(一)DNS简介:
DNS,全称Domain Name System,即域名解析系统。域名是通过DNS来实现的,每个域名代表一个IP,DNS就是用来在ip地址与域名之间进行转换的服务。
DNS帮助用户在互联网上寻找路径。在互联网上的每一个计算机都拥有一个唯一的地址,称作“IP地址”(即互联网协议地址)
由于IP地址难以记忆,一般用域名来进行管理(ip地址偏重底层,而DNS则偏重于应用层)

1,DNS功能
每个IP地址都可以有一个主机名,主机名由一个或多个字符串组成,字符串之间用小数点隔开。有了主机名,就不要死记硬背每台IP设备的IP地址,只要记住相对直观有意义的主机名就行了。这就是DNS协议所要完成的功能。
主机名到IP地址的映射有两种方式:

1)静态映射,每台设备上都配置主机到IP地址的映射,各设备独立维护自己的映射表,而且只供本设备使用;
2)动态映射,建立一套域名解析系统(DNS),只在专门的DNS服务器上配置主机到IP地址的映射,网络上需要使用主机名通信的设备,首先需要到DNS服务器查询主机所对应的IP地址。
通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。在解析域名时,可以首先采用静态域名解析的方法,如果静态域名解析不成功,再采用动态域名解析的方法。可以将一些常用的域名放入静态域名解析表中,这样可以大大提高域名解析效率。

2,DNS组成:dns由类型,域名,和主机名三部分构成
1).类型:标识此域名的类型,一般常见的有.com,.org, .net , .gov等等
2)域名:域的名称 如baidu ppdai google等等
3)主机名:该域中某台主机的名称,eg:www, ftp, ntp,mail等等

3,DNS的工作原理
以访问www.为例说明(主机为Windows系统)
客户端首先检查本地c:\windows\system32\drivers\etc\host文件,是否有对应的IP地址,若有,则直接访问WEB站点,若无
客户端检查本地缓存信息,若有,则直接访问WEB站点,若无
本地DNS检查缓存信息,若有,将IP地址返回给客户端,客户端可直接访问WEB站点,若无
本地DNS检查区域文件是否有对应的IP,若有,将IP地址返回给客户端,客户端可直接访问WEB站点,若无,
本地DNS根据cache.dns文件中指定的根DNS服务器的IP地址,转向根DNS查询。
根DNS收到查询请求后,查看区域文件记录,若无,则将其管辖范围内.com服务器的IP地址告诉本地DNS服务器
.com服务器收到查询请求后,查看区域文件记录,若无,则将其管辖范围内.xxx服务器的IP地址告诉本地DNS服务器
.xxx服务器收到查询请求后,分析需要解析的域名,若无,则查询失败,若有,返回www.的IP地址给本地服务器
本地DNS服务器将www.的IP地址返回给客户端,客户端通过这个IP地址与WEB站点建立连接

4,DNS客户端
日常使用支持网络的计算机一般都是作为dns客户端使用,应用程序,服务,进程等通过OS底层功能发起对dns服务器查询对指定的域名进行解析。解析以下几种方式来进行:
1). 文件:/etc/hosts , /etc/networks
2). DNS: /etc/resolv.conf
3). NIS:现已被淘汰了
可以通过配置文件/etc/nsswitch.conf控制查询的顺序,hosts: files dns myhostname

5,DNS查询命令:

  1. 使用host命令用于dns查询。host www.baidu.com

    [root@localhost ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 115.239.210.27
www.a.shifen.com has address 115.239.211.112

