分支1-CentOS6.5下 正/反向域名解析之yum安裝/編譯安裝 的教程
本人對DNS的理解:python
-->正向解析與反向解析:數據庫
1)正向解析:vim
正向解析是指域名到IP地址的解析過程。bash
2)反向解析:服務器
反向解析是從IP地址到域名的解析過程;反向解析的做用爲服務器的身份驗證。網絡
-->主從DNS服務器:tcp
主DNS服務器(Master DNS): 數據庫更新由管理員手動完成;ide
輔助DNS服務器 (SlaveDNS):數據庫更新從主服務器或其餘輔助DNS服務器那裏完成;oop
注意:若是您感受內容不理解,那麼請到如下分支查看你所須要的內容:
測試
1. 總結 DNS and BIND: http://xiaomazi.blog.51cto.com/5891742/1376225
2. 分支1- 正/反向域名解析之yum與編譯安裝: http://xiaomazi.blog.51cto.com/5891742/1376228
3. 分支2- 主從DNS服務器: http://xiaomazi.blog.51cto.com/5891742/1376231
4. 分支3- 子域受權、請求轉發: http://xiaomazi.blog.51cto.com/5891742/1377087
5. 分支4- ACL 及 view視圖: http://xiaomazi.blog.51cto.com/5891742/1377090
1、DNS的經常使用命令:
1.測試解析命令.
1). dig命令:
# dig [-t type] [-x addr] [name] [@server]
+[no]trace-->(跟蹤解析過程)
+[no]recurse-->(是否使用遞歸的方式)
+[no]tcp -->(是否使用tcp查詢,而不使用udp)
+[no]question-->(是否隱藏問題)
+[no]answer-->(是否隱藏答案)
+[no]authority-->(是否隱藏權威段)
+[no]additional-->(是否隱藏附加段)
2). host命令:
# host [-t type] {name} [server]
例子:
[root@localhost ~]# host -t MX xiaoma.com xiaoma.com mail ishandled by 10mail.xiaoma.com. [root@localhost ~]#
3). nslookup命令(交互式的命令):
nslookup>
server DNS_SERVER_IP
set q=TYPE
{name}
例子:
[root@localhost ~]# nslookup > setq=A > www.xiaoma.com Server:172.16.17.202 Address:172.16.17.202#53 Name:www.xiaoma.com Address: 172.16.17.203 >
2.啓動/重加載命令:
1).啓動命令:
# named -u named
# servcice named start(這個可能會依賴rndc.key的)
2).重載命令:
# service named reload
# killall -1 named
# killall named(關閉)
3.測試語法錯誤:
# service named configtest
# named-checkconf
# named-checkzone "xiaoma.com" /var/named/xiaoma.com.zone
2、bind的基本使用:
一、正向解析配置:
第一種:手動建立配置文件及區域文件:
前提:
掛載光盤: [root@xiaoma ~]# mkdir /media/cdrom [root@xiaoma ~]# mount /dev/cdrom /media/cdrom/ mount: block device /dev/sr0 iswrite-protected, mounting read-only 配置本地yum源: [root@xiaoma ~]# cd /etc/yum.repos.d/ [root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak [root@xiaoma yum.repos.d]# vim media.repo [media] name=media baseurl=file:///media/cdrom enabled=1 gpgcheck=0
1).將準備好的bind包安裝:
[root@localhost ~]# yum -y install bind
2).注意: 這裏沒有使用源配置文件,而是手動寫配置文件:
[root@localhost etc]# mv /tmp/named.conf /etc/named.conf.origin
3).新建編輯配置文件/etc/named.conf:
4).配置區域文件(這裏是系統自帶的哦):
⑴編輯/var/named/named.loopback文件(若是是新建的文件要修改其相關屬性):
[root@localhost ~]# vim /var/named/named.loopback $TTL 1D @ IN SOA @ rname.invalid. ( 0; serial 1D; refresh 1H; retry 1W; expire 3H) ; minimum NS @ A 127.0.0.1 AAAA ::1 PTR localhost.
