var/named/slaves
[root@localhost ~]# vim /etc/named.conf
#重启并应用bind服务,根据端口号可发现dns服务已经在监听所有的网络了
[root@localhost ~]# systemctl restart named
[root@localhost ~]# ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 10.0.2.15:53 0.0.0.0:* users:(("named",pid=1670,fd=20))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1670,fd=17))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=778,fd=5))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=1670,fd=22))
udp UNCONN 0 0 [fd17:625c:f037:2:a00:27ff:fe78:e15e]:53 [::]:* users:(("named",pid=1670,fd=24))
udp UNCONN 0 0 [fe80::a00:27ff:fe78:e15e]%enp0s3:53 [::]:* users:(("named",pid=1670,fd=26))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=778,fd=6))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1670,fd=18))
tcp LISTEN 0 10 10.0.2.15:53 0.0.0.0:* users:(("named",pid=1670,fd=21))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=820,fd=7))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=1670,fd=28))
tcp LISTEN 0 10 [fe80::a00:27ff:fe78:e15e]%enp0s3:53 [::]:* users:(("named",pid=1670,fd=27))
tcp LISTEN 0 10 [fd17:625c:f037:2:a00:27ff:fe78:e15e]:53 [::]:* users:(("named",pid=1670,fd=25))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=1670,fd=29))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=820,fd=8))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=1670,fd=23))
2.6.2 Ubuntu为例
root@test-VirtualBox:~# sudo apt install bind9
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成
bind9 已经是最新版 (1:9.18.39-0ubuntu0.24.04.2)。
#安装后默认可监听其它传入的连接
root@test-VirtualBox:~# ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:60595 0.0.0.0:* users:(("avahi-daemon",pid=857,fd=14))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=857,fd=12))
udp UNCONN 0 0 10.0.2.15:53 0.0.0.0:* users:(("named",pid=1134,fd=46))
udp UNCONN 0 0 10.0.2.15:53 0.0.0.0:* users:(("named",pid=1134,fd=47))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1134,fd=29))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1134,fd=28))
udp UNCONN 0 0 127.0.0.54:53 0.0.0.0:* users:(("systemd-resolve",pid=522,fd=16))
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=522,fd=14))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=857,fd=13))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=1134,fd=34))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=1134,fd=35))
udp UNCONN 0 0 [fe80::812b:502:63fc:505]%enp0s3:53 [::]:* users:(("named",pid=1134,fd=38))
udp UNCONN 0 0 [fe80::812b:502:63fc:505]%enp0s3:53 [::]:* users:(("named",pid=1134,fd=39))
udp UNCONN 0 0 [fd17:625c:f037:2:4759:a5cd:8a43:4c2f]:53 [::]:* users:(("named",pid=1134,fd=51))
udp UNCONN 0 0 [fd17:625c:f037:2:4759:a5cd:8a43:4c2f]:53 [::]:* users:(("named",pid=1134,fd=50))
udp UNCONN 0 0 [fd17:625c:f037:2:e7e:a7f8:966b:86e7]:53 [::]:* users:(("named",pid=1134,fd=54))
udp UNCONN 0 0 [fd17:625c:f037:2:e7e:a7f8:966b:86e7]:53 [::]:* users:(("named",pid=1134,fd=55))
udp UNCONN 0 0 [::]:34973 [::]:* users:(("avahi-daemon",pid=857,fd=15))
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=522,fd=15))
tcp LISTEN 0 10 10.0.2.15:53 0.0.0.0:* users:(("named",pid=1134,fd=48))
