DNS 域名解析服务
使用BIND域名解析服务
1 安装
[root@db1 ~]# yum install bind-chroot -y
主配置文件,用来定义 bind 服务程序的运行
[root@db1 ~]# ll /etc/named.conf -rw-r----- 1 root named 1806 Aug 8 2019 /etc/named.conf
区域配置文件,用来保存域名和 IP 地址对应关系的所在位置。
[root@db1 ~]# ll /etc/named.rfc1912.zones -rw-r----- 1 root named 931 Jun 21 2007 /etc/named.rfc1912.zones
数据配置文件目录,该目录用来保存域名和 IP 地址真实对应关系的数据配置文件
[root@db1 ~]# ll /var/named drwxr-x--- 7 root named 61 Apr 13 14:38 chroot drwxrwx--- 2 named named 6 Aug 8 2019 data drwxrwx--- 2 named named 6 Aug 8 2019 dynamic -rw-r----- 1 root named 2253 Apr 5 2018 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback drwxrwx--- 2 named named 6 Aug 8 2019 slaves
在 Linux 系统中, bind 服务程序的名称为 named。首先需要在/etc 目录中找到该服务程序的配置文件
[root@db1 ~]# vim /etc/named.conf 12 options { 13 listen-on port 53 { any; }; 21 allow-query { any; };
服务类型有三种,分别为 hint(根区域)、 master(主区域)、 slave(辅助区域),其中常用的 master 和 slave 指的就是主服务器和从服务器。
正向解析参数
zone "hongquan.com" IN { type master; file "hongquan.com.zone"; ##服务类型,域名与ip地址解析规划保存的文件位置 allow-update { none; }; ##允许哪些客户机动态更新解析服务 };
反向解析参数
zone "10.168.192.in-addr.arpa" IN { ##表示192.168.10.0/24网段的反向解析区域 type master; file "192.168.10.arpa"; allow-update { none; }; };
2 正向解析实验
[root@db1 ~]# vim /etc/named.rfc1912.zones zone "hongquan.com" IN { type master; file "hongquan.com.zone"; allow-update { none; }; };
[root@db1 ~]# cd /var/named [root@db1 named]# ll -al named.localhost -rw-r----- 1 root named 152 Jun 21 2007 named.localhost [root@db1 named]# cp -a named.localhost hongquan.com.zone [root@db1 named]# vim hongquan.com.zone $TTL 1D #生存周期为 1 天 @ IN SOA hongquan.com. root.hongquan.com. ( #授权信息开始 #DNS区域的地址 ##域名管理员的邮箱(不要用@符号) 0 ; serial#更新序列号 1D ; refresh#更新时间 1H ; retry#重试延时 1W ; expire#失效时间 3H ) ; minimum#无效解析记录的缓存时间 @ IN NS ns.hongquan.com #域名服务器记录 ns IN A 10.15.7.26 #地址记录(ns.hongquan.com.) www IN A 10.15.7.26 #地址记录(www.hongquan.com.) mail IN A 10.15.7.26 #地址记录(mail.hongquan.com.) 注意: $TTL 3600:表示定义默认TTL值,所以在下面的所有资源记录都不用在写TTL值; $ORIGIN hongquan.com.:作用是在资源记录中像"ns1.hongquan.com."就可以简写为ns1,会继承$ORIGIN后面定义的域名;
[root@db1 named]# systemctl restart named [root@db1 named]# journalctl -xe -- Unit named.service has begun starting up. Apr 13 16:08:07 db1 bash[10561]: zone hongquan.com/IN: NS 'ns.hongquan.com.hongquan.com' has no address records (A or AAAA) Apr 13 16:08:07 db1 bash[10561]: zone hongquan.com/IN: not loaded due to errors. Apr 13 16:08:07 db1 bash[10561]: _default/hongquan.com/IN: bad zone Apr 13 16:08:07 db1 systemd[1]: named.service: control process exited, code=exited status=1 Apr 13 16:08:07 db1 systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). [root@db1 named]# systemctl restart named [root@db1 named]# cat hongquan.com.zone $TTL 1D @ IN SOA hongquan.com. root.hongquan.com ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.hongquan.com. ns IN A 10.15.7.26 www IN A 10.15.7.26 mail IN A 10.15.7.26 bbs IN A 10.15.7.26
验证结果
