服务管理-DNS

DNS服务

DNS（Domain Names System，域名系统），因特网上做为域名和IP地址相互映射的一个分布式数据库，可以使用户更方便的访问互联网，而不用去记住可以被机器直接读取的IP地址。经过主机名，最终获得该主机名对应的IP地址的过程叫作域名解析。DNS协议运行在UDP之上，使用的端口号是53.

BIND实现正向区解析

[root@localhost ~]# yum install bind
[root@localhost ~]# vim /etc/named.conf 
[root@localhost ~]# 

[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# cp named.localhost named.zyg
[root@localhost named]# vim named.zyg 
[root@localhost named]# 

[root@localhost named]# chgrp named named.zyg 
[root@localhost named]# systemctl start named

 在启动的时候可能会报：Failed to start Berkeley Internet Name Domain (DNS)

原来是我在写配置文件的时候少写了两个分号致使的。。

[root@localhost named]# vim /etc/resolv.conf 

bind实现方向区解析

[root@localhost named]# vim /etc/named.conf 

[root@localhost named]# cp named.zyg named.210.29.172
[root@localhost named]# vim named.210.29.172 
[root@localhost named]# 

[root@localhost named]# chgrp named named.210.29.172 
[root@localhost named]# systemctl restart named
[root@localhost named]# 

智能DNS

普通的DNS服务器只负责为用户解析出IP记录，而不去判断用户从哪里来，这样会形成全部用户都只能解析到固定的IP地址上。

智能DNS颠覆了这个概念。智能DNS会判断用户的来路，而作出一些智能化的处理，而后把智能化判断后的IP地址返回给用户，好比：智能DNS就会自动判断用户的上网线路是网通仍是典型，而后智能返回网通或者典型的服务器IP地址。

server：

--------------------------------------------------------------------------------------------------------------------------

[root@localhost named]# cat /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { 127.0.0.1; any; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; any; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "zyg.com" {
    type master;
    file "named.zyg";
};

zone "210.29.172.in-addr.arpa" {
    type master;
    file "named.210.29.172";
};
[root@localhost named]# 

client：

-------------------------------------------------------------------------------------------------------------------------

[root@localhost named]# cat /etc/resolv.conf 
# Generated by NetworkManager
search zyg.com
nameserver 10.0.0.2
[root@localhost named]# 

 

更多请百度度。。用到了会补全的，如今没空研究。。