tcp LISTEN 0 10 10.0.2.15:53 0.0.0.0:* users:(("named",pid=1134,fd=49))
tcp LISTEN 0 4096 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=2025,fd=3),("systemd",pid=1,fd=248))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1134,fd=32))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1134,fd=30))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=1134,fd=43))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=1134,fd=42))
tcp LISTEN 0 4096 127.0.0.54:53 0.0.0.0:* users:(("systemd-resolve",pid=522,fd=17))
tcp LISTEN 0 4096 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=1133,fd=7))
tcp LISTEN 0 10 [fe80::812b:502:63fc:505]%enp0s3:53 [::]:* users:(("named",pid=1134,fd=40))
tcp LISTEN 0 10 [fe80::812b:502:63fc:505]%enp0s3:53 [::]:* users:(("named",pid=1134,fd=41))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=1134,fd=44))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=1134,fd=45))
tcp LISTEN 0 4096 [::]:22 [::]:* users:(("sshd",pid=2025,fd=4),("systemd",pid=1,fd=249))
tcp LISTEN 0 4096 [::1]:631 [::]:* users:(("cupsd",pid=1133,fd=6))
tcp LISTEN 0 10 [fd17:625c:f037:2:e7e:a7f8:966b:86e7]:53 [::]:* users:(("named",pid=1134,fd=56))
tcp LISTEN 0 10 [fd17:625c:f037:2:e7e:a7f8:966b:86e7]:53 [::]:* users:(("named",pid=1134,fd=57))
tcp LISTEN 0 10 [fd17:625c:f037:2:4759:a5cd:8a43:4c2f]:53 [::]:* users:(("named",pid=1134,fd=53))
tcp LISTEN 0 10 [fd17:625c:f037:2:4759:a5cd:8a43:4c2f]:53 [::]:* users:(("named",pid=1134,fd=52))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=1134,fd=36))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=1134,fd=37))
root@test-VirtualBox:~# dpkg -L bind9
/.
/etc
/etc/apparmor.d
/etc/apparmor.d/force-complain
/etc/apparmor.d/local
/etc/apparmor.d/usr.sbin.named
/etc/bind
/etc/bind/bind.keys
/etc/bind/db.0
/etc/bind/db.127
/etc/bind/db.255
/etc/bind/db.empty
/etc/bind/db.local
/etc/bind/named.conf #主配置文件
/etc/bind/named.conf.default-zones
/etc/bind/named.conf.local
/etc/bind/named.conf.options
/etc/bind/zones.rfc1918
.
.
.
.
.
/usr/share/doc/bind9/changelog.Debian.gz
2.6.3 配置文件解析
以Ubuntu为例
root@test-VirtualBox:~# cat /etc/bind/named.conf #主配置文件
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options"; #子配置文件,named的软件配置选项【全局】
include "/etc/bind/named.conf.local"; #本地配置文件【默认是空的】
include "/etc/bind/named.conf.default-zones"; #本地资源记录解析文件【zones配置段】
#查看zone的默认配置
root@test-VirtualBox:~# cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master; #主为master,辅为slave
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
如果要定制DNS配置,那么就需要:
- 添加zone文件
- 增加记录解析文件
- 检测配置与法
- 重启服务即可
- dig命令解析测试
2.6.4 DNS配置实践
2.6.4.1 基础DNS服务器配置
Ubuntu24.04DNS服务器配置
- DNS服务器配置
root@ubuntu:~# apt install bind9 nginx #安装相应的软件
root@ubuntu:~# ss -tunlp | grep named #确认dns服务是否开启
udp UNCONN 0 0 10.0.0.10:53 0.0.0.0:* users:(("named",pid=2111,fd=35))
udp UNCONN 0 0 10.0.0.10:53 0.0.0.0:* users:(("named",pid=2111,fd=34))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=2111,fd=28))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=2111,fd=29))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=2111,fd=38))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=2111,fd=39))
