DNS域名解析服务
一、BIND 域名服务基础
DNS 系统的作用及类型
- DNS系统的作用
- 正向解析:根据域名查找对应的IP地址
- 反向解析:根据IP地址查找对应的域名
- DNS系统的分布式数据结构
- DNS系统类型
- 缓存域名服务器
- 也称为DNS高速缓存服务器
- 通过向其他域名服务器查询获得域名 -> IP 地址记录
- 将域名查询结果缓存到本地,提高重复查询时的速度
- 主域名服务器
- 特定DNS区域的权威服务器,具有唯一性
- 负责维护该区域内所有域名 ->IP 地址的映射记录
- 需要自行建立所负责区域的地址数据文件
- 从域名服务器
- 也称为辅助域名服务器,是对主域名服务器的热备份
- 其维护的域名 -> IP 地址记录来源于主域名服务器
- 需要从主域名服务器自动同步区域地址数据库
- 缓存域名服务器
BIND的安装和配置文件
- BIND服务
- BIND服务器端程序
- 主要执行程序: /usr/sbin/named
- 默认监听端口:53
- 主配置文件:/etc/named.conf
- 保存DNS解析记录的数据文件位于
- var/named
- BIND服务控制
- systemctl [status|start|stop|restart] named.service
二、使用BIND构建域名服务器
缓存域名服务器的应用环境
- 缓存域名服务器的 IP 地址为 192.168.1.5,并能够正常访问互联网。
- 缓存域名服务器代为处理客户端的 DNS 解析请求,并缓存查询结果。
- 局域网内的各 PC 将首选 DNS 服务器地址设为 192.168.1.5。
构建缓存域名服务器
建立主配置文件 named.conf
[root@localhost ~]# vi /etc/named.conf
options {
listen-on port 53 { 192.168.72.131; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { 192.168.72.0/24; };
};
zone "bdqn.com" IN { # 正向"bdqn.com"根区域
type master; # 类型为根区域
file "bdqn.com.zone"; # 区域数据文件为bdqn.com.zone
allow-transfer {192.168.72.129;};
};
zone "72.168.192.in-addr.arpa" IN {
type master;
file "192.168.72.arpa";
allow-transfer {192.168.72.129;};
};
确认根域的区域数据文件 named
# cd 切换到 /var/named/
[root@ns1 ~]# cd /var/named/
[root@ns1 named]# ls
chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
# 复制 named.localhost 到 bdqn.com.zone
[root@ns1 named]# cp named.localhost bdqn.com.zone
# vi 进入到 bdqn.com.zone 添加配置
[root@ns1 named]# vi bdqn.com.zone
[root@ns1 named]# cat bdqn.com.zone
$TTL 1D
@ IN SOA bdqn.com. admin.bdqn.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1.bdqn.com.
NS ns2.bdqn.com.
MX 10 mail.bdqn.com.
A 127.0.0.1
ns1 A 192.168.72.131
ns2 A 192.168.72.129
mail A 192.168.72.110
www A 192.168.72.111
* A 192.168.72.120 //泛域名解析
[root@ns1 named]# ls
bdqn.com.zone chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
# 复制 named.loopback 到 192.168.72.arpa
[root@ns1 named]# cp named.loopback 192.168.72.arpa
[root@ns1 named]# vi 192.168.72.arpa
[root@ns1 named]# cat 192.168.72.arpa
$TTL 1D
@ IN SOA bdqn.com. admin.bdqn.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.bdqn.com.
NS ns2.bdqn.com.
