一、BIND是什么
BIND是互聯網應用最為廣泛的DNS軟件。
二、BIND的安裝與使用
以下內容轉自 http://www.mamicode.com/info-detail-1546484.html
bind的安裝
在Linux上面﹐提供DNS服務的套件是叫bind﹐但執行服務程序名稱則是named。可以yum安裝或者手動編譯安裝,注意,手動編譯安裝,相關的配置文件要手動填寫,這里使用yum安裝,安裝完成后設置服務啟動,并且設置開機啟動
[root@localhost~]#service named status
rndc:neither/etc/rndc.conf nor/etc/rndc.key was found
named is stopped
[root@localhost~]#service named start
Generating/etc/rndc.key:[OK]
Starting named:[OK]
[root@localhost~]#chkconfig named on
[root@localhost~]#chkconfig--list named
named0:off1:off2:on3:on4:on5:on6:off
DNS默認監聽TCP、UDP的53端口
我們知道,每臺DNS服務器都知道根域的位置,安裝完bind后,其根域的配置位于/var/namd/named.ca
[root@localhost~]#cat/var/named/named.
cat:/var/named/named.:No such file or directory
[root@localhost~]#cat/var/named/named.ca
;This file holds the information on root name servers needed to
;initialize cache of Internet domain name servers
;(e.g. referencethisfile in the"cache."
;configuration file of BIND domain name servers).
;
;This file is made available by InterNIC
;under anonymous FTP as
;file/domain/named.cache
;on serverFTP.INTERNIC.NET
;-OR-RS.INTERNIC.NET
;
;last update:December01,2015
;related version of root zone:2015120100
;
; formerly NS.INTERNIC.NET
;
.3600000NSA.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.3600000A198.41.0.4
A.ROOT-SERVERS.NET.3600000AAAA2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.3600000NSB.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.3600000A192.228.79.201
B.ROOT-SERVERS.NET.3600000AAAA2001:500:84::b
;
; FORMERLY C.PSI.NET
;
.3600000NSC.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.3600000A192.33.4.12
C.ROOT-SERVERS.NET.3600000AAAA2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.3600000NSD.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.3600000A199.7.91.13
D.ROOT-SERVERS.NET.3600000AAAA2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.3600000NSE.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.3600000A192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
.3600000NSF.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.3600000A192.5.5.241
F.ROOT-SERVERS.NET.3600000AAAA2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.3600000NSG.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.3600000A192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.3600000NSH.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.3600000A198.97.190.53
H.ROOT-SERVERS.NET.3600000AAAA2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
.3600000NSI.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.3600000A192.36.148.17
I.ROOT-SERVERS.NET.3600000AAAA2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.3600000NSJ.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.3600000A192.58.128.30
J.ROOT-SERVERS.NET.3600000AAAA2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.3600000NSK.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.3600000A193.0.14.129
