centos7.3之DNS正反向解析-主从

[root@localhost ~]# cat /var/named/named.localhost 查看本地主机
$TTL 1D 定义全局的TTL
@ IN SOA @ rname.invalid. ( 资源记录
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1 把localhost主机名解析为127.0.0.1
AAAA ::1
别想要访问127.0.01只能反向解析
---------------------------------------------------------------------------------------------------------
[root@localhost ~]# cat /var/named/named.loopback 查看本地主机
$TTL 1D 定义全局的TTL
@ IN SOA @ rname.invalid. ( 资源记录
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost. 把127.0.0.1解析为localhost主机名
---------------------------------------------------------------------------------------------------------
注意：
---------------------------------------------------------------------------------------------------------
（1）TTL可以从全局聚承；
---------------------------------------------------------------------------------------------------------
（2）@表示当前区域的名称；
---------------------------------------------------------------------------------------------------------
（3）相邻的两条记录其name相同时，后面的可以省略；
---------------------------------------------------------------------------------------------------------
（4）对于正向区域来说，个MX，NS等类型的记录的value为FQDN，此FQDN应该有一个A记录；
---------------------------------------------------------------------------------------------------------
DNS协议--> BIND,PowerDNS
---------------------------------------------------------------------------------------------------------
http://www.lsc.org
---------------------------------------------------------------------------------------------------------
程序环境：主程序：/user/sbin/named
---------------------------------------------------------------------------------------------------------
Unit File : /use/lib/systemd/system/named.service
---------------------------------------------------------------------------------------------------------
配置文件：/etc/named.conf
---------------------------------------------------------------------------------------------------------
区域解析库文件：
---------------------------------------------------------------------------------------------------------
第一步 1111
[root@localhost named]# vim ilinux.io.zone
---------------------------------------------------------------------------------------------------------
$TTL 600
ilinux.io. IN SOA ilinux.io. nsadmin.ilinux.io. (
2017060310
1H
5M
1W
6H ) 第1个和第2个域名
ilinux.io. IN NS dns1.ilinux.io. 这里的ilinux.io.可以不写因为和上面的一样 dns1后面是域名
ilinux.io. IN NS dns2.ilinux.io. 这里的ilinux.io.可以不写因为和上面的一样 dns2后面是域名
dns1.ilinux.io. IN A 172.16.0.67 第一台的地址
dns2.ilinux.io. IN A 172.16.0.68 第二台的地址
www.ilinux.io. IN A 172.16.0.1 这台主机的地址
web IN CNAME WWW
---------------------------------------------------------------------------------------------------------
第一条ilinux.io.为域名后面可以不写，不写为继承ilinux.io.
---------------------------------------------------------------------------------------------------------
IN 为固定关键字ilinux.io.
---------------------------------------------------------------------------------------------------------
SOA 为固定关键字nsadmin.ilinux.io.
---------------------------------------------------------------------------------------------------------
2017060305 为2017年6月3号到2017年6月10号有效期为7天
---------------------------------------------------------------------------------------------------------
1H 表示为1小时
---------------------------------------------------------------------------------------------------------
5M 每隔5分钟重复一次
---------------------------------------------------------------------------------------------------------
1W 有效期一周
---------------------------------------------------------------------------------------------------------
6H 6小时
---------------------------------------------------------------------------------------------------------
第二步2222
[root@localhost named]# vim /etc/named.conf 更改配置文件
options { 加上双斜线相当于注释掉，不引用
listen-on port 53 { 0.0.0.0; }; 0.0.0.0为更改后的最好加上//listen-on port 53 { 0.0.0.0; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; any为更改后的表示任何人都可以
recursion yes;

