本人对DNS的理解:

-->正向解析与反向解析:

1)正向解析:

  正向解析是指域名到IP地址的解析过程。

2)反向解析:

  反向解析是从IP地址到域名的解析过程;反向解析的作用为服务器的身份验证。

-->主从DNS服务器:

  主DNS服务器(Master DNS): 数据库更新由管理员手动完成;

  辅助DNS服务器 (SlaveDNS):数据库更新从主服务器或其他辅助DNS服务器那里完成;

注意:如果您感觉内容不理解,那么请到以下分支查看你所需要的内容:

   1. 总结 DNS and BIND:

   2. 分支1- 正/反向域名解析之yum与编译安装:

   3. 分支2- 主从DNS服务器:

   4. 分支3- 子域授权、请求转发:

   5. 分支4- ACL 及 view视图:

一、DNS的常用命令:

1.测试解析命令.

1). dig命令:

   # dig [-t type] [-x addr] [name] [@server]

       +[no]trace-->(跟踪解析过程)

       +[no]recurse-->(是否使用递归的方式)

       +[no]tcp -->(是否使用tcp查询,而不使用udp)

       +[no]question-->(是否隐藏问题)

       +[no]answer-->(是否隐藏答案)

       +[no]authority-->(是否隐藏权威段)

       +[no]additional-->(是否隐藏附加段)

2). host命令:

   # host [-t type] {name} [server]

例子:   

[root@localhost ~]# host -t MX xiaoma.comxiaoma.com mail ishandled by 10mail.xiaoma.com.[root@localhost ~]#

3). nslookup命令(交互式的命令):

   nslookup>

   server DNS_SERVER_IP

   set q=TYPE

   {name}

例子:

[root@localhost ~]# nslookup> setq=A> www.xiaoma.comServer:172.16.17.202Address:172.16.17.202#53Name:www.xiaoma.comAddress: 172.16.17.203>

2.启动/重加载命令:

1).启动命令:

   # named -u named

   # servcice named start(这个可能会依赖rndc.key的)

2).重载命令:

   # service named reload

   # killall -1 named

   # killall named(关闭)

3.测试语法错误:

   # service named configtest

# named-checkconf

# named-checkzone "xiaoma.com" /var/named/xiaoma.com.zone

二、bind的基本使用:

1、正向解析配置:

第一种:手动创建配置文件及区域文件:

前提:

挂载光盘:[root@xiaoma ~]# mkdir /media/cdrom[root@xiaoma ~]# mount /dev/cdrom /media/cdrom/mount: block device /dev/sr0 iswrite-protected, mounting read-only配置本地yum源:[root@xiaoma ~]# cd /etc/yum.repos.d/[root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak[root@xiaoma yum.repos.d]# vim media.repo[media]name=mediabaseurl=file:///media/cdromenabled=1gpgcheck=0

1).将准备好的bind包安装:

[root@localhost ~]# yum -y install bind

2).注意: 这里没有使用源配置文件,而是手动写配置文件:

[root@localhost etc]# mv /tmp/named.conf /etc/named.conf.origin

3).新建编辑配置文件/etc/named.conf:

4).配置区域文件(这里是系统自带的哦):

⑴编辑/var/named/named.loopback文件(如果是新建的文件要修改其相关属性):

[root@localhost ~]# vim /var/named/named.loopback$TTL 1D@       IN SOA  @ rname.invalid. (0; serial1D; refresh1H; retry1W; expire3H)    ; minimumNS      @A       127.0.0.1AAAA    ::1PTR     localhost.

⑵编辑/var/named/named.localhost文件(如果是新建的文件要修改其相关属性):

[root@localhost ~]# vim /var/named/named.localhost$TTL 1D@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      @A       127.0.0.1AAAA    ::1

⑶编辑/var/named/xiaoma.com.zone文件(手动创建):

5).修改named.conf属性:

[root@localhost named]# chown root:named /var/named/xiaoma.com.zone[root@localhost named]# chmod 640 /var/named/xiaoma.com.zone[root@localhost etc]# chown root:named /etc/named.conf[root@localhost etc]# chmod --reference=/etc/named.conf.origin /etc/named.conf(1)-->注意:这个(1)和(2)是一样的.[root@localhost etc]# chmod 640 /etc/named.conf(2)

6).启动测试语法/手动测试语法的使用:

第一:启动时测试:[root@localhost etc]# service named configtestzone localhost/IN: loaded serial 0zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0第二:手动测试:[root@localhost etc]# named-checkconf[root@localhost etc]#区域文件是系统自带的,我这里就没有必要检查语法了吆.root@localhost named]# named-checkzone "xiaoma.com"/var/named/xiaoma.com.zonezone xiaoma.com/IN: loaded serial 2014031301OK[root@localhost named]#

7).启动named服务:

[root@localhost etc]# service named start-->启动时需要产生随机数.Generating /etc/rndc.key:[root@localhost etc]# --> 如果这里启动不了就使用下面的这个命令:以root的身份启动,启动后以named用户执行.[root@localhost etc]# named -u named