K.ROOT-SERVERS.NET.3600000AAAA2001:7fd::1
;
; OPERATED BY ICANN
;
.3600000NSL.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.3600000A199.7.83.42
L.ROOT-SERVERS.NET.3600000AAAA2001:500:3::42
;
; OPERATED BY WIDE
;
.3600000NSM.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.3600000A202.12.27.33
M.ROOT-SERVERS.NET.3600000AAAA2001:dc3::35
; End of file
由配置文件我們可以看到,有a-m 13臺根服務器,還有其對應的IP地址,AAAA表示IPv6的地址。
查看bind的主配置文件:/etc/namd.conf,【注意這是C語言的格式,注釋使用“//”,每行結束要有“;”,/* ”與“ */ ”之間則批注一整段文字。】,該文件只包括Bind的基本配置,并不包含任何DNS的區域數據。這個配置文件,可以分為幾部分:
????? options{}:全局配置選項
????? logging{}:日志子系統配置
????? zone:定義了根域的文件位置
????? include "/etc/named.rfc1912.zones";包含了/etc/named.rfc1912.zones這個配置文件,一般吧要添加的域寫在/etc/named.rfc1912.zones,方便管理
????? include "/etc/named.root.key";
[21:02root@centos6.8~]#cat/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port53{127.0.0.1; };/*DNS監聽的本機IP地址和端口,默認是本機的環回地址*/
listen-on-v6 port53{::1; };
directory"/var/named";/*指定了named的資源記錄( RR - Resource Record )檔案目錄所在位置“/var/named”﹔也就是說﹐它會到這個目錄下面尋找DNS記錄檔案。*/
dump-file"/var/named/data/cache_dump.db";/*當執行rndc dumpdb時服務器dump文件的路徑*/
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{ localhost; };/*允許查詢RR表的機器,localhost表示是本機的所有IP地址*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone"."IN {//在這個文件中是用zone關鍵字來定義域區的,一個zone關鍵字定義一個域區,但是為表規范,通常我們在/etc//named.rfc1912.zones文件添加相應的域名記錄
type hint;/*在這里type類型有三種,它們分別是master,slave和hint它們的含義分別是:
master:表示定義的是主域名服務器
slave :表示定義的是輔助域名服務器
hint:表示是互聯網中根域名服務器
*/
file"named.ca";/*由于上面已經定義directory是/var/named目錄,所以這里是相對路徑表示,表示是/*var/namd/namd.ca*/
};
include"/etc/named.rfc1912.zones";
include"/etc/named.root.key";
搭建DNS服務器
正向解析步驟:
(1)按需修改named.conf,這里修改默認的監聽IP,將默認127.0.0.1改成local本機所有IP地址,并且允許所有機器能查詢,將allow-query的值改為any,表示允許所有機器IP查詢
(2)建立需要添加的域名,這里在/etc/namd.rfc1912.zones文件添加相應的域名記錄
(3)添加相應的資源記錄表格,根據配置文件的定義,在/var/named目錄下建立相應的RR
(4)修改RR的屬主屬組為named,同時修改相關權限,重啟DNS服務即可生效
修改named.conf文件
[21:28root@centos6.8~]#cat!$
cat/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
//listen-on port 53 { 127.0.0.1; };修改的地方,注釋掉該行
listen-on-v6 port53{::1; };
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{ any; };//修改的地方
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone"."IN {
type hint;
file"named.ca";
};
include"/etc/named.rfc1912.zones";
include"/etc/named.root.key";
添加測試域名nihao.com
[21:33root@centos6.8~]#cat!$
cat/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"localhost"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa"IN {
type master;
file"named.empty";
allow-update { none; };
};
zone"nihao.com"IN {
type master;
file"nihao.zone"
};
添加RR
[21:46root@centos6.8~]#cat!$
cat/var/named/nihao.zone
$TTL86400
@IN SOA dns.nihao.com. admin.nihao.com. (
2016092301
1H
30M
1W
1D )
@IN NS dns.nihao.com.