dnssec-enable no; no为更改后的表示不做安全校验
dnssec-validation no; no为更改后的表示不做安全校验

---------------------------------------------------------------------------------------------------------
any=容许所有人来查询
---------------------------------------------------------------------------------------------------------
第三步3333
[root@localhost named]# vim /etc/named.rfc1912.zones 更改配置文件
---------------------------------------------------------------------------------------------------------
在脚本末端增加：
zone "ilinux.io" IN { 我自己来解析ilinux.io
type master;
file "ilinux.io.zone"; 这个文件叫ilinux.io.zone
};
---------------------------------------------------------------------------------------------------------
[root@localhost named]# cat ilinux.io.zone
$TTL 600
ilinux.io. IN SOA ilinux.io. nsadmin.ilinux.io. (
2017060310
1H
5M
1W
6H )
IN NS dns1.ilinux.io.
IN NS dns1.ilinux.io.
dns1.ilinux.io. IN A 172.16.0.67
dns2.ilinux.io. IN A 172.16.0.68
www.ilinux.io. IN A 172.16.0.1
web IN CNAME www
---------------------------------------------------------------------------------------------------------
[root@localhost named]# named-checkconf 查语法是否存在错误
第四步4444
[root@localhost named]# named-checkzone "ilimux.io" /var/named/ilinux.io.zone 检查语法是否存在错误
---------------------------------------------------------------------------------------------------------
one
zone ilinux.io/IN: loaded serial 2017060310
OK
---------------------------------------------------------------------------------------------------------
named-checkzone 检查语法错误 "ilimux.io"区域名 /var/named/ilinux.io.zone 地址
---------------------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------------------
-rw-r--r--. 1 root root 262 6月 3 21:52 ilinux.io.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# chmod o= ilinux.io.zone 更改其权限不让别人访问
---------------------------------------------------------------------------------------------------------
-rw-r-----. 1 root root 262 6月 3 21:52 ilinux.io.zone
---------------------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------------------
[root@localhost named]# chown :named ilinux.io.zone 更改所属主组
---------------------------------------------------------------------------------------------------------
-rw-r-----. 1 root named 262 6月 3 21:52 ilinux.io.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# rndc reload 重新加载服务器
server reload successful 服务器加载成功
---------------------------------------------------------------------------------------------------------
[root@localhost named]# ss -nul 查看
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:4764 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 172.16.253.236:53 *:*
UNCONN 0 0 127.0.0.1:53 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 *%virbr0:67 *:*
UNCONN 0 0 *:68 *:*
UNCONN 0 0 *:55481 *:*
UNCONN 0 0 ::1:323 :::*
UNCONN 0 0 ::1:53 :::*
UNCONN 0 0 :::50284 :::*

--------------------------------------------------------------------------------------------------------
[root@localhost named]# dig www.ilinux.io

--------------------------------------------------------------------------------------------------------

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> www.ilinux.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38345
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ilinux.io. IN A

;; ANSWER SECTION:
www.ilinux.io. 2575 IN CNAME www.linuxpharos.com.
www.linuxpharos.com. 2575 IN A 47.92.31.192

;; AUTHORITY SECTION:
linuxpharos.com. 167877 IN NS dns15.hichina.com.
linuxpharos.com. 167877 IN NS dns16.hichina.com.

;; ADDITIONAL SECTION:
dns15.hichina.com. 163980 IN A 42.120.221.25
dns15.hichina.com. 163980 IN A 140.205.81.15
dns15.hichina.com. 163980 IN A 140.205.81.25
dns15.hichina.com. 163980 IN A 140.205.228.15
dns15.hichina.com. 163980 IN A 140.205.228.25
dns15.hichina.com. 163980 IN A 42.120.221.15
dns16.hichina.com. 163980 IN A 140.205.81.16
dns16.hichina.com. 163980 IN A 140.205.81.26
dns16.hichina.com. 163980 IN A 140.205.228.16
dns16.hichina.com. 163980 IN A 140.205.228.26
dns16.hichina.com. 163980 IN A 42.120.221.16
dns16.hichina.com. 163980 IN A 42.120.221.26

;; Query time: 2 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: 二 6月 06 18:53:55 CST 2017
;; MSG SIZE rcvd: 331
---------------------------------------------------------------------------------------------------------
测试命令dig：

dig [-t type] name [@SERVER] [query options]

dig 只用于测试dns 系统，不会查询hosts 文件进行解析

查询选项：

+[no]trace程：跟踪解析过程 : dig +trace rookie.com

+[no]recurse：进行递归解析

--------------------------------------------------------------------------------------------------------

[root@localhost ~]#dig -t A www.baidu.com @172.16.252.254 +trace

--------------------------------------------------------------------------------------------------------

测试反向解析：

dig -x IP = dig -t ptr reverseip.in-addr.arpa

---------------------------------------------------------------------------------------------------------
ss命令
-h：显示帮助信息；
-V：显示指令版本信息；
-n：不解析服务名称，以数字方式显示；
-a：显示所有的套接字；
-l：显示处于监听状态的套接字；
-o：显示计时器信息；
-m：显示套接字的内存使用情况；
-p：显示使用套接字的进程信息；
-i：显示内部的TCP信息；
-4：只显示ipv4的套接字；
-6：只显示ipv6的套接字；
-t：只显示tcp套接字；
-u：只显示udp套接字；
-d：只显示DCCP套接字；
-w：仅显示RAW套接字；
-x：仅显示UNIX域套接字。

来自: http://man.linuxde.net/ss
---------------------------------------------------------------------------------------------------------
[root@localhost named]# host -t A www.ilinux.io
www.ilinux.io is an alias for www.linuxpharos.com.
www.linuxpharos.com has address 47.92.31.192
---------------------------------------------------------------------------------------------------------
host(选项)
(参数) 选项
-a：显示详细的DNS信息；
-c<类型>：指定查询类型，默认值为“IN“；
-C：查询指定主机的完整的SOA记录；
-r：在查询域名时，不使用递归的查询方式；
-t<类型>：指定查询的域名信息类型；
-v：显示指令执行的详细信息；
-w：如果域名服务器没有给出应答信息，则总是等待，直到域名服务器给出应答；
-W<时间>：指定域名查询的最长时间，如果在指定时间内域名服务器没有给出应答信息，则退出指令；
-4：使用IPv4；
-6：使用IPv6.

