DNS域名系统,是我们日常使用到的最常见的一个系统,是因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串,简单来说,就是相当于是一个快捷的索引,能够让我们更快速方便的访问到互联网,而不必通过IP来访问。而这次我们就要来看看如何搭建自己的dns服务器。
实验环境:RHEL6.5
服务端: server1.example.com 192.168.122.101
客户端: server3.example.com 192.168.122.103
1..搭建DNS名称服务器
搭建DNS所需的软件 ”bind“(在服务端server1)
# yum install -y bind
# vim /etc/named.conf
options {
listen-on port 53 { any; }; #允许所有对dns服务监听
listen-on-v6 port 53 { any; }; #ipv6同上
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #表示允许所有用户查询dns
forwarders { 192.168.122.1; };
................ #包含 DNS 查询将转发至的名称服务器的列
表,这里192.168.122.1是真机ip,记录着其他虚拟机的信息
使用并开启named 服务
# /etc/init.d/named start
# chkconfig named on
在客户端(server3)进行测试
# vim /etc/resolv.conf 添加域名解析
nameserver 192.168.122.101
# dig 192.168.122.101
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> 192.168.122.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25847
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.122.101.INA
;; AUTHORITY SECTION:
.55INSOAa.root-servers.net. nstld.verisign-grs.com.
2017041300 1800 900 604800 86400
;; Query time: 5 msec
;; SERVER: 192.168.122.101#53(192.168.122.101)
;; WHEN: Thu Apr 13 16:55:01 2017
;; MSG SIZE rcvd: 108
这样最基础的配置就成功了
2..DNS正解
首先进行正向解析的配置
编辑辅助区域配置文件 named.rfc1912.zones
# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
进行模版备份,预防意外删除等情况
# vim /etc/named.rfc1912.zones 添加以下几行
zone "marjur.com" IN {
type master;
file "marjur.com.zone"; //这个文件的名字与你之后建立的文件名相同
allow-update { none; };
};
# cd /var/named/
# cp -p named.localhost marjur.com.zone
(注意,一定用-p,否则复制过去的用户和组不是named,而是root,这样会出问题,也可以用 chown named.named marjur.com.zone来修改。)
# vim marjur.com.zone
$TTL 1D
@ IN SOA dns.marjur.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS tomas.marjur.com.
tomas A 192.168.122.101
www A 192.168.122.101
~
其中 A 是地址 NS是服务器主机名 SOA 是查询服务器管理信息
然后重启动named服务
# /etc/init.d/named restart
在 server3即客户端 执行 dig 命令
# dig tomas.marjur.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> tomas.marjur.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54063
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;tomas.marjur.com.INA
;; ANSWER SECTION:
tomas.marjur.com.86400INA192.168.122.101
;; AUTHORITY SECTION:
marjur.com.86400INNStomas.marjur.com.
;; Query time: 3 msec
;; SERVER: 192.168.122.101#53(192.168.122.101)
;; WHEN: Thu Apr 13 19:57:57 2017
;; MSG SIZE rcvd: 64
或者使用 www.marjur.com 结果是相同的。
3.DNS的PTR逆向解析
在 server1上进行操作
# vim /etc/named.rfc1912.zones #添加以下行
zone "122.168.192.in-addr.arpa" IN { #逆向的 ip
type master;
file "marjur.comNaNr";
allow-update { none; };
};
同样的
# cd /var/named/
# cp -p named.loopback marjur.comNaNr
# vim marjur.comNaNr
$TTL 1D
@ IN SOA dns.marjur.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS tomas.marjur.com.
tomas A 192.168.122.101
101 PTR tomas.marjur.com.
102 PTR www.marjur.com.
重启动named 服务
在 server3客户端上执行
[root@server3 ~]# dig -x 192.168.122.101
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -x 192.168.122.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6603
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;101.122.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
101.122.168.192.in-addr.arpa. 86400 INPTRtomas.marjur.com.
;; AUTHORITY SECTION:
122.168.192.in-addr.arpa. 86400INNStomas.marjur.com.
;; ADDITIONAL SECTION:
tomas.marjur.com.86400INA192.168.122.101
;; Query time: 2 msec
;; SERVER: 192.168.122.101#53(192.168.122.101)
;; WHEN: Thu Apr 13 20:26:58 2017
;; MSG SIZE rcvd: 106
[root@server3 ~]# dig -x 192.168.122.102
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -x 192.168.122.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57095
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;102.122.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
102.122.168.192.in-addr.arpa. 86400 INPTRwww.marjur.com.
;; AUTHORITY SECTION:
122.168.192.in-addr.arpa. 86400INNStomas.marjur.com.
;; ADDITIONAL SECTION:
tomas.marjur.com.86400INA192.168.122.101
;; Query time: 2 msec
;; SERVER: 192.168.122.101#53(192.168.122.101)
;; WHEN: Thu Apr 13 20:26:52 2017
;; MSG SIZE rcvd: 110
可以看到逆向解析是成功的。