dns.nihao.com.IN A172.18.16.137
@IN MX mail
mailIN A1.1.1.2
wwwIN A119.75.218.70
重啟DNS服務后測試成功
[21:48root@centos6.8~]#service named restart
Stopping named:[OK]
Starting named:[OK]
[root@localhost~]#dig www.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:33430
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;www.nihao.com.INA
;; ANSWER SECTION:
www.nihao.com.86400INA119.75.218.70
;; AUTHORITY SECTION:
nihao.com.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:3msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Fri Sep2322:37:462016
;; MSG SIZErcvd:81
[root@localhost~]#dig mail.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>mail.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:45751
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;mail.nihao.com.INA
;; ANSWER SECTION:
mail.nihao.com.86400INA1.1.1.2
;; AUTHORITY SECTION:
nihao.com.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:1msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Fri Sep2322:37:542016
;; MSG SIZErcvd:82
反向解析步驟:注意:由于正向解析和反向解析用的是不同的數據庫,所以必須要新建一個zone和對應的RR資源記錄
??????? (1)按需修改named.conf,與正向保持一致即可
??????? (2)建立需要添加的域名,這里在/etc/namd.rfc1912.zones文件添加相應的域名記錄
【注意:改域名的名字不能順便起,要按相應的IP或IP段反寫,并加上.in-addr.arpa,否則反向解析會不成功】
??????? (3)添加相應的資源記錄表格,根據配置文件的定義,在/var/named目錄下建立相應的RR
【注意:SOA記錄與正向保持一致即可,另外不需要添加A記錄,但是需要要有NS記錄,同時VALUE值要寫上全稱,否則會加上默認的@GENERATE:第二步取的反向域名的名字】
??????? (4)修改RR的屬主屬組為named,同時修改相關權限,重啟DNS服務即可生效
在最后添加反向解析域名:
[11:03root@centos6.8/var/named]#cat/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"localhost"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa"IN {
type master;
file"named.empty";
allow-update { none; };
};
zone"nihao.com"IN {
type master;
file"nihao.zone";
};
zone"16.18.172.in-addr.arpa"IN {
type master;
file"172.18.16.zone";
};
新建反向解析的RR:
[11:11root@centos6.8/var/named]#cat172.18.16.zone
$TTL86400
@IN SOA dns.nihao.com. admin.nihao.com. (
2016092301
1H
30M
1W
1D )
@IN NS dns.nihao.com.//NS記錄是必須的
@INMX10mail.nihao.com.//要寫上全程,否則會自動補上方向域名:16.18.172.in-addr.arpa.
111IN PTRwww.nihao.com.
?222IN PTR mail.nihao.com.
重啟服務測試,正常:
[root@localhost~]#dig-x172.18.16.111@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>-x172.18.16.111@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:60893
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;111.16.18.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
111.16.18.172.in-addr.arpa.86400INPTRwww.16.18.172.in-addr.arpa.
;; AUTHORITY SECTION:
16.18.172.in-addr.arpa.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:2msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2410:52:482016
;; MSG SIZErcvd:105
[root@localhost~]#dig-x172.18.16.222@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>-x172.18.16.222@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:48589
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;222.16.18.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
222.16.18.172.in-addr.arpa.86400INPTRmail.nihao.com.
;; AUTHORITY SECTION:
16.18.172.in-addr.arpa.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:2msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2411:03:092016
;; MSG SIZErcvd:106
3、搭建主從DNS服務器
所謂的主從,并不是指主DNS服務器解析不出來進而到從DNS服務器請求解析,而是當主DNS服務器down機了,才會到從DNS服務器請求解析,因為所有的DNS數據庫在所有的DNS服務器都是相同的,一臺DNS服務器解析不出來,其他的DNS服務也解析不出來
有幾點需要注意:
主服務器的區域解析庫文件中必須有一條NS記錄指向從服務器
從服務器只需要定義區域,而無須提供解析庫文件;解析庫文件應該放置于/var/named/slaves/目錄中
因此主從DNS服務器的部署很簡單(這里僅演示正向查詢,反向查詢再添加一個反向zone記錄即可):
????? (1)主DNS的RR記錄添加一天指向從DNS的NS記錄
????? (2)從DNS添加相同zone,并且把RR記錄放置在/var/named/slaves/目錄中即可
定義從區域的方法:
zone "ZONE_NAME" IN {
type slave;
masters { MASTER_IP; };
file "slaves/ZONE_NAME.zone";
};
????? (3)修改相關的屬組屬主和權限,重啟named服務即可
主DNS添加NS指向從DNS
[11:31root@centos6.8/var/named]#cat!$
cat nihao.zone
$TTL86400
@IN SOA dns.nihao.com. admin.nihao.com. (
2016092301
1H
30M
1W
1D )
@IN NS dns.nihao.com.
