0
点赞
收藏
分享

微信扫一扫

Linux网络服务06-DNS域名解析服务

王传学 2023-01-31 阅读 107

(1)确认本机的网络地址、主机映射、默认 DNS 服务器地址

网卡:

计算机生成了可选文字:
[root@nsl一]#cat
TYPE="Ethernet
BOOTPROT0="static
DEFROUTE="yes]
NAME="ens33
DEVICE="ens33
ONBOOT="yes'
/etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192。168。100。19
NETMASK=255。255。255。
GATEWAY=192。168。100。19
DNS1=192。168。100。19
DNS2=192。168。100。29

 

计算机生成了可选文字:
[root@讼讼v'一]#hostnamectlSet一h0StnamenS1Linuxll.com
[root@讼輾一]#bash
(面訂这]#
[root

 

更改主机映射文件

[root@ns1
~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4::1 localhost
localhost.localdomain localhost6 localhost6.localdomain6192.168.100.10
ns1.linuxli.com192.168.100.20 ns2.linuxli.com

查看DNS

计算机生成了可选文字:
[root@nsl一]#cat/etc/res01v.c0nf
#Generatedby
NetworkManager
SearChLinuxIi.com
nameSerVer1g2
168.100.10
nameSerVer1g2
168。199.29

(2)修改主配置文件 /etc/named.conf
[root@ns1
~]# rpm -qa |grep bind
bind-libs-lite-9.9.4-61.el7.x86_64

bind-license-9.9.4-61.el7.noarch
[root@ns1
~]# yum -y install bind
bind-utils bind-chroot
[root@ns1
~]# cd /etc/
[root@ns1
etc]# cp named.conf
named.conf.$(date +%Y%m%d%H%M)
[root@ns1
etc]# vim named.conf

options {

listen-on port 53 { 192.168.100.10; };
//
listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };
recursion yes;//
dnssec-enable yes;//
dnssec-validation yes;
};

logging {

channel default_debug
{

file "data/named.run";

severity
dynamic;

};

};
//zone "." IN {//
type hint;//
file "named.ca";//};
//include "/etc/named.rfc1912.zones";//include "/etc/named.root.key";
zone "linuxli.com"
IN {

type master;

file "linuxli.com.zone";

allow-transfer { 192.168.100.20;
};

};

zone "100.168.192.in-addr.arpa" IN
{

type master;

file "192.168.100.arpa";

allow-transfer { 192.168.100.20;
};

};

计算机生成了可选文字:
12
14
18
19
20
22
24
26
28
29
30
31
32
33
34
eptions{
一n
1iSten一0n一V5
directory
dump-file
53{1g2.168.100.10,};
5
"/var/named"
"/var/named/data/cachedump.db]
StatiStiCS一fe"/var/named/data/namedStatS.tXt
memstatistics-file"/var/named/data/namedmemStatS.tXt
allow-query
{anY,},
Ifyoua「ebuildinganAUTHORITATI\JEDNSSe「Ve0doNOTenablerecursion
Ifyoua「ebuildingaRECURSIVE(caching)DNSSe「Ve0youneedt0enable
「eCu「S10n。
IfyourrecursiveDNSSe「Ve「hasapublicIPaddress,youMUSTenableaCCeSS
cont「01t0limitqueriest0yourlegitimateuSe「S.Failingt0doS0
CauSeyourSe「Ve「t0becomepa「tOflargeSCaleDNSamplification
attacks.Implementing8CP38withinyournetworkwouldgreatly
reduceSuChattaCksurface
reCurS10nyes;
dnssec一enab1eyes,
dnssec-validationyes,

 

计算机生成了可选文字:
52
//zone
53
54
55//},
56
57
58
59
62
63},
65
68
IN{
typehint
file"named.cal'
//include"/etc/named.rfc1912.zones"
//include"/etc/named.「00t。key"
Z0ne
Z0ne
11nu.C0m
type
maSte「
file
"11nuX11.〔0Ill.Z0ne"
allow-transfer{1g2.168
"199.168.192.in-addr.a「pa
type
maSte「
file
"1g2.168.166.ar卩a"
allow-transfer{1g2.168
199。29
199。29

