DNS(Domain Name System),即域名系统。它使用层次结构的命名系统,将域名和IP地址相互映射,形成一个分布式数据库系统。DNS采用CS架构,服务器端工作在UDP协议端口53和TCP协议端口53上。FQDN(Fully Qualified Domain Name)完全限定域名,它是使用DNS的数状层级结构的完全路径域名来表示一个准确位置的主机。提供正向解析(FQDN—>IP)和反向解析(IP—>FQDN)的功能。目前DNS已经成为互联网通讯的基础服务。
BIND(Berkeley Internet Name Domain)BIND(Berkeley Internet Name Daemon)是现今互联网上最常使用的DNS服务器软件,使用BIND作为服务器软件的DNS服务器约占所有DNS服务器的九成。BIND现在由互联网系统协会(Internet Systems Consortium)负责开发与维护。
VM12、CentOS7.3 x64(作为DNS服务器,IP为172.16.252.77)、CentOS6.9 x64(作为测试机,IP地址为172.16.252.174)
因为本实验只是为了了解DNS的实现,所有关掉了CentOS7.3的防火墙,SELinux.
[root@hengxia ~]# getenforce # 查看当前selinux的运行状态Enforcing[root@hengxia ~]# vi /etc/selinux/configSELINUX=enforcing改为SELINUX=permissive[root@hengxia ~]# setenforce 0 # 使生效[root@hengxia ~]# iptables -nvl[root@hengxia ~]# systemctl disable firewalld # 设为下次开机禁止启动Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.[root@hengxia ~]# systemctl stop firewalld # 关闭防火墙[root@hengxia ~]# iptables -vnL在CentOS7.3上安装BIND,并启动
[root@hengxia ~]# yum -y install bind[root@hengxia ~]# rpm -ql bind /etc/logrotate.d/named/etc/named/etc/named.conf # 主配置文件/etc/named.iscdlv.key/etc/named.rfc1912.zones # 区域解析库文件 ...(中间省略).../run/named # 服务脚本使用此文件...(中间省略).../var/log/named.log/var/named # 服务根目录...(中间省略).../var/named/slaves # 从服务器使用的区域解析目录[root@hengxia ~]# systemctl start named # 启动服务[root@hengxia ~]# systemctl enable named # 设为开机启动Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.[root@hengxia ~]# ss -nult # 端口有问题,绑定在127.0.0.1,只有本地可用,不能对外服务Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 *:43451 *:* udp UNCONN 0 0 127.0.0.1:53 *:* udp UNCONN 0 0 *:68 *:* udp UNCONN 0 0 ::1:53 :::* udp UNCONN 0 0 :::16010 :::* tcp LISTEN 0 10 127.0.0.1:53 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 128 127.0.0.1:953 *:* tcp LISTEN 0 100 127.0.0.1:25 *:* tcp LISTEN 0 10 ::1:53 :::* tcp LISTEN 0 128 :::22 :::* tcp LISTEN 0 128 ::1:953 :::* tcp LISTEN 0 100 ::1:25 :::* 在CentOS7.3配置BIND
[root@centos6 ~]# yum install telnet -y[root@centos6 ~]# telnet 172.16.252.77 53 # 访问DNS服务器的53端口被拒绝Trying 172.16.252.77...telnet: connect to address 172.16.252.77: Connection refused[root@hengxia ~]# cp -p /etc/named.conf{,.bak} # 备份named.conf并修改 [root@hengxia ~]# vim /etc/named.conflisten-on port 53 { 127.0.0.1; }; 将此行注释掉(默认绑定所有IP)或改为 listen-on port 53 { localhost; }; # 此处代表本机所有IP[root@hengxia ~]# systemctl reload named #重新加载配置文件[root@hengxia ~]# cd /etc/sysconfig/network-scripts/ [root@hengxia network-scripts]# vim ifcfg-ens33[root@hengxia network-scripts]# cat ifcfg-ens33 # 修改默认DNSHWADDR="00:0c:29:c2:73:07"TYPE="Ethernet"BOOTPROTO="none"DEFROUTE="yes"PEERDNS="yes"PEERROUTES="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_PEERDNS="yes"IPV6_PEERROUTES="yes"IPV6_FAILURE_FATAL="no"IPV6_ADDR_GEN_MODE="stable-privacy"NAME="ens33"UUID="5b68a5ab-1ef0-4d0d-9084-82e94508156c"DNS1="127.0.0.1" # 因为CentOS7.3自己为DNS服务器,所以设自己为DNS服务器IPADDR="172.16.252.77"PREFIX=16GATEWAY="172.16.0.1"DEVICE="ens33"ONBOOT="yes"[root@hengxia network-scripts]# systemctl restart network[root@hengxia ~]# cat /etc/resolv.conf # 查看默认DNS# Generated by NetworkManagersearch topnameserver 127.0.0.1[root@hengxia ~]# vim /etc/named.conf 将allow-query { localhost; } 改为 allow-query { localhost; 172.168.252.174; } 允许某个地址查询或 改为 allow-query { localhost;any; } 或 改为 allow-query { localhost;0.0.0.0/0; } 或注释掉 允许所有地址查询[root@hengxia ~]# named-checkconf # 检查配置文件named.conf[root@hengxia ~]# systemctl reload named # 也可以使用rndc reload 作用是重新加载配置文件在CentOS7.3上DNS搭建自己的域,让当前DNS解析www.hengxia.top域