@IN NS dns1.nihao.com.
dnsIN A172.18.16.137
dns1IN A172.18.16.113
wwwIN A172.18.16.111
@IN MX10mail
mailIN A172.18.16.222
設置從DNS的zone
[11:38root@localhost.localdomain~]#cat/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"localhost"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa"IN {
type master;
file"named.empty";
allow-update { none; };
};
zone"nihao.com"IN {
type slave;
file"slaves/nihao.com.zone";
masters {172.18.16.137; };
};
[11:37root@localhost.localdomain~]#service named restart
Stopping named:.[OK]
Starting named:[OK]
[11:38root@localhost.localdomain~]#ll/var/named/slaves/
total4
-rw-r--r--.1named named379Sep2411:38nihao.com.zone#已經自動同步RR記錄
測試:主機down機(停掉DNS服務),從DNS正常工作
[11:40root@centos6.8/var/named]#service named stop
Stopping named:.[OK]
[11:41root@centos6.8/var/named]#dig www.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.137
;; global options:+cmd
;; connection timed out; no servers could be reached
[11:41root@centos6.8/var/named]#dig www.nihao.com@172.18.16.113
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.113
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:57600
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;www.nihao.com.INA
;; ANSWER SECTION:
www.nihao.com.86400INA172.18.16.111
;; AUTHORITY SECTION:
nihao.com.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:9msec
;; SERVER:172.18.16.113#53(172.18.16.113)
;; WHEN:Sat Sep2411:42:512016
;; MSG SIZErcvd:81
4、實現DNS子域
子域授權的實現:假我們一家公司獲得了某一個域的使用權、而我們想在這個域下分出幾個子域來分別分給一些部門使用、這樣也方便管理、舉個例子:nihao.com下有兩個子域、分別是tech.nihao.com、fin.nihao.com、而他們兩個下面也他別有自己的www和mail等主機、而每一個域內最主要的一臺主機就是dns主機、所謂子域授權就是在父域的配置文件中添加如下項:
實現DNS子域步驟:
????? (1)要授權給誰要明確說明、也就是授權的子區域名稱:在父域RR中添加一條NS指向子域的DNS
????? (2)按照前面的步驟配置子域的DNS服務器即可
就是這么簡單,下面來實驗演示:
在父域RR中添加一條NS指向子域的DNS
[13:38root@centos6.8/var/named]#cat/var/named/nihao.zone
$TTL86400
@IN SOA dns.nihao.com. admin.nihao.com. (
2016092301
1H
30M
1W
1D )
@IN NS dns.nihao.com.
dnsIN A172.18.16.137
wwwIN A172.18.16.111
@IN MX10mail
mailIN A172.18.16.222
techIN NS dns.tech
dns.techIN A172.18.16.113
在子域DNS服務器建立zone和RR
[13:38root@localhost.localdomain~]#cat/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"localhost"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa"IN {
type master;
file"named.empty";
allow-update { none; };
};
zone"tech.nihao.com"IN {
type master;
file"tech.nihao.com.zone";
};
[13:45root@localhost.localdomain~]#cat/var/named/tech.nihao.com.zone
$TTL1D
@IN SOA dns.tech.nihao.com. admin.nihao.com. (
2016092401
1H
30M
1W
1D
)
@IN NS dns
dnsIN A172.18.16.113
wwwIN A1.1.1.1
@IN MX10mail
mailIN A2.2.2.2
測試解析子域機器成功
[13:37root@localhost.localdomain~]#dig www.tech.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.tech.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:44573
;; flags:qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:0
;; QUESTION SECTION:
;www.tech.nihao.com.INA
;; ANSWER SECTION:
www.tech.nihao.com.86400INA1.1.1.1
;; AUTHORITY SECTION:
tech.nihao.com.86400INNSdns.tech.nihao.com.
;; Query time:241msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2413:38:182016
;; MSG SIZErcvd:70
[13:38root@localhost.localdomain~]#dig mail.tech.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>mail.tech.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:6140
;; flags:qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:0
;; QUESTION SECTION:
;mail.tech.nihao.com.INA
;; ANSWER SECTION:
mail.tech.nihao.com.86400INA2.2.2.2
;; AUTHORITY SECTION:
tech.nihao.com.86400INNSdns.tech.nihao.com.
;; Query time:4msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2413:38:282016
;; MSG SIZErcvd:71
5、實現DNS視圖view
Bind 9開始,bind支持視圖功能。什么是視圖呢?就是以某種特殊的方式根據用戶來源的不同而返回不同的查詢結果。比如同樣是訪問www.baidu.com,DNS返送給電信用戶和聯通用戶的IP地址是不一樣的,這樣既可以達到分流效果,也提高了用戶的訪問速度,在CDN中應用較廣泛。
需要注意的是:
????? (1)、如果使用了視圖的功能,那么配置文件中的所有zone區域都要必須寫在視圖里面,如,配置文件里默認要配置的三個區域,根、127.0.0.1、1.0.0.127.in-addr.arpa都要寫入視圖。
????? (2)、在acl中定義IP地址,IP地址的寫法可以是單個IP地址也可以是一個IP地址段加掩碼,如:192.168.0.0/24。
????? (3)、視圖是根據配置文件從上往下匹配的,所以希望優先訪問的資源記錄文件,區域應該盡量寫前面。
????? (4)、如果定義的若干個視圖的IP地址不全的話,那么可以在最后定義一個默認視圖,match-clients選項中的IP地址寫上any,代表如果此次訪問的IP地址上面沒有一個能匹配到,則在此處歸類。
因此,實現DNS試圖view步驟:
????? (1):修改配置文件named.conf,,定義相應的acl和view
????? (2):創建每個view的zone對于的RR文件
????? (3):重啟DNS服務后測試
下面來進行模擬實驗:
規劃:172.18.16.137的這個用戶訪問www.nihao.com的IP地址是1.1.1.1
172.18.16.113的這個用戶訪問www.nihao.com的IP地址是2.2.2.2(我的機器少只能模擬兩個主機,這里寫上網段也可以)
說明,這里僅實驗最簡單的view,只實現正向查詢,并沒有包括根和反向查詢,想添加直接寫上相應的內容即可
編輯named.conf文件,創建相應的acl和view:
[15:56root@centos6.8/var/named]#cat/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl Anet {
172.18.16.137;
};
acl Bnet {
172.18.16.113;
};
options {
listen-on port53{ any; };
listen-on-v6 port53{::1; };
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{ any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
view Anet {
match-clients { Anet; };
zone"nihao.com"IN {
type master;
file"Anet.nihao.com.zone";
};
};
view Bnet {
match-clients { Bnet;};
zone"nihao.com"IN {
type master;
file"Bnet.nihao.com.zone";
};
};
view Default {
match-clients {any;};
zone"nihao.com"IN {
type master;
file"Bnet.nihao.com.zone";
};
};
創建每個view的zone對于的RR文件
[15:59root@centos6.8/var/named]#cat/var/named/Anet.nihao.com.zone
$TTL86400
@IN SOA ns.nihao.com. admin.nihao.com. (
2016092401
30M
10M
1W
1D
)
@IN NS ns
nsIN A172.18.16.137
wwwIN A1.1.1.1
[15:59root@centos6.8/var/named]#cat/var/named/Bnet.nihao.com.zone
$TTL86400
@IN SOA ns.nihao.com. admin.nihao.com. (
2016092401
30M
10M
1W
1D
)
@IN NS ns
nsIN A172.18.16.137
wwwIN A2.2.2.2
測試,同樣是訪問www.nihao.com,,但是DNS返回的IP不一樣,實現了所謂的智能DNS效果
[15:59root@centos6.8/var/named]#ifconfig
eth0Link encap:EthernetHWaddr00:0C:29:7D:87:20
inet addr:172.18.16.137Bcast:172.18.16.255Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe7d:8720/64Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:481348errors:0dropped:0overruns:0frame:0
TX packets:18543errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:1000
RX bytes:44699057(42.6MiB)TX bytes:2262423(2.1MiB)
loLink encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
inet6 addr:::1/128Scope:Host
UP LOOPBACK RUNNINGMTU:65536Metric:1
RX packets:325errors:0dropped:0overruns:0frame:0
TX packets:325errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:0
RX bytes:32316(31.5KiB)TX bytes:32316(31.5KiB)
[16:00root@centos6.8/var/named]#digwww.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:46531
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;www.nihao.com.INA
;; ANSWER SECTION:
www.nihao.com.86400INA1.1.1.1
;; AUTHORITY SECTION:
nihao.com.86400INNSns.nihao.com.
