DNS解析流程及服務搭建
[TOC]html
DNS解析流程及服務搭建
解析流程
- 以訪問 www.baidu.com 爲例子
- 1.客戶端首先查看本地hosts文件是否存在對應ip
- 2.若是沒有,則向/etc/resolv.conf 文件中指定的DNS解析服務器發起查詢請求
- 3.DNS服務器首先查看本身本地有沒有用緩存,有就直接返回給客戶端,沒有就向根域服務發起請求
- 4.根域服務器收到請求後,告訴DNS服務器去它下面的com域去查詢
- 5.com域服務器收到請求後,讓DNS服務器去它下面的baidu.com去找
- 6.baidu.com服務器收到請求後,發現確實有www主機的ip,因而將對應的ip地址返回給DNS服務器
- 7.DNS服務器收到對應的ip地址後,本身緩存一份,而後發給客戶端
- 8.客戶端再拿這個ip地址去訪問 www.baidu.com
相關知識點
- 資源記錄類型
- SOA 指明起始受權機構,設置超時時間等
- NS 標識哪臺服務器是DNS服務器
- A 存儲域內主機名對應的IP地址
- PTR 存儲IP地址對應的主機名
- MX 域郵件服務器
- CNAME 主機別名
服務搭建
服務器端
1.首先關閉selinux,iptablesnode
setenfore 0 systemctl stop firewalld
上面是臨時關閉,永久關閉以下:linux
sed -ir 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config source /etc/selinux/config systemctl disable firewalld
2.編輯 /etc/named.conf文件vim
listen-on port 53 { any; };#監聽地址和端口
allow-query { any; }; #容許來解析的主機
dnssec-enable no;#關閉dns安全檢查
3.修改/etc/named.rfc1912.zones 定義正反解解區域,增長如下內容緩存
#正解
zone "pl.com" IN {
type master;
file "named.pl.com";
}
#反解
zone "139.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.139";
};
4.建立正解文件/var/named/named.pl.com,反解文件/var/named/named.192.168.139 <font color=red>切記必定要修改全部者及所屬組!!!</font>安全
[root@controller /var/named]# vim named.pl.com
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
dns.pl.com. IN A 192.168.139.105
www.pl.com. IN A 192.168.139.106
[root@controller /var/named]# vim named.192.168.139
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
105 IN PTR dns.pl.com.
106 IN PTR www.pl.com.
[root@controller /var/named]# chown named.named named.pl.com named.192.168.139
5.重啓服務便可服務器
systemctl restart named
客戶端
1.用dig命令測試測試
#正解 [root@controller /var/named]# dig dns.pl.com @192.168.139.105 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> dns.pl.com @192.168.139.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34409 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dns.pl.com. IN A ;; ANSWER SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; AUTHORITY SECTION: pl.com. 86400 IN NS dns.pl.com. ;; Query time: 0 msec ;; SERVER: 192.168.139.105#53(192.168.139.105) ;; WHEN: Wed Feb 20 22:13:17 CST 2019 ;; MSG SIZE rcvd: 69 #反解 [root@controller /var/named]# dig -x 192.168.139.106 @192.168.139.105 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.139.106 @192.168.139.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34174 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;106.139.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 106.139.168.192.in-addr.arpa. 86400 IN PTR www.pl.com. ;; AUTHORITY SECTION: 139.168.192.in-addr.arpa. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 0 msec ;; SERVER: 192.168.139.105#53(192.168.139.105) ;; WHEN: Wed Feb 20 22:27:57 CST 2019 ;; MSG SIZE rcvd: 115
2.永久指定DNS服務器,則修改/etc/resolv.conf文件spa
[root@node1 ~]# vim /etc/resolv.conf nameserver 192.168.139.105
DNS主從同步
1.在主服務器上修改定義的正反區域,以下rest
[root@controller /var/named]# vim /etc/named.rfc1912.zones
zone "pl.com" IN {
type master;
file "named.pl.com";
allow_transfer { 192.168.139.106; };
};
zone "139.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.139";
allow_transfer { 192.168.139.106; };
};
2.將從服務器的NS記錄加到正反解文件中
[root@controller /var/named]# vim named.pl.com
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
@ IN NS dns1.pl.com
dns.pl.com. IN A 192.168.139.105
www.pl.com. IN A 192.168.139.106
[root@controller /var/named]# vim named.192.168.139
$TTL 1D
@ IN SOA dns.pl.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.pl.com.
