Linux_配置主DNS服务(基础)
【RHEL8】—DNSserver;【Centos7.4】—DNSclient
!!!测试环境我们首关闭防火墙和selinux(DNSserver和DNSclient都需要)
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld [root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config [root@localhost ~]# setenforce 0
前言
1、DNS服务模式
1️⃣:服务功能:为网络中的客户机(linux/windows)提供名称和IP地址关系查询的服务
2️⃣:服务全称:Domain Name Service(Server | System)
3️⃣:服务器类型:主DNS服务器、从DNS服务器、唯缓存DNS服务器
2、DNS服务
1️⃣:服务软件包: bind (bind包是用来提供解析域名的服务程序,等同于做域名解析的任务)
2️⃣:服务进程名: named (守护进程)
3️⃣:域名测试包:bind-utils (客户端没有nslookup命令,所以一般在客户端安装;服务端在安装bind包附带安装bind-utils包)
3️⃣:服务管理脚本:/etc/rc.d/init.d/named
4️⃣:服务端口号:TCP/UDP-53
5️⃣:服务客户端:linux (dig host nslookup (ping))和 windows(nslookup (ping))
3、DNS服务配置文件
1️⃣:/etc/named.conf 主配置文件 定义全局配置
2️⃣:/etc/named.rfc1912.zones 子配置文件 定义正向和反向解析区域
3️⃣:解析方式:FQDN -- > IP 正向解析; IP --> FQDN 反向解析 (FQDN:完全合格的域名称 ;FQDN = 主机短名 + 所在域名)
4️⃣:/var/named/xxx.xxx.zone 正向解析数据库文件 建立名称至IP地址的关系
5️⃣:/var/named/xxx.xxx.arpa 反向解析数据库文件 建立IP地址至名称的关系
4、DNS服务端的测试程序
1️⃣:named-checkconf 检测主配置文件和子配置文件中的语法错误
用法:named-checkconf 文件名 (无反馈结果表示无错误)
2️⃣:named-checkzone 检测正向区域和反向区域解析
用法:named-checkzone 正向区域名 正向解析数据库文件(“OK”表示无错误);named-checkzone 反向区域名 反向解析数据库文件(”OK“表示无错误)
一、在DNS服务器(DNSserver)端部署DNS服务
1、查看一下服务端IP
[root@DNSserver ~]# ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.140 netmask 255.0.0.0 broadcast 10.255.255.255
inet6 fe80::fa13:32e0:3b9f:2196 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:cd:6a:1b txqueuelen 1000 (Ethernet)
RX packets 2823 bytes 247406 (241.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1705 bytes 213268 (208.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 604 bytes 51188 (49.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 604 bytes 51188 (49.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2、DNS服务端安装bind包,并设置开机自启
[root@DNSserver ~]# yum install -y bind
[root@DNSserver ~]# systemctl start named
[root@DNSserver ~]# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@DNSserver ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-07-29 09:30:03 CST; 49s ago
Main PID: 27539 (named)
Tasks: 5 (limit: 12356)
Memory: 54.4M
CGroup: /system.slice/named.service
└─27539 /usr/sbin/named -u named -c /etc/named.conf
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:200::b#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:500:2::c#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
7月 29 09:30:03 DNSserver named[27539]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
7月 29 09:30:05 DNSserver named[27539]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
7月 29 09:30:05 DNSserver named[27539]: resolver priming query complete
3、在/etc/named.conf文件里面修改全局配置信息
[root@DNSserver ~]# vim /etc/named.conf
..........
options {
listen-on port 53 { any; }; //中括号里面讲IP地址换成any
listen-on-v6 port 53 { any; }; //同上
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; }; //同上
..........
4、在/etc/named.rfc1912.zones子配置文件里面添加正向和反向的解析区域
[root@DNSserver ~]# arpaname 10.0.0.140
140.0.0.10.IN-ADDR.ARPA
[root@DNSserver ~]# vim /etc/named.rfc1912.zones
.........
zone "test.com" IN {
type master;
file "test.zone";
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.arpa";
};
.........
//在文件的最后添加正向和反向的解析文件
正向: zone:代表一个区域 " " : 双引号(英文)里面写入的是自己域名 type master : master 代表是主域名服务器 file " ":双引号里面写文件与在 /var/named下创建的文件名相同 反向: " ":双引号里面写入的是反ip,例如:0.0.10.id-addr.arpa说明反向可以解析10.0.0.X网段的所有IP地址域名解析 可以使用:arpaname IP 查看自己的服务器IP的反IP
5、复制生成正向和反向区域解析数据库文件
[root@DNSserver ~]# cd /var/named/ [root@DNSserver named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [root@DNSserver named]# cp -a named.localhost test.zone [root@DNSserver named]# cp -a named.loopback 10.0.0.arpa //复制后的文件名一定要与刚刚在子配置文件里面写的文件名一致
6、编辑正向区域解析数据库文件
[root@DNSserver named]# vim test.zone
$TTL 1D
@ IN SOA test.com. root.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
A 127.0.0.1
AAAA ::1
ns1 A 10.0.0.140
www A 10.0.0.50
aaa A 10.0.0.100
bbb A 10.0.0.150
ccc A 10.0.0.200
ddd A 10.0.0.250
7、编辑反向区域解析数据库文件
[root@DNSserver named]# vim 10.0.0.arpa
$TTL 1D
@ IN SOA test.com. root.test.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
A 127.0.0.1
AAAA ::1
PTR localhost.