131 PTR ns1.bdqn.com.
129 PTR ns2.bdqn.com.
[root@ns1 ~]# cd /var/named/
[root@ns1 named]# ls
chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
# 复制 named.localhost 到 bdqn.com.zone
# 重新设置权限
[root@ns1 named]# chown named:named /etc/named.conf
[root@ns1 named]# chown named:named /var/named/bdqn.com.zone
[root@ns1 named]# chown named:named /var/named/192.168.72.arpa
# 检查 显示当前所在的用户
[root@ns1 named]# pwd
/var/named
# 检查配置文件有没有问题
[root@ns1 named]# named-checkconf -z /etc/named.conf
zone bdqn.com/IN: loaded serial 0
zone 72.168.192.in-addr.arpa/IN: loaded serial 0
# 检查配置文件有没有问题
[root@ns1 named]# named-checkzone bdqn.com bdqn.com.zone
zone bdqn.com/IN: loaded serial 0
OK
# 检查配置文件有没有问题
[root@ns1 named]# named-checkzone 72.168.192.in-addr.arpa 192.168.72.arpa
zone 72.168.192.in-addr.arpa/IN: loaded serial 0
OK
启动 named 服务
# 检查配置没问题之后启动named
[root@localhost ~]# systemctl start named
[root@localhost ~]# systemctl enable named
# 查看 有没有 53 号端口
[root@ns1 named]# netstat -nlptu | grep 53
tcp 0 0 192.168.72.131:53 0.0.0.0:* LISTEN 10141/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 10141/named
tcp6 0 0 ::1:53 :::* LISTEN 10141/named
tcp6 0 0 ::1:953 :::* LISTEN 10141/named
udp 0 0 192.168.72.131:53 0.0.0.0:* 10141/named
udp6 0 0 ::1:53 :::*
验证缓存域名服务器
# 指定为本机提供 DNS 解析的服务器地址
[root@bogon ~]# vi /etc/resolv.conf
[root@bogon ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.72.131
# 测试DNS域名解析
[root@bogon ~]# nslookup ns1.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: ns1.bdqn.com
Address: 192.168.72.131
# 测试DNS域名解析
[root@bogon ~]# nslookup mail.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: mail.bdqn.com
Address: 192.168.72.110
# 测试DNS域名解析
[root@bogon ~]# nslookup www.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: www.bdqn.com
Address: 192.168.72.111
# 测试DNS域名解析
[root@bogon ~]# nslookup sjdi.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: sjdi.bdqn.com
Address: 192.168.72.120
# 测试DNS反向域名解析
[root@bogon ~]# nslookup 192.168.72.131
131.72.168.192.in-addr.arpa name = ns1.bdqn.com.
实验报告
操作系统 | 配置 | 主机 | IP | 角色 |
---|---|---|---|---|
CentOS7 最小化1 | 2C4G | ns1.bdqn.com | 192.168.72.131 | 主DNS |
CentOS7 最小化2 | 2C4G | ns2.bdqn.com | 192.168.72.129 | 从DNS |
CentOS7 桌面版 | 2C4G | localhost.localdomain | 192.168.72.142 | 客户机 |
# 将CentOS 7 最小化 1 主机名修改为 ns1.bdqn.com
[root@bogon ~]# hostnamectl set-hostname ns1.bdqn.com
# 将CentOS 7 最小化 2 主机名修改为 ns2.bdqn.com
[root@bogon ~]# hostnamectl set-hostname ns2.bdqn.com
主节点
# 创建 /media/cdrom
[root@ns1 ~]# mkdir /media/cdrom
# 挂载
[root@ns1 ~]# mount /dev/cdrom /media/cdrom/
mount: /dev/sr0 写保护,将以只读方式挂载
# 查看 以bind开头的安装包
[root@ns1 ~]# ls /media/cdrom/Packages/ | grep '^bind'
bind-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-dyndb-ldap-11.1-7.el7.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-license-9.11.4-26.P2.el7_9.9.noarch.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.9.x86_64.rpm
# 安装这个四个包 bind、bind-utils、bind-libs、bind-chroot
[root@ns1 ~]# yum -y install bind bind-utils bind-libs bind-chroot
...... //省略部分代码
已安装:
bind.x86_64 32:9.11.4-26.P2.el7_9.15 bind-chroot.x86_64 32:9.11.4-26.P2.el7_9.15
bind-libs.x86_64 32:9.11.4-26.P2.el7_9.15 bind-utils.x86_64 32:9.11.4-26.P2.el7_9.15
作为依赖被安装:
GeoIP.x86_64 0:1.5.0-14.el7 audit-libs-python.x86_64 0:2.8.5-4.el7
bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.15 bind-license.noarch 32:9.11.4-26.P2.el7_9.15
checkpolicy.x86_64 0:2.5-8.el7 geoipupdate.x86_64 0:2.5.0-2.el7
libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7
policycoreutils-python.x86_64 0:2.5-34.el7 python-IPy.noarch 0:0.75-6.el7
python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7
完毕!
