bind:服务端工具包,以named帐号来运行此软件
bind-utils:客户端工具包 数据库
/etc/named.conf ##全局配置文件
/etc/named.rfc1912.zones ##指定区域配置文件centos
options { listen-on port 53 { 127.0.0.1; }; ##指定IP和端口与主机进行绑定 listen-on-v6 port 53 { ::1; }; ##指定的Ipv6的地址 directory "/var/named"; ##数据库文件的所在位置 dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; }; ##限制查询的主机
options { listen-on port 53 { any; }; ##配置改主机全部ip能够提供解析服务 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; ##配置全部主机能够查询
zone "sunwukong.com" IN { ##指定要解析的域 type master; ##类型为主服务 file "suwukong.zone"; ##指解析域的文件名 };
zone "1.168.192.in-addr.arpa" IN { ##指定反向解析域 type master; file "kongwusun.zone"; ##指定反向解析域的文件名 };
解析域文件的所在位置是/var/named,首先要进入此文件夹中,在其中有对应的模板,能够对照着模板进行改动。ide
[root@localhost ~] cd /var/named/ [root@localhost named] cp -p named.localhost sunwukong.zone ##拷贝正向解析文件模板,且文件名要和区域配置的文件名同样 [root@localhost named] cp -p named.loopback kongwusun.zone ##拷贝方向区域模板
$TTL 1D @ IN SOA ns1.suwukong.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1 ns1 A 192.168.1.19 ftp A 192.168.1.20 smb A 192.168.1.21
$TTL 1D @ IN SOA ns1.sunwukong.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.sunwukong.com. 19 PTR ns1.sunwukong.com. 20 PTR ftp.sunwukong.com. 21 PTR smb.sunwukong.com.
用named-checkzone检查配置文件是否存在错误工具
[root@localhost named] named-checkzone sunwukong.com sunwukong.zone ##检查正向解析文件 zone sunwukong.com/IN: loaded serial 0 OK
[root@localhost named] named-checkzone 1.168.192.in-addr.arpa kongwusun.zone ##检查方向配置文件是否存在错误 zone 1.168.192.in-addr.arpa/IN: loaded serial 0 OK
都检查无误后,便可启动服务,若是没有任何错误,则启动服务时没有任何提示(仅限centos7,centos6上启动服务成功后会有成功的提示)
systemctl start named ##centos7上启动
service start named ##centos6上启动oop
能够用多个命令来进行域名解析,如nslookup,host,dig等,下面用dig命令来演示DNS的解析服务测试
[root@localhost named]# dig -t ns sunwukong.com @192.168.1.19 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t ns sunwukong.com @192.168.1.19 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14217 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;sunwukong.com. IN NS ;; ANSWER SECTION: sunwukong.com. 86400 IN NS ns1.sunwukong.com. ##查询到的ns记录 ;; ADDITIONAL SECTION: ns1.sunwukong.com. 86400 IN A 192.168.1.19 ##查询到的ns记录的IP地址 ;; Query time: 0 msec ;; SERVER: 192.168.1.19#53(192.168.1.19) ;; WHEN: Mon Apr 22 22:35:43 EDT 2019 ;; MSG SIZE rcvd: 76
[root@localhost named]# dig -t A ftp.sunwukong.com @192.168.1.19 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A ftp.sunwukong.com @192.168.1.19 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36554 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ftp.sunwukong.com. IN A ;; ANSWER SECTION: ftp.sunwukong.com. 86400 IN A 192.168.1.20 ##查询到的IP地址 ;; AUTHORITY SECTION: sunwukong.com. 86400 IN NS ns1.sunwukong.com. ;; ADDITIONAL SECTION: ns1.sunwukong.com. 86400 IN A 192.168.1.19 ;; Query time: 0 msec ;; SERVER: 192.168.1.19#53(192.168.1.19) ;; WHEN: Mon Apr 22 22:54:42 EDT 2019 ;; MSG SIZE rcvd: 96
