配置DNS解析练习

DNS操作

一、配置一个正向解析区(输入域名解析出IP)

1.在主配置文件中(/etc/named.conf)或主配置文件辅助配置文件(/etc/named.rfc1912.zones)中实现;

格式:
    zone  "ZONE_NAME"  IN  {
                    type  {master|slave|hint|forward};
                    file  "ZONE_NAME.zone"; 
                };
1
2
3
4
5
6
7
#末尾添加一个区域
#并把文件指向lee.com.zone
zone "lee.com" IN {
type master;
file "lee.com.zone";
};

2.创建区域文件

在/var/named目录下创建lee.com.zone文件
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@localhost named]# cat lee.com.zone
$TTL 3600
lee.com. IN SOA lee.com. admin.lee.com. (
2017053001
1H
5M
1W
6H )
IN NS dns1.lee.com.
dns1.lee.com. IN A 172.16.250.14
www.lee.com. IN A 172.16.250.14
web IN CNAME www

3.修改bind配置文件

在/etc目录下的named.conf文件
1
2
3
4
5
6
7
8
9
10
11
options {
listen-on port 53 { 172.16.250.14; }; #花括号内改为本机IP,括号前后必须加空格
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #花括号内改为any,允许所有人来查询
recursion yes;
dnssec-enable no; #不做安全性校验
dnssec-validation no; #不做安全性校验

4.检查配置文件

1
2
[root@localhost named]# named-checkconf
[root@localhost named]#

5.检查区域配置文件语法错误

1
2
3
4
[root@localhost named]# named-checkzone lee.com. /var/named/lee.com.zone
zone lee.com/IN: loaded serial 2017053001
OK
#只能检查语法错误,不能检查逻辑错误

6.权限及属组修改

1
2
3
4
5
6
7
8
9
10
11
12
[root@localhost named]# chgrp named /var/named/lee.com.zone
[root@localhost named]# chmod o= /var/named/lee.com.zone
[root@localhost named]# ll
total 36
drwxrwx--- 2 named named 4096 May 23 13:18 data
drwxrwx--- 2 named named 4096 May 24 2017 dynamic
-rw-r----- 1 root named 202 May 24 13:28 lee.com.zone
-rw-r----- 1 root named 3171 Jan 11 2016 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 May 11 2016 slaves

7.启动服务重新加载(生产实际只重载不重启)

1
2
3
4
5
[root@localhost named]# service named start
Starting named: [ OK ]
[root@localhost named]# rndc reload
server reload successful
[root@localhost named]#

8.测试

1
2
3
4
5
6
[root@localhost named]# host -t A www.lee.com
www.lee.com has address 172.16.250.14
[root@localhost named]# host -t SOA lee.com
lee.com has SOA record lee.com. admin.lee.com. 2017053001 3600 300 604800 21600

二、配置一个反向解析区(输入ip解析出域名)

1.在主配置文件中(/etc/named.conf)或主配置文件辅助配置文件(/etc/named.rfc1912.zones)中实现;

格式:
    zone  "ZONE_NAME"  IN  {
                    type  {master|slave|hint|forward};
                    file  "ZONE_NAME.zone"; 
                };
1
2
3
4
5
6
7
8
#末尾添加一个区域
#并把文件指向172.16.zone
#反向区域名是倒过来写的网络IP+.in-addr.arpa
zone "16.172.in-addr.arpa" IN {
type master;
file "172.16.zone";
};

2.创建区域文件

在/var/named目录下创建172.16.zone文件
1
2
3
4
5
6
7
8
9
10
11
[root@localhost named]# cat 172.16.zone
$TTL 1200
@ IN SOA @ nsadmin.lee.com. (
2017060101
3H
20M
1W
1D )
@ IN NS dns1.lee.com.
98.254.16.172.in-addr.arpa. IN PTR dns1.lee.com.
98.254.16.172.in-addr.arpa. IN PTR www.lee.com.

3.修改bind配置文件

因为做正向解析区域时已经对配置文件做了修改,所以以后的操作不用再对配置文件进行配置。

4.检查配置文件

1
2
[root@localhost named]# named-checkconf
[root@localhost named]#

5.检查区域配置文件语法错误

1
2
3
4
5
[root@localhost named]# named-checkzone 16.172.in-addr.arpa /var/named/172.16.zone
zone 16.172.in-addr.arpa/IN: loaded serial 2017060101
OK
[root@localhost named]#
#只能检查语法错误,不能检查逻辑错误

6.权限及属组修改

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@localhost named]# chgrp named /var/named/172.16.zone
[root@localhost named]# chmod o= /var/named/172.16.zone
[root@localhost named]# ll
total 24
-rw-r----- 1 root named 199 Jun 1 11:18 172.16.zone
drwxrwx--- 2 named named 47 May 29 16:34 data
drwxrwx--- 2 named named 58 Jun 1 11:08 dynamic
-rw-r--r-- 1 root root 277 May 23 17:19 lyz.zone
-rw-r----- 1 root named 2076 Jan 28 2013 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Nov 12 2016 slaves

7.重新加载服务

1
2
3
[root@localhost named]# rndc reload
server reload successful
[root@localhost named]#

8.测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@localhost named]# dig -x 172.16.254.98 @172.16.254.98
; <<>> DiG 9.9.4-RedHat-9.9.4-37.el7 <<>> -x 172.16.254.98 @172.16.254.98
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9854
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;98.254.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
98.254.16.172.in-addr.arpa. 1200 IN PTR www.lee.com.
;; AUTHORITY SECTION:
16.172.in-addr.arpa. 1200 IN NS dns1.lee.com.
;; Query time: 1 msec
;; SERVER: 172.16.254.98#53(172.16.254.98)
;; WHEN: Thu Jun 01 11:28:20 CST 2017
;; MSG SIZE rcvd: 99

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@localhost named]# dig -t axfr 16.172.in-addr.arpa @172.16.254.98
; <<>> DiG 9.9.4-RedHat-9.9.4-37.el7 <<>> -t axfr 16.172.in-addr.arpa @172.16.254.98
;; global options: +cmd
16.172.in-addr.arpa. 1200 IN SOA 16.172.in-addr.arpa. nsadmin.lee.com. 2017060101 10800 1200 604800 86400
16.172.in-addr.arpa. 1200 IN NS dns1.lee.com.
67.0.16.172.in-addr.arpa. 1200 IN PTR dns1.lee.com.
98.254.16.172.in-addr.arpa. 1200 IN PTR www.lee.com.
16.172.in-addr.arpa. 1200 IN SOA 16.172.in-addr.arpa. nsadmin.lee.com. 2017060101 10800 1200 604800 86400
;; Query time: 2 msec
;; SERVER: 172.16.254.98#53(172.16.254.98)
;; WHEN: Thu Jun 01 11:30:41 CST 2017
;; XFR size: 5 records (messages 1, bytes 187)

三、配置主从域名解析服务器

主从正向解析

1.在从服务器上配置/etc/named.rfc1912.zones文件。在最后添加一个域

1
2
3
4
5
zone "lee.com" IN {
type slave; #类型选择从服务器
file "slaves/lee.com.zone"; #文件指向/var/named/slaves/的lee.com.zone从服务器上这个文件不用手动创建,
masters { 172.16.250.14;}; #指明主服务器的IP
};

2.检查配置文件是否有错

1
2
[root@localhost slaves]# named-checkconf
[root@localhost slaves]#

3.与时间服务器同步时间,主从服务器都需要做

1
2
[root@localhost ~]# ntpdate 172.16.0.1
1 Jun 14:12:14 ntpdate[2712]: step time server 172.16.0.1 offset 527048.206825 sec

4.在从服务器上重载服务

1
2
[root@localhost ~]# rndc reload
server reload successful

5.查看一下日志文件/var/log/messages

显示文件已经传输成功
1
2
3
4
5
6
7
8
9
10
11
[root@localhost slaves]# tail /var/log/messages
Jun 1 14:12:40 localhost named[2257]: using default UDP/IPv6 port range: [1024, 65535]
Jun 1 14:12:40 localhost named[2257]: sizing zone task pool based on 7 zones
Jun 1 14:12:40 localhost named[2257]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jun 1 14:12:40 localhost named[2257]: reloading configuration succeeded
Jun 1 14:12:40 localhost named[2257]: reloading zones succeeded
Jun 1 14:12:40 localhost named[2257]: zone lee.com/IN: Transfer started.
Jun 1 14:12:40 localhost named[2257]: transfer of 'lee.com/IN' from 172.16.250.14#53: connected using 172.16.250.196#33700
Jun 1 14:12:40 localhost named[2257]: zone lee.com/IN: transferred serial 2017053001
Jun 1 14:12:40 localhost named[2257]: transfer of 'lee.com/IN' from 172.16.250.14#53: Transfer completed: 1 messages, 6 records, 176 bytes, 0.003 secs (58666 bytes/sec)
Jun 1 14:12:40 localhost named[2257]: zone lee.com/IN: sending notifies (serial 2017053001)
此时在/var/named/slaves目录下就有了从主服务器同步过来的区域配置文件lee.com.zone
1
2
3
4
5
6
[root@localhost slaves]# cd ~
[root@localhost ~]# cd /var/named/slaves/
[root@localhost slaves]# ll
total 4
-rw-r--r-- 1 named named 337 Jun 1 14:12 lee.com.zone
[root@localhost slaves]#

6.测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@localhost slaves]# dig -t A www.lee.com @172.16.250.196
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.lee.com @172.16.250.196
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56624
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.lee.com. IN A
;; ANSWER SECTION:
www.lee.com. 3600 IN A 172.16.250.14
;; AUTHORITY SECTION:
lee.com. 3600 IN NS dns1.lee.com.
;; ADDITIONAL SECTION:
dns1.lee.com. 3600 IN A 172.16.250.14
;; Query time: 2 msec
;; SERVER: 172.16.250.196#53(172.16.250.196)
;; WHEN: Thu Jun 1 14:42:03 2017
;; MSG SIZE rcvd: 80
[root@localhost slaves]#

主从反向解析

1.在从服务器上配置/etc/named.rfc1912.zones文件。在最后添加一个域

1
2
3
4
5
zone "16.172.in-addr.arpa" {
type slave; #选择从服务器类型
file "slaves/lee.com.backzone"; #文件指向/var/named/slaves/的lee.com.zone从服务器上这个文件不用手动创建,
masters { 172.16.250.14; }; #指明主服务器的IP
};

2.检查配置文件是否有错

1
2
[root@localhost slaves]# named-checkconf
[root@localhost slaves]#

3.与时间服务器同步时间,主从服务器都需要做

1
2
[root@localhost ~]# ntpdate 172.16.0.1
1 Jun 14:12:14 ntpdate[2712]: step time server 172.16.0.1 offset 527048.206825 sec

4.在从服务器上重载服务

1
2
[root@localhost ~]# rndc reload
server reload successful

5.查看一下日志文件/var/log/messages

显示文件已经传输成功
1
2
3
4
5
6
7
8
9
10
11
[root@localhost slaves]# tail /var/log/messages
Jun 1 15:01:11 localhost named[2257]: using default UDP/IPv6 port range: [1024, 65535]
Jun 1 15:01:11 localhost named[2257]: sizing zone task pool based on 8 zones
Jun 1 15:01:11 localhost named[2257]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jun 1 15:01:11 localhost named[2257]: reloading configuration succeeded
Jun 1 15:01:11 localhost named[2257]: reloading zones succeeded
Jun 1 15:01:11 localhost named[2257]: zone 16.172.in-addr.arpa/IN: Transfer started.
Jun 1 15:01:11 localhost named[2257]: transfer of '16.172.in-addr.arpa/IN' from 172.16.250.14#53: connected using 172.16.250.196#42173
Jun 1 15:01:11 localhost named[2257]: zone 16.172.in-addr.arpa/IN: transferred serial 2017060101
Jun 1 15:01:11 localhost named[2257]: transfer of '16.172.in-addr.arpa/IN' from 172.16.250.14#53: Transfer completed: 1 messages, 5 records, 182 bytes, 0.001 secs (182000 bytes/sec)
Jun 1 15:01:11 localhost named[2257]: zone 16.172.in-addr.arpa/IN: sending notifies (serial 2017060101)
此时在/var/named/slaves目录下就有了从主服务器同步过来的区域配置文件lee.com.backzone
1
2
3
4
5
6
[root@localhost slaves]# cd ~
[root@localhost ~]# cd /var/named/slaves/
[root@localhost slaves]# ll
total 8
-rw-r--r-- 1 named named 363 Jun 1 15:01 lee.com.backzone
-rw-r--r-- 1 named named 358 Jun 1 14:41 lee.com.zone