  2. 使用nslookup命令进行查询。 nslookup www.baidu.com

    [root@localhost ~]# nslookup www.baidu.com
Server:     192.168.1.218
Address:    192.168.1.218#53
Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 115.239.211.112
Name:   www.a.shifen.com
Address: 115.239.210.27
  3. 使用dig命令进行查询(推荐)。dig www.baidu.com 
    [root@localhost ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7129
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com.         IN  A
;; ANSWER SECTION:
www.baidu.com.      545 IN  CNAME   www.a.shifen.com.
www.a.shifen.com.   248 IN  A   61.135.169.125
www.a.shifen.com.   248 IN  A   61.135.169.121
;; AUTHORITY SECTION:
a.shifen.com.       545 IN  NS  ns3.a.shifen.com.
a.shifen.com.       545 IN  NS  ns2.a.shifen.com.
a.shifen.com.       545 IN  NS  ns4.a.shifen.com.
a.shifen.com.       545 IN  NS  ns5.a.shifen.com.
a.shifen.com.       545 IN  NS  ns1.a.shifen.com.
;; ADDITIONAL SECTION:
ns1.a.shifen.com.   545 IN  A   61.135.165.224
ns5.a.shifen.com.   545 IN  A   119.75.222.17
ns2.a.shifen.com.   545 IN  A   180.149.133.241
ns4.a.shifen.com.   545 IN  A   115.239.210.176
ns3.a.shifen.com.   545 IN  A   61.135.162.215
;; Query time: 0 msec
;; SERVER: 172.20.66.112#53(172.20.66.112)
;; WHEN: Fri Mar 30 17:26:26 CST 2018
;; MSG SIZE  rcvd: 271

(二)安装配置DNS软件BIND

序号 IP 功能
1 172.20.66.112 主DNS服务器
2 172.20.66.108 从DNS服务器

1,安装bind-chroot DNS服务器

[root@localhost ~]# yum install bind-chroot bind-utils  -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile* epel: ftp.cuhk.edu.hk
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.x86_64 32:9.9.4-51.el7_4.2 will be installed
备注:
CentOS7不同于6,只需要安装bind-chroot,就会自动安装主程序包bind和库bind-libs。同时安装bind-utils(包含host和dig程序的包)
CentOS7下安装了bind-chroot之后,若要使用named-chroot.service,则需要关闭named.service。两者只能运行一个

2,通过rpm -ql bind-chroot查询所安装的文件
[root@localhost ~]# rpm -ql bind-chroot

3,拷贝bind相关文件,准备bind-chroot环境

 [root@localhost chroot]# cp -R /usr/share/doc/bind-9.9.4/sample/etc/*  /var/named/chroot/etc/
[root@localhost chroot]# cp -R /usr/share/doc/bind-9.9.4/sample/var/*  /var/named/chroot/var/
[root@localhost chroot]# ls /var/named/chroot/etc/
named  named.conf  named.rfc1912.zones  pki
[root@localhost chroot]# ls /var/named/chroot/var/
log  named  run  tmp
备注:由于安装了bind-chroot,BIND会被封装到一个伪根目录内,原先的文件配置文件的路径位置变为:
/var/named/chroot/etc/named.conf              ---------BIND服务主配置文件
/var/named/chroot/var/named/                    ----------zone文件直接安装bind配置文件在:
/etc/named.conf   -BIND服务主配置文件
/var/named/        -zone文件

4,在bind chroot的目录中创建相关文件,由于默认是没有配置文件,拷贝模板配置文件/usr/share/doc/bind-9.9.4/sample/在这个目录下

