Linux DNS正向解析和反向解析配置实例(一)
示例:建立正向反向解析区域为ning.com
在下面的配置中,有详细的解析配置:
1、配置文件的内容设置
#vim /etc/named/named.conf
options {
// listen-on port 53 { 127.0.0.1; };----------必须监听在可以和外部通信的一个地址上可以指定,注意书写格式。(注释//掉是监听到所有的53号端口上)
//listen-on-v6 port 53 { ::1; };--------------IPV6的监听地址(注释//监听到所有的53号端口上)
directory "/var/named";---------------------指定解析库位置,默认查找的位置
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };----------------------允许谁来查询
recursion yes;-------------------是否运行递归
//dnssec-enable yes;----------监视安全
//dnssec-validation yes;------监视安全
//dnssec-lookaside auto;-----监视安全
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.iscdlv.key";
//managed-keys-directory "/var/named/dynamic";
};
logging {------------------------------指定日志文件
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {-----------------------指定区域
type hint;-------------指定服务器类型虚拟DNS
file "named.ca";-------------指定解析库名字
};
include "/etc/named.rfc1912.zones";--------------包含配置文件/etc/named.rfc1912.zones
//include "/etc/named.root.key";
---------------------------------------------------------------------
正向解析:
[root@localhost etc]# vim /etc/named.rfc1912.zones -------这个配置文件的内容也可以在/etc/named.conf中添加
zone "ning.com." IN {
type master;
file "ning.com.zone";------这个文件是指定解析库/var/named/ning.com.zone要自己创建
allow-update { none; };
};
[root@localhost named]# named-checkconf ------检查配置文件有没有错误
反向解析:
[root@localhost etc]# vim /etc/named.rfc1912.zones
zone "3.16.172.in-addr.arpa." IN {
type master;
file "172.16.3.zone";
};
[root@localhost named]# named-checkconf ------检查配置文件有没有错误
2、解析库的配置
正向解析库:
[root@localhost etc]# vim /var/named/ning.com.zone (这个文件的权限为644、属组为named)
$TTL 3600--------------------------------------------------定义统一的缓存时长3600秒
@ IN SOA ns.ning.com. ning.qq.com. (----------------必须是第一条
20140804-------------解析库的序列号
2H-------------周期性同步的时间间隔
10M-----------重试的时间间隔
7D------------过期时长
7D )--------------否定答案的统一缓存时长
@ IN NS ns.ning.com.-------@可以省略,默认是上面的@(当前区域的区域名称)
@ IN MX 10 mail.ning.com.----@可以省略,默认是上面的@
ns.ning.com. A 172.16.3.1
mail.ning.com. A 172.16.3.3
www.ning.com. A 172.16.3.4
qq.ning.com. A 172.16.3.5
hong.ning.com. CNAME mail.ning.com.
反向解析库:
$TTL 3600
@ IN SOA ns.ning.com. ning.qq.com. (
20140804
2H
10M
7D
7D )
IN NS ns.ning.com.
1.3.16.172.in-addr.arpa. IN PTR ns.ning.com.
3.3.16.172.in-addr.arpa. IN PTR mail.ning.com.
4.3.16.172.in-addr.arpa. IN PTR
www.ning.com.
5.3.16.172.in-addr.arpa. IN PTR qq.ning.com.
~
检查配置文件和解析库得命令
[root@localhost named]# chown :named ning.com.zone ----配置属组
[root@localhost named]# chmod 640 ning.com.zone ----配置权限
[root@localhost named]# named-checkzone "ning.com" ning.com.zone ------检查下区域库配置文件
zone ning.com/IN: loaded serial 20140804
OK
[root@localhost named]# chown :named 172.16.3.zone
[root@localhost named]# chmod 640 172.16.3.zone
[root@localhost named]# named-checkzone "3.16.172.in-addr.arpa." /var/named/172.16.3.zone
zone 3.16.172.in-addr.arpa/IN: loaded serial 20140804
OK
[root@localhost named]# service named configtest----------做完之后统一检查下配置有所错误。
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone ning.com/IN: loaded serial 20140804
--------------------------------------
DNS管理命令:
#service named start---------启用服务
#service named status-----查看状态
version: 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6-----版本
CPUs found: 2----CPU两颗
worker threads: 2---工作线程
number of zones: 20-----zones的数量
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF----查询域
recursive clients: 0/0/1000-----最多1000个客户端
tcp clients: 0/100----区域传递的客户端
server is up and running----正在运行
named (pid 4386) is running...