⑵編輯/var/named/named.localhost文件(若是是新建的文件要修改其相關屬性):
[root@localhost ~]# vim /var/named/named.localhost $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1
⑶編輯/var/named/xiaoma.com.zone文件(手動建立):
5).修改named.conf屬性:
[root@localhost named]# chown root:named /var/named/xiaoma.com.zone [root@localhost named]# chmod 640 /var/named/xiaoma.com.zone [root@localhost etc]# chown root:named /etc/named.conf [root@localhost etc]# chmod --reference=/etc/named.conf.origin /etc/named.conf(1)-->注意:這個(1)和(2)是同樣的. [root@localhost etc]# chmod 640 /etc/named.conf(2)
6).啓動測試語法/手動測試語法的使用:
第一:啓動時測試: [root@localhost etc]# service named configtest zone localhost/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 第二:手動測試: [root@localhost etc]# named-checkconf [root@localhost etc]# 區域文件是系統自帶的,我這裏就沒有必要檢查語法了吆. root@localhost named]# named-checkzone "xiaoma.com"/var/named/xiaoma.com.zone zone xiaoma.com/IN: loaded serial 2014031301 OK [root@localhost named]#
7).啓動named服務:
[root@localhost etc]# service named start-->啓動時須要產生隨機數. Generating /etc/rndc.key: [root@localhost etc]# --> 若是這裏啓動不了就使用下面的這個命令:以root的身份啓動,啓動後以named用戶執行. [root@localhost etc]# named -u named
8).使用dig命令測試(這裏介紹了下面毫不會介紹):
2.正向解析配置:
第二種:直接修改配置文件及區域文件:
前提:
掛載光盤: [root@xiaoma ~]# mkdir /media/cdrom [root@xiaoma ~]# mount /dev/cdrom /media/cdrom/ mount: block device /dev/sr0 iswrite-protected, mounting read-only 配置本地yum源: [root@xiaoma ~]# cd /etc/yum.repos.d/ [root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak [root@xiaoma yum.repos.d]# vim media.repo [media] name=media baseurl=file:///media/cdrom enabled=1 gpgcheck=0
1).將準備好的bind包安裝:
[root@localhost ~]# yum -y install bind
2).修改配置文件:named.conf:
注意:
這裏只是把註釋的內容貼出來了:
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
// allow-query { localhost; };
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
//include "/etc/named.root.key";
3).修改區域文件/etc/named.rfc1912.zones:
在文章尾部添加:
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "xiaoma.com"{
typemaster;
file"xiaoma.com.zone";
};
4).修改其屬性:
[root@localhost named]# chmod 640 /var/named/xiaoma.com.zone [root@localhost named]# chown root:named /var/named/xiaoma.com.zone [root@localhost named]# named-checkconf [root@localhost named]# named-checkzone "xiaoma.com" /var/named/xiaoma.com.zone
5).啓動服務/從新加載服務:
[root@localhost named]# named -u named [root@localhost named]# service named reload [root@localhost named]# killall -1 named
6).測試解析:
[root@localhost ~]# dig -t MX xiaoma.com [root@localhost ~]# dig -t CNAME pop.xiaoma.com [root@localhost ~]# dig -t MX xiaoma.com [root@localhost ~]# dig -t CNAME pop.xiaoma.com [root@localhost ~]# dig -t CNAME ftp.xiaoma.com [root@localhost ~]# dig -t A www.xiaoma.com [root@localhost ~]# dig -t NS xiaoma.com [root@localhost ~]# dig -t NS xiaoma.com @172.16.17.202 [root@localhost ~]# dig -t A mail.xiaoma.com
--->咱們以它來測試查詢 mail 的 A 記錄:
上下圖片對比:
6).使用 +trace 跟蹤解析過程(要連上網絡的吆):
接上面的環境基礎(2.正向解析配置:):
3.配置反向解析:
1).定義區域文件/etc/named.rfc1912.zones:
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "17.16.172.in-addr.arpa"{
typemaster;
file"172.16.17.zone";
};
2).建立區域文件172.16.17.zone:
複製文件保持屬組及權限: [root@localhost named]# cp -p xiaoma.com.zone 172.16.17.zone
3).編輯區域文件172.16.17.zone:
4).啓動測試語法/從新加載:
5).測試解析:
接上,其它解析:
[root@localhost named]# dig -x 172.16.17.204 [root@localhost named]# dig -x 172.16.17.203
6).host命令測試解析:
3、編譯安裝bind及應用:
>>>編譯安裝named(bind-9.9.5):
前提:配置好開發環境,安裝包組(yum安裝).
