完整主機名(FQDN):Fully Qualified Domain Namebash
正解:從主機名查詢到IP的流程服務器
反解:從IP反解析到主機名的流程dom
區域:每一個領域的記錄tcp
SOA(Start of Authority):,開始驗證測試
NS(NameServer):名稱服務器spa
A(Address): 地址.net
能夠使用dig +trace命令來查看域名查詢的整個過程調試
DNS 第一次查詢使用UDP端口53來查詢,若是第一次失敗,則使用TCP端口53查詢,因此防火牆須要開啓53端口。rest
wget https://www.isc.org/downloads/file/bind-9-11-0/?version=tar-gz --no-check-certificate
yum install –y gcc yum install –y perl yum install –y openssl yum install –y openssl-devel
tar –zxvf bind-9.11.0.tar.gz –C /opt/tmp
cd /opt/tmp ./configure --prefix=/opt/soft/named --enable-threads --enable-largefile --disable-ipv6 && make && make install
(1)增長bind用戶與組code
groupadd bind
useradd -g bind -d /opt/soft/named -s /sbin/nologin bind
cd /otp/soft/named/ sbin/rndc-confgen > etc/rndc.conf #生成rndc控制命令的Key文件 #若沒法生成,解決方案,手動添加一個random文件 vi /opt/soft/random asdkfjalsjdflajsldfjlasjdflajsldfjalsjdflajslfjalsjflasjfl sbin/rndc-confgen -r /opt/soft/random > rndc.key #從rndc.conf中提取named.conf用的key tail -10 etc/rndc.conf | head -9 | sed s/#\ //g > etc/named.conf
vi /opt/soft/named/etc/named.conf options { listen-on port 53 { any; }; directory "/opt/soft/named/var"; pid-file "named.pid"; allow-query { any ;}; dump-file "/usr/local/named/data/cache_dump.db"; statistics-file "/usr/local/named/data/named_stats.txt"; forwarders {202.96.209.5;114.114.114.114;}; recursion yes; }; zone "." IN { Type hint; File "named.root"; }; Zone "localhost" IN { type master; file "localhost.zone"; allow-update {none;}; }; Zone "0.0.127.in-addr.arpa" IN { type master; file "localhost.rev"; allow-update {none;}; }; zone "eye.com" IN { type master; file "eye.com.zone"; allow-update {none;}; }; zone "111.168.192.in-add.arpa" IN { type master; file "111.168.192.in-add.arpa"; allow-update {none;}; };
(1)創建named.root文件
wget ftp://ftp.rs.internic.net/domain/named.root 或者本身生成 dig @a.root-servers.net . ns > named.root
(2)創建localhsot.zone文件
$TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1
(3)創建localhost.rev文件
N SOA localhost. root.localhost. ( 1; serial 3600; refresh every hour 900; retry every 15 minutes 3600000; expire 1000 hours 3600); minimun 1 hour IN NS localhost. 1 IN PTR localhost.
(4)創建eye.com.zone文件
$TTL 86400 @ IN SOA dns.eye.com. root.localhost ( 2 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) IN NS dns.eye.com. IN A 192.168.111.111 www IN A 192.168.111.111 ntp IN A 192.168.132.191 waffle IN A 192.168.132.199 nfs IN A 192.168.111.206 ftp.nas IN A 192.168.111.207 mongotest IN A 192.168.111.113 mongo1 IN A 192.168.132.190 mongo2 IN A 192.168.132.189 mongo3 IN A 192.168.132.188 openldap-a IN A 192.168.132.191 dns IN A 192.168.111.111
(5)創建111.168.192.in-add.arpa文件
$TTL 86400 @ IN SOA dns.eye.com. root.eye.com. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS dns.eye.com. 111 IN PTR www.eye.com. 191 IN PTR ntp.eye.com. 199 IN PTR waffle.eye.com. 206 IN PTR nfs.eye.com. 207 IN PTR ftp.nas.eye.com. 113 IN PTR mongotest.eye.com. 190 IN PTR mongo1.eye.com. 189 IN PTR mongo2.eye.com. 188 IN PTR mongo3.eye.com. 191 IN PTR openldap-a.eye.com.
/opt/soft/named/sbin/named -gc /opt/soft/named/etc/named.conf -u bind &
/usr/local/named/sbin/rndc status
#若修改配置信息,以下命令可重啓
/opt/soft/named/sbin/rndc reload
vi /etc/sysconfig/network-scripts/ifcfg-eth0 DNS1=192.168.111.111 DNS2=202.96.209.5
#!/bin/bash # named a network name service. # chkconfig: 345 35 75 # description: a name server if [ `id -u` -ne 0 ] then echo "ERROR:For bind to port 53,must run as root." exit 1 fi case "$1" in start) if [ -x /opt/soft/named/sbin/named ]; then /opt/soft/named/sbin/named -c /opt/soft/named/etc/named.conf -u bind && echo . && echo 'BIND9 server started' fi
;;
stop) kill `cat /opt/soft/named/var/named.pid` && echo . && echo 'BIND9 server stopped' ;;
restart) echo . echo "Restart BIND9 server" $0 stop sleep 10 $0 start ;; reload) /opt/soft/named/sbin/rndc reload ;;
status) /opt/soft/named/sbin/rndc status ;;
*) echo "$0 start | stop | restart |reload |status" ;; esac
(2)修改權限,增長到服務項
chmod 755 /etc/rc.d/init.d/named chkconfig --add named service named start
dig @127.0.0.1 dns.eye.com
iptables -A INPUT -p udp -s 0/0 --dport 53 -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT