DNS 正向解析
一,配置DNS域名解析:
1,安装bind软件:
yum -y install bind
2,bind主配置文件说明:
/etc/namd.conf (bind 主要配置文件)
listen-on port 53 { 127.0.0.1; 172.16.12.1; }; (监听端口53,监听本地IP地址)
forward only; (如果本地没有解析,可以向上一级查找,使用forward)
forwarders { 172.16.0.1; };
allow-query { any; }; (允许谁做查询)
dnssec-enable no; (安全功能,关闭或者注释掉)
dnssec-validation no;
3,bind zone 配置文件说明:
/etc/named.rfc1912.zones (zone 配置文件)
zone "liubin.com" IN { (添加域名地址,IN表示Internet)
type master; (类型为为主)
file "liubin.com.zone";(文件地址是/var/named/liubin.com.zone)
};
4,域名解析文件说明:
vim liubin.com.zone (创建域名解析文件,文件名称要和zone配置文件中名称相同)
$TTL 86400 (全局变量,缓存时长,以秒为单位)
liubin.com. IN SOA liubin.com. nsadmin.liubin.com. (
(域名) (序列号) 2017052301 (域名) (管理员邮箱,不用@,用.)
(刷新时间)1H
(重试时间)5M
(过期时间)7D
(否定答案时间)1D)
IN NS dns1.liubin.com.
dns1.liubin.com. IN A 172.16.12.1
www.liubin.com. IN A 172.16.12.2
web.liubin.com. IN CNAME www
5,修改权限和检测启动bind配置文件
chmod o= liubin.com.zone (修改其他用户权限)
chown :named liubin.com.zone (修改所属组,给named用户读权限)
ll liubin.com.zone
-rw-r-----. 1 root named 230 May 23 07:13 liubin.com.zone
named-checkconf (检测named.conf 配置文件,正确无返回结果)
named-checkzone "liubin.com" /var/named/liubin.com.zone
检测区域名"liubin.com"和文件名 /var/named/liubin.com.zone
zone liubin.com/IN: loaded serial 2017052301
OK (区域名和文件名正确,显示OK)
6,启动named 和重新加载配置文件: (注意,关闭防火墙和selinux)
service named start
rndc reload (重新载入named配置文件,目前不支持restart)
7,检测DNS服务:
host -t A www.liubin.com (查看A记录)
www.liubin.com has address 172.16.12.2
dig -t A www.liubin.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> -t A www.liubin.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13582
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
注意:只有在本地DNS负责的区域内,才会有aa标识
;; QUESTION SECTION:
;www.liubin.com. IN A
;; ANSWER SECTION:
www.liubin.com. 86400 IN A 172.16.12.2
;; AUTHORITY SECTION:
liubin.com. 86400 IN NS dns1.liubin.com.
;; ADDITIONAL SECTION:
dns1.liubin.com. 86400 IN A 172.16.12.1
;; Query time: 0 msec
;; SERVER: 172.16.12.1#53(172.16.12.1)
;; WHEN: Tue May 23 08:49:23 2017
;; MSG SIZE rcvd: 83
dig -t SOA www.liubin.com (查看起始授权记录)
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> -t SOA www.liubin.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28934
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.liubin.com. IN SOA
;; AUTHORITY SECTION:
liubin.com. 86400 IN SOA liubin.com. nsadmin.liubin.com. 2017052301 3600 300 604800 86400
;; Query time: 0 msec
;; SERVER: 172.16.12.1#53(172.16.12.1)
;; WHEN: Tue May 23 08:52:01 2017
;; MSG SIZE rcvd: 76
dig -t axfr liubin.com (axfr 区域传送,显示整个区域的配置)
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> -t axfr liubin.com
;; global options: +cmd
liubin.com. 86400 IN SOA liubin.com. nsadmin.liubin.com. 2017052401 86400 300 604800 86400
liubin.com. 86400 IN NS dns1.liubin.com.
liubin.com. 86400 IN NS dns2.liubin.com.
dns1.liubin.com. 86400 IN A 172.16.12.21
dns2.liubin.com. 86400 IN A 172.16.12.22
web.liubin.com. 86400 IN CNAME www.liubin.com.
www.liubin.com. 86400 IN A 172.16.12.3
liubin.com. 86400 IN SOA liubin.com. nsadmin.liubin.com. 2017052401 86400 300 604800 86400
;; Query time: 1 msec
;; SERVER: 172.16.12.21#53(172.16.12.21)
;; WHEN: Tue May 23 21:31:36 2017
;; XFR size: 8 records (messages 1, bytes 216)