掛載光盤: [root@xiaoma ~]# mkdir /media/cdrom [root@xiaoma ~]# mount /dev/cdrom /media/cdrom/ mount: block device /dev/sr0 iswrite-protected, mounting read-only 配置本地yum源: [root@xiaoma ~]# cd /etc/yum.repos.d/ [root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak [root@xiaoma yum.repos.d]# vim media.repo [media] name=media baseurl=file:///media/cdrom enabled=1 gpgcheck=0 安裝開發包組: [root@xiaoma ~]# yum grouplist | grep Development Desktop Platform Development Development tools Server Platform Development [root@xiaoma ~]# yum -y groupinstall "Server Platform Development" "Desktop Platform Development" "Development tools"
一、下載源代碼,編譯安裝:
1).將準備好的源碼包解壓並編譯安裝:
[root@xiaoma tmp]# tar xf bind-9.9.5.tar.gz [root@xiaoma tmp]# cd bind-9.9.5 [root@xiaoma bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot root@xiaoma bind-9.9.5]# make root@xiaoma bind-9.9.5]# make install
2.建立主配置文件/etc/named/named.conf:
3.建立區域數據文件:
① 建立/var/named/named.ca :
[root@xiaoma ~]# mkdir /var/named [root@xiaoma ~]# cd /var/named/ [root@xiaoma named]# dig -t NS . @172.16.0.1 > named.ca
② 建立/var/named/named.loopback :
[root@xiaoma named]# vim named.loopback $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2014031101 2H 10M 7D 1D) IN NS localhost. 1IN PTR localhost.
③ 建立/var/named/named.localhost :
[root@xiaoma named]# vim named.localhost $TTL 86400 @ IN SOA localhost. admin.localhost. ( 2014031101 2H 10M 7D 1D) IN NS localhost. localhost. IN A 127.0.0.1
④而後建立/var/named/xiaoma.com.zone文件:
[root@xiaoma named]# vim /var/named/xiaoma.com.zone $TTL 86400 @ IN SOA dns.xiaoma.com. dnsadmin.xiaoma.com. ( 2014031101 2H 10M 3D 1D) IN NS dns IN MX 10mail dns IN A 172.16.17.202 mail IN A 172.16.17.202 www IN A 172.16.17.1
4.建立系統用戶,且測試啓動:
① 建立用戶:
[root@xiaoma ~]# groupadd -g 53 -r named [root@xiaoma ~]# useradd -g named -r named [root@xiaoma ~]# id named uid=496(named) gid=53(named) groups=53(named) [root@xiaoma ~]# ls /home/
② 賦予相應屬性:
[root@xiaoma named]# chmod 640 /etc/named/named.conf /var/named/* [root@xiaoma named]# chown root:named /etc/named/* /var/named/*
③ 設置PATH變量:
[root@xiaoma named]# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh [root@xiaoma named]# cat /etc/profile.d/named.sh [root@xiaoma named]# source /etc/profile.d/named.sh
④ 檢查語法:
[root@xiaoma ~]# named-checkconf [root@xiaoma ~]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback zone 0.0.127.in-addr.arpa/IN: loaded serial 2014031101 OK [root@xiaoma ~]# named-checkzone "localhost" /var/named/named.localhost zone localhost/IN: loaded serial 2014031101 OK [root@xiaoma named]# named-checkzone "xiaoma.com" xiaoma.com.zone zone xiaoma.com/IN: loaded serial 2014031101 OK [root@xiaoma ~]# killall -1 named
⑤ 測試啓動並查看端口:
[root@xiaoma named]# named -u named [root@xiaoma named]# ss -tunl
⑥測試解析A記錄:
[root@localhost named]# dig -t A www.xiaoma.com @172.16.17.202 ; <<>> DiG 9.9.5<<>> -t A www.xiaoma.com @172.16.17.202 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49273 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.xiaoma.com. IN A ;; ANSWER SECTION: www.xiaoma.com. 86400IN A 172.16.17.1 ;; AUTHORITY SECTION: xiaoma.com. 86400IN NS dns.xiaoma.com. ;; ADDITIONAL SECTION: dns.xiaoma.com. 86400IN A 172.16.17.202 ;; Query time: 0msec ;; SERVER: 172.16.17.202#53(172.16.17.202) ;; WHEN: Fri Mar 0701:37:43CST 2014 ;; MSG SIZE rcvd: 93 [root@localhost named]#
5.提供服務腳本,並賦予權限:
1).腳本:
[root@xiaoma ~]# vim /etc/rc.d/init.d/named
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions] && . /etc/rc.d/init.d/functions
start() {
if[ -e $lockFile ]; then
echo"named is already running..."
exit0
fi
echo-n "Starting named:"
daemon --pidfile "$pidFile"/usr/local/bind9/sbin/named-u named -c "$confFile"
RETVAL=$?
echo
if[ $RETVAL -eq0 ]; then
touch$lockFile
return$RETVAL
else
rm-f $lockFile $pidFile
return1
fi
}
stop() {
if[ ! -e $lockFile ]; then
echo"named is stopped."
# exit 0
fi
echo-n "Stopping named:"
killproc named
RETVAL=$?
echo
if[ $RETVAL -eq0 ];then
rm-f $lockFile $pidFile
return0
else
echo"Cannot stop named."
failure
return1
fi
}
restart() {
stop
sleep2
start
}
reload() {
echo-n "Reloading named: "
killproc named -HUP
#killall -HUP named
RETVAL=$?
echo
return$RETVAL
}
status() {
ifpidof named &> /dev/null; then
echo-n "named is running..."
success
echo
else
echo-n "named is stopped..."
success
echo
fi
}
usage() {
echo"Usage: named {start|stop|restart|status|reload}"
}
case$1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
exit4
;;
esac
2).賦予相應屬性:
[root@xiaoma ~]# chkconfig --add named [root@xiaoma ~]# chkconfig --list named named 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@xiaoma ~]# killall named -->關閉named [root@xiaoma ~]# chmod +x /etc/rc.d/init.d/named [root@xiaoma ~]# service named start Starting named: [ OK ]
A smile is the most beautiful language!!!
以本人的理解而寫出博客,如如有錯誤,歡迎指出.
---->小馬子
- 1. 【運維技術】Nginx安裝教程(yum安裝,源碼編譯)
- 2. mysql用yum安裝and編譯安裝
- 3. centos7下vim8.1的編譯安裝教程
- 4. linux軟件安裝(rpm安裝 、編譯安裝、yum安裝)
- 5. 編譯安裝詳解和rpm和yum
- 6. lnmp編譯安裝教程
- 7. Squid正向代理(編譯安裝)
- 8. IPv6域名的正向解析和反向解析(bind)
- 9. LNMP編譯安裝教程
- 10. linux下的軟件安裝方式(rpm,yum,編譯安裝)
- 更多相關文章...
- • Wireshark下載安裝和使用教程 - TCP/IP教程
- • ionic 安裝 - ionic 教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
-
每一个你不满意的现在,都有一个你没有努力的曾经。