一、dns相关知识
什么是dns服务器?
dns,即domain name system,域比如名服务器,实现域名和ip地址对应的解析。将www.baidu.com 转换成某个ip地址,或者将某个ip映射成www.baidu.com。
这里有个小疑问,没有域名服务器是否可以可以正常上网?答案是当然可以。我们可以使用ip地址,但是输入域名无法访问。根域是一个点(.),下面还有子域,比如熟知的com、net、cn、net、org,某个子域,比如com之下,又有163、baidu……,baidu下又有zhidao、wenku……。根域服务器,全球有13台,亚洲有一台在日本。dns是怎么解析的呢?有两种方式,第一是递归查询:本级不知道,上一级知道,然后沿路返回;第二是迭代查询:上一级给你信息,自己查询。本机配置dns成功后不被认可,即不能在公网上跑,需要被上一级管理才行。
常用的dns服务器
bind:最流行的dns服务器 (公司用)
mydns:和数据库进行集成(域名提供商,发便用户注册),写到数据库里
下面讲解dns的用法,包括dns正解配置、dns配置mail服务器、dns——配置别名、dns——通配符、dns做负载均衡、dns配置——反解、dns转发、dns主从服务器、子域授权、dns高级视图、/etc/named.conf:41: open: /etc/named.acl.dx:file not found解决。
二、dns配置——正解
- #dns配置——正解(域名转换成ip地址)
- #serv01:dns服务器
- #Serv02:测试用
- –第一步,serv01安装bind
- #安装bind
- [root@serv01~]# yum install bind* -y
- –第二步,修改配置文件named.conf
- [root@serv01~]# /etc/named.conf
- #查询
- [root@serv01~]# rpm -qa|grep bind
- [root@serv01~]# rpm -ql bind|less
- #编辑文件
- [root@serv01~]# vim /etc/named.conf
- options {
- #监听端口 IP地址
- #listen-onport 53 { 127.0.0.1; };
- #监听任何IP地址
- listen-on port 53 { any; };
- listen-on-v6 port 53 { ::1; };
- #指定根目录
- directory "/var/named";
- #对Cache进行备份
- dump-file "/var/named/data/cache_dump.db";
- #静态文件
- statistics-file"/var/named/data/named_stats.txt";
- #内存静态文件
- memstatistics-file"/var/named/data/named_mem_stats.txt";
- #允许查询的IP地址
- #allow-query { localhost; };
- #允许查询所有的IP地址进行查询
- allow-query { any; };
- #默认递归查询
- recursion yes;
- #安全相关的
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- };
- #根域服务器
- zone "." IN {
- type hint;
- file "named.ca";
- };
- #区域文件
- include"/etc/named.rfc1912.zones";
- [root@serv01~]# ls /var/named/
- chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
- #根域服务器的相关信息
- [root@serv01~]# cat /var/named/named.ca
- ;<<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS .@a.root-servers.net
- ;; globaloptions: printcmd
- ;; Gotanswer:
- ;;->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
- ;; flags:qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20
- ;; OPTPSEUDOSECTION:
- ; EDNS:version: 0, flags:; udp: 4096
- ;;QUESTION SECTION:
- ;. IN NS
- ;; ANSWERSECTION:
- . 518400 IN NS M.ROOT-SERVERS.NET.
- . 518400 IN NS A.ROOT-SERVERS.NET.
- . 518400 IN NS B.ROOT-SERVERS.NET.
- . 518400 IN NS C.ROOT-SERVERS.NET.
- . 518400 IN NS D.ROOT-SERVERS.NET.
- . 518400 IN NS E.ROOT-SERVERS.NET.
- . 518400 IN NS F.ROOT-SERVERS.NET.
- . 518400 IN NS G.ROOT-SERVERS.NET.
- . 518400 IN NS H.ROOT-SERVERS.NET.
- . 518400 IN NS I.ROOT-SERVERS.NET.
- . 518400 IN NS J.ROOT-SERVERS.NET.
- . 518400 IN NS K.ROOT-SERVERS.NET.
- . 518400 IN NS L.ROOT-SERVERS.NET.
- ;;ADDITIONAL SECTION:
- #13台根域服务器
- A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
- A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30
- B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
- C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
- D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
- E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
- F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
- F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f
- G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
- H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
- H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235
- I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
- J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
- J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30
- K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
- K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1
- L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
- M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
- M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35
- ;; Querytime: 147 msec
- ;;SERVER: 198.41.0.4#53(198.41.0.4)
- ;; WHEN:Mon Feb 18 13:29:18 2008
- ;; MSGSIZE rcvd: 615
- #本地域名的解析
- [root@larrywen0808]# ping localhost.localdomain
- PINGlocalhost (127.0.0.1) 56(84) bytes of data.
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.024 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.026 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.025 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.027 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.026 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.026 ms
- ^C
- —localhost ping statistics —
- 6 packetstransmitted, 6 received, 0% packet loss, time 5624ms
- rttmin/avg/max/mdev = 0.024/0.025/0.027/0.005 ms
- –第三步,修改配置文件named.rfc1912.zones
- [root@serv01~]# tail -n5 /etc/named.rfc1912.zones
- zone"jbxue.com" IN {
- typemaster;
- #域名和IP地址的对应关系的存放文件
- file"jbxue.com.zone";
- #不允许更新
- allow-update{none;};
- };
- #保持属性保持一致(所属组)
- [root@serv01named]# cp named.localhost jbxue.com.zone -a
- [root@serv01named]# ll named.localhost jbxue.com.zone
- -rw-r—–.1 root named 152 Jun 21 2007jbxue.com.zone
- -rw-r—–.1 root named 152 Jun 21 2007 named.localhost
- –第四步,拷贝文件,修改jbxue.com.zone文件
- $TTL 1D
- #注意后面有点
- @ IN SOA dns.jbxue.com. root.jbxue.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
- #和前面的DNS保持一致
- NS dns.jbxue.com.
- dns IN A 192.168.1.11
- www IN A 192.168.1.88
- #文件配置项解析
- [root@serv01~]# cat /var/named/named.localhost
- $TTL 1D
- #@:域名 jbxue.com
- #rname.invalid:出了问题,发送邮件地址
- @ IN SOA @rname.invalid. (
- #序列号,主从服务器更新需要。版本号,文件修改的次数
- 0 ;serial
- #从服务器更新刷新的时间
- 1D ; refresh
- #没有刷新成功,重试时间
- 1H ; retry
- #如果还没成功,失效的时间
- 1W ; expire
- #有效时间:三个小时
- 3H) ; minimum
- #和前面保持一致
- NS @
- A 127.0.0.1
- AAAA ::1
- #最终配置结果
- #/etc/named.conf配置文件
- options {
- listen-on port 53 { any; };
- listen-on-v6 port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { any; };
- recursion yes;
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- };
- #/etc/named.rfc1912.zones配置
- zone "jbxue.com" IN {
- type master;
- file "jbxue.com.zone";
- allow-update {none;};
- };
- #/var/named/jbxue.com.zone 配置
- $TTL 1D
- #注意后面有点
- @ INSOA dns.jbxue.com. root.jbxue.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- #和前面的DNS保持一致
- NS dns.jbxue.com.
- dns INA 192.168.1.11
- www INA 192.168.1.88
- –第五步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: [ OK ]
- Starting named: [ OK ]
- –第六步,使用dig测试,查看是否配置成功
- [root@serv01 named]# dig www.jbxue.com
- ; <<>> DiG9.7.3-RedHat-9.7.3-2.el6 <<>> www.jbxue.com
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 61132
- ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 1, ADDITIONAL: 1
- ;; QUESTION SECTION:
- ;www.jbxue.com. IN A
- ;; ANSWER SECTION:
- www.jbxue.com. 86400 IN A 192.168.1.88
- ;; AUTHORITY SECTION:
- jbxue.com. 86400 IN NS dns.jbxue.com.
- ;; ADDITIONAL SECTION:
- dns.jbxue.com. 86400 IN A 192.168.1.11
- ;; Query time: 0 msec
- ;; SERVER: 127.0.0.1#53(127.0.0.1)
- ;; WHEN: Thu Aug 8 18:40:12 2013
- ;; MSG SIZE rcvd: 82
- #查看简短的信息
- [root@serv01 named]# dig www.jbxue.com+short
- 192.168.1.88
- –第七步,serv01能ping通域名
- #不能ping通
- [root@serv01 named]# ping www.jbxue.com
- ping: unknown host www.jbxue.com
- #不能ping通
- [root@serv01 named]# ping dns.jbxue.com
- ping: unknown host dns.jbxue.com
- #在resolv.conf文件中加入nameserver
- [root@serv01 ~]# vim /etc/resolv.conf
- [root@serv01 ~]# cat /etc/resolv.conf
- nameserver 192.168.1.11
- #现在可以ping了,可以解析对应的IP地址
- [root@serv01 ~]# ping www.jbxue.com
- PING www.jbxue.com (192.168.1.88) 56(84)bytes of data.
- ^C
- — www.jbxue.com ping statistics —
- 2 packets transmitted, 0 received, 100%packet loss, time 1161ms
- #可以ping通dns服务器
- [root@serv01 ~]# ping dns.jbxue.com
- PING dns.jbxue.com (192.168.1.11) 56(84)bytes of data.
- 64 bytes from 192.168.1.11: icmp_seq=1 ttl=64time=0.020 ms
- 64 bytes from 192.168.1.11: icmp_seq=2 ttl=64time=0.071 ms
- 64 bytes from 192.168.1.11: icmp_seq=3 ttl=64time=0.039 ms
- 64 bytes from 192.168.1.11: icmp_seq=4 ttl=64time=0.041 ms
- ^C
- — dns.jbxue.com ping statistics —
- 4 packets transmitted, 4 received, 0% packetloss, time 3316ms
- rtt min/avg/max/mdev = 0.020/0.042/0.071/0.019ms
- –第八步,server02测试
- [root@serv02 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
- [root@serv02 ~]# cat /etc/resolv.conf
- nameserver 192.168.1.11
- [root@serv02 ~]# yum install bind-utils -y
- [root@serv02 ~]# dig www.jbxue.com +short
- 192.168.1.88
- [root@serv02 ~]# nslookup www.jbxue.com
- Server: 192.168.1.11
- Address: 192.168.1.11#53
- Name: www.jbxue.com
- Address: 192.168.1.88
- –第九步,增加其他的解析
- [root@serv01 named]# vim/var/named/jbxue.com.zone
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- [root@serv01 named]# cat/var/named/jbxue.com.zone
- $TTL 1D
- @ INSOA dns.jbxue.com. root.jbxue.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.jbxue.com.
- dns INA 192.168.1.11
- www INA 192.168.1.88
- ftp INA 192.168.1.89
- #或者这样
- ftp.hongiy.com. IN A 192.168.1.89
- hongiy.com. INMX 5 mail
- mail IN A 192.168.1.90
- [root@serv01 named]# dig ftp.jbxue.com+short
- 192.168.1.89