udp UNCONN 0 0 [fe80::20c:29ff:fe0b:b39f]%ens33:53 [::]:* users:(("named",pid=2111,fd=42))
udp UNCONN 0 0 [fe80::20c:29ff:fe0b:b39f]%ens33:53 [::]:* users:(("named",pid=2111,fd=43))
tcp LISTEN 0 10 10.0.0.10:53 0.0.0.0:* users:(("named",pid=2111,fd=37))
tcp LISTEN 0 10 10.0.0.10:53 0.0.0.0:* users:(("named",pid=2111,fd=36))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=2111,fd=46))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=2111,fd=47))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=2111,fd=30))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=2111,fd=31))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=2111,fd=49))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=2111,fd=48))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=2111,fd=40))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=2111,fd=41))
tcp LISTEN 0 10 [fe80::20c:29ff:fe0b:b39f]%ens33:53 [::]:* users:(("named",pid=2111,fd=44))
tcp LISTEN 0 10 [fe80::20c:29ff:fe0b:b39f]%ens33:53 [::]:* users:(("named",pid=2111,fd=45))
root@ubuntu:~# cat /etc/bind/named.conf.default-zones | grep test #添加相应的域名到DNS的zone文件
zone "test.com" {
file "/etc/bind/db.test.com";
root@ubuntu:~# cp /etc/bind/db.local /etc/bind/db.test.com #拷贝相应的文件
root@ubuntu:~# vi /etc/bind/db.test.com
root@ubuntu:~# cat /etc/bind/db.test.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA test-db. admin.test.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
NS dns1
dns1 A 10.0.0.10
www A 10.0.0.10
* A 10.0.0.200
root@ubuntu:~# named-checkconf
root@ubuntu:~# named-checkzone test.com db.test.com
zone test.com/IN: loading from master file db.test.com failed: file not found
zone test.com/IN: not loaded due to errors.
root@ubuntu:~# ls /etc/bind
bind.keys db.127 db.empty db.test.com named.conf.default-zones named.conf.options zones.rfc1918
db.0 db.255 db.local named.conf named.conf.local rndc.key
root@ubuntu:~# cd /etc/bind
root@ubuntu:/etc/bind# ls
bind.keys db.127 db.empty db.test.com named.conf.default-zones named.conf.options zones.rfc1918
db.0 db.255 db.local named.conf named.conf.local rndc.key
root@ubuntu:/etc/bind# vi db.test.com
root@ubuntu:/etc/bind# named-checkzone test.com db.test.com #切换到当前目录去检查
zone test.com/IN: loaded serial 2
OK
root@ubuntu:~# named-checkzone test.com /etc/bind/db.test.com #检查的时候带上文件的完整路径
zone test.com/IN: loaded serial 2
OK
root@ubuntu:~# systemctl restart named #重启DNS服务
root@ubuntu:~# dig www.test.com #检查是否正确,因为有外网影响,所以检测出来DNS无法对应
; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> www.test.com
;; global options: +cmd
;; Got answer:
.
.
.
www.test.com. 5 IN CNAME customers.atom.com.
customers.atom.com. 5 IN A 172.66.170.130
customers.atom.com. 5 IN A 104.20.26.89
;; Query time: 16 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Tue Feb 03 02:23:36 UTC 2026
;; MSG SIZE rcvd: 102
root@ubuntu:~# dig www.test.com @10.0.0.10 #使用@符号指定DNS服务器
; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> www.test.com @10.0.0.10
;; global options: +cmd
;; Got answer:
.
.
.