 

检查配置文件
[root@ns1
etc]# named-checkconf
/etc/named.conf

(3)建立正、反向区域数据文件
1>建立正向区域数据文件
[root@ns1
etc]# cd /var/named/
[root@ns1
named]# ls
chroot data
dynamic named.ca named.empty
named.localhost
named.loopback slaves
[root@ns1
named]# cp -p named.empty
linuxli.com.zone
[root@ns1
named]# vim
linuxli.com.zone

$TTL 1D                                                                                       
//有效解析记录生存时间1天
@ IN SOA linuxli.com. root.ns1.linuxli.com. ( //DNS正向解析域名
邮箱地址
2018122501 ; serial //更新序列号10位数字
1D ; refresh //刷新时间1天
1H ; retry //重试延迟1小时
1W ; expire //失效时间1周
3H
) ; minimum
//无效解析记录生成时间3小时
NS ns1.linuxli.com.

NS ns2.linuxli.com.

MX 10 mail.linuxli.com.

ns1 A 192.168.100.100
ns2 A 192.168.100.110
www A 192.168.100.10
mail A 192.168.100.1
news A 192.168.100.12
bbs CNAME news

* A 192.168.100.10

计算机生成了可选文字:
$TTL
ns1
1g2.168.166.16
ns2
1g2.168.166.26
1g2.168.166.36
mail
1g2.168.166.46
1g2.168.166.56
neWS
bbs
1g2.168.166.16
IN
MX
SD
16
1inuxIi
「00t。
ns1.1inuxIi.c0m.(
20200g0101
refresh
retry
explre
mlnImum
serial
CNAME
nS1.1nu.C0m
nS2.1nu.C0m
.1nu。C0m
neWS

2>建立反向区域数据文件

[root@ns1 named]# cp -p linuxli.com.zone 192.168.100.arpa
[root@ns1
named]# vim
192.168.100.arpa
$TTL 1D

@ IN SOA linuxli.com. root.ns1.linuxli.com.
(

2018122501
; serial

1D ;
refresh

1H ; retry
1W ;
expire

3H ) ;
minimum

NS ns1.linuxli.com.

NS ns2.linuxli.com.100
PTR
ns1.linuxli.com.110
PTR
ns2.linuxli.com.10
PTR
​​www.linuxli.com​​.1
PTR
mail.linuxli.com.12
PTR
news.linuxli.com.12
PTR
bbs.linuxli.com.

计算机生成了可选文字:
$TTL
20
30
50
IN
PTR
PTR
PTR
PTR
PTR
SD
1inuxIi
「00t。
ns1.1inuxIi.c0m.(
20200g0101
refresh
retry
explre
mlnImum
serial
nS1.1nu.C0m
nS2.1nu.C0m
nS1.1nu.C0m
nS2.1nu.C0m
.1nu。C0m
neWS.1nu。C0m

3>测试配置文件
[root@ns1
named]# named-checkzone
linuxli.com linuxli.com.zone
zone linuxli.com/IN:
loaded serial 2018122501
OK
[root@ns1
named]# named-checkzone 1.168.192-addr.arpa 192.168.100.arpa
zone 1.168.192-addr.arpa/IN: loaded serial 2018122501
OK
[root@ns1
named]#

 

更改区域文件的属主属组
chown named:named /var/named/linuxli.com.zone

chown named:named /var/named/192.168.100.arpa

(4)启动
named 服务或重载配置
[root@ns1
named]# systemctl restart
named

(5)客户机测试

计算机生成了可选文字:
[root@nslnamed]#nslookup
>nS1LinuxIi.com
Server:
Address:
1g2。168。199
1g2。168。199
Name。
nS1LinuxIi.com
Address:1g2.168.199.19
>neWSLinuxIi.com
19
10#53
19
10#53
Server:
Address:
Name。
Address
neWS
1g2
1g2。168。199
1g2。168。199
。C0m
168..50