#named-checkconf-------检查named配置有没有错误
#named-checkzone "ning.com" /var/named/ning.com.zone -----检查区域配置文件
#service named configtest ------检查named配置有没有错误
#service named status----查看named状态
#service named reload重新加载配置文件,不用重启服务
----------------------------------------------------------
域配置文件的写作方式:
正向解析:
[root@localhost named]# cat ning.com.zone
$TTL 3600
$ORIGIN ning.com.
@ IN SOA ns.ning.com. ning.qq.com. (
20140804
2H
10M
7D
7D )
IN NS ns
IN MX 10 mail
ns IN A 172.16.3.1
mail IN A 172.16.3.3
www IN A 172.16.3.4
qq IN A 172.16.3.5
hong IN CNAME mail
反向解析:
[root@localhost named]# cat 172.16.3.zone
$TTL 3600
$ORIGIN 3.16.172.in-addr.arpa.
@ IN SOA ns.ning.com. ning.qq.com. (
20140804
2H
10M
7D
7D )
IN NS ns.ning.com.
1 IN PTR ns.ning.com.
3 IN PTR mail.ning.com.
4 IN PTR
www.ning.com.
5 IN PTR qq.ning.com.
DNS测试工具:
[root@localhost named]# rpm -ql bind-utils----查看自动的测试工具
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
正向解析测试:
(1)host测试
host -t TYPE NAME [SERVER] ----SERVER可以省略省略默认为/etc/resolv.conf下指定的namesrever的地址
[root@localhost named]# host -t A www.ning.com
www.ning.com has address 172.16.3.4
[root@localhost named]# host -t A www.ning.com 172.16.3.1
Using domain server:
Name: 172.16.3.1
Address: 172.16.3.1#53
Aliases:
www.ning.com has address 172.16.3.4
[root@localhost named]# host -t MX ning.com 172.16.3.1
Using domain server:
Name: 172.16.3.1
Address: 172.16.3.1#53
Aliases:
ning.com mail is handled by 10 mail.ning.com.
(2)nslookup测试
[root@localhost etc]# nslookup
> server 172.16.3.1---------------指定DNS服务器地址(不指是本机的IP)
Default server: 172.16.3.1
Address: 172.16.3.1#53
> set type=A------------------------指定类型
> qq.ning.com----------------------输入查询的地址
Server: 172.16.3.1
Address: 172.16.3.1#53
Name: qq.ning.com
Address: 172.16.3.5
> exit--------------------------退出
(3)dig测试
#dig -t TYPE name @server
(1)[root@localhost etc]# dig -t A qq.ning.com @172.16.3.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -t A qq.ning.com @172.16.3.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45652
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1(aa权威解答)
;; QUESTION SECTION:---------------查询问题
;qq.ning.com. IN A
;; ANSWER SECTION:-----------------答案回答
qq.ning.com. 3600 IN A 172.16.3.5
;; AUTHORITY SECTION:--------------权威信息DNS服务器的名称
ning.com. 3600 IN NS ns.ning.com.
;; ADDITIONAL SECTION:-------------补充说明这个DNS服务的地址
ns.ning.com. 3600 IN A 172.16.3.1
;; Query time: 1 msec
;; SERVER: 172.16.3.1#53(172.16.3.1)
;; WHEN: Sat Jul 19 11:35:30 2014
;; MSG SIZE rcvd: 78
(2)[root@localhost named]# dig -t AXFR ning.com @172.16.3.1------测试查看区域是否完成正常使用
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -t AXFR ning.com @172.16.3.1
;; global options: +cmd
ning.com. 3600 IN SOA ns.ning.com. ning.qq.com. 20140804 7200 600 604800 604800
ning.com. 3600 IN NS ns.ning.com.
ning.com. 3600 IN MX 10 mail.ning.com.
hong.ning.com. 3600 IN CNAME mail.ning.com.
