DNS服务器的部署
DNS----Domain Name System域名系统
作用:
1) 将域名, 主机名解析成对应的IP地址 正向解析
2) 将IP地址解析成对应的主机名,域名 反向解析
区域zone
正向区域 uplooking.com
反向区域 X.X.X.in-addr.arpa 172.16.80.0/24 80.16.172.in-addr.arpa
记录Record
A记录 主机记录 www.uplooking.com A 192.168.1.1
NS记录 标识DNS服务器自身的名称
NS dns1.uplooking.com.
dns1.uplooking.com A 192.168.1.2
MX记录 标识邮件服务器的名称
MX 10 mail.uplooking.com.
mail.uplooking.com. A 192.168.1.3
CNAME记录 别名记录
m.mail.com. CNAME mail.uplooking.com.
PTR记录 反向指针记录
192.168.1.1 PTR www.uplooking.com.
DNS域名结构:
. 根域 www.jd.com------------> www.jd.com.
com
jd
baidu
tabao
cn
org
gov
DNS解析方式:
递归
客户端只需要向DNS服务器发送一次请求
迭代
客户端需要发送多次DNS请求
部署DNS服务器
软件: bind, bind-chroot
伪根 /var/named/chroot
/etc/named.conf ------> /var/named/chroot/etc/named.conf
配置文件:
主配置文件 /var/named/chroot/etc/named.conf 建立区域
记录文件 /var/named/chroot/var/named/*
服务: named, named-chroot
端口:
53/udp 负责接收客户端DNS请求
53/tcp 负责主从服务器数据同步
示例:搭建DNS服务器
web.uplooking.com 192.168.1.1 网站服务器
ftp.uplooking.com 192.168.1.2 FTP服务器
mail.uplooking.com 192.168.1.3 邮件服务器
准备工作:
关闭SELinux, 防火墙
配置YUM源
1 安装软件
[root@localhost ~]# yum install -y bind bind-chroot
2 编辑DNS的主配置文件,创建区域uplooking.com
[root@localhost ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "uplooking.com" {
type master;
file "uplooking.com.zone";
};
区域类型:
hint 根域
master 主区域
slave 从区域
3 复制记录文件的模板,并编辑
[root@localhost ~]# cp /usr/share/doc/bind-9.8.2/sample/var/named/named.localhost /var/named/chroot/var/named/uplooking.com.zone
[root@localhost ~]# vim /var/named/chroot/var/named/uplooking.com.zone
$TTL 1D
@ IN SOA uplooking.com. 454452000.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.uplooking.com.
dns1 A 192.168.122.105
web A 192.168.1.1
ftp A 192.168.1.2
MX 5 mail.uplooking.com.
mail A 192.168.1.3
4 启动named服务
[root@dns ~]# systemctl start named-chroot
[root@dns ~]# systemctl start named
[root@dns ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@dns ~]# systemctl enable named-chroot
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.
[root@dns ~]#
[root@dns ~]# ss -antp | grep named
LISTEN 0 10 192.168.122.105:53 : users:(("named",pid=2249,fd=21))
[root@dns ~]# ss -anup | grep named
UNCONN 0 0 192.168.122.105:53 : users:(("named",pid=2249,fd=513))
5 测试
注意:
配置方法如下:
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
Generated by dracut initrd
NAME="eth0"
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
IPADDR=192.168.122.121
NETMASK=255.255.255.0
GATEWAY=192.168.122.1
DNS1=192.168.122.105
[root@localhost ~]# cat /etc/resolv.conf
Generated by NetworkManager
nameserver 192.168.122.105
[root@localhost ~]#
测试工具:
- nslookup
[root@localhost ~]# nslookup
server
Default server: 192.168.122.105
Address: 192.168.122.105#53web.uplooking.com
Server: 192.168.122.105
Address: 192.168.122.105#53
Name: web.uplooking.com
Address: 192.168.1.1
ftp.uplooking.com
Server: 192.168.122.105
Address: 192.168.122.105#53
Name: ftp.uplooking.com
Address: 192.168.1.2
mail.uplooking.com
Server: 192.168.122.105
Address: 192.168.122.105#53
Name: mail.uplooking.com
Address: 192.168.1.3
exit
- dig
dig -t
[root@localhost ~]# dig -t A web.uplooking.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A web.uplooking.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39100
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;web.uplooking.com. IN A
;; ANSWER SECTION:
web.uplooking.com. 86400 IN A 192.168.1.1
;; AUTHORITY SECTION:
uplooking.com. 86400 IN NS dns1.uplooking.com.
