需求根据域名查找出IP地址的流程:
- 先使用主机本地的hosts文件查找相关记录
- 再使用DNS服务进行解析
DNS系统的作用
正向解析:根据域名查找对应的IP地址
反向解析:根据IP地址查找对应的域名
DNS的端口:
TCP/53(连接DNS服务器) UDP/53(解析DNS)
DNS系统的分布式数据结构:
域名结构是一种树形结构,以 根域. 为起点
主机名.子域.[二级域].顶级域 .
根域
DNS域名解析工作原理
- 客户端会先将DNS解析请求发送给本地缓存域名服务器,
- 如果本地缓存域名服务器有相关记录则直接返回给客户端,否则会将DNS解析请求发送给根域服务器进行解析,
- 根域服务器会根据域名的项再将DNS解析请求委派给相对应的项级域服务器进行解析,
- 顶级域服务器也会根据域名的二级域或子域再将DNS解析请求委派给相对应的二级域或子域服务器进行解析,
- 最后子域服务器会根据域名的主机名解析出相对应的IP地址,再返回给本地缓存域名服务器和客户端。
DNS域名解析查询方式:
递归查询:(简单来说就是将DNS解析请求一探到底,再逐层返回)
- 本地域名服务器先将DNS解析请求发送给根域名服务器,
- 根域名服务器再将解析请求转发给相对应的顶级域名服务器,
- 顶级域名服务器再将解析请求转发给相对应的二级域名或子域名服务器,
- 最后子域名服务器会根据域名的主机名解析出相对应的IP地址后,再逐层返回给本地域名服务器。
迭代查询:(简单来说就是每次DNS解析请求都会用相对应的响应回复)
- 本地域名服务器先将DNS解析请求发送给根域名服务器,根域名服务器会返回响应消息给本地域名服务器并告知去找相对应的顶级域名服务器;
- 本地域名服务器再将DNS解析请求发送给相对应的顶级域名服务器,顶级域名服务器会返回响应消息给本地域名服务器并告知去找相对应的二级域名或子域名服务器
- 最后本地域名服务器将DNS解析请求发送给相对应的子域名服务器,子域名服务器会根据域名的主机名解析出相对应的IP地址后,直接返回给本地域名服务器
命令
搭建本地DNS服务器
1)初始化系统
2)安装 bind 软件包
3)修改主配置 /etc/named.conf
listen-on port 53 { any; }; #设置监听IP地址和端口
allow-query { any; }; #设置允许访问DNS服务器的客户端4)修改区域配置文件 /etc/named.rfc1912.zones
zone "xy101.com" IN { #正向解析配置
type master;
file "xy101.com.zone"; #设置区域数据文件名称
};zone "80.168.192.in-addr.arpa" IN { #反向解析配置,地址倒写
type master;
file "xy101.com.zone.local";
};5)修改区域数据文件 /var/named/xy101.com.zone
cd /var/named
cp -p named.localhost xy101.com.zone
vim xy101.com.zone
....
NS xy101.com. #设置当前区域名称
A 192.168.80.20 #设置DNS服务器IP地址
www IN A 192.168.80.30 #设置正向解析的主机名与IP地址的映射记录
xxx IN CNAME www #设置主机名 xxx 是 www 的别名vim xy101.com.zone.local
....
30 IN PTR www.xy101.com. #设置IP地址与域名的反向解析记录5)重启named服务
6)客户端设置DNS服务器地址 /etc/resolv.conf ,并验证 nslookup host dig
搭建主从域名服务器
#主服务器配置
vim /etc/named.rfc1912.zones
zone "xy101.com" IN {
type master;
file "xy101.com.zone";
allow-transfer { 192.168.80.30; }; #允许从服务器同步数据文件
};#从服务器配置(不需要配置区域数据文件)
vim /etc/named.rfc1912.zones
zone "xy101.com" IN {
type slave; #设置为从服务器类型
masters { 192.168.80.20; }; #指定主服务器地址
file "slaves/xy101.com.zone"; #设置同步的数据文件保存路径
};
实验DNS正向解析:
关闭防火墙
[root@localhost ~]# systemctl stop firewalld //关闭防火墙
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/selinux/config
[root@localhost ~]#
安装软件
[root@localhost ~]# cd /mnt/Packages
[root@localhost Packages]# ls | grep bind //ls过滤有没有bind开头
bind-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-dyndb-ldap-11.1-7.el7.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-license-9.11.4-26.P2.el7_9.9.noarch.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.9.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.9.x86_64.rpm
cmpi-bindings-pywbem-0.9.5-6.el7.x86_64.rpm
keybinder3-0.3.0-1.el7.x86_64.rpm
rpcbind-0.2.0-49.el7.x86_64.rpm
samba-winbind-4.10.16-19.el7_9.x86_64.rpm
samba-winbind-modules-4.10.16-19.el7_9.x86_64.rpm
ypbind-1.37.1-9.el7.x86_64.rpm
[root@localhost Packages]#
[root@localhost ~]# yum install -y bind //安装软件
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
正在解决依赖关系
--> 正在检查事务
---> 软件包 bind.x86_64.32.9.11.4-26.P2.el7_9.9 将被 安装
--> 解决依赖关系完成
依赖关系解决
================================================================================================================================================================
Package 架构 版本 源 大小
================================================================================================================================================================
正在安装:
bind x86_64 32:9.11.4-26.P2.el7_9.9 local 2.3 M
事务概要
================================================================================================================================================================
安装 1 软件包
总下载量:2.3 M
安装大小:5.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 32:bind-9.11.4-26.P2.el7_9.9.x86_64 1/1
验证中 : 32:bind-9.11.4-26.P2.el7_9.9.x86_64 1/1
已安装:
bind.x86_64 32:9.11.4-26.P2.el7_9.9
完毕!
