DNS原理及其配置

DNS----Domain Name System域名系統 

工做原理：

                   

做用： 

1）將域名， 主機名解析成對應的IP地址 正向解析

2）將IP地址解析成對應的主機名，域名        反向解析 

DNS解析方式：

遞歸

客戶端只須要向DNS服務器發送一次請求

迭代

客戶端須要發送屢次DNS請求

區域zone

正向區域xxx.com

反向區域X.X.X.in-addr.arpa  

記錄Record

A記錄主機記錄

www.uplooking.comA192.168.1.1 

NS記錄標識DNS服務器自身的名稱 

                NSdns1.uplooking.com.

dns1.uplooking.comA192.168.1.2

MX記錄標識郵件服務器的名稱 

MX 10mail.uplooking.com. 

mail.uplooking.com.A192.168.1.3

CNAME記錄別名記錄 

m.mail.com.CNAMEmail.uplooking.com. 

PTR記錄反向指針記錄 

192.168.1.1PTRwww.uplooking.com.

部署DNS服務器

軟件： bind, bind-chroot

僞根/var/named/chroot 

/etc/named.conf ------>  /var/named/chroot/etc/named.conf

配置文件：

主配置文件/var/named/chroot/etc/named.conf創建區域

記錄文件/var/named/chroot/var/named/*

服務： named, named-chroot 

端口： 

53/udp負責接收客戶端DNS請求

53/tcp負責主從服務器數據同步

示例：搭建DNS服務器 

web.uplooking.com192.168.1.1網站服務器

ftp.uplooking.com192.168.1.2FTP服務器

mail.uplooking.com192.168.1.3 郵件服務器 

準備工做：

關閉SELinux, 防火牆 

配置YUM源 

1安裝軟件 

[root@localhost ~]# yum install -y bind bind-chroot

2編輯DNS的主配置文件，建立區域uplooking.com 

[root@localhost ~]# vim /var/named/chroot/etc/named.conf

options {

   directory "/var/named";

};

zone "uplooking.com" {

   type master; 

   file "uplooking.com.zone";

};

區域類型：

hint根域

master  主區域

slave從區域

3複製記錄文件的模板，並編輯 

[root@localhost ~]# cp /usr/share/doc/bind-9.8.2/sample/var/named/named.localhost /var/named/chroot/var/named/uplooking.com.zone

[root@localhost ~]# vim /var/named/chroot/var/named/uplooking.com.zone

$TTL 1D

@       IN SOA  uplooking.com. 454452000.qq.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns1.uplooking.com.

dns1    A       192.168.122.105

web     A       192.168.1.1

ftp     A       192.168.1.2

        MX  5   mail.uplooking.com.

mail    A       192.168.1.3                                             

4啓動named服務 

[root@dns ~]# systemctl start named-chroot

[root@dns ~]# systemctl start named

[root@dns ~]# systemctl enable named

Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

[root@dns ~]# systemctl enable named-chroot

Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.

[root@dns ~]# 

[root@dns ~]# ss -antp | grep named

LISTEN     0      10     192.168.122.105:53                       *:*                   users:(("named",pid=2249,fd=21))

[root@dns ~]# ss -anup | grep named

UNCONN     0      0      192.168.122.105:53                       *:*                   users:(("named",pid=2249,fd=513))

5測試 

注意：

配置方法以下： 

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 

# Generated by dracut initrd

NAME="eth0"

ONBOOT=yes

BOOTPROTO=none

TYPE=Ethernet

IPADDR=192.168.122.121

NETMASK=255.255.255.0

GATEWAY=192.168.122.1

DNS1=192.168.122.105

[root@localhost ~]# cat /etc/resolv.conf 

# Generated by NetworkManager

nameserver 192.168.122.105

[root@localhost ~]# 

測試工具：

1) nslookup  

[root@localhost ~]# nslookup 

> server

Default server: 192.168.122.105

Address: 192.168.122.105#53

> 

> web.uplooking.com

Server:192.168.122.105

Address:192.168.122.105#53

Name:web.uplooking.com

Address: 192.168.1.1

> 

> ftp.uplooking.com

Server:192.168.122.105

Address:192.168.122.105#53

Name:ftp.uplooking.com

Address: 192.168.1.2

> 

> mail.uplooking.com

Server:192.168.122.105

Address:192.168.122.105#53

Name:mail.uplooking.com

Address: 192.168.1.3

> exit

2) dig  

# dig -t <TYPE> <host> 

[root@localhost ~]# dig -t A web.uplooking.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A web.uplooking.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39100

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;web.uplooking.com.INA

;; ANSWER SECTION:

web.uplooking.com.86400INA192.168.1.1

;; AUTHORITY SECTION:

uplooking.com.86400INNSdns1.uplooking.com.

;; ADDITIONAL SECTION:

dns1.uplooking.com.86400INA192.168.122.105

;; Query time: 1 msec

;; SERVER: 192.168.122.105#53(192.168.122.105)

;; WHEN: 三 2月 22 11:45:42 CST 2017

;; MSG SIZE  rcvd: 97

利用DNS記錄實現負載均衡效果：

webA192.168.1.1

webA192.168.1.4

泛域名記錄 

uplooking.com.  A       192.168.1.1

*.uplooking.com.A192.168.1.1