DNS解析流程及服务搭建
[TOC]html
DNS解析流程及服务搭建
解析流程
- 以访问 www.baidu.com 为例子
- 1.客户端首先查看本地hosts文件是否存在对应ip
- 2.若是没有,则向/etc/resolv.conf 文件中指定的DNS解析服务器发起查询请求
- 3.DNS服务器首先查看本身本地有没有用缓存,有就直接返回给客户端,没有就向根域服务发起请求
- 4.根域服务器收到请求后,告诉DNS服务器去它下面的com域去查询
- 5.com域服务器收到请求后,让DNS服务器去它下面的baidu.com去找
- 6.baidu.com服务器收到请求后,发现确实有www主机的ip,因而将对应的ip地址返回给DNS服务器
- 7.DNS服务器收到对应的ip地址后,本身缓存一份,而后发给客户端
- 8.客户端再拿这个ip地址去访问 www.baidu.com
相关知识点
- 资源记录类型
- SOA 指明起始受权机构,设置超时时间等
- NS 标识哪台服务器是DNS服务器
- A 存储域内主机名对应的IP地址
- PTR 存储IP地址对应的主机名
- MX 域邮件服务器
- CNAME 主机别名
服务搭建
服务器端
1.首先关闭selinux,iptablesnode
setenfore 0 systemctl stop firewalld
上面是临时关闭,永久关闭以下:linux
sed -ir 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config source /etc/selinux/config systemctl disable firewalld
2.编辑 /etc/named.conf文件vim
listen-on port 53 { any; };#监听地址和端口
allow-query { any; }; #容许来解析的主机
dnssec-enable no;#关闭dns安全检查
3.修改/etc/named.rfc1912.zones 定义正反解解区域,增长如下内容缓存
#正解
zone "pl.com" IN {
type master;
file "named.pl.com";
}
#反解
zone "139.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.139";
};
4.建立正解文件/var/named/named.pl.com,反解文件/var/named/named.192.168.139 <font color=red>切记必定要修改全部者及所属组!!!</font>安全
[root@controller /var/named]# vim named.pl.com
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
dns.pl.com. IN A 192.168.139.105
www.pl.com. IN A 192.168.139.106
[root@controller /var/named]# vim named.192.168.139
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
105 IN PTR dns.pl.com.
106 IN PTR www.pl.com.
[root@controller /var/named]# chown named.named named.pl.com named.192.168.139
5.重启服务便可服务器
systemctl restart named
客户端
1.用dig命令测试测试
#正解 [root@controller /var/named]# dig dns.pl.com @192.168.139.105 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> dns.pl.com @192.168.139.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34409 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dns.pl.com. IN A ;; ANSWER SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; AUTHORITY SECTION: pl.com. 86400 IN NS dns.pl.com. ;; Query time: 0 msec ;; SERVER: 192.168.139.105#53(192.168.139.105) ;; WHEN: Wed Feb 20 22:13:17 CST 2019 ;; MSG SIZE rcvd: 69 #反解 [root@controller /var/named]# dig -x 192.168.139.106 @192.168.139.105 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.139.106 @192.168.139.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34174 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;106.139.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 106.139.168.192.in-addr.arpa. 86400 IN PTR www.pl.com. ;; AUTHORITY SECTION: 139.168.192.in-addr.arpa. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 0 msec ;; SERVER: 192.168.139.105#53(192.168.139.105) ;; WHEN: Wed Feb 20 22:27:57 CST 2019 ;; MSG SIZE rcvd: 115
2.永久指定DNS服务器,则修改/etc/resolv.conf文件spa
[root@node1 ~]# vim /etc/resolv.conf nameserver 192.168.139.105
DNS主从同步
1.在主服务器上修改定义的正反区域,以下rest
[root@controller /var/named]# vim /etc/named.rfc1912.zones
zone "pl.com" IN {
type master;
file "named.pl.com";
allow_transfer { 192.168.139.106; };
};
zone "139.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.139";
allow_transfer { 192.168.139.106; };
};
