DNS服务器搭建详解

文章由LinuxBoy分享于2019-03-29 11:03:40热评（673）

DNS服务器搭建详解

DNS（Domain Name System），是运行在UDP协议53号端口服务，简单来说就是将域名解析成ip，从而实现主机定位。

DNS解析流程图

1 2 3 4 5 6 7 BIND: 4和9连个版本 4早期比较安全 CentOS默认9 协议：DNS 软件： BIND 进程名： named 安装 [root@marvin ~]# yum install bind -y

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 实验环境： marvin.com 192.168.1. www 192.168.1.220 www 192.168.1.221 mail 192.168.1.223 pop --> mail ftp --> www dns: 192.168.1.220 主配置文件：定义区域, /etc/named.conf 至少有三个区域：根、localhost、127.0.0.1 区域数据文件：/var/named/ named: 用户：named 组：named

根域名服务器查找：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 [root@marvin ~]# dig -t NS . [@dnsServer 指定服务器查找] ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36810 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 276268 IN NS c.root-servers.net. . 276268 IN NS l.root-servers.net. . 276268 IN NS f.root-servers.net. . 276268 IN NS m.root-servers.net. . 276268 IN NS d.root-servers.net. . 276268 IN NS a.root-servers.net. . 276268 IN NS e.root-servers.net. . 276268 IN NS g.root-servers.net. . 276268 IN NS i.root-servers.net. . 276268 IN NS k.root-servers.net. . 276268 IN NS j.root-servers.net. . 276268 IN NS b.root-servers.net. . 276268 IN NS h.root-servers.net. ;; Query time: 69 msec ;; SERVER: 114.114.114.114#53(114.114.114.114) ;; WHEN: Sun Jun 5 10:42:33 2016 ;; MSG SIZE rcvd: 228

主配置文件：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 [root@marvin ~]# mv /etc/named.conf /etc/named.conf.bak [root@marvin ~]# vim /etc/named.conf options {#全局配置 // listen-on port 53 { 127.0.0.1; 192.168.1.220; } ; #缓存服务器端口监听不给就是监听所有地址 // listen-on-v6 port 53 { ::1; }; #ipv6的监听地址 // dump-file "/var/named/data/cache_dump.db"; ＃dump时候不是重要选项 // statistics-file "/var/named/data/named_stats.txt"; ＃统计数据不是重要选项 // memstatistics-file "/var/named/data/named_mem_stats.txt"; #不是重要选项 // allow-query { localhost; }; # 只允许本地主机 localhost any或者注释掉就是允许所有主机查询 recursion yes; ＃是否允许递归能否让其他客户端指向 yes能 allow-recursion { 192.168.1.0/24 }; #递归白名单 // dnssec-enable yes; #dnf安全选项 // dnssec-validation yes; // bindkeys-file "/etc/named.iscdlv.key"; // managed-keys-directory "/var/named/dynamic"; directory "/var/named"; #固定工作目录 }; zone "." { #根域配置 type hint; ＃起始域根 :hint 主：master 从：slave 转发：forward file "named.ca"; # 根解析文件 } ; zone "localhost." IN { type master; file "named.localhost"; }; zone "1.0.0.127.in-addr.arpa." IN { type master; file "named.loopback"; }; zone "marvin.com." IN { type master; file "marvin.com.zone"; allow-transfer { 127.0.0.1;192.168.1.220;}; }; zone "1.168.192.in-addr.arpa." IN { type master; file "192.168.1.zone"; allow-transfer { 127.0.0.1;192.168.1.220;}; }; [root@marvin ~]# chown root.named /etc/named.conf [root@marvin ~]# chmod 640 /etc/named.conf

正向解析数据库文件：

1	`[root@marvin named]# vim marvin.com.zone`

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 $TTL 600 @ IN SOA dns.marvin.com. admin.marvin.com. ( 2016060511 2H 10M 7D 1D) @ IN NS dns @ IN MX 10 mail dns IN A 192.168.1.220 mail IN A 192.168.1.223 www IN A 192.168.1.221 pop IN CNAME mail ftp IN CNAME www

1 2	`[root@marvin named]# chown root.named marvin.com.zone` `[root@marvin named]# chmod 640 marvin.com.zone`

反向解析数据库文件：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 [root@marvin named]# vim 192.168.1.zone $TTL 600 @ IN SOA dns.marvin.com. admin.marvin.com. ( 2016060511 2H 10M 7D 1D) @ IN NS dns.marvin.com. 220 IN PTR dns.marvin.com. 223 IN PTR mail.marvin.com. 221 IN PTR www.marvin.com.

1 2	`[root@marvin named]# chown root.named 192.168.1.zone` `[root@marvin named]# chmod 640 192.168.1.zone`

语法检测：

1 2 3 4 5 6 7 8 [root@marvin ~]# /etc/init.d/named configtest zone localhost/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 [root@marvin ~]# named-checkconf [root@marvin named]# named-checkzone "marvin.com" /var/named/marvin.com.zone zone marvin.com/IN: loaded serial 2016060511 OK

启动：

1 2 3 [root@marvin ~]# /etc/init.d/named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ]

1 2 3 4 [root@marvin named]# vim /etc/resolv.conf search localdomain #nameserver 114.114.114.114 nameserver 192.168.1.220