[root@server98 chroot]# cp -rv /usr/share/doc/bind-9.9.4/sample/etc/* /var/named/chroot/etc/
"/usr/share/doc/bind-9.9.4/sample/etc/named.conf" -> "/var/named/chroot/etc/named.conf"
"/usr/share/doc/bind-9.9.4/sample/etc/named.rfc1912.zones" -> "/var/named/chroot/etc/named.rfc1912.zones"
[root@server98 chroot]# cp -rv /usr/share/doc/bind-9.9.4/sample/var/* /var/named/chroot/var/
"/usr/share/doc/bind-9.9.4/sample/var/named/data" -> "/var/named/chroot/var/named/data"
"/usr/share/doc/bind-9.9.4/sample/var/named/my.external.zone.db" -> "/var/named/chroot/var/named/my.external.zone.db"
"/usr/share/doc/bind-9.9.4/sample/var/named/my.internal.zone.db" -> "/var/named/chroot/var/named/my.internal.zone.db"
"/usr/share/doc/bind-9.9.4/sample/var/named/named.ca" -> "/var/named/chroot/var/named/named.ca"
"/usr/share/doc/bind-9.9.4/sample/var/named/named.empty" -> "/var/named/chroot/var/named/named.empty"
"/usr/share/doc/bind-9.9.4/sample/var/named/named.localhost" -> "/var/named/chroot/var/named/named.localhost"
"/usr/share/doc/bind-9.9.4/sample/var/named/named.loopback" -> "/var/named/chroot/var/named/named.loopback"
"/usr/share/doc/bind-9.9.4/sample/var/named/slaves" -> "/var/named/chroot/var/named/slaves"
"/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.ddns.internal.zone.db" -> "/var/named/chroot/var/named/slaves/my.ddns.internal.zone.db"
"/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.slave.internal.zone.db" -> "/var/named/chroot/var/named/slaves/my.slave.internal.zone.db"

5,将bind锁定文件设置为可写。

[root@localhost named]# chmod -R 777 /var/named/chroot/var/named/data/
[root@localhost named]# chmod -R 777 /var/named/chroot/var/named/dynamic/

6,将/etc/named.conf文件拷贝到bind-chroot目录里,并进行编辑最简配置

[root@localhost named]# cp /etc/named.conf  /var/named/chroot/etc/named.conf
[root@localhost etc]# vim /var/named/chroot/etc/named.conf
options {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };allow-query     { any; };directory "/var/named";recursion yes;};zone "lqb.com"  {type master;file "lqb.com.zon";
};

7,创建转发域

[root@localhost named]#cp /var/named/named.localhost  /var/named/chroot/var/named/lqb.zone
[root@localhost named]# vim /var/named/chroot/var/named/lqb.com.zon$TTL 1D
$ORIGIN lqb.com.
@   IN SOA  lqb.com. admin.lqb.com. (20170526; serial1D  ; refresh1H  ; retry1W  ; expire3H  ; minimum
)IN  NS  ns1.lqb.com.ns1 IN  A   192.168.99.99
www IN  A   172.20.66.110
ftp     IN   A  10.128.105.250

8,设置开机启动bind-chroot服务

[root@localhost named]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@localhost named]# systemctl stop named
[root@localhost named]# systemctl disable named
[root@localhost named]# systemctl enable named-chroot
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.
[root@localhost named]# systemctl status named-chroot
● named-chroot.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled)Active: active (running) since Fri 2018-03-30 17:12:55 CST; 4s agoProcess: 3184 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)Process: 3180 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 3185 (named)CGroup: /system.slice/named-chroot.service└─3185 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chrootMar 30 17:12:55 localhost.localdomain named[3185]: zone 0.in-addr.arpa/IN: loaded serial 0
Mar 30 17:12:55 localhost.localdomain named[3185]: zone lqb.com/IN: loaded serial 20170526
Mar 30 17:12:55 localhost.localdomain systemd[1]: Started Berkeley Internet Name Domain (DNS).
Mar 30 17:12:55 localhost.localdomain named[3185]: zone localhost/IN: loaded serial 0
Mar 30 17:12:55 localhost.localdomain named[3185]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Mar 30 17:12:55 localhost.localdomain named[3185]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arp...rial 0
Mar 30 17:12:55 localhost.localdomain named[3185]: zone localhost.localdomain/IN: loaded serial 0
Mar 30 17:12:55 localhost.localdomain named[3185]: all zones loaded
Mar 30 17:12:55 localhost.localdomain named[3185]: running
Mar 30 17:12:55 localhost.localdomain named[3185]: zone lqb.com/IN: sending notifies (serial 20170526)
Hint: Some lines were ellipsized, use -l to show in full.