6.测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@localhost slaves]# dig -t A 16.172.in-addr.arpa @172.16.250.196
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A 16.172.in-addr.arpa @172.16.250.196
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59949
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;16.172.in-addr.arpa. IN A
;; AUTHORITY SECTION:
16.172.in-addr.arpa. 1200 IN SOA 16.172.in-addr.arpa. nsadmin.lee.com. 2017060101 10800 1200 604800 86400
;; Query time: 0 msec
;; SERVER: 172.16.250.196#53(172.16.250.196)
;; WHEN: Thu Jun 1 15:06:08 2017
;; MSG SIZE rcvd: 88

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@localhost slaves]# dig -x 172.16.250.14 @172.16.250.196
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 172.16.250.14 @172.16.250.196
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1037
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;14.250.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
14.250.16.172.in-addr.arpa. 1200 IN PTR www.lee.com.
14.250.16.172.in-addr.arpa. 1200 IN PTR dns1.lee.com.
;; AUTHORITY SECTION:
16.172.in-addr.arpa. 1200 IN NS dns1.lee.com.
;; ADDITIONAL SECTION:
dns1.lee.com. 3600 IN A 172.16.250.14
;; Query time: 3 msec
;; SERVER: 172.16.250.196#53(172.16.250.196)
;; WHEN: Thu Jun 1 15:07:32 2017
;; MSG SIZE rcvd: 118

四、配置子域域名解析

1.在主服务器上添加子域信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@localhost named]# cat /var/named/lee.com.zone
$TTL 3600
lee.com. IN SOA lee.com. admin.lee.com. (
2017053002
1H
5M
1W
6H )
IN NS dns1.lee.com.
dns1.lee.com. IN A 172.16.250.14
www.lee.com. IN A 172.16.250.14
web IN CNAME www
ops.lee.com IN NS dns1.ops.lee.com
dev.lee.com IN NS dns1.dev.lee.com.
dns1.ops IN A 172.16.250.196
dns1.dev IN A 172.16.254.98

2.在子域服务器上添加子域

1
2
3
4
zone "ops.lee.com" {
type master;
file "ops.lee.com.zone";
};

3.创建域配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
$TTL 3600
@ IN SOA ops.lee.com nsadmin.ops.lee.com (
2717060101
1H
5M
3D
2H )
@ IN NS dns1.ops.lee.com.
dns1 IN A 172.16.250.196
www IN A 172.16.250.196
~

4.测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@localhost slaves]# dig -t A dns1.ops.lee.com @172.16.250.14
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A dns1.ops.lee.com @172.16.250.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9662
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;dns1.ops.lee.com. IN A
;; ANSWER SECTION:
dns1.ops.lee.com. 3600 IN A 172.16.250.196
;; AUTHORITY SECTION:
lee.com. 3600 IN NS dns1.lee.com.
;; ADDITIONAL SECTION:
dns1.lee.com. 3600 IN A 172.16.250.14
;; Query time: 2 msec
;; SERVER: 172.16.250.14#53(172.16.250.14)
;; WHEN: Thu Jun 1 15:34:43 2017
;; MSG SIZE rcvd: 85

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@localhost named]# dig -t A dns1.ops.lee.com @172.16.250.196
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A dns1.ops.lee.com @172.16.250.196
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63239
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;dns1.ops.lee.com. IN A
;; ANSWER SECTION:
dns1.ops.lee.com. 3600 IN A 172.16.250.196
;; AUTHORITY SECTION:
ops.lee.com. 3600 IN NS dns1.ops.lee.com.
;; Query time: 2 msec
;; SERVER: 172.16.250.196#53(172.16.250.196)
;; WHEN: Thu Jun 1 15:33:49 2017
;; MSG SIZE rcvd: 64
<% if (theme.canvas_nest) { %> <% } %> s