;; ADDITIONAL SECTION:
ns.nihao.com.86400INA172.18.16.137
;; Query time:2msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2416:01:032016
;; MSG SIZErcvd:80
[15:56root@localhost.localdomain~]#ifconfig
eth0Link encap:EthernetHWaddr00:0C:29:90:2E:03
inet addr:172.18.16.113Bcast:172.18.16.255Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe90:2e03/64Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:60372errors:0dropped:0overruns:0frame:0
TX packets:10143errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:1000
RX bytes:16734660(15.9MiB)TX bytes:1024521(1000.5KiB)
loLink encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
inet6 addr:::1/128Scope:Host
UP LOOPBACK RUNNINGMTU:65536Metric:1
RX packets:99errors:0dropped:0overruns:0frame:0
TX packets:99errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:0
RX bytes:11851(11.5KiB)TX bytes:11851(11.5KiB)
[15:56root@localhost.localdomain~]#dig www.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:63334
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;www.nihao.com.INA
;; ANSWER SECTION:
www.nihao.com.86400INA2.2.2.2
;; AUTHORITY SECTION:
nihao.com.86400INNSns.nihao.com.
;; ADDITIONAL SECTION:
ns.nihao.com.86400INA172.18.16.137
;; Query time:3msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2415:56:532016
;; MSG SIZErcvd:80
三、動態更新域名
可以使用nsupdate命令動態更新域名。
a)使用格式(http://www.xiaobo.li/?p=254)
????? > server 192.168.0.1 53
????? local address [ port ]
????? 發送nsupdate請求時,使用的本地地址和端口.
????? zone zonename
????? 指定需要更新的區名.
????? class classname
????? 指定默認類別.默認的類別是IN.
????? key name secret
????? 指定所有更新使用的密鑰.
????? prereq nxdomain domain-name
????? 要求domain-name中不存在任何資源記錄.
????? prereq yxdomain domain-name
????? 要求domain-name存在,并且至少包含有一條記錄.
????? prereq nxrrset domain-name [class ] type
????? 要求domain-name中沒有指定類別的資源記錄.
????? prereq yxrrset domain-name [class ] type
????? 要求存在一條指定的資源記錄.類別和domain-name必須存在.
????? update delete domain-name [ ttl] [ class ] [ type [ data... ] ]
????? 刪除domain-name的資源記錄.如果指定了type和data,僅刪除匹配的記錄.
????? update add domain-name ttl [class ] type data…
????? 添加一條資源記錄.
????? show
????? 顯示自send命令后,所有的要求信息和更新請求.
????? send
????? 將要求信息和更新請求發送到DNS服務器.等同于輸入一個空行.
b)遇到的問題
????? 在使用nsupdate的過程中,在輸入正確命令的情況下仍返回REFUSE的錯誤,日志給的提示是,jnl文件不能創建,在查找了一些資料后,發現是BIND數據目錄(BIND存放zone文件的目錄)沒有設置好權限,在敲入chmod命令給目錄設置更高權限后,問題得到解決。