来自: http://man.linuxde.net/host
---------------------------------------------------------------------------------------------------------
上方为正向解析
---------------------------------------------------------------------------------------------------------
下方为反向解析
---------------------------------------------------------------------------------------------------------
[root@localhost named]# vim 172.16.zone
---------------------------------------------------------------------------------------------------------
$TTL 600
ilinux.io. IN SOA ilinux.io. nsadmin.ilinux.io. (
2017060612
1H
5M
1W
6H )
IN NS dns1.ilinux.io.
IN NS dns2.ilinux.io.
dns1.ilinux.io. IN A 172.16.253.236
dns2.ilinux.io. IN A 172.16.252.201
www.ilinux.io. IN A 172.16.0.1
web IN CNAME WWW
---------------------------------------------------------------------------------------------------------
[root@localhost named]# vim /etc/named.rfc1912.zones 在最下方加入
---------------------------------------------------------------------------------------------------------
zone "16.172.in-addr.arpa" IN {
type master;
file "172.16.zone";
};
---------------------------------------------------------------------------------------------------------
[root@localhost named]# vim /etc/resolv.conf
---------------------------------------------------------------------------------------------------------
nameserver 172.16.253.236 将172.16.253.236更改为自己的地址
---------------------------------------------------------------------------------------------------------
[root@localhost named]# chmod o= 172.16.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# chown :named 172.16.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# ll 172.16.zone
-rw-r-----. 1 root named 269 6月 6 19:21 172.16.zone
---------------------------------------------------------------------------------------------------------
[root@localhost named]# named-checkconf
---------------------------------------------------------------------------------------------------------
[root@localhost named]# named-checkzone 172.16.in-addr.arpa 172.16.zone
---------------------------------------------------------------------------------------------------------
zone 172.16.in-addr.arpa/IN: loaded serial 2017060612
OK
---------------------------------------------------------------------------------------------------------
[root@localhost named]# rndc reload
---------------------------------------------------------------------------------------------------------
server reload successful
---------------------------------------------------------------------------------------------------------
[root@localhost named]# systemctl restart named.service 重新启动DNS服务
---------------------------------------------------------------------------------------------------------
[root@localhost named]# ss -nul
---------------------------------------------------------------------------------------------------------
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:4764 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 172.16.253.236:53 *:*
UNCONN 0 0 127.0.0.1:53 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 *%virbr0:67 *:*
UNCONN 0 0 *:68 *:*
UNCONN 0 0 *:55481 *:*
UNCONN 0 0 ::1:323 :::*
UNCONN 0 0 ::1:53 :::*
UNCONN 0 0 :::50284 :::*
---------------------------------------------------------------------------------------------------------
[root@localhost named]# host -t www.ilinux.io
---------------------------------------------------------------------------------------------------------
host: invalid type: www.ilinux.io
---------------------------------------------------------------------------------------------------------
[root@localhost named]# host -t A www.ilinux.io
---------------------------------------------------------------------------------------------------------
www.ilinux.io has address 172.16.0.1
---------------------------------------------------------------------------------------------------------
[root@localhost named]# dig -x 172.16.25
---------------------------------------------------------------------------------------------------------
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -x 172.16.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46628
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;25.16.172.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
16.172.in-addr.arpa. 10800 IN SOA ilinux.io. nsadmin.ilinux.io. 2017060612 86400 3600 604800 10800

;; Query time: 1 msec
;; SERVER: 172.16.253.236#53(172.16.253.236)
;; WHEN: 二 6月 06 19:47:07 CST 2017
;; MSG SIZE rcvd: 104
---------------------------------------------------------------------------------------------------------
主从DNS服务器配置(包含正反向域名解析)
步骤
第一步：编辑解析数据库文件
1.DNS主服务器正反向解析数据库文件配置上面已有配置，不再介绍
2.DNS从服务器正反向解析数据库文件配置
环境：centos6.8 IP:10.0.0.68 DNS主机名：dns2.ilinux.io

posted @ 2017-06-06 17:34 mingming0.1 阅读(3060) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

mingming0.1

centos7.3之DNS正反向解析-主从

公告