8).使用dig命令测试(这里介绍了下面绝不会介绍):

2.正向解析配置:

第二种:直接修改配置文件及区域文件:

前提:

挂载光盘:[root@xiaoma ~]# mkdir /media/cdrom[root@xiaoma ~]# mount /dev/cdrom /media/cdrom/mount: block device /dev/sr0 iswrite-protected, mounting read-only配置本地yum源:[root@xiaoma ~]# cd /etc/yum.repos.d/[root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak[root@xiaoma yum.repos.d]# vim media.repo[media]name=mediabaseurl=file:///media/cdromenabled=1gpgcheck=0

1).将准备好的bind包安装:

[root@localhost ~]# yum -y install bind

2).修改配置文件:named.conf:

注意:这里只是把注释的内容贴出来了://      listen-on port 53 { 127.0.0.1; };//      listen-on-v6 port 53 { ::1; };//      allow-query     { localhost; };//      dnssec-enable yes;//      dnssec-validation yes;//      dnssec-lookaside auto;//      bindkeys-file "/etc/named.iscdlv.key";//      managed-keys-directory "/var/named/dynamic";//include "/etc/named.root.key";

3).修改区域文件/etc/named.rfc1912.zones:

在文章尾部添加:[root@localhost named]# vim /etc/named.rfc1912.zoneszone "xiaoma.com"{typemaster;file"xiaoma.com.zone";};

4).修改其属性:

[root@localhost named]# chmod 640 /var/named/xiaoma.com.zone[root@localhost named]# chown root:named /var/named/xiaoma.com.zone[root@localhost named]# named-checkconf[root@localhost named]# named-checkzone "xiaoma.com" /var/named/xiaoma.com.zone

5).启动服务/重新加载服务:

[root@localhost named]# named -u named[root@localhost named]# service named reload[root@localhost named]# killall -1 named

6).测试解析:

[root@localhost ~]# dig -t MX xiaoma.com[root@localhost ~]# dig -t CNAME pop.xiaoma.com[root@localhost ~]# dig -t MX xiaoma.com[root@localhost ~]# dig -t CNAME pop.xiaoma.com[root@localhost ~]# dig -t CNAME ftp.xiaoma.com[root@localhost ~]# dig -t A www.xiaoma.com[root@localhost ~]# dig -t NS xiaoma.com[root@localhost ~]# dig -t NS xiaoma.com @172.16.17.202[root@localhost ~]# dig -t A mail.xiaoma.com

--->我们以它来测试查询 mail 的 A 记录:

上下图片对比:

6).使用 +trace 跟踪解析过程(要连上网络的吆):

接上面的环境基础(2.正向解析配置:):

3.配置反向解析:

1).定义区域文件/etc/named.rfc1912.zones:

[root@localhost ~]# vim /etc/named.rfc1912.zoneszone "17.16.172.in-addr.arpa"{typemaster;file"172.16.17.zone";};

2).创建区域文件172.16.17.zone:

复制文件保持属组及权限:[root@localhost named]# cp -p xiaoma.com.zone 172.16.17.zone

3).编辑区域文件172.16.17.zone:

4).启动测试语法/重新加载:

5).测试解析:

接上,其它解析:

[root@localhost named]# dig -x 172.16.17.204[root@localhost named]# dig -x 172.16.17.203

6).host命令测试解析:

三、编译安装bind及应用:

>>>编译安装named(bind-9.9.5):

   前提:配置好开发环境,安装包组(yum安装). 

挂载光盘:[root@xiaoma ~]# mkdir /media/cdrom[root@xiaoma ~]# mount /dev/cdrom /media/cdrom/mount: block device /dev/sr0 iswrite-protected, mounting read-only配置本地yum源:[root@xiaoma ~]# cd /etc/yum.repos.d/[root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak[root@xiaoma yum.repos.d]# vim media.repo[media]name=mediabaseurl=file:///media/cdromenabled=1gpgcheck=0安装开发包组:[root@xiaoma ~]# yum grouplist | grep DevelopmentDesktop Platform DevelopmentDevelopment toolsServer Platform Development[root@xiaoma ~]# yum -y groupinstall "Server Platform Development" "Desktop Platform Development" "Development tools"

1、下载源代码,编译安装:

1).将准备好的源码包解压并编译安装:

[root@xiaoma tmp]# tar xf bind-9.9.5.tar.gz[root@xiaoma tmp]# cd bind-9.9.5[root@xiaoma bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chrootroot@xiaoma bind-9.9.5]# makeroot@xiaoma bind-9.9.5]# make install

2.创建主配置文件/etc/named/named.conf:

3.创建区域数据文件:

① 创建/var/named/named.ca :

[root@xiaoma ~]# mkdir /var/named[root@xiaoma ~]# cd /var/named/[root@xiaoma named]# dig -t NS . @172.16.0.1 > named.ca

② 创建/var/named/named.loopback :

[root@xiaoma named]# vim named.loopback$TTL 86400@       IN      SOA     localhost.      admin.localhost. (20140311012H10M7D1D)IN      NS      localhost.1IN      PTR     localhost.

