CentOS7 DNS
DNS
網域名稱系統(Domain Name System,DNS)是網際網路的一項服務。它作為將域名和IP位址相互對映的一個分資料庫,能夠使人更方便地存取網際網路。
我的測試環境
DNS服務器:dns.cch.com(CentOS7)Server IP地址:192.168.64.181Client(Apache):web.cch.com(CentOS 7)
Client IP地址:192.168.64.176
Client(FTP):ftp.cch.com(CentOS 7)
Client IP地址:192.168.64.180
- 安裝 DNS 套件
#yum install bind* -y
- 配置檔位置
#/etc/named.conf - 編輯及配置檔案
記得!!!配置檔可先 cp 一份出來。#vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1;192.168.64.0/24; };#add Host ip #ipv4 監聽 port ,回應任何主機的 查詢53 listen-on-v6 port 53 { ::1; }; #ipv6 監聽 port ,只回應本機 的查詢53 directory "/var/named"; #工作目錄 dump-file "/var/named/data/cache_dump.db"; #指定 DNS database statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; # 指定統計使用的記憶體位置 allow-query { any; };#允許本地主機都可查詢 # any 允許任何主機都可查詢 recursion yes; #遞迴式,如果本 DNS server 查不到,會往上層查 forwarders { #如果自己無法解析,將進行轉送 168.95.1.1; //先用中華電信的 DNS 當上層 8.8.8.8; //再用 google 當上層 }; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { #允許多種型態的記錄,每種記錄以 chnnel 區分 channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "cch.com" IN{ #新增自己的正解 type master; #指定為主要 DNS file "cch.com"; #檔案名稱 allow-update {none;}; }; zone "64.168.192.in-addr.arpa" IN{ #新增自己的反解 type master; file "64.168.192"; allow-update {none;}; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; 27,5-12 頂端
- 編輯正解與反解檔
# 指令以符號 $ 開始 # @ : 代表管理的網域 # IN : 表示internet 型態 # SOA : 後面為主機名稱, 權限有效時間 # A : Address record 指定 ip # AAAA:Address record 指定 ipv6 # CNAME : 網域名稱別名,允許使用多個不同名稱只單一主機 # PTR:指標,某個 IP 對應的 domain name,將 IP 位址轉換成主機的 FQDN # NS : Nameserver record 宣告管理這個 zone 的 nameserver # MX : Mail Exchange record 指定網域中郵件傳送的位置 # Txt:註解說明
正解:# vim /var/named/cch.com $TTL 86400 #存活時間 @ IN SOA dns.cch.com. root.cch.com. ( #主機名稱 + 此網域負責人郵件 28 ;Serial #修改的序號 (可以以日期形式) 3600 ;Refresh #決定 slave nameserver 等多久再問 master nameserver 是否更新 1800 ;Retry # master nameserver 沒回應,多久後重新請求更新 604800 ;Expire # master nameserver 持續沒回應,超過此時間,slave nameserver 停止回 應查詢 86400 ;Minimum TTL # 存於其他 nameserver cache 的最小時間 ) @ IN NS dns.cch.com. @ IN A 192.168.64.181 dns IN A 192.168.64.181 web IN A 192.168.64.176 vsftp IN A 192.168.64.180 www IN CNAME web ftp IN CNAME vsftp
反解:# /var/named/64.168.192 $TTL 86400 @ IN SOA dns.cch.com. root.cch.com. ( 28 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS dns.cch.com. @ IN PTR cch.com. dns IN A 192.168.64.181 web IN A 192.168.64.176 181 IN PTR dns.cch.com. 176 IN PTR web.cch.com. ftp IN A 192.168.64.180 180 IN PTR ftp.cch.com.
