本人对DNS的理解:

-->正向解析与反向解析:

1）正向解析:

正向解析是指域名到IP地址的解析过程。

2）反向解析:

反向解析是从IP地址到域名的解析过程;反向解析的作用为服务器的身份验证。

-->主从DNS服务器:

主DNS服务器(Master DNS）: 数据库更新由管理员手动完成;

辅助DNS服务器 (SlaveDNS)：数据库更新从主服务器或其他辅助DNS服务器那里完成;

---

一、DNS的常用命令：

1.测试解析命令.

1). dig命令：

# dig [-t type] [-x addr] [name] [@server]

+[no]trace-->(跟踪解析过程)

+[no]recurse-->(是否使用递归的方式)

+[no]tcp -->(是否使用tcp查询,而不使用udp)

+[no]question-->(是否隐藏问题)

+[no]answer-->(是否隐藏答案)

+[no]authority-->(是否隐藏权威段)

+[no]additional-->(是否隐藏附加段)

2). host命令：

# host [-t type] {name} [server]

例子:

[root@localhost ~]# host -t MX xiaoma.com
xiaoma.com mail ishandled by 10mail.xiaoma.com.
[root@localhost ~]#

3). nslookup命令(交互式的命令)：

nslookup>

server DNS_SERVER_IP

set q=TYPE

{name}

例子:

[root@localhost ~]# nslookup
> setq=A
> www.xiaoma.com
Server:172.16.17.202
Address:172.16.17.202#53
Name:www.xiaoma.com
Address: 172.16.17.203
>

2.启动/重加载命令:

1).启动命令:

# named -u named

# servcice named start(这个可能会依赖rndc.key的)

2).重载命令:

# service named reload

# killall -1 named

# killall named(关闭)

3.测试语法错误:

# service named configtest

# named-checkconf

# named-checkzone "xiaoma.com" /var/named/xiaoma.com.zone

---

二、bind的基本使用:

1、正向解析配置:

第一种:手动创建配置文件及区域文件:

前提:

挂载光盘:
[root@xiaoma ~]# mkdir /media/cdrom
[root@xiaoma ~]# mount /dev/cdrom /media/cdrom/
mount: block device /dev/sr0 iswrite-protected, mounting read-only
配置本地yum源:
[root@xiaoma ~]# cd /etc/yum.repos.d/
[root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak
[root@xiaoma yum.repos.d]# vim media.repo
[media]
name=media
baseurl=file:///media/cdrom
enabled=1
gpgcheck=0

1).将准备好的bind包安装:

[root@localhost ~]# yum -y install bind

2).注意: 这里没有使用源配置文件,而是手动写配置文件:

[root@localhost etc]# mv /tmp/named.conf /etc/named.conf.origin

3).新建编辑配置文件/etc/named.conf:

4).配置区域文件(这里是系统自带的哦):

⑴编辑/var/named/named.loopback文件(如果是新建的文件要修改其相关属性):

[root@localhost ~]# vim /var/named/named.loopback
$TTL 1D
@       IN SOA  @ rname.invalid. (
0; serial
1D; refresh
1H; retry
1W; expire
3H)    ; minimum
NS      @
A       127.0.0.1
AAAA    ::1
PTR     localhost.

⑵编辑/var/named/named.localhost文件(如果是新建的文件要修改其相关属性):

[root@localhost ~]# vim /var/named/named.localhost
$TTL 1D
@       IN SOA  @ rname.invalid. (
0       ; serial
1D      ; refresh
1H      ; retry
1W      ; expire
3H )    ; minimum
NS      @
A       127.0.0.1
AAAA    ::1

⑶编辑/var/named/xiaoma.com.zone文件(手动创建):

5).修改named.conf属性:

[root@localhost named]# chown root:named /var/named/xiaoma.com.zone
[root@localhost named]# chmod 640 /var/named/xiaoma.com.zone
[root@localhost etc]# chown root:named /etc/named.conf
[root@localhost etc]# chmod --reference=/etc/named.conf.origin /etc/named.conf(1)-->注意:这个(1)和(2)是一样的.
[root@localhost etc]# chmod 640 /etc/named.conf(2)

6).启动测试语法/手动测试语法的使用:

第一:启动时测试:
[root@localhost etc]# service named configtest
zone localhost/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
第二:手动测试:
[root@localhost etc]# named-checkconf
[root@localhost etc]#
区域文件是系统自带的,我这里就没有必要检查语法了吆.
root@localhost named]# named-checkzone "xiaoma.com"/var/named/xiaoma.com.zone
zone xiaoma.com/IN: loaded serial 2014031301
OK
[root@localhost named]#

7).启动named服务:

[root@localhost etc]# service named start-->启动时需要产生随机数.
Generating /etc/rndc.key:
[root@localhost etc]# --> 如果这里启动不了就使用下面的这个命令:以root的身份启动,启动后以named用户执行.
[root@localhost etc]# named -u named

