歡迎您光臨本站 註冊首頁
開源互助社區>文檔>Linux

DNS詳解

←手機掃碼閱讀     火星人 @ 2014-03-29 , reply:0

DNS

配置DNS
uplooking.com
ns.uplooking.com
mail.uplooking.com
www.uplooking.com
==========================================
解析域名時,先查詢/etc/hosts文件,若沒找到,再用DNS,查詢順序是由以下的配置文件來決定
[root@tian ~]#vim /etc/nsswitch.conf
hosts: files dns 38行

配置DNS:類型 主 、從、緩存、轉發(forward)

軟體包 bind-9.3.4-10.P1.el5 主程序包
bind-utils-9.3.4-10.P1.el5 測試工具包
bind-libs-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
ypbind-1.19-11.el5
[root@tian /var/ftp/RHEL5U3/Server]#rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm 產生bind的一些配置文件
==========================================
[root@tian /var/named/chroot/etc]#ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1;192.168.1.133; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
blackhole {192.168.1.0/24;}; 指定192.168.1.0網段內的主機不能使用DNS
也可定義訪問列表 ,使某些主機不能使用DNS,即 blackhole { test }; 指定訪問控制列表的名字
.....................................................
allow-query { any; }; 允許所有主機查詢
};
acl test { 訪問控制列表, 可為localhost,localnets,none,any,也可是指定IP
192.168.1.0/24;
192.168.2.1;
};

...................................................
view localhost_resolver { 配置智能DNS
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
=========================================
[root@tian /var/named/chroot/etc]#vim /etc/named.rfc1912.zones 增加
zone "uplooking.com" {
type master;
file "uplooking.com.zone"; file指定存儲位置
allow-transfer { 192.168.1.44;}; 只讓1.44主機成為1.133的從伺服器
notify yes; 通道 (若從伺服器從主伺服器下載的文件更新比較慢)
also-notify {192.168.1.44;}; 讓主伺服器把通道傳給從伺服器
};
=========================================
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone
$TTL 86400
@ IN SOA ns.uplooking.com. root.uplooking.com (
2010031000 更新序列號
3600 刷新時間
1800
7200
86400 )
@ NS ns.uplooking.com. NS 域名服務記錄
@ MX 10 mail.uplooking.com.
ns A 192.168.1.133 A 地址記錄
mail A 192.168.1.133
www A 192.168.1.44
ftp CNAME www.uplooking.com.

=============================================
[root@tian /var/named/chroot/var/named]#service named restart 啟動DNS服務

如果啟動不成功,查看日誌文件
[root@tian /var/named/chroot/var/named]#tail /var/log/messages
=============================================
客戶端,指明DNS伺服器
[root@tian /var/named/chroot/var/named]#vim /etc/resolv.conf
search localdomain
nameserver 192.168.1.133
[root@tian /var/named/chroot/var/named]#host mail.uplooking.com 解析域名
mail.uplooking.com has address 192.168.1.133

從伺服器
安裝包:caching-nameserver-9.3.4-10.P1.el5.i386.rpm
[root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1;192.168.1.44; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
..........................
allow-query { any; }; 允許所有主機訪問
};
...................................................s

view localhost_resolver { 配置智能DNS
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
===========================
[root@tian /var/named/chroot/etc]#vim /etc/named.rfc1912.zones 增加
zone "uplooking.com" {
type slave;
file "slaves/uplooking.com.zone"; 該文件不需創建,可從主伺服器下載
masters { 192.168.1.133;}; 指定主伺服器IP
};
==========================
[root@tian /var/named/chroot/var/named]#service named restart 啟動DNS服務
[root@tian /var/named/chroot/var/named/slaves]#ls 可在該目錄下產生文件
uplooking.com

事務簽名,保證主從伺服器的安全
通過密鑰來確定是否是主從關係
主伺服器
[root@tian /var/named/chroot/etc]#dnssec-keygen 回車查看幫助
Usage:
dnssec-keygen -a alg -b bits -n type [options] name
Version: 9.3.4-P1
Required options:
-a algorithm: RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5
-n nametype: ZONE | HOST | ENTITY | USER | OTHER
-b key size, in bits:

[root@tian /var/named/chroot/etc]#dnssec-keygen -a hmac-md5 -b 128 -n HOST abc -n 密鑰類型 -a加密演算法 -b密鑰長度
Kabc.+157+46433
[root@tian /var/named/chroot/etc]#ls
Kabc.+157+46433.key localtime named.rfc1912.zones
Kabc.+157+46433.private named.caching-nameserver.conf rndc.key
[root@tian /var/named/chroot/etc]#cat Kabc.+157+46433.key
abc. IN KEY 512 3 157 wNcX7z30RY/37cmkyn/HZw==

[root@tian /var/named/chroot/etc]#vim named.rfc1912.zones
zone "uplooking.com" {
type master;
file "uplooking.com.zone";
allow-transfer {key abc;};
};
key abc {
algorithm hmac-md5;
secret "wNcX7z30RY/37cmkyn/HZw==";
};
重啟服務
================================================
從伺服器
[root@tian /var/named/chroot/etc]#vim named.rfc1912.zones
zone "uplooking.com" {
type slave;
file "slaves/uplooking.com";
masters {192.168.1.133 key abc;};
};
key abc {
algorithm hmac-md5;
secret "wNcX7z30RY/37cmkyn/HZw==";
};
重啟服務

轉發
[root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1;192.168.1.133; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
forwarders {192.168.1.253;}; 轉發,本伺服器找不到對應的IP,會自動轉發到1.253伺服器上解析
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
客戶端
[root@tian /var/named/chroot/etc]#host www.wanghang.com 1.133伺服器上沒有該域名
www.wanghang.com has address 192.168.1.197

負載均衡 輪詢
伺服器
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone
$TTL 86400
@ IN SOA ns.uplooking.com. root.uplooking.com (
2010031004
3600
1800
7200
86400 )
@ NS ns.uplooking.com.
@ MX 10 mail.uplooking.com.
ns A 192.168.1.133
mail A 192.168.1.133
www A 192.168.1.254
www A 192.168.1.253
www A 192.168.1.197

客戶端
反覆Ping 會連接不同的IP
[root@tian /var/named/chroot/var/named]#ping www.uplooking.com

[root@tian /var/named/chroot/var/named]#host www.uplooking.com
www.uplooking.com has address 192.168.1.253
www.uplooking.com has address 192.168.1.254
www.uplooking.com has address 192.168.1.197


子域授權
父 域 授權
[root@tian /var/named/chroot/etc]#vim named.rfc1912.zones
zone "it.net" {
type master;
file "it.net.zone";
};
[root@tian /var/named/chroot/var/named]#vim it.net.zone
$TTL 86400
@ IN SOA ns.it.net. root.it.net ( 2010031000 3600 1800 7200 86400 )
@ IN NS ns.it.net.
ns A 192.168.1.133
tian.it.net. IN NS ns.tian.it.net. <---- 子域的ns記錄
ns.tian.it.net. A 192.168.1.44 <---- 子域的ip地址

子域的設置
[root@tian /var/named/chroot/etc]#vim named.rfc1912.zones
zone "tian.it.net" {
type master;
file "tian.it.net.zone";
};

[/var/named/chroot/var/named]#vim tian.it.net.zone
$TTL 86400
@ IN SOA ns.tian.it.net. root.tian.it.net ( 2010031001 3600 1800 7200 86400 )
@ IN NS ns.tian.it.net.
ns IN A 192.168.1.44
host1 IN A 192.168.1.253



DNS視圖
授權域名www.uplooking.com
網通cnc{1.151,1.197} 電信tel{1.79,1.191}
網通用戶解析到的域名為1.253
電信用戶解析到的域名為1.254
其他用戶解析到的域名為1.1
1.253
[root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf
acl cnc-acl {
192.168.1.151;192.168.1.197;
};
view cnc {
match-clients { cnc-acl; }; 匹配客戶端
recursion yes; 是否允許遞歸
include "etc/named.cnc.zone";
};
view tel {
match-clients { 192.168.1.79;192.168.1.191; };
recursion yes;
zone "uplooking.com" {
type master;
file "uplooking.com.zone2";
};
};
view other {
match-clients { any; };
recursion yes;
zone "uplooking.com" {
type master;
file "uplooking.com.zone3";
};
};
[root@tian /var/named/chroot/etc]#vim named.cnc.zone

zone "uplooking.com" {
type master;
file "uplooking.com.zone1";
};