2.将从服务器的NS记录加到正反解文件中
[root@controller /var/named]# vim named.pl.com
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
@ IN NS dns1.pl.com
dns.pl.com. IN A 192.168.139.105
www.pl.com. IN A 192.168.139.106
[root@controller /var/named]# vim named.192.168.139
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
@ IN NS dns1.pl.com
105 IN PTR dns.pl.com.
106 IN PTR www.pl.com.
3.从服务器配置 1.修改/etc/named.conf与主一致
listen-on port 53 { any; };#监听地址和端口
allow-query { any; }; #容许来解析的主机
dnssec-enable no;#关闭dns安全检查
2.修改定义区域与主服务器一致,type为slave ,file放在slaves目录下,正反解无需本身建立,重启服务后会自动生成
zone "pl.com" IN {
type slave;
file "slaves/named.pl.com";
masters { 192.168.139.105; } ;
};
zone "139.168.192.in-addr.arpa" IN {
type slave;
file "slaves/named.192.168.139";
masters { 192.168.139.105; } ;
};
3.重启服务便可
systemctl restart named
4.测试
#能够看到/var/named/slaves自动生成了两个与主服务器同样的正反解文件 [root@node1 /var/named/slaves]# ls named.192.168.139 named.pl.com #用dig命令指定从服务器,测试成功 #正解 [root@controller /var/named]# dig www.pl.com @192.168.139.106 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.pl.com @192.168.139.106 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3356 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.pl.com. IN A ;; ANSWER SECTION: www.pl.com. 86400 IN A 192.168.139.106 ;; AUTHORITY SECTION: pl.com. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 3 msec ;; SERVER: 192.168.139.106#53(192.168.139.106) ;; WHEN: Wed Feb 20 22:54:48 CST 2019 ;; MSG SIZE rcvd: 89 #反解 [root@controller /var/named]# dig -x 192.168.139.106 @192.168.139.106 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.139.106 @192.168.139.106 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42659 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;106.139.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 106.139.168.192.in-addr.arpa. 86400 IN PTR www.pl.com. ;; AUTHORITY SECTION: 139.168.192.in-addr.arpa. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 0 msec ;; SERVER: 192.168.139.106#53(192.168.139.106) ;; WHEN: Wed Feb 20 22:48:51 CST 2019 ;; MSG SIZE rcvd: 115
<table ><tr><td color=red bgcolor=yellow> 每次主服务器正反解有修改,都要更改设置的序列号serial,而且主从服务器都须要重启named服务,从服务器才能同步</td></tr><table>
##常见问题
Feb 21 01:24:58 controller named[63486]: zone pl.com/IN: loading from master file named.pl.com failed: permission denied Feb 21 01:24:58 controller named[63486]: zone pl.com/IN: not loaded due to errors.
无权限加载name.pl.com文件,这就是没有改变正反解文件全部者和所属组所致使的。 解决办法:
chown named.named named.pl.com
原文出处:https://www.cnblogs.com/fllf/p/10416431.html
相关文章
- 1. Ubuntu18.04搭建docker的DNS解析服务
- 2. 搭建DNS服务,反向解析ip
- 3. DNS服务搭建
- 4. 搭建DNS服务
- 5. DNS 服务搭建.
- 6. dns服务搭建
- 7. dns服务器搭建及配置测试流程
- 8. centos的DNS服务工作流程及搭建
- 9. DNS解析及DNS服务原理
- 10. centOS7 DNS域名解析服务搭建——正向解析
- 更多相关文章...
- • Git 服务器搭建 - Git 教程
- • XML DOM 解析器 - XML DOM 教程
- • Spring Cloud 微服务实战(三) - 服务注册与发现
- • Flink 数据传输及反压详解
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. python的安装和Hello,World编写
- 2. 重磅解读:K8s Cluster Autoscaler模块及对应华为云插件Deep Dive
- 3. 鸿蒙学习笔记2(永不断更)
- 4. static关键字 和构造代码块
- 5. JVM笔记
- 6. 无法启动 C/C++ 语言服务器。IntelliSense 功能将被禁用。错误: Missing binary at c:\Users\MSI-NB\.vscode\extensions\ms-vsc
- 7. 【Hive】Hive返回码状态含义
- 8. Java树形结构递归(以时间换空间)和非递归(以空间换时间)
- 9. 数据预处理---缺失值
- 10. 都要2021年了,现代C++有什么值得我们学习的?
欢迎关注本站公众号,获取更多信息
相关文章
- 1. Ubuntu18.04搭建docker的DNS解析服务
- 2. 搭建DNS服务,反向解析ip
- 3. DNS服务搭建
- 4. 搭建DNS服务
- 5. DNS 服务搭建.
- 6. dns服务搭建
- 7. dns服务器搭建及配置测试流程
- 8. centos的DNS服务工作流程及搭建
- 9. DNS解析及DNS服务原理
- 10. centOS7 DNS域名解析服务搭建——正向解析