mail.ning.com. 3600 IN A 172.16.3.3
ns.ning.com. 3600 IN A 172.16.3.1
qq.ning.com. 3600 IN A 172.16.3.5
www.ning.com. 3600 IN A 172.16.3.4
ning.com. 3600 IN SOA ns.ning.com. ning.qq.com. 20140804 7200 600 604800 604800
;; Query time: 23 msec
;; SERVER: 172.16.3.1#53(172.16.3.1)
;; WHEN: Sat Jul 19 11:40:29 2014
;; XFR size: 9 records (messages 1, bytes 234)
(3)[root@localhost named]# dig -t A www.baidu.com----这命令多次能显示:服务器的负载情况
;; ANSWER SECTION:
www.baidu.com. 370 IN CNAME www.a.shifen.com.
www.a.shifen.com. 257 IN A 61.135.169.125
www.a.shifen.com. 257 IN A 61.135.169.105这条和上面是相互轮换的,,自己可以试下
(4)[root@localhost named]# dig +recurse -t A www.baidu.com-----是否递归查询
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> +recurse -t A www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9232
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
www.a.shifen.com. 300 IN A 61.135.169.125
www.a.shifen.com. 300 IN A 61.135.169.105
;; AUTHORITY SECTION:
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
;; ADDITIONAL SECTION:
ns5.a.shifen.com. 1200 IN A 119.75.219.43
ns2.a.shifen.com. 1200 IN A 180.149.133.241
ns4.a.shifen.com. 1200 IN A 115.239.210.176
ns3.a.shifen.com. 1200 IN A 61.135.162.215
ns1.a.shifen.com. 1200 IN A 61.135.165.224
;; Query time: 161 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Sat Jul 19 11:50:16 2014
;; MSG SIZE rcvd: 260
(5)#dig +trace -t A www.baidu.com---跟踪查询
(6)[root@localhost named]# dig -t NS . --------------------显示根域服务的13个DNS服务器
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11760
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 507600 IN NS d.root-servers.net.
. 507600 IN NS g.root-servers.net.
. 507600 IN NS a.root-servers.net.
. 507600 IN NS m.root-servers.net.
. 507600 IN NS c.root-servers.net.
. 507600 IN NS e.root-servers.net.
. 507600 IN NS j.root-servers.net.
. 507600 IN NS b.root-servers.net.
. 507600 IN NS k.root-servers.net.
. 507600 IN NS h.root-servers.net.
. 507600 IN NS l.root-servers.net.
. 507600 IN NS f.root-servers.net.
. 507600 IN NS i.root-servers.net.
;; ADDITIONAL SECTION:
m.root-servers.net. 598957 IN A 202.12.27.33
m.root-servers.net. 598957 IN AAAA 2001:dc3::35
c.root-servers.net. 598957 IN A 192.33.4.12
c.root-servers.net. 598957 IN AAAA 2001:500:2::c
d.root-servers.net. 598957 IN A 199.7.91.13
d.root-servers.net. 598957 IN AAAA 2001:500:2d::d
k.root-servers.net. 598957 IN A 193.0.14.129
k.root-servers.net. 598957 IN AAAA 2001:7fd::1
f.root-servers.net. 598957 IN A 192.5.5.241
f.root-servers.net. 598957 IN AAAA 2001:500:2f::f
g.root-servers.net. 598957 IN A 192.112.36.4
b.root-servers.net. 598957 IN A 192.228.79.201
b.root-servers.net. 598957 IN AAAA 2001:500:84::b
;; Query time: 1 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Sat Jul 19 11:55:16 2014
;; MSG SIZE rcvd: 508
[root@localhost named]# dig -t NS . @d.root-servers.net.---是最权威根信息的复制到named.ca即可
反向解析测试:
host -t PTR 172.16.3.5 172.16.3.1
dig -x 172.16.3.5 @172.16.3.1
dig -t AXFR 3.16.172.in-addr.arpa @172.16.3.1
[root@ning ~]# dig -x 172.16.3.4 @172.16.3.1
命令比较多,需要耐心看!!下面的几篇博客都是讲解DNS高级应用!!有什么看不懂的给我留言!!
本文出自 “奋斗的人” 博客,请务必保留此出处http://wodemeng.blog.51cto.com/1384120/1536600
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。