DNS解析(双向解析,集群)
DNS域名解析
咱们知道互联网都是经过URL来发布和请求资源的,而URL中的域名须要解析成IP地址才能与远程主机创建链接,如何将域名解析成IP地址就属于DNS解析的工做范畴。css
DNS域名解析过程
当咱们在浏览器中输入www.abc.com时,DNS解析将会有将近10个步骤,这个过程大致大致由一张图能够表示:html
名词解释
正向解析:从域名到ip地址的解析过程。
反向解析:从ip地址到域名的解析过程。
DNS缓存: DNS服务器在解析客户机的请求时,若是本地没有该DNS的信息,则能够会询问其余DNS服务器,当其余域名服务器返回查询记过期,该DNS服务器就会将结果记录在本地的缓存中,成为DNS缓存。
区(zone):是DNS名称空间的一个连续部分,其中包一组存储在DNS服务器上的资源记录。
资源记录:DNS服务器的信息数据,按照类进行存储,可以即系客户端的DNS请求
区文件:包含区资源记录的文件,选择DNS服务器为受权服务器,管理该区域。linux
DNS的解析
1、DNS的正向解析
1.安装DNS服务器软件(bind)
[root@localhost ~]# yum install bind.x86_64 -y Loaded plugins: langpacks software | 4.1 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package bind.x86_64 32:9.9.4-14.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved ================================================================================
Package Arch Version Repository Size ================================================================================
Installing:
bind x86_64 32:9.9.4-14.el7 software 1.8 M
Transaction Summary ================================================================================
Install 1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Downloading packages:
bind-9.9.4-14.el7.x86_64.rpm | 1.8 MB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 32:bind-9.9.4-14.el7.x86_64 1/1
Verifying : 32:bind-9.9.4-14.el7.x86_64 1/1
Installed:
bind.x86_64 32:9.9.4-14.el7
Complete!
2.更改主配置文件
[root@localhost ~]# vim /etc/named.conf
说明:根区域是互联网中全部域名的开始,使用句点(.)表示,缓存服务器只有可以访问DNS根服务器才能担供正常的域名解析服务。
| options { listen-on port 53 { any; }; 监听端口已经监听的地址 listen-on-v6 port 53 { ::1; }; directory “/var/named”; 区域文件存储目录,即bind服务器的工做目录 dump-file “/var/named/data/cache_dump.db”; 缓存保存 statistics-file “/var/named/data/named_stats.txt”; memstatistics-file “/var/named/data/named_mem_stats.txt”; // Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { any; }; 容许本机发起查询 any :容许任何人向你发起查询 allow-query-cache { localhost; }; 容许那些查询有缓存 }; logging { channel default_debug { file “data/named.run”; 日志的保存路径 severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; 匹配客户端的地址 ,改为any match-destinations { localhost; }; 改为any recursion yes; 容许递归,若是不递归,那么在找不到匹配的 域名解析是后,就会显示找不到,直接告诉你结果 include “/etc/named.rfc1912.zones”; 此文件主要定义了根区域,localdomain区域,localhost区域,及反向解析区域 }; |
在缓存域名服务器的named. caching-nameserver.conf文件中加载的named.rfc1912.zones文件对根区域进行了设置.
此文件中的type hint表示此区域类型是根区域;file “named.ca”设置区域文件名称,该文件保存在bind工做目录/var/named/中web
- 查看端口:
[root@localhost ~]# netstat -antlpe | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 111456 32071/named
tcp 0 0 172.25.254.141:53 0.0.0.0:* LISTEN 25 111451 32071/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 111449 32071/named
tcp6 0 0 ::1:953 :::* LISTEN 25 111457 32071/named
tcp6 0 0 ::1:53 :::* LISTEN 25 111453 32071/named
3.更改子配置文件
在dns的子配置文件中添加须要解析的域名,若是在主配置文件中添加会过于繁琐,不利于主配置文件的阅读和查看 vim
[root@localhost ~]# vim /etc/named.rfc1912.zones
| zone “test.com” IN{ type master; file “testfile.com”; allow-update{ none }; }; |
4.编辑域名解析文件
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost testfile.com
[root@localhost named]# vim testfile.com
| $TTL 1D @ IN SOA dns.test.com root.test.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.test.com. dns A 172.25.7.8 www A 5.2.0.8 |
5.指定DNS服务器
[root@localhost named]# echo "nameserver 172.25.254.141" >> /etc/resolv.conf
检验成果:
[root@localhost named]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6615 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.test.com. IN A
;; ANSWER SECTION: www.test.com. 86400 IN A 5.2.0.8 ;; AUTHORITY SECTION: test.com. 86400 IN NS dns.test.com. ;; ADDITIONAL SECTION: dns.test.com. 86400 IN A 172.25.7.8 ;; Query time: 0 msec ;; SERVER: 172.25.254.141#53(172.25.254.141) ;; WHEN: Wed May 23 03:30:41 EDT 2018 ;; MSG SIZE rcvd: 91
2、DNS反向解析
1.编辑主配置文件
[root@localhost ~]# vim /etc/named.conf
2.在子配置文件中添加解析域
[root@localhost named]# vim /etc/named.rfc1912.zones
| zone “254.25.172.in-addr.arpa” IN { type master; file “test.com.ptr”; allow-update{ none; }; }; |
3.更改域名解析文件
[root@localhost named]# cp -p named.localhost test.com.ptr
[root@localhost named]# vim test.com.ptr
| $TTL 1D @ IN SOA dns.test.com. root.test.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.test.com. dns A 172.25.254.141 250 PTR www.test.com |
4.重启named服务并测试
[root@localhost named]# systemctl restart named
[root@localhost named]# dig -x 172.25.254.141
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.141