9.检查配置是否正确。命令named-checkconf named-checkzone

[root@localhost named]#named-checkconf /var/named/chroot/etc/named.conf
[root@localhost named]# named-checkzone lqb.com lqb.com.zon

(三)在客户端进行测试使用
(1),在客户端修改dns配置文件/etc/resolv.conf

[root@HTD-CATIT ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.20.66.110

(2),通过host,nslookup 和dig 进行测试

                [root@HTD-CATIT ~]# ping www.lqb.com
PING www.lqb.com (172.20.66.110) 56(84) bytes of data.
64 bytes from 172.20.66.110: icmp_seq=1 ttl=64 time=7.16 ms
64 bytes from 172.20.66.110: icmp_seq=2 ttl=64 time=0.733 ms
^C
--- www.lqb.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1067ms
rtt min/avg/max/mdev = 0.733/3.946/7.160/3.214 ms
[root@HTD-CATIT ~]# nslookup www.lqb.com
Server:     172.20.66.112
Address:    172.20.66.112#53
Name:   www.lqb.com
Address: 172.20.66.110
[root@HTD-CATIT ~]# host www.lqb.com
www.lqb.com has address 172.20.66.110
[root@HTD-CATIT ~]# dig www.lqb.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> www.lqb.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35029
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.lqb.com.           IN  A
;; ANSWER SECTION:
www.lqb.com.        86400   IN  A   172.20.66.110
;; AUTHORITY SECTION:
lqb.com.        86400   IN  NS  ns1.lqb.com.
;; ADDITIONAL SECTION:
ns1.lqb.com.        86400   IN  A   192.168.99.99
;; Query time: 0 msec
;; SERVER: 172.20.66.112#53(172.20.66.112)
;; WHEN: Fri Mar 30 17:22:19 2018
;; MSG SIZE  rcvd: 79

重要:
(一)服务启用的基本命令:由于是在CentOS7.X中,由于安装了伪根chroot,所以首先要把named服务禁用而启用named-chroot服务
[root@localhost named]# systemctl stop named
[root@localhost named]# systemctl disable named
[root@localhost named]# systemctl enable named-chroot
[root@server98 chroot]# systemctl restart named-chroot

(二)检查配置的基本命令:
[root@server98 chroot]# named-checkconf /var/named/chroot/etc/named.conf
[root@server98 chroot]# /usr/sbin/named-checkzone lqb.com /var/named/chroot/var/named/lqb.com.zon
zone lqb.com/IN: loaded serial 20170526
OK

(三)启用bind基本命令
[root@server98 chroot]# rndc reload ###重载主配置文件和区域解析库文件
server reload successful
[root@server98 chroot]# rndc reload lqb.com ###重载区域解析库文件
zone reload up-to-date
[root@server98 chroot]# rndc notify lqb.com ###新对区域传送发通知,当主从同步过程发生意外时
zone notify queued
[root@server98 chroot]# rndc reconfig ###重载主配置文件
[root@server98 chroot]#

备注:
1,测试的大概的步骤如下:

2,完整的named.conf配置文件如下:

[root@localhost named]# cat  /var/named/chroot/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory   "/var/named";dump-file   "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query     { any; };/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};zone "lqb.com"  {type master;file "lqb.com.zon";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

3,完整的/var/named/chroot/var/named/lqb.com.zon配置

[root@localhost named]# vim /var/named/chroot/var/named/lqb.com.zon $TTL 1D
$ORIGIN lqb.com.
@   IN SOA  lqb.com. admin.lqb.com. (20170526; serial1D  ; refresh1H  ; retry1W  ; expire3H  ; minimum
)IN  NS  ns1.lqb.com.ns1 IN  A   192.168.99.99
www IN  A   172.20.66.110
ftp     IN   A  10.128.105.250

转载于:https://blog.51cto.com/liqingbiao/2093064

CentOS7.4下DNS服务器软件BIND安装及相关的配置(一)相关推荐

  1. Linux(RHEL7及CentOS7)下DNS服务器的搭建与配置

    一.基本概念 DNS即Domain Name System ,域名系统,因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串.通 ...