確認 DNS 配置語法有無錯誤 - 防火牆目前不設置將他關閉
- 測試
先將 client 端設置 DNS
# named-checkconf /etc/named.conf
# named-checkzone cch.com /var/named/cch.com
zone cch.com/IN: loaded serial 28
OK
# named-checkzone cch.com /var/named//64.168.192
zone cch.com/IN: loaded serial 28
OK
# systemctl start named
# systemctl restart named
# systemctl enable named
# systemctl status named
dig:# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 DNS=192.168.64.181 # vim /etc/resolv.conf nameserver 192.168.64.181 #更改成 DNS Server,意思指定 named Server IP 位置dig host nslookup ping
- 查詢類型:
- a: 查ip位址(預設)
- mx: 查郵件伺服器
- ns: 查名稱伺服器
- cname: 查別名
- ptr: 由ip位址反查名稱
- hinfo: DNS伺服器的系統資訊
# dig web.cch.com a #查詢類型參數 ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> web.cch.com a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55465 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.cch.com. IN A ;; ANSWER SECTION: web.cch.com. 86400 IN A 192.168.64.176 ;; AUTHORITY SECTION: cch.com. 86400 IN NS dns.cch.com. ;; ADDITIONAL SECTION: dns.cch.com. 86400 IN A 192.168.64.181 ;; Query time: 0 msec ;; SERVER: 192.168.64.181#53(192.168.64.181) ;; WHEN: 日 4月 23 02:10:23 CST 2017 ;; MSG SIZE rcvd: 90
host:
# host ftp.cch.com
ftp.cch.com is an alias for vsftp.cch.com.
vsftp.cch.com has address 192.168.64.180
nslookup:
ping:# nslookup
> 192.168.64.180
Server: 192.168.64.181
Address: 192.168.64.181#53
180.64.168.192.in-addr.arpa name = ftp.cch.com.
> 192.168.64.176
Server: 192.168.64.181
Address: 192.168.64.181#53
176.64.168.192.in-addr.arpa name = web.cch.com.
> ftp.cch.com
Server: 192.168.64.181
Address: 192.168.64.181#53
ftp.cch.com canonical name = vsftp.cch.com.
Name: vsftp.cch.com
Address: 192.168.64.180
>
互相ping 主機名稱
DNS Server # ping -c 3 web.cch.com PING web.cch.com (192.168.64.176) 56(84) bytes of data. 64 bytes from web.cch.com (192.168.64.176): icmp_seq=1 ttl=64 time=0.265 ms 64 bytes from web.cch.com (192.168.64.176): icmp_seq=2 ttl=64 time=0.274 ms 64 bytes from web.cch.com (192.168.64.176): icmp_seq=3 ttl=64 time=0.268 ms --- web.cch.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.265/0.269/0.274/0.003 ms # ping -c 3 ftp.cch.com PING vsftp.cch.com (192.168.64.180) 56(84) bytes of data. 64 bytes from ftp.cch.com (192.168.64.180): icmp_seq=1 ttl=64 time=0.199 ms 64 bytes from ftp.cch.com (192.168.64.180): icmp_seq=2 ttl=64 time=0.276 ms 64 bytes from ftp.cch.com (192.168.64.180): icmp_seq=3 ttl=64 time=0.293 ms --- vsftp.cch.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.199/0.256/0.293/0.040 ms
FTP Server # ping -c 3 web.cch.com PING web.cch.com (192.168.64.176) 56(84) bytes of data. 64 bytes from web.cch.com (192.168.64.176): icmp_seq=1 ttl=64 time=0.208 ms 64 bytes from web.cch.com (192.168.64.176): icmp_seq=2 ttl=64 time=0.303 ms 64 bytes from web.cch.com (192.168.64.176): icmp_seq=3 ttl=64 time=0.312 ms --- web.cch.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.208/0.274/0.312/0.048 ms # ping -c 3 dns.cch.com PING dns.cch.com (192.168.64.181) 56(84) bytes of data. 64 bytes from dns.cch.com (192.168.64.181): icmp_seq=1 ttl=64 time=0.143 ms 64 bytes from dns.cch.com (192.168.64.181): icmp_seq=2 ttl=64 time=0.313 ms 64 bytes from dns.cch.com (192.168.64.181): icmp_seq=3 ttl=64 time=0.595 ms --- dns.cch.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.143/0.350/0.595/0.187 ms
https://yukifans.com/ie/2015/01/535
http://dns-learning.twnic.net.tw/bind/intro6.html#bc
留言
張貼留言