;; ADDITIONAL SECTION:
dns1.uplooking.com. 86400 IN A 192.168.122.105
;; Query time: 1 msec
;; SERVER: 192.168.122.105#53(192.168.122.105)
;; WHEN: 三 2月 22 11:45:42 CST 2017
;; MSG SIZE rcvd: 97
利用DNS记录实现负载均衡效果:
web A 192.168.1.1
web A 192.168.1.4
泛域名记录
uplooking.com. A 192.168.1.1
*.uplooking.com. A 192.168.1.1
示例2:
建立DNS反向区域,实现反向解析
1)编辑主配置文件named.conf
[root@masterdns ~]# vim /var/named/chroot/etc/named.conf
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
};
2)创建反向区域的记录
[root@dns named]# cat /var/named/chroot/var/named/192.168.1.zone
$TTL 1D
@ IN SOA uplooking.com. 454452000.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.uplooking.com.
dns1 A 192.168.122.105
1 PTR web.uplooking.com.
2 PTR ftp.uplooking.com.
3 PTR mail.uplooking.com.
[root@dns named]# systemctl restart named
[root@dns named]# systemctl restart named-chroot
3)测试
[root@masterdns ~]# nslookup
ftp.uplooking.com
Server: 192.168.122.166
Address: 192.168.122.166#53
Name: ftp.uplooking.com
Address: 192.168.1.2
192.168.1.2
Server: 192.168.122.166
Address: 192.168.122.166#53
2.1.168.192.in-addr.arpa name = ftp.uplooking.com.
示例:DNS主从服务器部署
环境描述:
192.168.122.166 DNS主服务器
192.168.122.167 DNS从服务器
将主服务器上uplooking.com区域的记录与从服务同步
主服务器:
1) 编辑主配置文件named.conf
[root@masterdns ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "uplooking.com" {
type master;
allow-transfer { 192.168.122.167; }; >>>指定从服务器的IP地址
file "uplooking.com.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
};
2)编辑uplooking.com区域的记录文件,添加从服务器的NS记录
[root@masterdns ~]# cat /var/named/chroot/var/named/uplooking.com.zone
$TTL 1D
@ IN SOA uplooking.com. cisco_wjc.126.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.uplooking.com.
NS dns2.uplooking.com.
dns1 A 192.168.122.166
dns2 A 192.168.122.167
web A 192.168.1.1
web A 192.168.1.4
uplooking.com. A 192.168.1.1
*.uplooking.com. A 192.168.1.1
ftp A 192.168.1.2
MX 5 mail.uplooking.com.
mail A 192.168.1.3
[root@localhost named]# systemctl restart named
[root@localhost named]# systemctl restart named-chroot
从服务器:
1) 安装软件
yum install -y bind bind-chroot
- 编辑主配置文件
[root@slavedns ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "uplooking.com" {
type slave;
masters { 192.168.122.166; }; >>>指定主服务器IP地址
file "slaves/uplooking.com.zone";
};
[root@slavedns ~]#
3) 启动named服务
[root@localhost ~]# systemctl start named-chroot
[root@localhost ~]# systemctl start named
- 测试
[root@slavedns ~]# ls /var/named/chroot/var/named/slaves/
uplooking.com.zone
[root@slavedns ~]#
[root@slavedns ~]# nslookup
server 192.168.122.167
Default server: 192.168.122.167
Address: 192.168.122.167#53
web.uplooking.com
Server: 192.168.122.167
Address: 192.168.122.167#53
Name: web.uplooking.com
Address: 192.168.1.4
Name: web.uplooking.com
Address: 192.168.1.1
exit
练习:
部署DNS服务器完成如下解析:
www.a.org 192.168.10.1
bbs.a.org 192.168.10.2
discuz.b.org 192.168.20.1
game.b.org 192.168.20.2
mail.b.org 192.168.20.3