# DNS常用的资源记录及说明
SOA(起始授权机构) 定义了该域中的权威名称服务器
NS(名称服务器) 表示某区域的权威服务器和SQA中指定的该区域的主要服务器和辅助服务器
A(主机) 列出了区域中的FQDN(完全合格的域名)到IP地址的映射
PTR(指针) IP-->FQDN
MX 邮件交换器记录,为指定的邮件交换主机提供消息路由
SRV(服务) 列出了正在提供特定服务的服务器
CNAME(别名) 将多个名称映射到同一台计算机上,便于用户访问
主DNS
1 # yum install bind* -y
2 # vim /etc/named.conf
3 option {
4 listen-on port 53 { 127.0.0.1: }; //监听地址和端口,删除本行默认监听所有端口的UDP服务
5 listen-on-v6 port 53 { ::1:};
6 directory "var/named"; //区域数据文件的默认存放位置
7 dump-file "var/named/data/cache_dump.db"; //缓存数据库文件位置
8 statistics-file "/var/named/data/named/stats.txt"; //状态统计文件的位置
9 memstatistics-file "/var/named/data/named-mem_stats.txt";
10 allow-query { localhost; }; //允许使用本DNS服务器的网段,删除本行默认响应所有客户机请求
11 recursion yes;
12
13 dnssec-enable yes;
14 dnssec-validation yes;
15
16 /* Path to ISC DLV key */
17 bindkeys-file "/etc/named.iscdlv.key";
18
19 managed-keys-directory "/var/named/dynamic";
20
21 pid-file "/run/named/named.pid";
22 session-keyfile "/run/named/session.key";
23 }
24
25 zone "example.com" in { //正向解析
26 type master;
27 file "example.com.zone";
28 allow-transfer {172.25.250.250:}; //允许下载的从服务器地址
29 };
30 zone "250.25.172.in-addr.arpa" in { //反向解析
31 type master;
32 file "172.25.250.arpa";
33 }
34 # cd /var/named
35 # vim example.com.zone
36 //命令行模式下执行如下命令可以导入配置文件模板
37 :r /var/named/named.localhost
38 $TTL 1D //有效解析记录的生存周期
39 @ IN SOA example.com. admin.example.com ( //SOA标记、域名、管理邮箱
40 0 ; serial //更新序列号,可以是10以内的整数(; serial是注释)
41 1D ; refresh
42 1H ; retry //;后面的字符是注释信息
43 1W ; expire //从“1D”到”3H“以此为:书信时间,重新下载地址数据的间隔;重试延时,下载失败后的重试间隔;失败时间,超过该时间仍无法下载则放弃下载;无效解析记录的生存周期
44 3H ) ; minimum
45 @ IN NS content.example.com. //域名服务器,在下面的主机记录中必须有本欲名服务器的对应记录
46 content IN A 172.25.250.254
47 servera IN A 172.25.250.10
48 serverb IN A 172.25.250.20 //主机记录
49 # vim 172.25.250.arqa
50 //导入刚才配置的正向解析
51 :r /var/named/example.com.zone
52 $TTL 1D
53 @ IN SOA example.com. admin.example.com (
54 0 ; serial
55 1D ; refresh
56 1H ; retry
57 1W ; expire
58 3H ) ; minimum
59 @ IN NS content.example.com.
60 254 IN PTR content.example.com.
61 10 IN PTR servera.example.com.
62 20 IN PTR serverb.example.com.
63 # named-checkconf -z /etc/named.conf //检查配置文件
64 # systemctl start named
65 # systemctl enable named
66 # windows客户机验证 nslookup
从DNS
1 # yum install bind* -y
2 # vim /etc/named.conf
3 option {
4 listen-on port 53 { 127.0.0.1: }; //删除本行
5 listen-on-v6 port 53 { ::1:};
6 directory "var/named";
7 dump-file "var/named/data/cache_dump.db";
8 statistics-file "/var/named/data/named/stats.txt";
9 memstatistics-file "/var/named/data/named-mem_stats.txt";
10 allow-query { localhost; }; //删除本行
11 recursion yes;
12
13 dnssec-enable yes;
14 dnssec-validation yes;
15
16 /* Path to ISC DLV key */
17 bindkeys-file "/etc/named.iscdlv.key";
18
19 managed-keys-directory "/var/named/dynamic";
20
21 pid-file "/run/named/named.pid";
22 session-keyfile "/run/named/session.key";
23 }
24
25 zone "example.com" in { //正向解析,类型为从区域
26 type slave;
27 masters { 172.25.250.254; }; //指定主服务器地址
28 file "slaves/example.com.zone"; //下载的文件保存到slaves下
29 };
30 zone "250.25.172.in-addr.arpa" in { //反向解析
31 type slave;
32 masters { 172.25.250.254; };
33 file "slaves/172.25.250.arpa";
34 }
35 # cd /var/named
36 # systemctl start named
37 # systemctl enable named
38 # windows客户机验证 nslookup
浙公网安备 33010602011771号