1、将www.hengxia.top IP 关系存储在DNS上.修改/etc/named.conf 填加域与域数据库的关系,也可以在/etc/named.rfc1912.zones中添加,建议在/etc/named.rfc1912.zones中添加zone "hengxia.top" IN { # hengxia.top是域名 type master; # 表示权威DNS,即第一个 file "hengxia.top.zone"; # 域数据库,默认位于/var/named/下面,只需告知文件名 hengxia.top.zone是库文件名};2、以/var/named目录下的named.localhost为蓝本,创建hengxia.top.zone文件 ,创建区域数据库[root@hengxia ~]# cd /var/named[root@hengxia named]# lsdata dynamic named.ca named.empty named.localhost named.loopback slaves[root@hengxia named]# cp -p named.localhost hengxia.top.zone # 注意cp -p 保持原有属性, 用cp 要用 chgrp named hengxia.top.zone[root@hengxia named]# cat hengxia.top.zone # 解析区域数据库格式,存放名字与IP的对应关系$TTL 1D # 统一定义TTL(过期时间、缓存时间) @ IN SOA @ rname.invalid. ( # SOA记录 IN internet技术 IN第一条要写,后面可以省略,可继承第一条IN rname.invalid. 资源的类型 # 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ # 代表当前配置域,例如配置hengxia.top,就代表hengxia.top A 127.0.0.1 # A记录 名字 到 IP 对应IPv4地址 AAAA ::1 # A记录 名字 到 IP 对应IPv6地址[root@hengxia named]# vim hengxia.top.zone[root@hengxia named]# cat hengxia.top.zone $TTL 1D@ IN SOA dns1.hengxia.top dnsadmin.hengxia.top. ( 201707262051 ; serial 10M ; refresh 3M ; retry 1D ; expire 3D ) ; minimum NS dns1 NS dns2dns1 A 172.16.252.77dns2 A 172.16.252.174websrv A 1.1.1.1ftpsrv A 2.2.2.2[root@hengxia named]# named-checkconf # 检查/etc/下与named有关文件[root@hengxia named]# named-checkzone hengxia.top /var/named/hengxia.top.zone # 检查域数据库文件 dns_rdata_fromtext: /var/named/hengxia.top.zone:2: near '201707262051': out of range # 序列号超出范围zone hengxia.top/IN: loading from master file /var/named/hengxia.top.zone failed: out of rangezone hengxia.top/IN: not loaded due to errors.[root@hengxia named]# vim hengxia.top.zone [root@hengxia named]# named-checkzone hengxia.top /var/named/hengxia.top.zonezone hengxia.top/IN: loaded serial 2017072601OK[root@hengxia named]# rndc reload[root@centos6 ~]# yum -y install bind bind-utils # 测试工具 dig host nslookup 来自 bind-utils包[root@centos6 ~]# dig www.hengxia.top @172.16.252.77; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.hengxia.top @172.16.252.77;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53941;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;www.hengxia.top. IN A;; Query time: 7 msec;; SERVER: 172.16.252.77#53(172.16.252.77);; WHEN: Wed Jul 26 19:13:37 2017;; MSG SIZE rcvd: 33[root@centos6 ~]# dig websrv.hengxia.top @172.16.252.77 # 测试成功,说明CentOS7.3上的域搭建成功; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> websrv.hengxia.top @172.16.252.77 ;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49446;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 # aa 说明是权威结果;; QUESTION SECTION:;websrv.hengxia.top. IN A;; ANSWER SECTION:websrv.hengxia.top. 86400 IN A 1.1.1.1;; AUTHORITY SECTION:hengxia.top. 86400 IN NS dns1.hengxia.top.hengxia.top. 86400 IN NS dns2.hengxia.top.;; ADDITIONAL SECTION:dns1.hengxia.top. 86400 IN A 172.16.252.77dns2.hengxia.top. 86400 IN A 172.16.252.174;; Query time: 3 msec;; SERVER: 172.16.252.77#53(172.16.252.77);; WHEN: Wed Jul 26 19:17:38 2017;; MSG SIZE rcvd: 122联系客服