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61540 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;141.254.25.172.in-addr.arpa. IN PTR
;; AUTHORITY SECTION: 254.25.172.in-addr.arpa. 10800 IN SOA dns.test.com. root.test.com. 0 86400 3600 604800 10800 ;; Query time: 0 msec ;; SERVER: 172.25.254.141#53(172.25.254.141) ;; WHEN: Wed May 23 04:52:51 EDT 2018 ;; MSG SIZE rcvd: 109
3、DNS双向解析
目标:实现内网主机和外网主机访问同一网站域名,定义到不一样服务器 浏览器
1.更改主配置文件
[root@localhost named]# vim /etc/named.conf
| 56 view indns{ 57 match-clients{ 172.25.254.79; }; 58 zone “.” IN { 59 type hint; 60 file “named.ca”; 61 }; 62 63 64 include “/etc/named.rfc1912.zones”; 65 include “/etc/named.root.key”; 66 }; 67 view outdns{ 68 match-clients{ any;}; 69 zone “.” IN { 70 type hint; 71 file “named.ca”; 72 }; 73 include “/etc/named.rfc1912.zones.out”; 74 include “/etc/named.root.key”; 76 }; |
2.编辑DNS子配置文件
[root@localhost named]# cp -p named.localhost testfile.com.out
[root@localhost named]# vim testfile.com.out
| $TTL 1D @ IN SOA dns.test.com root.test.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.test.com. dns A 1.2.6.8 www A 30.60.90.255 |
3.编辑域名文件
[root@localhost named]# cp -p /etc/named.rfc1912.zones
[root@localhost named]# vim /etc/named.rfc1912.zones.out
| /etc/named.rfc1912.zones.out zone “test.com” IN{ type master; file “testfile.com.out”; allow-update{ none; }; }; |
4.开启dns服务并进行检测
[root@localhost named]# systemctl start named
[root@localhost named]# systemctl stop firewalld
DNS服务器:
[root@localhost named]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39949 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.test.com. IN A
;; ANSWER SECTION: www.test.com. 86400 IN A 30.60.90.255 ;; AUTHORITY SECTION: test.com. 86400 IN NS dns.test.com. ;; ADDITIONAL SECTION: dns.test.com. 86400 IN A 1.2.6.8 ;; Query time: 0 msec ;; SERVER: 172.25.254.141#53(172.25.254.141) ;; WHEN: Wed May 23 07:34:47 EDT 2018 ;; MSG SIZE rcvd: 91
客户端:缓存
[root@foundation79 ~]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31642 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.test.com. IN A
;; Query time: 14 msec ;; SERVER: 172.25.254.141#53(172.25.254.141) ;; WHEN: Wed May 23 18:13:12 CST 2018 ;; MSG SIZE rcvd: 41
4、主从DNS配置(集群)
辅助dns能够缓解主dns的压力,当外网主机访问主dns所维护的域名时,均可以看到域名针对外网解析的ip。 ruby
主DNS配置:
1.主配置文件
[root@localhost named]# vim /etc/named.conf
| 11 listen-on port 53 { any; }; … 17 allow-query { any; }; |
2.子配置文件的更新
[root@localhost named]# vim /etc/named.rfc1912.zones.out
| zone “test.com” IN{ type master; file “testfile.com.out”; allow-update{ none; }; also-notify {172.25.254.79; }; }; |
3.传输域名解析文件
[root@localhost named]# scp -p testfile.com.out root@172.25.254.79:/var/named/
testfile.com.out 100% 210 0.2KB/s 00:00
从DNS服务器的部署:
1.安装并开启DNS
[root@foundation79 ~]# yum install bind.x86_64 -y
10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };
[root@foundation79 named]# systemctl start named
[root@foundation79 named]# systemctl stop firewalld
防火墙注意关闭。服务器
2.主配置文件:
[root@foundation79 named]# vim /etc/named.conf
| 11 listen-on port 53 { any; }; … 17 allow-query { any; }; |
3.子配置文件:
[root@foundation79 named]# vim /etc/named.rfc1912.zones
| zone “test.com” IN { type slave; masters { 172.25.254.141; }; file “slave:s/testfile.com.out”; allow-update {none;}; }; |
4.指定DNS服务器
[root@foundation79 named]# echo "nameserver 172.25.254.141" >> /etc/resolv.conf
检验结果:
客户机:app
[root@localhost named]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.test.com
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48749 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.test.com. IN A
;; ANSWER SECTION: www.test.com. 86400 IN A 30.60.90.255 ;; AUTHORITY SECTION: test.com. 86400 IN NS dns.test.com. ;; ADDITIONAL SECTION: dns.test.com. 86400 IN A 1.2.6.8 ;; Query time: 0 msec ;; SERVER: 172.25.254.141#53(172.25.254.141) ;; WHEN: Wed May 23 08:54:01 EDT 2018 ;; MSG SIZE rcvd: 91
启动虚拟机检验主DNS:
[root@localhost ~]# echo "nameserver 172.25.254.79" >> /etc/resolv.conf
[root@localhost ~]# dig www.test.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36063
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 86400 IN A 30.60.90.255
;; AUTHORITY SECTION:
test.com. 86400 IN NS dns.test.com.
;; ADDITIONAL SECTION:
dns.test.com. 86400 IN A 1.2.6.8
;; Query time: 1 msec
;; SERVER: 172.25.254.141#53(172.25.254.141)
;; WHEN: Wed May 23 09:03:46 EDT 2018
;; MSG SIZE rcvd: 91