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 604800 IN A 10.0.0.10
;; Query time: 0 msec
;; SERVER: 10.0.0.10#53(10.0.0.10) (UDP)
;; WHEN: Tue Feb 03 02:23:52 UTC 2026
;; MSG SIZE rcvd: 85
#修改nginx首页
root@ubuntu:~# cat /usr/share/nginx/html/index.html |grep 10.0.0.10
<title>Welcome to 10.0.0.10!</title>
root@ubuntu:~# systemctl restart nginx
root@ubuntu:~# cat /usr/share/nginx/html/index.html > /var/www/html/index.nginx-debian.html
- 使用RockyLinux的curl命令访问
#为防止外网影响,临时更改DNS为10.0.0.10
[root@Rocky ~]# vi /etc/resolv.conf
[root@Rocky ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.10
[root@Rocky ~]# curl www.test.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to 10.0.0.10!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
- 在OpenEuler上建立新的nginx服务
[root@OpenEuler ~]# dnf install nginx
[root@OpenEuler ~]# cp /usr/share/nginx/html/index.html /usr/share/nginx/html/index.html.bak
[root@OpenEuler ~]# echo "Welcome to nginx on 10.0.0.12" > /usr/share/nginx/html/index.html
[root@OpenEuler ~]# cat /usr/share/nginx/html/index.html
Welcome to nginx on 10.0.0.12
2月 03 08:49:53 OpenEuler systemd[1]: Starting firewalld - dynamic firewall daemon...
2月 03 08:49:53 OpenEuler systemd[1]: Started firewalld - dynamic firewall daemon.
[root@OpenEuler ~]# systemctl stop firewalld
[root@OpenEuler ~]# curl localhost
curl: (7) Failed to connect to localhost port 80 after 0 ms: Couldn't connect to server
[root@OpenEuler ~]# systemctl stop --now firewalld
[root@OpenEuler ~]# curl localhost
curl: (7) Failed to connect to localhost port 80 after 0 ms: Couldn't connect to server #测试失败
[root@OpenEuler ~]# systemctl status nginx #nginx忘记开了
○ nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disabled)
Active: inactive (dead)
2月 03 11:17:38 OpenEuler systemd[1]: nginx.service: Unit cannot be reloaded because it is inactive.
[root@OpenEuler ~]# systemctl start nginx #nginx开启
[root@OpenEuler ~]# curl localhost
Welcome to nginx on 10.0.0.12 #测试通过
#在Ubuntu上重新建立DNS解析
root@ubuntu:/etc/bind# cat db.test.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA test-db. admin.test.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
NS dns1
dns1 A 10.0.0.10
www A 10.0.0.12
* A 10.0.0.200
root@ubuntu:/etc/bind# systemctl restart named
#在RockyLinux上使用curl来验证
[root@Rocky ~]# curl www.test.com
Welcome to nginx on 10.0.0.12
2.6.4.2 主从DNS服务器配置
DNS的从服务器加入到DNS的主服务器,在之前基础上进行配置
- 10.0.0.11 DNS从服务器配置
#检查是否关闭防火墙
[root@Rocky ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
Active: active (running) since Wed 2026-02-04 07:24:24 CST; 54min ago
Invocation: 67fedda26c52483d8b531c85e4aa8c6d
Docs: man:firewalld(1)
Main PID: 912 (firewalld)
Tasks: 2 (limit: 10364)
Memory: 48.1M (peak: 70.8M)
CPU: 630ms
CGroup: /system.slice/firewalld.service
└─912 /usr/bin/python3 -sP /usr/sbin/firewalld --nofork --nopid
2月 04 07:24:23 Rocky systemd[1]: Starting firewalld.service - firewalld - dynamic firewall daemon...
2月 04 07:24:24 Rocky systemd[1]: Started firewalld.service - firewalld - dynamic firewall daemon.
[root@Rocky ~]# systemctl stop --now firewalld
#安装bind
[root@Rocky ~]# dnf install bind9
#编辑bind配置文件
[root@Rocky ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 10.0.0.10; any;};
listen-on-v6 port 53 { ::1; any;};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; any;};
.
.
.