[root@localhost named]# dig -x 192.168.1.19 @192.168.1.19 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -x 192.168.1.19 @192.168.1.19 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6464 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;19.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 19.1.168.192.in-addr.arpa. 86400 IN PTR ns1.sunwukong.com. ##查询到反向域的ns的域名 ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS ns1.sunwukong.com. ;; ADDITIONAL SECTION: ns1.sunwukong.com. 86400 IN A 192.168.1.19 ;; Query time: 0 msec ;; SERVER: 192.168.1.19#53(192.168.1.19) ;; WHEN: Mon Apr 22 22:59:25 EDT 2019 ;; MSG SIZE rcvd: 115
[root@localhost named]# dig -x 192.168.1.20 @192.168.1.19 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -x 192.168.1.20 @192.168.1.19 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52555 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;20.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 20.1.168.192.in-addr.arpa. 86400 IN PTR ftp.sunwukong.com. ##查询到IP地址的域名 ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS ns1.sunwukong.com. ;; ADDITIONAL SECTION: ns1.sunwukong.com. 86400 IN A 192.168.1.19 ;; Query time: 0 msec ;; SERVER: 192.168.1.19#53(192.168.1.19) ;; WHEN: Mon Apr 22 23:24:55 EDT 2019 ;; MSG SIZE rcvd: 119
编辑配置文件/etc/named.conf,指定可查询的主机的IP地址centos7
options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { 192.168.1.35; }; ##指定主机IP
重启服务,并用192.168.1.35的主机进行测试code
[root@localhost named]# dig -t A ftp.sunwukong.com @192.168.1.19 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A ftp.sunwukong.com @192.168.1.19 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 249 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ftp.sunwukong.com. IN A ;; ANSWER SECTION: ftp.sunwukong.com. 86400 IN A 192.168.1.20 ;; AUTHORITY SECTION: sunwukong.com. 86400 IN NS ns1.sunwukong.com. ;; ADDITIONAL SECTION: ns1.sunwukong.com. 86400 IN A 192.168.1.19 ;; Query time: 0 msec ;; SERVER: 192.168.1.19#53(192.168.1.19) ;; WHEN: Mon Apr 22 23:31:19 EDT 2019 ;; MSG SIZE rcvd: 96
从结果中看到该主机能够查询,那么用主机IP为192.168.1.20的进行查询,看是否可以查询成功ip
[root@localhost ~]# dig -t A ftp.sunwukong.com @192.168.1.19 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A ftp.sunwukong.com @192.168.1.19 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 36738 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ftp.sunwukong.com. IN A ;; Query time: 2 msec ;; SERVER: 192.168.1.19#53(192.168.1.19) ;; WHEN: Mon Apr 22 23:33:41 EDT 2019 ;; MSG SIZE rcvd: 46
编辑配置文件/etc/named.conf,指定可查询的网段cmd
options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { 192.168.1.1/24; }; ##指定可查询的网段
改动配置文件后重启服务,拿刚才没法查询,IP为192.168.1.20的主机进行测试,看可否查询
[root@localhost ~]# dig -t A ftp.sunwukong.com @192.168.1.19 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A ftp.sunwukong.com @192.168.1.19 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16118 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ftp.sunwukong.com. IN A ;; ANSWER SECTION: ftp.sunwukong.com. 86400 IN A 192.168.1.20 ##查看该域名的IP地址 ;; AUTHORITY SECTION: sunwukong.com. 86400 IN NS ns1.sunwukong.com. ;; ADDITIONAL SECTION: ns1.sunwukong.com. 86400 IN A 192.168.1.19 ;; Query time: 0 msec ;; SERVER: 192.168.1.19#53(192.168.1.19) ;; WHEN: Mon Apr 22 23:36:17 EDT 2019 ;; MSG SIZE rcvd: 96