# vi 进入 /etc/named.conf 修改添加配置文件
[root@ns1 ~]# vi /etc/named.conf
[root@ns1 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.72.131; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { 192.168.72.0/24; };
};
zone "bdqn.com" IN {
type master;
file "bdqn.com.zone";
allow-transfer {192.168.72.129;};
};
zone "72.168.192.in-addr.arpa" IN {
type master;
file "192.168.72.arpa";
allow-transfer {192.168.72.129;};
};
# cd 切换到 /var/named/
[root@ns1 ~]# cd /var/named/
[root@ns1 named]# ls
chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
# 复制 named.localhost 到 bdqn.com.zone
[root@ns1 named]# cp named.localhost bdqn.com.zone
# vi 进入到 bdqn.com.zone 添加配置
[root@ns1 named]# vi bdqn.com.zone
[root@ns1 named]# cat bdqn.com.zone
$TTL 1D
@ IN SOA bdqn.com. admin.bdqn.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1.bdqn.com.
NS ns2.bdqn.com.
MX 10 mail.bdqn.com.
A 127.0.0.1
ns1 A 192.168.72.131
ns2 A 192.168.72.129
mail A 192.168.72.110
www A 192.168.72.111
* A 192.168.72.120 //泛域名解析
[root@ns1 named]# ls
bdqn.com.zone chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
# 复制 named.loopback 到 192.168.72.arpa
[root@ns1 named]# cp named.loopback 192.168.72.arpa
[root@ns1 named]# vi 192.168.72.arpa
[root@ns1 named]# cat 192.168.72.arpa
$TTL 1D
@ IN SOA bdqn.com. admin.bdqn.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.bdqn.com.
NS ns2.bdqn.com.
131 PTR ns1.bdqn.com.
129 PTR ns2.bdqn.com.
# 重新设置权限
[root@ns1 named]# chown named:named /etc/named.conf
[root@ns1 named]# chown named:named /var/named/bdqn.com.zone
[root@ns1 named]# chown named:named /var/named/192.168.72.arpa
# 检查 显示当前所在的用户
[root@ns1 named]# pwd
/var/named
# 检查配置文件有没有问题
[root@ns1 named]# named-checkconf -z /etc/named.conf
zone bdqn.com/IN: loaded serial 0
zone 72.168.192.in-addr.arpa/IN: loaded serial 0
# 检查配置文件有没有问题
[root@ns1 named]# named-checkzone bdqn.com bdqn.com.zone
zone bdqn.com/IN: loaded serial 0
OK
# 检查配置文件有没有问题
[root@ns1 named]# named-checkzone 72.168.192.in-addr.arpa 192.168.72.arpa
zone 72.168.192.in-addr.arpa/IN: loaded serial 0
OK
# 检查配置没问题之后启动named
[root@ns1 named]# systemctl start named
[root@ns1 named]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
# 查看 有没有 53 号端口
[root@ns1 named]# netstat -nlptu | grep 53
tcp 0 0 192.168.72.131:53 0.0.0.0:* LISTEN 10141/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 10141/named
tcp6 0 0 ::1:53 :::* LISTEN 10141/named
tcp6 0 0 ::1:953 :::* LISTEN 10141/named
udp 0 0 192.168.72.131:53 0.0.0.0:* 10141/named
udp6 0 0 ::1:53 :::* 10141/named
客户机
# 指定为本机提供 DNS 解析的服务器地址
[root@bogon ~]# vi /etc/resolv.conf
[root@bogon ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.72.131
# 测试DNS域名解析
[root@bogon ~]# nslookup ns1.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: ns1.bdqn.com
Address: 192.168.72.131
# 测试DNS域名解析
[root@bogon ~]# nslookup mail.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: mail.bdqn.com
Address: 192.168.72.110
# 测试DNS域名解析
[root@bogon ~]# nslookup www.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: www.bdqn.com
Address: 192.168.72.111
# 测试DNS域名解析
[root@bogon ~]# nslookup sjdi.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: sjdi.bdqn.com
Address: 192.168.72.120
# 测试DNS反向域名解析
[root@bogon ~]# nslookup 192.168.72.131
131.72.168.192.in-addr.arpa name = ns1.bdqn.com.