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@localhost ~]#
[root@localhost ~]# vim /etc/named.conf
也可以这样
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback
[root@localhost named]# ll
总用量 16
drwxrwx---. 2 named named 6 2月 24 2022 data
drwxrwx---. 2 named named 6 2月 24 2022 dynamic
-rw-r-----. 1 root named 2253 4月 5 2018 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 6 2月 24 2022 slaves
[root@localhost named]#
[root@localhost named]# cp -p named.localhost xy101.com.zone
[root@localhost named]# ll
总用量 20
drwxrwx---. 2 named named 6 2月 24 2022 data
drwxrwx---. 2 named named 6 2月 24 2022 dynamic
-rw-r-----. 1 root named 2253 4月 5 2018 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 6 2月 24 2022 slaves
-rw-r-----. 1 root named 152 6月 21 2007 xy101.com.zone
[root@localhost named]#
[root@localhost named]# vim xy101.com.zone
[root@localhost named]# 
[root@localhost named]# systemctl start named
[root@localhost named]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@localhost named]#
验证
[root@localhost ~]# vim /etc/resolv.conf
[root@localhost ~]#
[root@localhost ~]# nslookup www.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
Name: www.xy101.com
Address: 20.0.0.40
[root@localhost ~]# nslookup mail.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
Name: mail.xy101.com
Address: 20.0.0.50
[root@localhost ~]# nslookup news.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
Name: news.xy101.com
Address: 20.0.0.60
[root@localhost ~]# nslookup ftp.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
ftp.xy101.com canonical name = www.xy101.com.
Name: www.xy101.com
Address: 20.0.0.40
[root@localhost ~]# nslookup biubiubiu.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
Name: biubiubiu.xy101.com
Address: 20.0.0.100
[root@localhost ~]#
[root@localhost ~]# host www.xy101.com
www.xy101.com has address 20.0.0.40
[root@localhost ~]# host ftp.xy101.com
ftp.xy101.com is an alias for www.xy101.com.
www.xy101.com has address 20.0.0.40
[root@localhost ~]#
[root@localhost ~]# dig www.xy101.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> www.xy101.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10366
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.xy101.com. IN A
;; ANSWER SECTION:
www.xy101.com. 86400 IN A 20.0.0.40
;; AUTHORITY SECTION:
xy101.com. 86400 IN NS xy101.com.
;; ADDITIONAL SECTION:
xy101.com. 86400 IN A 20.0.0.30
;; Query time: 0 msec
;; SERVER: 20.0.0.30#53(20.0.0.30)
;; WHEN: 五 4月 26 02:48:42 CST 2024
;; MSG SIZE rcvd: 88
[root@localhost ~]#
实验DNS反向解析:
在正向的基础上
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]#
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves xy101.com.zone
[root@localhost named]# ll
总用量 20
drwxrwx---. 2 named named 23 4月 25 18:17 data
drwxrwx---. 2 named named 60 4月 25 18:18 dynamic
-rw-r-----. 1 root named 2253 4月 5 2018 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 6 2月 24 2022 slaves
-rw-r-----. 1 root named 294 4月 25 18:16 xy101.com.zone
[root@localhost named]#
[root@localhost named]#
[root@localhost named]# cp -p xy101.com.zone xy101.com.zone.local
[root@localhost named]# ll
总用量 24
drwxrwx---. 2 named named 23 4月 25 18:17 data
drwxrwx---. 2 named named 60 4月 25 18:18 dynamic
-rw-r-----. 1 root named 2253 4月 5 2018 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 6 2月 24 2022 slaves
-rw-r-----. 1 root named 294 4月 25 18:16 xy101.com.zone
-rw-r-----. 1 root named 294 4月 25 18:16 xy101.com.zone.local
[root@localhost named]#
[root@localhost named]#
[root@localhost named]# vim xy101.com.zone.local
[root@localhost named]# systemctl restart named
[root@localhost named]#
验证
[root@localhost ~]# nslookup 20.0.0.40
40.0.0.20.in-addr.arpa name = www.xy101.com.
[root@localhost ~]# nslookup 20.0.0.50
50.0.0.20.in-addr.arpa name = mail.xy101.com.
[root@localhost ~]# nslookup 20.0.0.60
60.0.0.20.in-addr.arpa name = news.xy101.com.
[root@localhost ~]# host www.xy101.com.
www.xy101.com has address 20.0.0.40
[root@localhost ~]# host 20.0.0.40
40.0.0.20.in-addr.arpa domain name pointer www.xy101.com.
[root@localhost ~]# host 20.0.0.50
50.0.0.20.in-addr.arpa domain name pointer mail.xy101.com.
[root@localhost ~]# host 20.0.0.60
60.0.0.20.in-addr.arpa domain name pointer news.xy101.com.
[root@localhost ~]#
实验搭建主从域名服务器
以下步骤两台虚拟机同时操作
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/selinux/config
[root@localhost ~]# df
文件系统 1K-块 已用 可用 已用% 挂载点
devtmpfs 1913548 0 1913548 0% /dev
tmpfs 1930624 0 1930624 0% /dev/shm
tmpfs 1930624 12784 1917840 1% /run
tmpfs 1930624 0 1930624 0% /sys/fs/cgroup
/dev/mapper/centos-root 36805060 4577592 32227468 13% /
/dev/sda1 1038336 191084 847252 19% /boot
tmpfs 386128 52 386076 1% /run/user/0
/dev/sr0 4635056 4635056 0 100% /mnt
[root@localhost ~]# yum install -y bind
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
正在解决依赖关系
--> 正在检查事务
---> 软件包 bind.x86_64.32.9.11.4-26.P2.el7_9.9 将被 安装
--> 解决依赖关系完成
依赖关系解决
==========================================================================================================================================================
Package 架构 版本 源 大小
==========================================================================================================================================================
正在安装:
bind x86_64 32:9.11.4-26.P2.el7_9.9 local 2.3 M
事务概要
==========================================================================================================================================================
安装 1 软件包
总下载量:2.3 M
安装大小:5.4 M
Downloading packages:
Running transaction check
Running transaction test
Transactivim /etc/named.conf
以上操作两台虚拟机都要操作
修改主服务器
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "xy101.com" IN {
type master;
file "xy101.com.zone";
allow-transfer { 20.0.0.10; };
};
zone "0.0.20.in-addr.arpa" IN {
type master;
file "xy101.com.zone.local";
allow-transfer { 20.0.0.10; };
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
[root@localhost named]# cd /var/named/
[root@localhost named]# ll
总用量 24
drwxrwx---. 2 named named 23 4月 25 18:17 data
drwxrwx---. 2 named named 60 4月 25 23:16 dynamic
-rw-r-----. 1 root named 2253 4月 5 2018 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 6 2月 24 2022 slaves
-rw-r-----. 1 root named 294 4月 25 18:16 xy101.com.zone
-rw-r-----. 1 root named 264 4月 25 23:11 xy101.com.zone.local
[root@localhost named]#
[root@localhost named]# cp -p named.localhost xy101.com.zone
[root@localhost named]# vim xy101.com.zone
从服务器
[root@localhost ~]#
[root@localhost ~]# vim /etc/named.rfc1912.zones
先启动主再启动从
主
[root@localhost named]# systemctl start named
[root@localhost named]# systemctl enable named.service
[root@localhost named]#
从
[root@localhost ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@localhost ~]#
验证
先在主 验证
[root@localhost named]# vim /etc/resolv.conf
[root@localhost named]#
[root@localhost ~]# nslookup www.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
Name: www.xy101.com
Address: 20.0.0.40
[root@localhost ~]# nslookup news.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
Name: news.xy101.com
Address: 20.0.0.60
[root@localhost ~]# nslookup 20.0.0.60
60.0.0.20.in-addr.arpa name = news.xy101.com.
[root@localhost ~]# nslookup 20.0.0.50
50.0.0.20.in-addr.arpa name = mail.xy101.com.
[root@localhost ~]#
主服务器关机从还可以继续解析
[root@localhost ~]# nslookup www.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
Name: www.xy101.com
Address: 20.0.0.40
[root@localhost ~]# nslookup news.xy101.com
Server: 20.0.0.30
Address: 20.0.0.30#53
Name: news.xy101.com
Address: 20.0.0.60
[root@localhost ~]# nslookup 20.0.0.60
60.0.0.20.in-addr.arpa name = news.xy101.com.
[root@localhost ~]# nslookup 20.0.0.50
50.0.0.20.in-addr.arpa name = mail.xy101.com.
[root@localhost ~]# Windows不行有bug