DNS原理与BIND基础

DNS原理与BIND基础

Bind Version: 9.11.4

😄 Written by Zak Zhu

参考

DNS原理

dns简介

Domain Name System, 即域名系统. 它使用树状层次结构的命名空间, 将域名和IP地址相互映射, 形成一个分布式数据库系统.

dns解析

Fully Qualified Domain Name

## FQDN format:
host.[lld.]sld.tld.root
	
	# lld: lower-level domain
	# sld: second-level domain
	# tld: top-level domain

解析方式:

  • 正向解析

    FQDN ---> IP

  • 反向解析

    IP ---> FQDN

解析结果:

  • 肯定答案 (Definitive Answer)

    存在查询的域名, 返回的答案会被缓存下来.

  • 否定答案 (Negative Answer)

    不存在查询的域名, 返回的答案会被缓存下来.

  • 权威答案 (Authoritative Answer)

    由权威DNS服务器返回的答案.

  • 非权威答案 (Nonauthoritative Answer)

    由DNS的缓存中查询到的答案.

dns结构

域名解析呈树状的层次结构, 如下图所示:

domain_name_hierarchical_tree

dns查询

  • 互联网场景

    dns_query_in_internet

  • 局域网场景

    dns_query_in_intranet




BIND基础

bind服务简介

历史发展

1984年, UC Berkeley的四个学生, Douglas Terry, Mark Painter, David Riggle 和 周松年, 为Berkeley Internet Name Domain (简称BIND) 编写了第一个Unix名称服务器实现.

1985年, Digital Equipment Corporation的Kevin Dunlap大幅修改了BIND.

现在, BIND由Internet Systems Consortium负责维护.


文件组成

程序包:

  • bind

    提供DNS服务程序(named), 语法检查工具(named-checkconf, named-checkzone)和控制工具(rndc).

  • bind-chroot

    将named进程限制在指定的chroot目录中, 增强安全性.

  • bind-utils

    提供DNS查询工具集, 例如dig, host, nslookup等.

  • bind-libs

    被bind和bind-utils共同依赖的库文件.

二进制文件:

  • /usr/sbin/named

示例文件:

  • /user/share/doc/bind*/sample/*

配置文件:

  • /etc/named.conf

    options {
           // 全局选项
    };
    
    logging {
           // 定义日志
    };
    
    zone "ZONE_NAME" IN {
           // 定义区域
    };
    
    ... ...
    ... ...
    
    // 包含文件
    include FILEPATH;
    

    INCLUDE:

    • /etc/named.rfs1912.zones

      • type forward;
      zone "ZONE_NAME" IN {
         	type forward;
         	forward {first|only};
         	forwarders {SERVER_IPs;};
      };
      
      • type master;
      zone "ZONE_NAME" IN {
        	type master;
        	file "ZONE_NAME.zone";
      };
      
      • type slave;
      zone "ZONE_NAME" IN {
         	type slave;
         	file "slaves/ZONE_NAME.zone";
         	masters {MASTER_IPs;};
      };
      
    • /etc/named.root.key

解析库文件:

  • 主服务器: /var/named/ZONE_NAME.zone
  • 从服务器: /var/named/slaves/ZONE_NAME.zone

日志文件:

  • /var/named/data/named.run

监听端口

  • UDP 53

    用于域名解析

  • TCP 53

    用于主从间区域传送

  • TCP 953

    用于rndc管理bind服务



bind基础概念

bind服务器类型

  • Primary DNS Server
  • Secondary DNS Server
  • Caching only Server

zone与domain

domain_name_space

  • domain

    A domain name is an identification string that defines a realm of administrative autonomy, authority, or control on the Internet.

  • zone

    A DNS zone is a distinct part of the domain namespace which is delegated to a legal entity—a person, organization or company, who are responsible for maintaining the DNS zone.

    A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a singledomain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR).


zone资源记录

资源记录类型

Type Description Function
SOA Start of Authority Specifies the primary authoritative name server for the DNS Zone.
NS Name server record Delegates a DNS zone to use the given authoritative name servers.
A Address record Returns a 32-bit IPv4 address,
most commonly used to map hostnames to an IP address of the host.
AAAA IPv6 address record Same as above, but returning a 128-bit IPv6 address.
CNAME Canonical name record Alias of one name to another.
MX Mail exchange record Maps a domain to a list of message transfer agents for that domain.
PTR Pointer record Pointer to a canonical name.
The most common use is for implementing reverse DNS lookups.
... ... ...

资源记录格式

一般格式:

NAME	TTL		RECORD_CLASS  RECORD_TYPE			RECORD_DATA
  • Name is an alphanumeric identifier of the DNS record. It can be left blank, and inherits its value from the previous record.
  • TTL (time to live) specifies how long the record should be kept in the local cache of a DNS resolver. If not specified, the global TTL ($TTL) value at the top of the zone file is used.
  • Record class indicates the namespace—typically IN, which is the Internet namespace.
  • Record type is the DNS record type.
  • Record data has one or more information elements, depending on the record type, separated by a white space.

示例:

  • SOA

    $TTL 86400
    ; ZONE_NAME.                    MASTER_NS_FQDN  hostmaster@zakzhu.com.
    zakzhu.com.		IN SOA	ns0.zakzhu.com. hostmaster.zakzhu.com. (
    					 2020031700	    ; serial
    					         1H	    ; refresh (1 hours)
    					        15M	    ; retry (15 mins)
    					         7D	    ; expire (7 days)
    					        20M )	; minimum (20 mins)
    

    字段解释:

    • serial

      Serial number of this zone file .

      The recommended syntax is YYYYMMDDnn .
      ( YYYY=year, MM=month, DD=day, nn=revision number )

    • refresh

      How often a secondary will poll the primary server to see if the serial number for the zone has increased (so it knows to request a new copy of the data for the zone).

    • retry

      If a secondary was unable to contact the primary at the last refresh, wait the retry value before trying again.

    • expire

      How long a secondary will still treat its copy of the zone data as valid if it can't contact the primary.

      After a zone is expired a secondary will still continue to try to contact the primary, but it will no longer provide nameservice for the zone.

    • minimum

      How long a resolver may cache the negative answer.

    上述字段取值一般遵循以下原则:

    • refresh >= retry * 2
    • refresh + retry < expire
    • expire >= retry * 10
    • expire >= 7 days
  • NS

    zakzhu.com.		IN NS	ns0.zakzhu.com. 
    zakzhu.com.		IN NS	ns1.zakzhu.com.
    
  • A

    ns0.zakzhu.com.		IN A	192.168.199.200
    ns1.zakzhu.com.		IN A	192.168.199.201
    www.zakzhu.com.		IN A	192.168.199.200
    mx1.zakzhu.com.		IN A	192.168.199.200
    mx2.zakzhu.com.		IN A	192.168.199.201
    
  • CNAME

    web.zakzhu.com.		IN CNAME	www.zakzhu.com.
    
  • MX

    zakzhu.com.		IN MX	10 mx1.zakzhu.com.
    zakzhu.com.		IN MX	20 mx2.zakzhu.com.
    
  • PTR

    200.199.168.192.in-addr.arpa.	IN PTR	www.zakzhu.com.
    
posted @ 2020-03-18 02:00  ZakZhu  阅读(516)  评论(0编辑  收藏  举报