DNS服务器工作原理
安装/etc/nsswitch.conf中顺序解析dns;
请求163.com
查询方式
①递归:客户端请求dns,必须返回ip;
②迭代:服务器直接不断返回,不断循环查询;
传输方式
1、udp:用户请求dns查询;
2、tcp:主辅dns服务器同步信息;
dns服务器类型
1、主辅dns(平级)
主dns:有读写;
辅dns:只有同步后的读。
dns服务器搭建
serverX:
#yum -y install bind //bind软件包 unbound新的软件包
#vim /etc/named.conf //主配置文件
listen-on port 53 { any; };//服务对象为任意
allow-query { any; }; //查询对象为任意
.......
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no; //dns安全关掉
.......
zone "wode.com" IN {
type master;
file "wode"; //数据库文件
}; //主wode.com域声明
zone "0.25.172.in-addr.arpa" IN {
type master;
file "fan";
}; //反向查询声明;网络号反写;
#cd /var/named
#cp named.localhost wode
#cp named.localhost fan //配置ldap数据库的模板文件
#chgrp named wode fan //修改所属组为named
#vim wode
$TTL 1D //起始授权记录 邮件联系人
@ IN SOA dns.wode.com. root.wode.com. (
0 ; serial //
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.wode.com. //@本域 IN表Internet
dns IN A 172.25.0.11 //NS描述dns;dns是省略dns.wode.com;
@ IN MX 5 mail.wode.com. //A:域名到ip;
mail IN A 172.25.0.11 //邮件是MX;
www IN A 172.25.0.11 //www是省略www.wode.com;
ftp IN CNAME www //cname是别名;
#vim fan
$TTL 1D
@ IN SOA dns.wode.com. root.wode.com. (
0 ; serial //序列号,主从同步时间;每次修改完+1,从自动同步;
1D ; refresh //自动更新时间
1H ; retry //重置时间
1W ; expire //过期时间
3H ) ; minimum
@ IN NS dns.wode.com.
11 IN PTR dns.wode.com. //PTR:ip到域名;
@ IN MX 5 mail.wode.com. //5是优先级
11 IN PTR mail.wode.com. // 11是网络号反写 11.25.172可以补全写
11 IN PTR www.wode.com.
#systemctl stop firewall.service
#systemctl start named.service
desktopX:
#vim /etc/resolv.conf
nameserver 172.25.X.11
三种查询方式:
#nslookup
>www.wdoe.com
>172.25.X.11
server: 172.25.0.11
address: 172.25.0.11#53 //dns服务器地址
Name: www.wode.com
address: 172.25.0.11 //网址ip
>set type=mx|ns|soa
>wode.com
>exit
#dig www.wode.com
#dig -x 172.25.X.11
#dig -t mx|ns|soa wode.com
#host www.wode.com
#host 172.25.X.11
#host -t mx|ns|soa wode.com
公司dns可以是ISP的,只要添加A记录即可;
---------------------------------------------
主辅DNS服务器:(备份)
主serverX:
#vim /etc/named.conf
zone "wode.com" IN {
type master;
file "wode";
allow-transfer { 172.25.0.10; };
}; //辅dns
zone "0.25.172.in-addr.arpa" IN {
type master;
file "fan";
allow-transfer { 172.25.0.10; };
};
#vim /var/named/wode
$TTL 1D
@ IN SOA dns.wode.com. root.wode.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.wode.com.
dns IN A 172.25.0.11
@ IN NS dns1.wode.com.
dns1 IN A 172.25.0.10
@ IN MX 5 mail.wode.com.
mail IN A 172.25.0.11
www IN A 172.25.0.11
ftp IN CNAME www
#vim /var/named/fan
$TTL 1D
@ IN SOA dns.wode.com. root.wode.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.wode.com.
11 IN PTR dns.wode.com.
@ IN NS dns1.wode.com.
10 IN PTR dns1.wode.com.
@ IN MX 5 mail.wode.com.
11 IN PTR mail.wode.com.
11 IN PTR www.wode.com.
#systemctl restart named(1)
辅dns搭建:
desktopX:
yum -y install bind
#vim /etc/named.conf
zone "wode.com" IN {
type slave;
file "slaves/fuzhuwode";
masters { 172.25.0.11; };
};
zone "0.25.172.in-addr.arpa" IN {
type slave;
file "slaves/fuzhufan";
masters { 172.25.0.11; };
};
#systemctl stop firewalld.service
#systemctl start named.service(2)
测试:
foundationX:
#vim /etc/resolv.conf
nameserver 172.25.X.11
nameserver 172.25.X.102、子域授权
abc.wode.com域授权给wode.com域才能查下一级。
迭代查询下一级域名。
wode.com域:
serverX:
#vim /var/named/wode
abc.wode.com. IN NS dns.abc.wode.com.
dns.abc.wode.com. IN A 172.25.X.10
//添加abc.wode.com域的ip记录
#vim /var/named/fan
abc.wode.com. IN NS dns.abc.wode.com.
10 IN PTR dns.abc.wode.com.
#systemctl restart named(1)
配置abc.wode.com域:
desktopX:
#vim /etc/named.conf
zone "abc.wode.com" IN {
type master;
file "abcwode";
};
zone "0.25.172.in-addr.arpa" IN {
type master;
file "abcfan";
};
#cd /var/named
#cp named.localhost abcwode
#cp named.localhost abcfan
#chgrp named abcwode abcfan
#vim abcwode
$TTL 1D
@ IN SOA dns.abc.wode.com. root.abc.wode.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.abc.wode.com.
dns IN A 172.25.0.10
@ IN MX 5 mail.abc.wode.com.
mail IN A 172.25.0.10
www IN A 172.25.0.10
#vim abcfan
$TTL 1D
@ IN SOA dns.abc.wode.com. root.abc.wode.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.abc.wode.com.
10 IN PTR dns.abc.wode.com.
@ IN MX 5 mail.abc.wode.com.
10 IN PTR mail.abc.wode.com.
10 IN PTR www.abc.wode.com.
#systemctl start named(2)
测试
foundationX:
vim /etc/resolv.conf
nameserver 172.25.X.11
nslookup
www.abc.wode.com3、高速缓存dns服务器
起中转dns作用,一般用于公司内有内网的需要快速dns访问;
缓存解析的dns,提高解析速率。
①无zone中转,直接转发到ispdns;
②有zone域,再转发ispdns;
①无zone域
#yum -y install bind
#vim /etc/named.conf
option{
forwarders { isp的ip;}; //转发的地址
}
#systemctl restart named
②有zone域
#yum -y install bind
#vim /etc/named.conf
option{
forwarders { isp的ip;}; //转发的地址
}
zone "wode.com" IN{
}
#systemctl restart named
京公网安备 11010502036488号