 

计算机生成了可选文字:
[rootßcentosBZ一]#cat/etc/resoIv.conf
#GeneratedbyNetmrkt%nager
namesert.er13Z。168。122。12
[rootßcentosBZ一]#nslookup
〉《d。。Com
Address:
13Z。168。122。12
13Z。168。122。12#53
Nam:
《d。。Com
Address:13Z.168。.32
〉13Z.168.122.Za
Address:
13Z。168。122。12
13Z。168。122。12#53
Za。122。168。13Z。in-addr.arpa
nsZ.linuxli

 

二、构建从 DNS 域名解析服务器

1、从域名解析服务器概述

与主域名解析服务器提供完全相同的 DNS 解析服务,通常用于 DNS 服务器的热备份。对客户机来说,无论使用主域名服务器还是从域名服务器,查询结果都是一样的。

2、构建从域名服务器步骤及示例

实验环境:

  • 主、从域名服务器均位于 Internet 中,所负责的 DNS 区域为“linuxli.com”
  • 主服务器 IP 地址 192.168.100.10/24,主机名为 ns1.linuxli.com
  • 从服务器 IP 地址 192.168.100.20/24,主机名为 ns2.linuxli.com
  • 客户机将首选、备用 DNS 服务器分别设为 192.168.100.10 和 192.168.100.20

(1)确认本机的网络地址、主机映射、默认 DNS 服务器地址

网卡:

计算机生成了可选文字:
[root@ns2一]#cat
TYPE="Ethernet
BOOTPROT0="static
DEFROUTE="yes]
NAME="ens33
DEVICE="ens33
ONBOOT="yes'
/etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192。168。100。29
NETMASK=255。255。255。
GATEWAY=192。168。100。19
DNS1=192。168。100。19
DNS2=192。168。100。29

 

计算机生成了可选文字:
2.ens33:<BROADCAST,MULTICAST,UP,LOWERUP>mtu1500qdis《
faststateUPgroup
defaultquen1000
link
77acbrdffffffffffff
1g2...23
/24brd1g2.168.100.255scopeglob《
Inet
efixrouteenS

 

计算机生成了可选文字:
[root@ns2一]#h0stname
nS2LinuxIi.com

更改主机映射文件
[root@ns2
~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4::1 localhost
localhost.localdomain localhost6 localhost6.localdomain6192.168.100.10
ns1.linuxli.com192.168.100.20
ns2.linuxli.com

计算机生成了可选文字:
[root@ns2一]#cat/etc/h0sts
127.0.0.1localhostlocalhost
4localdomain4
1
localhostlocalhost
10Cd1
10Cd1
6。localdomain6
1g2.168.199.19
1g2。168。199.29
nS1LinuxIi.com
nS2LinuxIi.com

查看DNS
[root@ns2
~]# cat /etc/resolv.conf
# Generated by NetworkManager
search linuxli.com

nameserver 192.168.100.10
nameserver 192.168.100.20

计算机生成了可选文字:
[root@ns2一]#cat/etc/res01v.c0nf
#Generatedby
NetworkManager
SearChLinuxIi.com
nameSerVer1g2
168.100.10
nameSerVer1g2
168。199.29

(2)修改主配置文件/etc/named.conf
[root@ns2
~]# rpm -qa |grep bind
bind-libs-lite-9.9.4-61.el7.x86_64

bind-license-9.9.4-61.el7.noarch
[root@ns2
~]# yum -y install bind
bind-utils bind-chroot
[root@ns2
~]# cd /etc/
[root@ns2
etc]# cp named.conf
named.conf.$(date +%Y%m%d%H%M)
[root@ns2
etc]# vim named.conf

options {

listen-on port 53 { 192.168.100.110;
};//
listen-on-v6 port 53 { ::1; };

directory "/var/named";//
dump-file "/var/named/data/cache_dump.db";//
statistics-file "/var/named/data/named_stats.txt";//
memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;
// dnssec-enable
yes;//
dnssec-validation yes;//
bindkeys-file "/etc/named.iscdlv.key";//
managed-keys-directory "/var/named/dynamic";//
pid-file "/run/named/named.pid";//
session-keyfile "/run/named/session.key";