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#编辑zone配置文件
[root@Rocky ~]# vi /etc/named.rfc1912.zones
#添加下述内容到最末尾
zone "test.com" IN {
type slave;
masters {10.0.0.10;};
file "slaves/db.test.com";
};
#保存
#检查文件夹权限
[root@Rocky ~]# ll -d /var/named/slaves/
drwxrwx---. 2 named named 25 2月 4日 08:45 /var/named/slaves/
#开启服务
[root@Rocky ~]# systemctl start named
#查看文件是否同步
[root@Rocky ~]# ls /var/named/slaves/
db.test.com
[root@Rocky ~]# file /var/named/slaves/db.test.com
/var/named/slaves/db.test.com: Adobe Photoshop Color swatch, version 0, 2 colors; 1st RGB space (0), w 0x1, x 0x6982, y 0x96b4, z 0; 2nd RGB space (0), w 0, x 0, y 0, z 0
- 修改DNS主服务器的配置
#修改DNS主服务器的配置,并且重启named服务
root@ubuntu:/etc/bind# cat db.test.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA test-db. admin.test.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
NS dns1
NS dns2
dns1 A 10.0.0.10
dns2 A 10.0.0.11
www A 10.0.0.13
* A 10.0.0.200
root@ubuntu:/etc/bind# systemctl restart named
- 重启一下从DNS服务器的进程,方便zone文件同步
[root@Rocky etc]# systemctl restart named
- 配置10.0.0.13nginx服务器
root@ubuntu:~# echo "welcome to 10.0.0.13!" > /var/www/html/index.nginx-debian.html
root@ubuntu:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: active (running) since Wed 2026-02-04 00:54:31 UTC; 19min ago
Docs: man:nginx(8)
Main PID: 2953 (nginx)
Tasks: 3 (limit: 4548)
Memory: 2.4M (peak: 5.3M)
CPU: 18ms
CGroup: /system.slice/nginx.service
├─2953 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
├─2955 "nginx: worker process"
└─2956 "nginx: worker process"
Feb 04 00:54:31 ubuntu systemd[1]: Starting nginx.service - A high performance web server and a reverse >
Feb 04 00:54:31 ubuntu systemd[1]: Started nginx.service - A high performance web server and a reverse >
- 从10.0.0.12服务器dig来验证nginx
[root@OpenEuler ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.10
nameserver 10.0.0.11
#主从DNS服务器开机的情况下,curl来访问域名
[root@OpenEuler ~]# ping 10.0.0.10
PING 10.0.0.10 (10.0.0.10) 56(84) 字节的数据。
64 字节,来自 10.0.0.10: icmp_seq=1 ttl=64 时间=0.205 毫秒
64 字节,来自 10.0.0.10: icmp_seq=2 ttl=64 时间=0.319 毫秒
^C
--- 10.0.0.10 ping 统计 ---
已发送 2 个包, 已接收 2 个包, 0% packet loss, time 1012ms
rtt min/avg/max/mdev = 0.205/0.262/0.319/0.057 ms
[root@OpenEuler ~]# ping 10.0.0.11
PING 10.0.0.11 (10.0.0.11) 56(84) 字节的数据。
64 字节,来自 10.0.0.11: icmp_seq=1 ttl=64 时间=0.675 毫秒
64 字节,来自 10.0.0.11: icmp_seq=2 ttl=64 时间=0.293 毫秒
64 字节,来自 10.0.0.11: icmp_seq=3 ttl=64 时间=0.346 毫秒
^C
--- 10.0.0.11 ping 统计 ---
已发送 3 个包, 已接收 3 个包, 0% packet loss, time 2072ms
rtt min/avg/max/mdev = 0.293/0.438/0.675/0.168 ms
[root@OpenEuler ~]# curl www.test.com
welcome to 10.0.0.13!
#关闭主DNS服务器后,dig来访问域名
[root@OpenEuler ~]# dig www.test.com
;; communications error to 10.0.0.10#53: timed out
;; communications error to 10.0.0.10#53: timed out
;; communications error to 10.0.0.10#53: timed out
; <<>> DiG 9.18.21 <<>> www.test.com
;; global options: +cmd
;; Got answer:
.
.
.