[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone1
$TTL 86400
@ IN SOA ns.uplooking.com. root.uplooking.com (
2010031004
3600
1800
7200
86400 )
@ NS ns.uplooking.com.
www A 192.168.1.253
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone2
.............................................

www A 192.168.1.254
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone3
...........................................

www A 192.168.1.1

客戶端
[root@tian /var/named/chroot/var/named]#host www.uplooking.com 1.151和1.197 的主機
www.uplooking.com has address 192.168.1.253
[root@tian /var/named/chroot/var/named]#host www.uplooking.com 1.79和1.191
www.uplooking.com has address 192.168.1.254
[root@tian /var/named/chroot/var/named]#host www.uplooking.com 其他主機
www.uplooking.com has address 192.168.1.1
====================================
#rndc reload 重新載入配置文件和域的配置,不用重啟服務
測試命令
nslookup www.uplooking.com
host www.uplooking.com
dig www.uplooking.com

#host -t ns uplooking.com -t 類型
uplooking.com name server ns.uplooking.com

#host -t mx tian.com
tian.com mail is handled by 10 mail.tian.com.

#nslookup
>server 192.168.1.133 自定義dns伺服器
Default server: 192.168.1.133
Address: 192.168.1.133#53
>www.uplooking.com
..........................
Name: www.tian.com
Address: 192.168.1.14

>set type=ns 指定解釋名字伺服器
>uplooking.com 寫域名
..........................
tian.com nameserver = ns.tian.com.

>set type=mx 指定解釋郵件伺服器
>uplooking.com 寫域名
.................................
tian.com mail exchanger = 10 mail.tian.com.

>set type=a
>www.uplooking.com
................................
Name: mail.tian.com
Address: 192.168.1.13

>exit

#nslookup www.uplooking.com

#dig www.uplooking.com
#dig uplooking.com

[root@tian /var/named/chroot/etc]#named-checkconf named.caching-nameserver.conf
[root@tian /var/named/chroot/etc]#named-checkzone uplooking.com ../var/named/uplooking.com.zone

]#rndc flush 清空緩存
]#rndc reload
#service named reload 重載服務,查看配置文件的錯誤
#service reload 重載服務
DNS泛解析

$GENERATE 1-254 stu$ IN A 192.168.1.$

[火星人 ] DNS詳解已經有466次圍觀

http://coctec.com/docs/linux/show-post-199164.html

熱門文章

  1. VMware 虛擬機(linux)增加根目錄磁碟空間
  2. Linux系統調用函數fork()用法詳解
  3. Linux和Unix系統的關係和區別詳細介紹
  4. linux下使用mount掛著網路磁碟
  5. 用ghost備份和還原Linux系統
  6. Raspberry Pi:完美的家用伺服器
  7. 5款替代微軟Visio的開源免費軟體
  8. 5 款 Ubuntu 系統監控工具
  9. 如何查找 Linux 死機原因?
  10. Df命令:查看Linux磁碟剩餘空間方法介紹

最新文章

  1. CentOS使用expect批量遠程執行腳本和命令
  2. 3000字掃盲shell基礎知識(新手必備)
  3. Linux 系統雙網卡綁定配置實現
  4. 在Ubuntu中實現人臉識別登錄的完整步驟
  5. Linux下9種優秀的代碼比對工具推薦小結
  6. Linux中fuser命令用法詳解
  7. Linux系統使用Fuser命令的方法
  8. Linux如何在Vim中更改顏色和主題
  9. 如何使用​win10內置的linux系統啟動spring-boot項目
  10. Linux 常用命令操作大全