8).使用dig命令测试(这里介绍了下面绝不会介绍):

2.正向解析配置:

第二种:直接修改配置文件及区域文件:

前提:

挂载光盘:
[root@xiaoma ~]# mkdir /media/cdrom
[root@xiaoma ~]# mount /dev/cdrom /media/cdrom/
mount: block device /dev/sr0 iswrite-protected, mounting read-only
配置本地yum源:
[root@xiaoma ~]# cd /etc/yum.repos.d/
[root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak
[root@xiaoma yum.repos.d]# vim media.repo
[media]
name=media
baseurl=file:///media/cdrom
enabled=1
gpgcheck=0

1).将准备好的bind包安装:

[root@localhost ~]# yum -y install bind

2).修改配置文件:named.conf:

注意:
这里只是把注释的内容贴出来了:
//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };
//      allow-query     { localhost; };
//      dnssec-enable yes;
//      dnssec-validation yes;
//      dnssec-lookaside auto;
//      bindkeys-file "/etc/named.iscdlv.key";
//      managed-keys-directory "/var/named/dynamic";
//include "/etc/named.root.key";

3).修改区域文件/etc/named.rfc1912.zones:

在文章尾部添加:
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "xiaoma.com"{
typemaster;
file"xiaoma.com.zone";
};

4).修改其属性:

[root@localhost named]# chmod 640 /var/named/xiaoma.com.zone
[root@localhost named]# chown root:named /var/named/xiaoma.com.zone
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone "xiaoma.com" /var/named/xiaoma.com.zone

5).启动服务/重新加载服务:

[root@localhost named]# named -u named
[root@localhost named]# service named reload
[root@localhost named]# killall -1 named

6).测试解析:

[root@localhost ~]# dig -t MX xiaoma.com
[root@localhost ~]# dig -t CNAME pop.xiaoma.com
[root@localhost ~]# dig -t MX xiaoma.com
[root@localhost ~]# dig -t CNAME pop.xiaoma.com
[root@localhost ~]# dig -t CNAME ftp.xiaoma.com
[root@localhost ~]# dig -t A www.xiaoma.com
[root@localhost ~]# dig -t NS xiaoma.com
[root@localhost ~]# dig -t NS xiaoma.com @172.16.17.202
[root@localhost ~]# dig -t A mail.xiaoma.com

--->我们以它来测试查询 mail 的 A 记录:

上下图片对比:

6).使用 +trace 跟踪解析过程(要连上网络的吆):

接上面的环境基础(2.正向解析配置:):

3.配置反向解析:

1).定义区域文件/etc/named.rfc1912.zones:

[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "17.16.172.in-addr.arpa"{
typemaster;
file"172.16.17.zone";
};

2).创建区域文件172.16.17.zone:

复制文件保持属组及权限:
[root@localhost named]# cp -p xiaoma.com.zone 172.16.17.zone

3).编辑区域文件172.16.17.zone:

4).启动测试语法/重新加载:

5).测试解析:

接上,其它解析:

[root@localhost named]# dig -x 172.16.17.204
[root@localhost named]# dig -x 172.16.17.203

6).host命令测试解析:

---

三、编译安装bind及应用:

>>>编译安装named(bind-9.9.5):

前提：配置好开发环境，安装包组(yum安装).

挂载光盘:
[root@xiaoma ~]# mkdir /media/cdrom
[root@xiaoma ~]# mount /dev/cdrom /media/cdrom/
mount: block device /dev/sr0 iswrite-protected, mounting read-only
配置本地yum源:
[root@xiaoma ~]# cd /etc/yum.repos.d/
[root@xiaoma yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak
[root@xiaoma yum.repos.d]# vim media.repo
[media]
name=media
baseurl=file:///media/cdrom
enabled=1
gpgcheck=0
安装开发包组:
[root@xiaoma ~]# yum grouplist | grep Development
Desktop Platform Development
Development tools
Server Platform Development
[root@xiaoma ~]# yum -y groupinstall "Server Platform Development" "Desktop Platform Development" "Development tools"

1、下载源代码，编译安装:

1).将准备好的源码包解压并编译安装:

[root@xiaoma tmp]# tar xf bind-9.9.5.tar.gz
[root@xiaoma tmp]# cd bind-9.9.5
[root@xiaoma bind-9.9.5]# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --enable-threads --enable-epoll --disable-chroot
root@xiaoma bind-9.9.5]# make
root@xiaoma bind-9.9.5]# make install

2.创建主配置文件/etc/named/named.conf:

3.创建区域数据文件:

① 创建/var/named/named.ca :

[root@xiaoma ~]# mkdir /var/named
[root@xiaoma ~]# cd /var/named/
[root@xiaoma named]# dig -t NS . @172.16.0.1 > named.ca

② 创建/var/named/named.loopback :

[root@xiaoma named]# vim named.loopback
$TTL 86400
@       IN      SOA     localhost.      admin.localhost. (
2014031101
2H
10M
7D
1D)
IN      NS      localhost.
1IN      PTR     localhost.