@ IN NS dns1.pl.com
105 IN PTR dns.pl.com.
106 IN PTR www.pl.com.
3.從服務器配置 1.修改/etc/named.conf與主一致
listen-on port 53 { any; };#監聽地址和端口
allow-query { any; }; #容許來解析的主機
dnssec-enable no;#關閉dns安全檢查
2.修改定義區域與主服務器一致,type爲slave ,file放在slaves目錄下,正反解無需本身建立,重啓服務後會自動生成
zone "pl.com" IN {
type slave;
file "slaves/named.pl.com";
masters { 192.168.139.105; } ;
};
zone "139.168.192.in-addr.arpa" IN {
type slave;
file "slaves/named.192.168.139";
masters { 192.168.139.105; } ;
};
3.重啓服務便可
systemctl restart named
4.測試
#能夠看到/var/named/slaves自動生成了兩個與主服務器同樣的正反解文件 [root@node1 /var/named/slaves]# ls named.192.168.139 named.pl.com #用dig命令指定從服務器,測試成功 #正解 [root@controller /var/named]# dig www.pl.com @192.168.139.106 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.pl.com @192.168.139.106 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3356 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.pl.com. IN A ;; ANSWER SECTION: www.pl.com. 86400 IN A 192.168.139.106 ;; AUTHORITY SECTION: pl.com. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 3 msec ;; SERVER: 192.168.139.106#53(192.168.139.106) ;; WHEN: Wed Feb 20 22:54:48 CST 2019 ;; MSG SIZE rcvd: 89 #反解 [root@controller /var/named]# dig -x 192.168.139.106 @192.168.139.106 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.139.106 @192.168.139.106 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42659 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;106.139.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 106.139.168.192.in-addr.arpa. 86400 IN PTR www.pl.com. ;; AUTHORITY SECTION: 139.168.192.in-addr.arpa. 86400 IN NS dns.pl.com. ;; ADDITIONAL SECTION: dns.pl.com. 86400 IN A 192.168.139.105 ;; Query time: 0 msec ;; SERVER: 192.168.139.106#53(192.168.139.106) ;; WHEN: Wed Feb 20 22:48:51 CST 2019 ;; MSG SIZE rcvd: 115
<table ><tr><td color=red bgcolor=yellow> 每次主服務器正反解有修改,都要更改設置的序列號serial,而且主從服務器都須要重啓named服務,從服務器才能同步</td></tr><table>
##常見問題
Feb 21 01:24:58 controller named[63486]: zone pl.com/IN: loading from master file named.pl.com failed: permission denied Feb 21 01:24:58 controller named[63486]: zone pl.com/IN: not loaded due to errors.
無權限加載name.pl.com文件,這就是沒有改變正反解文件全部者和所屬組所致使的。 解決辦法:
chown named.named named.pl.com
原文出處:https://www.cnblogs.com/fllf/p/10416431.html
相關文章
- 1. Ubuntu18.04搭建docker的DNS解析服務
- 2. 搭建DNS服務,反向解析ip
- 3. DNS服務搭建
- 4. 搭建DNS服務
- 5. DNS 服務搭建.
- 6. dns服務搭建
- 7. dns服務器搭建及配置測試流程
- 8. centos的DNS服務工作流程及搭建
- 9. DNS解析及DNS服務原理
- 10. centOS7 DNS域名解析服務搭建——正向解析
- 更多相關文章...
- • Git 服務器搭建 - Git 教程
- • XML DOM 解析器 - XML DOM 教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • Flink 數據傳輸及反壓詳解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Ubuntu18.04搭建docker的DNS解析服務
- 2. 搭建DNS服務,反向解析ip
- 3. DNS服務搭建
- 4. 搭建DNS服務
- 5. DNS 服務搭建.
- 6. dns服務搭建
- 7. dns服務器搭建及配置測試流程
- 8. centos的DNS服務工作流程及搭建
- 9. DNS解析及DNS服務原理
- 10. centOS7 DNS域名解析服務搭建——正向解析