③ 创建/var/named/named.localhost :

[root@xiaoma named]# vim named.localhost$TTL 86400@       IN      SOA     localhost.      admin.localhost. (20140311012H10M7D1D)IN      NS      localhost.localhost.      IN      A       127.0.0.1

④然后创建/var/named/xiaoma.com.zone文件:

[root@xiaoma named]# vim /var/named/xiaoma.com.zone$TTL 86400@       IN      SOA     dns.xiaoma.com.      dnsadmin.xiaoma.com. (20140311012H10M3D1D)IN      NS      dnsIN      MX 10maildns             IN      A       172.16.17.202mail            IN      A       172.16.17.202www             IN      A       172.16.17.1

4.创建系统用户,且测试启动:

① 创建用户:

[root@xiaoma ~]# groupadd -g 53 -r named[root@xiaoma ~]# useradd -g named -r named[root@xiaoma ~]# id nameduid=496(named) gid=53(named) groups=53(named)[root@xiaoma ~]# ls /home/

② 赋予相应属性:

[root@xiaoma named]# chmod 640 /etc/named/named.conf /var/named/*[root@xiaoma named]# chown root:named /etc/named/* /var/named/*

③ 设置PATH变量:

[root@xiaoma named]# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh[root@xiaoma named]# cat /etc/profile.d/named.sh[root@xiaoma named]# source /etc/profile.d/named.sh

④ 检查语法:

[root@xiaoma ~]# named-checkconf[root@xiaoma ~]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopbackzone 0.0.127.in-addr.arpa/IN: loaded serial 2014031101OK[root@xiaoma ~]# named-checkzone "localhost" /var/named/named.localhostzone localhost/IN: loaded serial 2014031101OK[root@xiaoma named]# named-checkzone "xiaoma.com" xiaoma.com.zonezone xiaoma.com/IN: loaded serial 2014031101OK[root@xiaoma ~]# killall -1 named

⑤ 测试启动并查看端口:

[root@xiaoma named]# named -u named[root@xiaoma named]# ss -tunl

测试解析A记录:

[root@localhost named]# dig -t A www.xiaoma.com @172.16.17.202; <<>> DiG 9.9.5<<>> -t A www.xiaoma.com @172.16.17.202;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49273;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.xiaoma.com.            IN  A;; ANSWER SECTION:www.xiaoma.com.     86400IN  A   172.16.17.1;; AUTHORITY SECTION:xiaoma.com.     86400IN  NS  dns.xiaoma.com.;; ADDITIONAL SECTION:dns.xiaoma.com.     86400IN  A   172.16.17.202;; Query time: 0msec;; SERVER: 172.16.17.202#53(172.16.17.202);; WHEN: Fri Mar 0701:37:43CST 2014;; MSG SIZE  rcvd: 93[root@localhost named]#

5.提供服务脚本,并赋予权限:

1).脚本:

[root@xiaoma ~]# vim /etc/rc.d/init.d/named#!/bin/bash## description: named daemon# chkconfig: - 25 80#pidFile=/usr/local/bind9/var/run/named.pidlockFile=/var/lock/subsys/namedconfFile=/etc/named/named.conf[ -r /etc/rc.d/init.d/functions] && . /etc/rc.d/init.d/functionsstart() {if[ -e $lockFile ]; thenecho"named is already running..."exit0fiecho-n "Starting named:"daemon --pidfile "$pidFile"/usr/local/bind9/sbin/named-u named -c "$confFile"RETVAL=$?echoif[ $RETVAL -eq0 ]; thentouch$lockFilereturn$RETVALelserm-f $lockFile $pidFilereturn1fi}stop() {if[ ! -e $lockFile ]; thenecho"named is stopped."#       exit 0fiecho-n "Stopping named:"killproc namedRETVAL=$?echoif[ $RETVAL -eq0 ];thenrm-f $lockFile $pidFilereturn0elseecho"Cannot stop named."failurereturn1fi}restart() {stopsleep2start}reload() {echo-n "Reloading named: "killproc named -HUP#killall -HUP namedRETVAL=$?echoreturn$RETVAL}status() {ifpidof named &> /dev/null; thenecho-n "named is running..."successechoelseecho-n "named is stopped..."successechofi}usage() {echo"Usage: named {start|stop|restart|status|reload}"}case$1 instart)start ;;stop)stop ;;restart)restart ;;status)status ;;reload)reload ;;*)usageexit4;;esac

2).赋予相应属性:

[root@xiaoma ~]# chkconfig --add named[root@xiaoma ~]# chkconfig --list namednamed           0:off   1:off   2:off   3:off   4:off   5:off   6:off[root@xiaoma ~]# killall named -->关闭named[root@xiaoma ~]# chmod +x /etc/rc.d/init.d/named[root@xiaoma ~]# service named startStarting named:                                            [  OK  ]

A smile is the most beautiful language!!!

j_0057.gifj_0057.gifj_0057.gif以本人的理解而写出博客,如若有错误,欢迎指出.j_0057.gifj_0057.gifj_0057.gif

                                                                       ---->小马子