# systemctl restart network [root@db1 named]# nslookup -bash: nslookup: command not found ## yum provides */nslookup [root@db1 named]# yum install -y bind-utils [root@db1 named]# nslookup > www.hongquan.com Server: 10.15.7.26 Address: 10.15.7.26#53 Name: www.hongquan.com Address: 10.15.7.26 > bbs.hongquan.com Server: 10.15.7.26 Address: 10.15.7.26#53 Name: bbs.hongquan.com Address: 10.15.7.26
3 反向解析
[root@db1 named]# vim /etc/named.rfc1912.zones zone "hongquan.com" IN { type master; file "hongquan.com.zone"; allow-update { none; }; }; zone "7.15.10.in-addr.arpa" IN { type master; file "10.15.7.arpa"; allow-update { none; }; };
编辑配置文件
[root@db1 named]# cp -a named.loopback 10.15.7.arpa [root@db1 named]# more 10.15.7.arpa $TTL 1D @ IN SOA hongquan.com. root.hongquan.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.hongquan.com. ns IN A 10.15.7.26 10 IN PTR ns.hongquan.com. 10 IN PTR mail.hongquan.com. >>将10.15.7.10 解析成mail.hongquan.com 10 IN PTR www.hongquan.com. 20 IN PTR bbs.hongquan.com. [root@db1 named]# systemctl restart named
检查结果
[root@db1 named]# nslookup > 10.15.7.26 ** server can't find 26.7.15.10.in-addr.arpa: NXDOMAIN [root@db1 named]# more 10.15.7.arpa $TTL 1D @ IN SOA hongquan.com. root.hongquan.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.hongquan.com. ns IN A 10.15.7.26 26 IN PTR ns.hongquan.com. 26 IN PTR mail.hongquan.com. 26 IN PTR www.hongquan.com. 26 IN PTR bbs.hongquan.com. [root@localhost named]# named-checkconf [root@db1 named]# nslookup > 10.15.7.26 26.7.15.10.in-addr.arpa name = bbs.hongquan.com. 26.7.15.10.in-addr.arpa name = mail.hongquan.com. 26.7.15.10.in-addr.arpa name = www.hongquan.com. 26.7.15.10.in-addr.arpa name = ns.hongquan.com. ##firewall-cmd –zone=public –add-service=dns ----permanent
4 部署从服务器
主服务器 centos7.4 10.15.7.26
从服务器 centos7.4 10.15.7.27
[root@db1 named]# vim /etc/named.rfc1912.zones zone "hongquan.com" IN { type master; file "hongquan.com.zone"; allow-update { 10.15.7.27; }; }; zone "7.15.10.in-addr.arpa" IN { type master; file "10.15.7.arpa"; allow-update { 10.15.7.27; }; };
[root@db2 ~]# vim /etc/named.rfc1912.zones zone "hongquan.com" IN { type slave; masters {10.15.7.26;}; file "slaves/hongquan.com.zone"; }; zone "7.15.10.in-addr.arpa" IN { type slave; masters {10.15.7.26;}; file "slaves/10.15.7.arpa"; };
[root@db2 named]# systemctl restart named [root@db2 slaves]# ll /var/named/slaves/ #从服务器从主服务器获取到的数据配置文件 total 8 -rw-r--r-- 1 named named 358 Apr 13 17:13 10.15.7.arpa -rw-r--r-- 1 named named 355 Apr 13 17:13 hongquan.com.zone
验证结果
[root@db2 slaves]# vim /etc/sysconfig/network-scripts/ifcfg-bond0 [root@db2 slaves]# systemctl restart network [root@db2 slaves]# nslookup > www.hongquan.com Server: 10.15.7.26 Address: 10.15.7.26#53 Name: www.hongquan.com Address: 10.15.7.26 > 10.15.7.26 26.7.15.10.in-addr.arpa name = bbs.hongquan.com. 26.7.15.10.in-addr.arpa name = ns.hongquan.com. 26.7.15.10.in-addr.arpa name = www.hongquan.com. 26.7.15.10.in-addr.arpa name = mail.hongquan.com. > exit