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1c2f976f13de0ae3010000006982a2b6a3718245bb8dc70e (good)
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 604800 IN A 10.0.0.13
;; Query time: 0 msec
;; SERVER: 10.0.0.11#53(10.0.0.11) (UDP)
;; WHEN: Wed Feb 04 09:36:54 CST 2026
;; MSG SIZE rcvd: 85
PS:DNS配置文件更改之后,版本号没有更改,因此从DNS服务器没有拉取最新的。
PS:也可以考虑直接删除从DNS服务器上的slaves里面的文件,重启DNS服务器即可。
2.6.4.3 反向解析
#固定格式
ip地址反着写+in-addr.arpa. 86400 IN PTR www.test.com
#在原来的主从DNS上进行实践
#只需要在主DNS上做反向解析
root@ubuntu:/etc/bind# vi named.conf.default-zones
#添加如下代码进行反向解析
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.0.0.10.in-addr.arpa";
};
root@ubuntu:/etc/bind# cp db.127 db.0.0.10.in-addr.arpa
root@ubuntu:/etc/bind# vi db.0.0.10.in-addr.arpa
#修改为下图所示
root@ubuntu:/etc/bind# cat db.0.0.10.in-addr.arpa
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ptr-test. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS ptr.test.com.
13 IN PTR www.test.com.
14 IN PTR about.test.com.
#检测语法及zone有没有问题
root@ubuntu:/etc/bind# named-checkconf
root@ubuntu:/etc/bind# named-checkzone "0.0.10.in-addr.arpa" db.0.0.10.in-addr.arpa
zone 0.0.10.in-addr.arpa/IN: loaded serial 2
OK
root@ubuntu:/etc/bind# systemctl reload named
#在从DNS上增加反向解析的主DNS服务器
[root@Rocky slaves]# vi /etc/named.rfc1912.zones
zone "0.0.10.in-addr.arpa" IN {
type slave;
masters {10.0.0.10;};
file "slaves/db.0.0.0.10.in-addr.arpa";
[root@Rocky slaves]# systemctl restart named
#在客户端上测试
[root@OpenEuler ~]# dig -t ptr 13.0.0.10.in-addr-arpa
; <<>> DiG 9.18.21 <<>> -t ptr 13.0.0.10.in-addr-arpa
;; global options: +cmd
;; Got answer:
.
.
.
;; Query time: 0 msec
;; SERVER: 10.0.0.10#53(10.0.0.10) (UDP)
;; WHEN: Wed Feb 04 11:15:34 CST 2026
;; MSG SIZE rcvd: 154
[root@OpenEuler ~]# dig -t ptr 13.0.0.10.in-addr-arpa @10.0.0.11
; <<>> DiG 9.18.21 <<>> -t ptr 13.0.0.10.in-addr-arpa @10.0.0.11
;; global options: +cmd
;; Got answer:
.
.
.
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6df2f61d1bbf3346010000006982b9e0c2e55bf5976dc6db (good)
;; QUESTION SECTION:
;13.0.0.10.in-addr-arpa. IN PTR
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2026020302 1800 900 604800 86400
;; Query time: 478 msec
;; SERVER: 10.0.0.11#53(10.0.0.11) (UDP)
;; WHEN: Wed Feb 04 11:15:44 CST 2026
;; MSG SIZE rcvd: 154
2.7 DNS转发-和DNS子域有点类似
2.7.1 基础概念
当前我们配置的DNS,如果自己误解解析,将直接请求根域的DNS服务器解析。
2.7.2 转发类型
正向转发和反向转发
2.7.3 转发模式
-
first模式
- 适用于希望首先利用上游DNS服务器的解析能力,同时保留本地DNS服务器递归查询能力的网络环境
- 提供了更大的灵活性和容错性
-
Only模式
- 适用于那些完全依赖上游DNS服务器进行域名解析的网络环境。
- 本地服DNS服务器不会尝试自己进行递归查询,从而减少了本地DNS服务器的负载和复杂度
- 同时,如果上游DNS服务器无法解析,那么客户端将无法获取该域名的解析结果
浙公网安备 33010602011771号