③ 创建/var/named/named.localhost :

[root@xiaoma named]# vim named.localhost
$TTL 86400
@       IN      SOA     localhost.      admin.localhost. (
2014031101
2H
10M
7D
1D)
IN      NS      localhost.
localhost.      IN      A       127.0.0.1

④然后创建/var/named/xiaoma.com.zone文件:

[root@xiaoma named]# vim /var/named/xiaoma.com.zone
$TTL 86400
@       IN      SOA     dns.xiaoma.com.      dnsadmin.xiaoma.com. (
2014031101
2H
10M
3D
1D)
IN      NS      dns
IN      MX 10mail
dns             IN      A       172.16.17.202
mail            IN      A       172.16.17.202
www             IN      A       172.16.17.1

4.创建系统用户,且测试启动:

① 创建用户:

[root@xiaoma ~]# groupadd -g 53 -r named
[root@xiaoma ~]# useradd -g named -r named
[root@xiaoma ~]# id named
uid=496(named) gid=53(named) groups=53(named)
[root@xiaoma ~]# ls /home/

② 赋予相应属性:

[root@xiaoma named]# chmod 640 /etc/named/named.conf /var/named/*
[root@xiaoma named]# chown root:named /etc/named/* /var/named/*

③ 设置PATH变量:

[root@xiaoma named]# echo 'export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH' > /etc/profile.d/named.sh
[root@xiaoma named]# cat /etc/profile.d/named.sh
[root@xiaoma named]# source /etc/profile.d/named.sh

④ 检查语法:

[root@xiaoma ~]# named-checkconf
[root@xiaoma ~]# named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback
zone 0.0.127.in-addr.arpa/IN: loaded serial 2014031101
OK
[root@xiaoma ~]# named-checkzone "localhost" /var/named/named.localhost
zone localhost/IN: loaded serial 2014031101
OK
[root@xiaoma named]# named-checkzone "xiaoma.com" xiaoma.com.zone
zone xiaoma.com/IN: loaded serial 2014031101
OK
[root@xiaoma ~]# killall -1 named

⑤ 测试启动并查看端口:

[root@xiaoma named]# named -u named
[root@xiaoma named]# ss -tunl

⑥测试解析A记录:

[root@localhost named]# dig -t A www.xiaoma.com @172.16.17.202
; <<>> DiG 9.9.5<<>> -t A www.xiaoma.com @172.16.17.202
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49273
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.xiaoma.com.            IN  A
;; ANSWER SECTION:
www.xiaoma.com.     86400IN  A   172.16.17.1
;; AUTHORITY SECTION:
xiaoma.com.     86400IN  NS  dns.xiaoma.com.
;; ADDITIONAL SECTION:
dns.xiaoma.com.     86400IN  A   172.16.17.202
;; Query time: 0msec
;; SERVER: 172.16.17.202#53(172.16.17.202)
;; WHEN: Fri Mar 0701:37:43CST 2014
;; MSG SIZE  rcvd: 93
[root@localhost named]#

5.提供服务脚本,并赋予权限:

1).脚本:

[root@xiaoma ~]# vim /etc/rc.d/init.d/named
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions] && . /etc/rc.d/init.d/functions
start() {
if[ -e $lockFile ]; then
echo"named is already running..."
exit0
fi
echo-n "Starting named:"
daemon --pidfile "$pidFile"/usr/local/bind9/sbin/named-u named -c "$confFile"
RETVAL=$?
echo
if[ $RETVAL -eq0 ]; then
touch$lockFile
return$RETVAL
else
rm-f $lockFile $pidFile
return1
fi
}
stop() {
if[ ! -e $lockFile ]; then
echo"named is stopped."
#       exit 0
fi
echo-n "Stopping named:"
killproc named
RETVAL=$?
echo
if[ $RETVAL -eq0 ];then
rm-f $lockFile $pidFile
return0
else
echo"Cannot stop named."
failure
return1
fi
}
restart() {
stop
sleep2
start
}
reload() {
echo-n "Reloading named: "
killproc named -HUP
#killall -HUP named
RETVAL=$?
echo
return$RETVAL
}
status() {
ifpidof named &> /dev/null; then
echo-n "named is running..."
success
echo
else
echo-n "named is stopped..."
success
echo
fi
}
usage() {
echo"Usage: named {start|stop|restart|status|reload}"
}
case$1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
exit4
;;
esac

2).赋予相应属性:

[root@xiaoma ~]# chkconfig --add named
[root@xiaoma ~]# chkconfig --list named
named           0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@xiaoma ~]# killall named -->关闭named
[root@xiaoma ~]# chmod +x /etc/rc.d/init.d/named
[root@xiaoma ~]# service named start
Starting named:                                            [  OK  ]

A smile is the most beautiful language!!!

---

以本人的理解而写出博客,如若有错误,欢迎指出.

                                                                       ---->小马子