ns1 A 10.0.0.140
50 PTR www.test.com.
100 PTR aaa.test.com.
150 PTR bbb.test.com.
200 PTR ccc
250 PTR ddd
8、配置文件检测
[root@DNSserver ~]# named-checkconf /etc/named.conf [root@DNSserver ~]# named-checkconf /etc/named.rfc1912.zones //回车后,没有报错信息说明没有错误
9、正向和反向区域解析测试
[root@DNSserver ~]# named-checkzone test.com /var/named/test.zone zone test.com/IN: loaded serial 0 OK [root@DNSserver ~]# named-checkzone test.com /var/named/10.0.0.arpa zone test.com/IN: loaded serial 0 OK
10、重启DNS服务,查看端口
[root@DNSserver ~]# systemctl restart named [root@DNSserver ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.0.0.142:53 0.0.0.0:* LISTEN 27803/named tcp 0 0 10.0.0.140:53 0.0.0.0:* LISTEN 27803/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 27803/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1101/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27803/named tcp6 0 0 :::53 :::* LISTEN 27803/named tcp6 0 0 :::22 :::* LISTEN 1101/sshd tcp6 0 0 ::1:953 :::* LISTEN 27803/named udp 0 0 10.0.0.142:53 0.0.0.0:* 27803/named udp 0 0 10.0.0.140:53 0.0.0.0:* 27803/named udp 0 0 127.0.0.1:53 0.0.0.0:* 27803/named udp 0 0 0.0.0.0:68 0.0.0.0:* 1611/dhclient udp6 0 0 :::53 :::* 27803/named
到这里DNS服务端搭建完成
二、DNS客户端测试
1、查看客户端主机的IP(Centos7)
[root@dnsclient ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.100 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::fe04:212a:5e53:cec4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b3:89:a5 txqueuelen 1000 (Ethernet)
RX packets 23748 bytes 29630344 (28.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4841 bytes 605544 (591.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 156 bytes 13460 (13.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 156 bytes 13460 (13.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2、测试是否能与服务器端互通
[root@dnsclient ~]# ping -c 3 10.0.0.140 PING 10.0.0.140 (10.0.0.140) 56(84) bytes of data. 64 bytes from 10.0.0.140: icmp_seq=1 ttl=64 time=1.09 ms 64 bytes from 10.0.0.140: icmp_seq=2 ttl=64 time=0.478 ms 64 bytes from 10.0.0.140: icmp_seq=3 ttl=64 time=0.439 ms --- 10.0.0.140 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2006ms rtt min/avg/max/mdev = 0.439/0.672/1.099/0.302 ms
3、安装bind-utils包
[root@dnsclient ~]# rpm -ql nslookup 未安装软件包 nslookup [root@dnsclient ~]# yum install -y bind-utils [root@dnsclient ~]# rpm -qa | grep bind-utils bind-utils-9.11.4-16.P2.el7_8.6.x86_64
4、在客户端 /etc/resolv.conf 加入服务端的DNS
[root@dnsclient ~]# vim /etc/resolv.conf [root@dnsclient ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 10.0.0.140 nameserver 8.8.8.8 //DNS有优先级,所以测试的话必须将10.0.0.140放在其他的dnsserver上面,没有就可以不管优先级;或者在网卡配置文件里面添加DNS2=10.0.0.140
5、测试
[root@dnsclient ~]# nslookup www.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: www.test.com Address: 10.0.0.50 [root@dnsclient ~]# nslookup 10.0.0.50 50.0.0.10.in-addr.arpa name = www.test.com. [root@dnsclient ~]# nslookup aaa.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: aaa.test.com Address: 10.0.0.100 [root@dnsclient ~]# nslookup 10.0.0.100 100.0.0.10.in-addr.arpa name = aaa.test.com. [root@dnsclient ~]# nslookup bbb.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: bbb.test.com Address: 10.0.0.150 [root@dnsclient ~]# nslookup 10.0.0.150 150.0.0.10.in-addr.arpa name = bbb.test.com. [root@dnsclient ~]# nslookup ccc.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: ccc.test.com Address: 10.0.0.200 [root@dnsclient ~]# nslookup 10.0.0.200 200.0.0.10.in-addr.arpa name = ccc.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup ddd.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: ddd.test.com Address: 10.0.0.250 [root@dnsclient ~]# nslookup 10.0.0.250 250.0.0.10.in-addr.arpa name = ddd.0.0.10.in-addr.arpa.
三、服务器端获取反向域名的方法
dig 默认情况下解析的是A记录
-t NS 解析NS记录
-t MX 解析MX记录
-x 解析PTR记录
host 默认情况下解析的是A记录和PTR记录
-t NS 解析NS记录
-t MX 解析MX记录
nslookup 默认情况下解析的是A记录和PTR记录
在交互模式下可使用set q= 或者set type= 改变解析类型
资源记录(RR)分类
SOA(起始授权)记录:定义名称域
NS(名称服务器)记录:定义域中的名称服务器
A(主机)记录:定义名称至IP地址之间的关系(正向解析)
CNAME(别名)记录:定义A记录的别名(附属名)
PTR(反向指针)记录:定义IP地址至名称之间的关系(反向解析)
MX(邮件交换器)记录:定义域中的邮件服务器
