一、dns域名系统
DNS(Domain Name System,域名系统),万维网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过域名,最终得到该域名对应的IP地址的过程叫做域名解析(或主机名解析)。DNS
协议运行在UDP协议之上,使用端口号53。
二、高速缓存服务配置
一、在服务端进行配置
1、高速缓存需要的软件bind
安装软件[root@localhost ~]# yum install bind -y
2、高速缓存需要的服务named
开启服务,如果在开启的过程中卡住,是因为加密字符不够,敲击键盘和鼠标可以生成加密字符,加密字符文件在/etc/rndc.key
文件中
[root@localhost ~]# systemctl start named
[root@localhost ~]# systemctl status named
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
Active: active (running) since Wed 2018-05-02 07:14:06 EDT; 27s ago
Process: 2505 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
3、关闭防火墙并查看接口
查看服务端口53,此时端口只开启在lo回环接口,127.0.0.1代表回环接口ip
4、查找并修改配置文件,打开服务机53接口
[root@localhost ~]# rpm -qc bind 查找配置文件
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@localhost ~]# vim /etc/named.conf 修改配置文件
11 listen-on port 53 { any; }; 修改53接口对所有网卡开启
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; }; 修改允许连接的客户主机为所有人
18 forwarders{ 172.25.254.77; }; 转法请求到172.25.254.77的主机
5、重启named服务查看接口
此时端口53开启在多有的网卡上,包括eth0网卡,ip=172.25.254.177
[root@localhost ~]# systemctl restart named
[root@localhost ~]# netstat -antlupe | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 63090 3266/named
tcp 0 0 172.25.254.177:53 0.0.0.0:* LISTEN 25 63085 3266/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 63083 3266/named
tcp6 0 0 ::1:953 :::* LISTEN 25 63091 3266/named
tcp6 0 0 ::1:53 :::* LISTEN 25 63087 3266/named
udp 0 0 172.25.254.177:53 0.0.0.0:* 25 63084 3266/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 25 63082 3266/named
udp6 0 0 ::1:53 :::* 25 63086 3266/named
二、客户端测试
1、修改客户端配置文件
[root@localhost ~]# vim /etc/resolv.conf
2、客户端测试
[root@localhost ~]# dig www.baidu.com
可以看到百度的域名
三、DNS正向解析
正向解析:通过域名查找ip
1、修改配置文件
[root@localhost ~]# vim /etc/named.conf 删除掉添加的forwarders行
2、修改副配置文件
24 zone "westos.com" IN { 添加westos.com域
25 type master; 主域名
26 file "westos.com.zone"; 正向解析域名文件
27 allow-update { none; }; 远程不可写
28 };
3、修改正向解析域名文件
[root@localhost ~]# rpm -ql bind 查看所有跟bind有关的文件目录
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
查看域名文件规则
[root@localhost named]# vim named.loopback
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.
生成westos.com.zone文件
[root@localhost named]# cp -p named.loopback westos.com.zone
[root@localhost named]# vim westos.com.zone
NS dns.westos.com.
dns A 172.25.254.177 地址解析服务器
www A 172.25.254.249 指定域名解析 A表示正向解析
bbs A 172.25.254.148
注意该文件中后面如果不加点表示自动会加westos.com
4、重启服务
[root@localhost named]# systemctl restart named
5、客户端测试:
[root@localhost ~]# vim /etc/resolv.conf 修改文件的nameserver为172.25.254.177
[root@localhost ~]# dig www.westos.com 测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46458
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.249
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.177
;; Query time: 1 msec
;; SERVER: 172.25.254.177#53(172.25.254.177)
;; WHEN: Wed May 02 09:14:04 EDT 2018
;; MSG SIZE rcvd: 93
四、DNS反向解析
反向解析:通过ip查找域名
1、修改配置文件[root@localhost named]# vim /etc/named.rfc1912.zones
反向解析配置文件规则
2、添加反向解析
3、配置反向解析文件[root@localhost named]# vim westos.com.pty
4、重置服务
[root@localhost named]# vim westos.com.pty
5、客户端测试
[root@localhost ~]# dig -x 172.25.254.246 反向解析需要加-x
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.246
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48801
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;246.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
246.254.25.172.in-addr.arpa. 86400 IN PTR tm.westos.com.254.25.172.in-addr.arpa.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.177
;; Query time: 1 msec
;; SERVER: 172.25.254.177#53(172.25.254.177)
;; WHEN: Wed May 02 09:42:57 EDT 2018
;; MSG SIZE rcvd: 128
五、DNS双向解析
双向解析是指内网和外网分离解析
内网:172.25.254.177 www.westos.com---172.25.254.xxx
外网:any www.westos.com---192.168.254.xxx