};
logging {

channel default_debug
{

file "data/named.run";

severity
dynamic;

};

};
//zone "." IN {//
type hint;//
file "named.ca";//};
//include "/etc/named.rfc1912.zones";//include "/etc/named.root.key";

zone "linuxli.com"
IN {

type slave;

masters { 192.168.100.100; };

file "slaves/linuxli.com.zone";

};

zone "100.168.192.in-addr.arpa"
IN {

type slave;

masters { 192.168.100.100; };

file "slaves/192.168.100.arpa";

};

计算机生成了可选文字:
12
14
16
17
18
19
20
22
24
26
28
29
30
31
32
33
options{
listen-onport50{1g2.168.100.20,};
1isten一0n一v5p0「t5
directory
dump-file
"/var/named"
"/var/named/data/cachedump.db"
StatiStiCS一fe"/var/named/data/namedStatS.tXt
memstatistics-file
var/named/data/namedmemStatS.tXt]
allow-query
{anY,},
Ifyoua「ebuildinganAUTHORITATI\JEDNSSe「Ve0doNOTenablerecursion
Ifyoua「ebuildingaRECURSIVE(caching)DNSSe「Ve0youneedt0enable
「eCu「S10n。
IfyourrecursiveDNSSe「Ve「hasapublicIPaddress,youMUSTenableaCCeSS
cont「01t0limitqueriest0yourlegitimateuSe「S.Failingt0doS0
CauSeyourSe「Ve「t0becomepa「tOflargeSCaleDNSamplification
attacks.Implementing8CP08withinyournetworkwouldgreatly
reduceSuChattaCksurface
reCurS10nyes;
dnssec一enab1eyes,
dnssec-validationyes,

 

计算机生成了可选文字:
52
//zone
53
54
55//},
56
57
58
59
60
62
64};
65
68
IN{
typehint
file"named.cal'
//include
//include
"/etc/named
"/etc/named
Z0ne
Z0ne
11nu.C0m
slave
type
masters{
「fc1912.z0ne
「00t。key"
1g2.168.166.16
file
"。158.1g2.in一add.a「pa
slave
type
masters{
1g2.168.166.16
file
"s1aves/1g2。168。.arpa"

检查配置文件
[root@ns2
etc]# named-checkconf
/etc/named.conf

(3)启动
named 服务,查看区域数据文件是否下载成功
[root@ns2
etc]# ll
/var/named/slaves/
总用量 0
[root@ns2
etc]# systemctl restart
named
[root@ns2
etc]# ll
/var/named/slaves/
总用量 8
-rw-r--r-- 1 named named 573 12月 26
14:04 192.168.100.arpa

-rw-r--r-- 1 named named 555 12月 26
14:04 linuxli.com.zone

(4)客户机测试

计算机生成了可选文字:
[root@ns2etc]#nslookup
>\讼讼'ILinuxIi.com
Server
Address:
1g2。168。199
Name。
\讼讼'ILinuxIi.com
Address:1g2.168.100.30
>1g2.168.100.30
Server
Address:
1g2。168。199
1g2。168。199
30.100.168.192.in-addrarpa
>AC[root@ns2etc]#nslookup
>\讼讼'ILinuxIi.com
Server
Address:
1g2。168。199
Name。
\讼讼'ILinuxIi.com
Address:1g2.168.100.30
>1g2.168.100.10
Server
Address:
10..168
1g2。168。199
1g2。168。199
192.in-addr.arpa
10#53
19
10#53
name
20#53
29
20#53
name
\讼讼'ILinuxIi.com
ns1Iinuxli