正向解析测试：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [root@marvin named]# dig -t A www.marvin.com @marvin ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.marvin.com @marvin ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10468 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.marvin.com. IN A ;; ANSWER SECTION: www.marvin.com. 600 IN A 192.168.1.221 ;; AUTHORITY SECTION: marvin.com. 600 IN NS dns.marvin.com. ;; ADDITIONAL SECTION: dns.marvin.com. 600 IN A 192.168.1.220 ;; Query time: 0 msec ;; SERVER: 192.168.1.220#53(192.168.1.220) ;; WHEN: Sun Jun 5 11:43:06 2016 ;; MSG SIZE rcvd: 82

反向解析测试：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [root@marvin named]# dig -x 192.168.1.221 @marvin ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 192.168.1.221 @marvin ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33871 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;221.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 221.1.168.192.in-addr.arpa. 600 IN PTR www.marvin.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 600 IN NS dns.marvin.com. ;; ADDITIONAL SECTION: dns.marvin.com. 600 IN A 192.168.1.220 ;; Query time: 0 msec ;; SERVER: 192.168.1.220#53(192.168.1.220) ;; WHEN: Mon Jun 6 09:02:04 2016 ;; MSG SIZE rcvd: 106

数据传送：(allow-transfer有关)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [root@marvin ~]# dig -t axfr marvin.com @marvin ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t axfr marvin.com @marvin ;; global options: +cmd marvin.com. 600 IN SOA dns.marvin.com. admin.marvin.com. 2016060512 7200 600 604800 86400 marvin.com. 600 IN NS dns.marvin.com. marvin.com. 600 IN NS dns2.marvin.com. marvin.com. 600 IN MX 10 mail.marvin.com. dns.marvin.com. 600 IN A 192.168.1.220 dns2.marvin.com. 600 IN A 192.168.1.221 ftp.marvin.com. 600 IN CNAME www.marvin.com. mail.marvin.com. 600 IN A 192.168.1.223 pop.marvin.com. 600 IN CNAME mail.marvin.com. www.marvin.com. 600 IN A 192.168.1.221 marvin.com. 600 IN SOA dns.marvin.com. admin.marvin.com. 2016060512 7200 600 604800 86400 ;; Query time: 0 msec ;; SERVER: 192.168.1.220#53(192.168.1.220) ;; WHEN: Mon Jun 6 10:56:34 2016 ;; XFR size: 11 records (messages 1, bytes 268)

主从配置：

主服务器配置：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [root@marvin ~]# vim /etc/named.conf options { listen-on port 53 { 127.0.0.1; 192.168.1.220; } ; directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost." IN { type master; file "named.localhost"; }; zone "1.0.0.127.in-addr.arpa." IN { type master; file "named.loopback"; }; zone "marvin.com." IN { type master; file "marvin.com.zone"; allow-transfer { 127.0.0.1;192.168.1.220;192.168.1.221; }; #允许同步的ip }; zone "1.168.192.in-addr.arpa." IN { type master; file "192.168.1.zone"; allow-transfer { 127.0.0.1;192.168.1.220;192.168.1.221; };#允许同步的ip };

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [root@marvin named]# vim marvin.com.zone $TTL 600 @ IN SOA dns.marvin.com. admin.marvin.com. ( 2016060512 ＃每次修改完成 1 2H 10M 7D 1D) @ IN NS dns #主跟soa对应 @ IN NS dns2 ＃从通知从服务器 @ IN MX 10 mail dns IN A 192.168.1.220 dns2 IN A 192.168.1.221 ＃从ip mail IN A 192.168.1.223 www IN A 192.168.1.221 pop IN CNAME mail ftp IN CNAME www

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [root@marvin named]# vim 192.168.1.zone $TTL 600 @ IN SOA dns.marvin.com. admin.marvin.com. ( 2016060512 ＃每次修改完成 1 2H 10M 7D 1D) @ IN NS dns.marvin.com. #主跟soa对应 @ IN NS dns2.marvin.com. ＃从通知从服务器 220 IN PTR dns.marvin.com. 221 IN PTR dns2.marvin.com. ＃从ip 223 IN PTR mail.marvin.com. 221 IN PTR www.marvin.com. ~

从服务器配置：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [root@sherry ~]# vim /etc/named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost." IN { type master; file "named.localhost"; }; zone "1.0.0.127.in-addr.arpa." IN { type master; file "named.loopback"; }; zone "marvin.com." IN { type slave; masters { 192.168.1.220; }; file "slaves/marvin.com.zone"; }; zone "1.168.192.in-addr.arpa." IN { type salve; masters { 192.168.1.220; }; file "slaves/192.168.1.zone"; };

启动：

1 2 3 4 5 从服务器 [root@sherry named]# /etc/init.d/named start 主服务器 [root@marvin named]# /etc/init.d/named reload

从服务器解析：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@sherry slaves]# dig -t NS marvin.com @sherry ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS marvin.com @sherry ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56301 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;marvin.com. IN NS ;; ANSWER SECTION: marvin.com. 600 IN NS dns2.marvin.com. marvin.com. 600 IN NS dns.marvin.com. ;; ADDITIONAL SECTION: dns.marvin.com. 600 IN A 192.168.1.220 dns2.marvin.com. 600 IN A 192.168.1.221 ;; Query time: 0 msec ;; SERVER: 192.168.1.221#53(192.168.1.221) ;; WHEN: Mon Jun 6 10:38:35 2016 ;; MSG SIZE rcvd: 97

本文永久更新链接地址：

推荐文章：

DNS服务器搭建详解