从节点
# 创建 /media/cdrom
[root@ns1 ~]# mkdir /media/cdrom
# 挂载
[root@ns1 ~]# mount /dev/cdrom /media/cdrom/
mount: /dev/sr0 写保护,将以只读方式挂载
# 查看 以bind开头的安装包
[root@ns1 ~]# ls /media/cdrom/Packages/ | grep '^bind'
bind-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-dyndb-ldap-11.1-7.el7.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-license-9.11.4-26.P2.el7_9.9.noarch.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.9.x86_64.rpm
# 安装这个四个包 bind、bind-utils、bind-libs、bind-chroot
[root@ns1 ~]# yum -y install bind bind-utils bind-libs bind-chroot
...... //省略部分代码
已安装:
bind.x86_64 32:9.11.4-26.P2.el7_9.15 bind-chroot.x86_64 32:9.11.4-26.P2.el7_9.15
bind-libs.x86_64 32:9.11.4-26.P2.el7_9.15 bind-utils.x86_64 32:9.11.4-26.P2.el7_9.15
作为依赖被安装:
GeoIP.x86_64 0:1.5.0-14.el7 audit-libs-python.x86_64 0:2.8.5-4.el7
bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.15 bind-license.noarch 32:9.11.4-26.P2.el7_9.15
checkpolicy.x86_64 0:2.5-8.el7 geoipupdate.x86_64 0:2.5.0-2.el7
libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7
policycoreutils-python.x86_64 0:2.5-34.el7 python-IPy.noarch 0:0.75-6.el7
python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7
完毕!
# vi 进入 /etc/named.conf 添加配置文件
[root@ns2 ~]# vi /etc/named.conf
[root@ns2 ~]# cat /etc/named.conf
options {
directory "/var/named";
};
zone "bdqn.com" IN {
type slave;
masters {192.168.72.131;};
file "slaves/bdqn.com.zone";
};
zone "72.168.192.in-addr.arpa" IN {
type slave;
masters {192.168.72.131;};
file "slaves/192.168.72.arpa";
};
[root@ns2 ~]# systemctl start named
[root@ns2 ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
# 重启 named
[root@ns2 ~]# systemctl restart named
# 桌面版
# 测试DNS域名解析
[root@bogon ~]# nslookup ns1.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: ns1.bdqn.com
Address: 192.168.72.131
# 测试DNS域名解析
[root@bogon ~]# nslookup mail.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: mail.bdqn.com
Address: 192.168.72.110
# 测试DNS域名解析
[root@bogon ~]# nslookup www.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: www.bdqn.com
Address: 192.168.72.111
# 测试DNS域名解析
[root@bogon ~]# nslookup sjdi.bdqn.com
Server: 192.168.72.131
Address: 192.168.72.131#53
Name: sjdi.bdqn.com
Address: 192.168.72.120
# 测试DNS反向域名解析
[root@bogon ~]# nslookup 192.168.72.131
131.72.168.192.in-addr.arpa name = ns1.bdqn.com.x
原文地址:https://blog.csdn.net/m0_74860678/article/details/140701089
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!