 

(5)将主域名服务器增加地址解析记录,修改序列号+1
查看从域名服务器/var/named/slaves/下文件的时间
[root@ns2
etc]# ll
/var/named/slaves/
总用量 8
-rw-r--r-- 1 named named 573 12月 26
14:04 192.168.100.arpa

-rw-r--r-- 1 named named 555 12月 26
14:04 linuxli.com.zone

更新主域名服务器的区域配置文件
[root@ns1
~]# cd /var/named/
[root@ns1
named]# vim
linuxli.com.zone
$TTL 86400
@ IN SOA linuxli.com. root.ns1.linuxli.com.
(

2018122602 ; serial
1D ;
refresh

1H ; retry
1W ;
expire

3H ) ;
minimum

NS ns1.linuxli.com.

NS ns2.linuxli.com.

MX 10
mail.linuxli.com.

ns1 A 192.168.100.100
ns2 A 192.168.100.110
www A 192.168.100.10
mail A 192.168.100.1
news A 192.168.100.12
bbs CNAME news

* A 192.168.100.10
money A 192.168.100.13
[root@ns1
named]# named-checkzone
linuxli.com linuxli.com.zone
zone linuxli.com/IN: loaded serial 2018122602
OK
[root@ns1
named]# vim
192.168.100.arpa
$TTL 1D

@ IN SOA linuxli.com. root.ns1.linuxli.com.
(

2018122602 ; serial
1D ;
refresh

1H ; retry
1W ;
expire

3H ) ;
minimum

NS ns1.linuxli.com.

NS ns2.linuxli.com.100
PTR
ns1.linuxli.com.110
PTR
ns2.linuxli.com.10
PTR
​​www.linuxli.com​​.1
PTR
mail.linuxli.com.12
PTR
news.linuxli.com.12
PTR
bbs.linuxli.com.13
PTR
money.linuxli.com.
[root@ns1
named]# named-checkzone
1.168.192.in-addr.arpa 192.168.100.arpa
zone 1.168.192.in-addr.arpa/IN: loaded serial 2018122602
OK

(6)修改主域名解析服务器的主配置文件,添加
also-notify { 192.168.100.110; }; 观察从域名解析服务器区域数据文件是否更新
[root@ns1
named]# vim
/etc/named.conf
17
also-notify { 192.168.100.110; };

重新加载主域名解析服务器配置文件
[root@ns1
named]# systemctl reload
named.service

发现从域名服务器已自动更新区域配置文件
[root@ns2
etc]# ll
/var/named/slaves/
总用量 8
-rw-r--r-- 1 named named 643 12月 26
14:35 192.168.100.arpa

-rw-r--r-- 1 named named 600 12月 26
14:35 linuxli.com.zone

客户机测试
[root@linuxli
~]# cat /etc/resolv.conf
# Generated by NetworkManager
search com

nameserver 192.168.100.110
nameserver 192.168.100.100
[root@linuxli
~]# nslookup
> money.linuxli.comServer: 192.168.100.110
Address: 192.168.100.110#53
Name: money.linuxli.comAddress: 192.168.100.13
> 192.168.100.13
Server: 192.168.100.110
Address: 192.168.100.110#53
13.100.168.192.in-addr.arpa name
= money.linuxli.com.

> exit

 

 

 

 

三、构建分离解析的 DNS 域名解析服务器

1、分离解析的域名解析服务器概述 分离解析的域名解析服务器实际也是主域名服务器,这里所说的分离解析(Split DNS),

主要是指根据不同的客户端提供不同的域名解析记录。来自不同地址的客户机请求解析同一 域名时,为其提供不同的解析结果。

Linux网络服务06-DNS域名解析服务_linux

2、构建分离解析的域名服务器步骤及示例

实验环境:

  • 域名服务器架设在企业网关服务器中,网卡 ens32 的 IP 地址为 192.168.100.100/24;网 卡 eth1 的 IP 地址为 192.168.60.34/24(桥接网络)模拟外网
  • 在Internet中的公共域名 ​​www.linuxli.com和mail.linuxli.com均解析为​​ 192.168.60.34
  • 在内网中 ​​www.linuxli.com和mail.linuxli.com分别解析为​​ 192.168.100.10 和 192.168.100.20
  • 分别用两台客户机模拟内网与外网进行测试

(1)在/etc/named.conf 主配置文件中为不同的客户机地址启用不同的 zone 区域设置, 各自使用独立的数据文件

Linux网络服务06-DNS域名解析服务_DNS_02

[root@linuxli ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat
bind package to configure the ISC BIND named(8) DNS
// server as a caching
only nameserver (as a localhost DNS resolver only).
//
// See
/usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND
Administrator's Reference Manual (ARM) for details about the
// configuration located
in /usr/share/doc/bind-{version}/Bv9ARM.html
options {

listen-on port 53 { 192.168.100.100;192.168.60.34; };// listen-on-v6 port 53 { ::1; };
directory "/var/named";// dump-file
"/var/named/data/cache_dump.db";
// statistics-file
"/var/named/data/named_stats.txt";
// memstatistics-file
"/var/named/data/named_mem_stats.txt";
allow-query { any; };// recursion yes;
//
dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file
"/etc/named.iscdlv.key";
//
managed-keys-directory "/var/named/dynamic";
};
acl "lan" { 192.168.100.0/24;
}; //定义acl规则
acl "wan" { any; };
view "LAN"
{ //引用acl规则
match-clients { lan; };

zone "linuxli.com" IN {

type master;

file "linuxli.com.zone.lan";

};

};
view "WAN" {

match-clients { wan; };

zone "linuxli.com" IN {

type master;

file "linuxli.com.zone.wan";

};

};

检查配置文件
[root@linuxli
~]# named-checkconf
/etc/named.conf
(2)分别建立不同的区域数据文件
[root@linuxli
~]# cd /var/named/
[root@linuxli
named]# cp -p named.empty
linuxli.com.zone.lan
[root@linuxli
named]# vim
linuxli.com.zone.lan
$TTL 1D

@ IN SOA linuxli.com. root.ns1.linuxli.com.
(

2018122601
; serial

1D ;
refresh

1H ; retry
1W ;
expire

3H ) ;
minimum

NS ns1.linuxli.com.

MX 10
mail.linuxli.com.

ns1 A 192.168.100.100
www A 192.168.100.10
mail A 192.168.100.20
[root@linuxli
named]# cp -p
linuxli.com.zone.lan linuxli.com.zone.wan
[root@linuxli
named]# vim
linuxli.com.zone.wan
$TTL 1D

@ IN SOA linuxli.com. root.ns1.linuxli.com.
(

2018122601
; serial

1D ;
refresh

1H ; retry
1W ;
expire

3H ) ;
minimum

NS ns1.linuxli.com.

MX 10
mail.linuxli.com.

ns1 A 192.168.60.34
www A 192.168.60.34
mail A 192.168.60.34

检查区域配置文件
[root@linuxli
named]# named-checkzone
linuxli.com linuxli.com.zone.lan
zone linuxli.com/IN: loaded serial 2018122601
OK
[root@linuxli named]# named-checkzone linuxli.com linuxli.com.zone.wan
zone linuxli.com/IN: loaded serial 2018122601
OK

(3)启动或重新加载
named 服务程序
[root@linuxli
named]# systemctl restart
named

(4)内网及模拟外网的两台客户机进行测试

1>内网测试

Linux网络服务06-DNS域名解析服务_DNS_03

 

Linux网络服务06-DNS域名解析服务_linux_04

2>外网测试

Linux网络服务06-DNS域名解析服务_linux_05

 

 

 

来自 <​​http://blog.linuxli.com/2018/12/linux_network_service_6/​​>

 

举报

相关推荐

0 条评论