Introduction to DNS
Distributed database (satisfies the access of a large number of users, and divides the traffic into smaller ones). The function is domain name resolution, conversion between host name and IP address, ①forward resolution (host name-ip). ②Reverse analysis (ip-host name.
In the domain name server, a domain name can only correspond to one ip address, but an ip address can correspond to multiple domain names, or not.
Install DNS service
bind package
In the Linux system, the bind package is commonly used to configure the DNS service
[root@192 redhat]# dnf install -y bind
configuration file
main configuration file
[root@192 named]# ll /etc/named.conf
-rw-r----- 1 root named 1722 9月 30 04:09 /etc/named.conf
[root@192 named]#
zone profile
The global root domain name server information is stored in the named.ca file, which will be automatically generated under var/named/ after the bind installation.
It includes multiple zone statements (configure the corresponding domain name information). The statement mainly includes options file and type.
type field type
hint: If it cannot be found locally, it will start from the root domain name server.
master: Define the main server/authoritative server
slave: Define the auxiliary domain name server
forward: Define the forwarding domain name server
file is used to define the area data file. This file is mainly stored in the directory defined by optical in the main configuration file .
If the first line of the zone statement is specified as "reverse IP address. in-addr.apra", it means that the reverse resolution is defined.
DNS服务器中区域数据文件默认在 /var/named/ 目录下同时也分为正向解析数据文件(域名到IP地址的映射关系),和反向解析数据文件(IP地址到域名的映射关系)。
[root@192 named]# cd /var/named/
[root@192 named]# ll
总用量 16
drwxrwx--- 2 named named 6 9月 30 04:09 data
drwxrwx--- 2 named named 6 9月 30 04:09 dynamic
-rw-r----- 1 root named 2253 9月 30 04:09 named.ca
-rw-r----- 1 root named 152 9月 30 04:09 named.empty
-rw-r----- 1 root named 152 9月 30 04:09 named.localhost
-rw-r----- 1 root named 168 9月 30 04:09 named.loopback
drwxrwx--- 2 named named 6 9月 30 04:09 slaves
文件记录类型
TTL : 文件的生命周期
SOA记录:起始授权记录,一个区域解析库只能有一个SOA记录,而且必须为第一条。
NS记录(nameserver):域名服务记录,授权服务器,一个区域解析库可以有多个NS记录,其中一个为主服务器。
A记录:IPv4的地址记录
AAAA:IPv6的地址记录
PRT:反向解析记录,从IP解析为域名
MX:邮件交换记录。我们平时发邮件都是直接发到qq.com、163.com等域名上,但是这些域名肯定是有多台服务器的,MX记录就是指明了哪个服务器会负责邮件。MX服务可以存在多个,由优先级来区分先后,0-99,数字越小优先级越高
CNAME记录:给一个地址设置一个别名
正向解析
主配置文件
区域数据文件
vim haha.ca
$TTL 1D
@ IN SOA @ admin#haha.com@ IN SOA @ admin#haha.com. (
0
1D
1D
1D
1D
)
IN NS ns.haha.com
IN MX 10 mail.haha.com.
ns IN A 192.168.71.129
mail IN A 192.168.71.129
web IN A 192.168.71.129
FTP IN CNAME web
测试服务
重启服务
从本地服务器上查询
[root@192 named]# dig -t A mail.haha.com @192.168.71.129
反向解析
主配置文件
options {
listen-on port 53 {192.168.71.129; };
directory "/var/named";
};
zone " haha.com" IN {
type master;// 主服务器
file "haha.ca";// 文件名
};
//反向
zone "71.168.192.in-addr.arpa" IN {
type master;// 主服务器
file "yiyi.ca";// 文件名
};
区域配置文件
$TTL 1D
@ IN SOA @ admin#haha.com@ IN SOA @ admin#haha.com. (
0
1D
1D
1D
1D
)
IN NS ns.haha.com
129 IN PTR bs.haha.com
129 IN PTR mail.haha.com
129 IN PTR web.haha.com
129 IN PTR ftp.haha.com
测试服务
[root@192 named]# dig -x 192.168.71.129 @192.168.71.129
[root@192 named]# nslookup
> ftp.haha.com
Server:192.168.71.2
Address:192.168.71.2#53
Non-authoritative answer:
Name: ftp.haha.com
Address: 72.10.32.93
>
转发服务器
定义
发服务器指的是转发器标签允许当本地DNS服务器无法对DNS客户端的解析请求进行本地解析时(DNS服务器无法权威的解析客户端的请求,即没有匹配的主要区域和辅助区域,并且无法通过缓存信息来解析客户端的请求),配置本地DNS服务器转发DNS客户发送的解析请求到上游DNS服务器。
搭建三个虚拟机作为标准DNS服务器,转发器,客户端。
以前面的服务器为标准服务器,新建转发服务器,
转发服务器的主配置文件
[root@192 named]# cat /etc/named.conf
options {
listen-on port 53 {192.168.71.132; };
forward only;
forwarders { 192.168.71.129;};// 标准服务器的地址
};
[root@192 named]# nmcli device show | grep DNS
IP4.DNS[1]: 192.168.71.2
重启服务
systemctl restart named
在中间·服务器·中访问标准服务器·
[root@192 named]# dig -t A mail.haha.com @192.168.71.129
客户端配置DNS墓表为转发服务器
解析web服务器
在转发服务器的基础上,配置HTTP协议,通过客户端;来访问。
出现的问题
安装bind软件包时报错
[root@192 redhat]# dnf install -y bind
正在更新 Subscription Management 软件仓库。
无法读取客户身份
本系统尚未在权利服务器中注册。可使用 subscription-manager 进行注册。
Extra Packages for Enterprise Linux 9 - x86_64 13 kB/s | 9.8 kB 00:00
Extra Packages for Enterprise Linux 9 - x86_64 774 kB/s | 13 MB 00:17
MySQL 8.0 Community Server 5.3 kB/s | 2.6 kB 00:00
MySQL Connectors Community 5.5 kB/s | 2.6 kB 00:00
MySQL Tools Community 5.7 kB/s | 2.6 kB 00:00
baseos 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'BaseOS':
- Curl error (37): Couldn't read a file:// file for file:///mnt/BaseOS/repodata/repomd.xml [Couldn't open file /mnt/BaseOS/repodata/repomd.xml]
错误:为仓库 'BaseOS' 下载元数据失败 : Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
原因是软件仓库没有挂载
[root@192 redhat]# mount /dev/sr0 /mnt
DNS服务重启失败
1月 29 17:06:20 192.168.71.129 systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
1月 29 17:06:20 192.168.71.129 bash[2769]: zone ./IN: NS ' ns.haha.com' has no address records (A or AAAA)
1月 29 17:06:20 192.168.71.129 bash[2769]: zone ./IN: not loaded due to errors.
1月 29 17:06:20 192.168.71.129 bash[2769]: _default/./IN: bad zone
1月 29 17:06:20 192.168.71.129 systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
1月 29 17:06:20 192.168.71.129 systemd[1]: named.service: Failed with result 'exit-code'.
1月 29 17:06:20 192.168.71.129 systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
问题在主配置文件和区域配置文件