實(shí)驗(yàn)環(huán)境: 做dns緩存的主機(jī) 192.168.44.136
客戶機(jī) 192.168.44.137
惟緩存DNS服務(wù)器 cache only
[root@tianyun ~]# dig @192.168.2.168 www.126.com //使用指定的DNS
[root@tianyun ~]host www.baidu.com 192.168.44.2 //使用DNS服務(wù)器192.168.5.240解析
一、.部署DNS服務(wù)器
[root@aliyun ~]# yum -y install bind bind-chroot
[root@aliyun ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
[root@aliyun ~]# systemctl restart named
[root@aliyun ~]# systemctl enable named
[root@aliyun ~]# ss -tuln |grep :53 |column -t
udp UNCONN 0 0 114.215.71.214:53 *:*
udp UNCONN 0 0 10.29.89.165:53 *:*
udp UNCONN 0 0 127.0.0.1:53 *:*
udp UNCONN 0 0 :::53 :::*
tcp LISTEN 0 10 114.215.71.214:53 *:*
tcp LISTEN 0 10 10.29.89.165:53 *:*
tcp LISTEN 0 10 127.0.0.1:53 *:*
tcp LISTEN 0 10 :::53 :::*
aliyun默認(rèn)未開(kāi)啟防火墻firewalld
[root@aliyun ~]# firewall-cmd --permanent --add-service=dns
[root@aliyun ~]# firewall-cmd --reload
2.客戶端測(cè)試DNS解析(192.168.44.137)
[root@yang ~]# cat /etc/resolv.conf
nameserver 192.168.44.136
DNS服務(wù)器正常提供服務(wù)后
[root@localhost ~]# dig www.baidu.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9602
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 994 IN CNAME www.a.shifen.com.
www.a.shifen.com. 95 IN A 61.135.169.121
www.a.shifen.com. 95 IN A 61.135.169.125
;; AUTHORITY SECTION:
a.shifen.com. 994 IN NS ns5.a.shifen.com.
a.shifen.com. 994 IN NS ns4.a.shifen.com.
a.shifen.com. 994 IN NS ns3.a.shifen.com.
a.shifen.com. 994 IN NS ns2.a.shifen.com.
a.shifen.com. 994 IN NS ns1.a.shifen.com.
;; ADDITIONAL SECTION:
ns4.a.shifen.com. 994 IN A 115.239.210.176
ns2.a.shifen.com. 994 IN A 180.149.133.241
ns3.a.shifen.com. 994 IN A 61.135.162.215
ns1.a.shifen.com. 994 IN A 61.135.165.224
ns5.a.shifen.com. 994 IN A 119.75.222.17
;; Query time: 0 msec
;; SERVER: 192.168.44.136#53(192.168.44.136)
;; WHEN: Tue May 29 07:26:08 EDT 2018
;; MSG SIZE rcvd: 271
可以看出 ;; flags: qr rd ra; 此處沒(méi)有aa, 表明是非 權(quán)威查詢
查看DNS服務(wù)主配置文件
[root@aliyun ~]# vim /etc/named.conf
根提示區(qū)域 [默認(rèn)]
zone "." IN {
type hint;
file "named.ca";
};
DNS轉(zhuǎn)發(fā)Forward [通常轉(zhuǎn)發(fā)到上一級(jí)的DNS服務(wù)器]
options {
...
forwarders { 114.114.114.114; 202.106.0.20; };
};
==正向區(qū): 提供正向解析,即將域名解析為IP
==反向區(qū): 提供反向解析,即將IP解析為域名 [了解]
正向解析
yum -y install bind-utils bind-chroot bind
機(jī)子 10.0.0.21
vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=10.0.0.21
PREFIX=24
DNS1=10.0.0.21 //modify
GATEWAY=10.0.0.2
DEFROUTE=yes
vim /etc/named.conf
listen-on port 53 { any; }; //modify
listen-on-v6 port 53 { any; };//modify
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };//modify
vim /etc/named.rfc1912.zones 添加下面代碼
zone "linux.com" IN {
type master;
file "linux.com.zone";
allow-update { none; };
};
touch /var/namedlinux.com.zone
chown .named /var/named/linux.com.zone
cat > /var/named/linux.com.zone <<eof
$TTL 600
@ IN SOA linux.com. root.linux.com. ( 2017033100 1H 15M 1W 1D )
@ IN NS dns
dns IN A 192.168.44.136
www IN A 119.75.218.70
eof
[root@localhost named]# nslookup
> www.linux.com
Server: 10.0.0.21
Address: 10.0.0.21#53
Name: www.linux.com
Address: 119.75.218.70
數(shù)據(jù)庫(kù)文件:
@ 表示當(dāng)前域名
www.tianyun.com. = www
第一個(gè)字段繼承
SOA: 起始授權(quán)記錄 強(qiáng)制
NS: DNS服務(wù)器記錄 強(qiáng)制
A: 主機(jī)記錄
CNAME: 別名記錄
反向解析
vim /etc/named.rfc1912.zones
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.db";
allow-update { none; };
};
vim /var/named/10.0.0.db
$TTL 600
@ IN SOA linux.com. root.linux.com. ( 2017033100 1H 15M 1W 1D )
IN NS dns.linux.com.
20 IN PTR www.linux.com.
20 IN PTR ns1.linux.com.
[root@localhost named]# chown .named /var/named/10.0.0.db
[root@localhost named]# systemctl restart named
[root@localhost named]# nslookup
> 10.0.0.20
Server: 10.0.0.21
Address: 10.0.0.21#53
20.0.0.10.in-addr.arpa name = www.linux.com.
20.0.0.10.in-addr.arpa name = ns1.linux.com.