  2. Windows server 下 DNS服务器 实现递归查询和循环查询的配置方法

    实现递归查询: 在DNS服务器上进行配置: 右击DNS服务器选择[属性]→[转发器],添加其他DNS的IP地址XX.XX.XX.XX:选择[高级]选项卡,取消[启用循环]前的"√" ...

  3. Linux centos7 DNS服务器基于bind正反解析服务的搭建

                                                 Linux centos7 DNS服务器基于bind正反解析服务的搭建 DNS的相关基础知识: 一.DNS-- ...

  4. Linux7中安装DNS服务,CentOS7/RHEL7搭建DNS服务器

    CentOS7/RHEL7搭建DNS服务器 DNS(域名系统)主要用于域名与IP地址的相互转换,将IP地址转换成对应的主机名或将主机名转换成与之相对应IP地址的一种机制.通过域名解析出IP地址的叫做正 ...

  5. 服务器DNS服务是否自动安装,DNS服务器之一:DNS简介及BIND安装与基本配置 | 旺旺知识库...

    1.什么是DNS? 域名系统(英文:Domain Name System,DNS)是因特网的一项服务,它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便的访问互联网.DNS 使用TCP和 ...

  6. linux下DNS服务器的配置

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 1.3 区(Z ...

  7. 虚拟机2012搭建DNS服务器,Windows Server2012 安装配置DNS服务器方法详解

    Windows Server2012 安装配置DNS服务器方法详解 在云服务器 Windows Server2012 上安装配置DNS服务器方法,安装与配置非常简单,在这里写个完整教程方便大家查询 一 ...

  8. DNS协议与DNS服务器搭建(bind)

    写在前面: 博客书写牢记5W1H法则:What,Why,When,Where,Who,How. 本篇主要内容: ● tcp/ip回顾 ● DNS协议/DNS服务相关概念 ● bind安装配置   正向 ...

  9. dns日志级别 linux,linux下DNS服务器视图view及日志系统详解

    linux下DNS服务器视图view及日志系统详解DNS服务器ACL:在named.conf文件中定义ACL功能如同bash当中定义变量,便于后续引用 ACL格式: acl ACL名称 { IP地址1 ...

最新文章

  1. 用户故事为什么要关联开发数据?
  2. Java常用的设计模式总结
  3. Linux驱动入门篇(一):Hello, world
  4. 翻译: Waf 教程
  5. springboot 读取bootStrap.properties流程
  6. POJ - 2318 TOYS(叉积+二分)
  7. 要学习数据科学知识,这些信息需要知道(数据)
  8. 【linux命令】Centos下如何匹配内容在哪个文件中
  9. 第一个国产Apache 顶级项目 Kylin,了解一下!| 原力计划
  10. 006 认识BeanNameAware
  11. 标准库:urllib/urllib2
  12. 在网络蚂蚁中设置代理服务器
  13. 自建 bitwarden 密码管理服务
  14. 一张图概括App启动流程
  15. layui模板引擎嵌套
  16. 微众银行贯彻普惠金融 探索金融扶贫新模式
  17. 计算机学院运动会解说词,学校运动会解说词30篇
  18. [GAMES101]现代计算机图形学课程总结3:Shading
  19. Docker(五)进阶:Docker卷(volumes)
  20. eve网络模拟器使用wireshark抓包

热门文章

  1. 如何跨微服务共享DTO
  2. 为什么大多数IOC容器使用ApplicationContext,而不用BeanFactory
  3. Elasticsearch性能优化实战指南
  4. SpringBoot第二十五篇:2小时学会springboot
  5. 一种关注于重要样本的目标检测方法!
  6. 如何配置一台深度学习工作站?
  7. ICLR 2022:AI如何识别“没见过的东西”?
  8. 如何使用Transformer来做物体检测?
  9. 面试AI Lab能力测评
  10. 用Windows电脑训练深度学习模型?超详细配置教程来了