Linux bind DNS配置
2024-06-07 05:35:37
为什么80%的码农都做不了架构师?>>> 
1,DNS服务 yum -y bind* cach
BIND 提供DNS服务
libnss_file.so
libnss_dns.so
系统调用这两个库文件来解析
配置文件在/etc/nsswitch.conf 根据这个配置文件的先后顺序来解析
. 根域
.com. / .cn. 顶级域
组织域:.com .org .net .cc
国家域:.cn .tw .hk .iq .ir .jp
反向域:IP-->FQDN
查询:
递归:只发出一次请求
迭代:发出多次请求
互联网查询 先递归,后迭代,
递归客户端,非递归客户端
主DNS服务器负责数据的修改
辅助DNS服务器负责数据的同步
nameserver 必须递归,因为需要直接需要答案
serial number 数据版本号
refresh 刷新时间
retry 重试时间
expire 过期时间,认为多长时间
nagative answer TTL 否定回答的緩存時間
缓存DNS服务器
转发器
数据库中的每一个条目就叫一个资源记录,资源记录必须有谁是DNS服务器,谁是mail服务器
资源记录格式:
TTL 600 默认;
NAMETTL(更新過期時間) IN() RRT(资源记录类型) VALUE(资源值)
nginx.vmware.xx. IN A 1.1.1.1
vmware.xx. IN NS ns01.vmware.xx.
ns01.vmware.xx. IN A 1.1.1.2
mail01.vmware.xx. IN A 1.1.1.1资源记录类型:
SOA(Start Of Authority):起始授權記錄
ZONE NAME TTL IN SOA FQDN ADMINISTRATOR_MAILBOX(serial numberrefershretryexpirena ttl)nginx.com.600 IN SOA ns1.vmware.xx. admin.vmware.xx.(20150105011H5M1W1D)時間單位:M(分鐘)‘H(小時)’D(天)‘W(週),默認為秒
MX(Mail eXchange):ZONE NAME -----> FQDN
vmware.xx. IN MX 10 mail01.vmware.xx.需要加优先级(0-99),数字越小级别越高,针对邮件服务器
NS(name Server) :DOMAIN NAME----->FQDN
A(address):FQDN---->IP
AAAA :FQDN---->ipv6
PTR(pointer)反向:IP----->FQDN
1.1.1.1 IN PTR nginx.vmware.xx.
CNAME(Canonical Name):FQDN--->FQDN 別名記錄
www2.vmware.xx. IN CNAME www.vmware.xx.查詢類型:
正向區域文件
vmware.xx. IN SOA反向區域文件
0.168.192.in-addr.arpa. IN SOA
1.168.192.in-addr.arpa. IN www.vmware.xx.
2 IN nginx.vmware.xx.區域傳送:
完全區域傳送(第一次複製數據)axfr
增量區域傳送 ixfr
區域類型:
主區域:master
從區域:slave
提示區域:hint
轉發區域:forward
bind:
/etc/named.confBIND進程的工作屬性
/etc/rndc.keyrndc:Remote Name Domain Controller
密鑰文件
配置信息:
/etc/rndc.conf
/var/named/區域數據文件
/etc/rc.d/init.d/named
{start|stop|restart|status|reload|configtest}yum info caching-nameserver安裝後可以使其成為緩存服務器
DNS監聽的端口
53/udp
53/tcp 從服務器複製主服務器使用
953/tcp rndczone "localhost" IN {type master;file "named.localhost";};
zone "0.0.127.in-addr.arpa" IN {type master;file "named.loopback";};啟動時使用
rndc-confgen -r /dev/urandom > /etc/rndc.conf
rndc-confgen -r /dev/urandom -a手動生成rndc.key
dig > named.root
dig -t RT NAME @DNSSERVER
dig -t NS(A,NS,MX,PTR) vmware.xx
dig -x IP 反向查詢
dig +recurse +trace -t A vmware.xx @10.207.237.110
dig -t axfr vmware.xx 完全区域传送
dig -t ixfr vmware.xx 增量区域传送nslookup>
server IP 設定DNS服務器
set q=RT(區域類型)
NAMEnamed.conf
directory "/var/named"
recursion yes; 開啟递归查询,允许进行外面的用户递归查询;
allow-recursion { 10.207.237.0/24; };允许为10.207.237.网段的用户递归
allow-query { any; };允许那些用户进行查询;
allow-transfer { 10.207.237.112; }; 增加在zone区域中
allow-transfer { none; }; 不允许区域传送;zone "."IN{type hint;file "named.ca";};
zone "localhost"IN{type master;file "named.localhost";all-transfer { none;};};
zone "0.0.127.in-addr.arpa"IN{type master;file "named.loopback";all-transfer { none;};};
zone "vmware.xx" IN {type master;file "vmware.xx.zone";allow-transfer { 10.207.237.110; };};
zone "237.207.10.in-addr.arpa" IN {type master;file "237.207.10.zone";allow-transfer { 10.207.237.110; };};
acl china_zz {10.207.237.0/24;
};
acl china_cd {10.244.0.0/16;
};DNS试图配置文档
named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
notify yes;
};
logging {channel query_log {file "/var/log/named/query_log.log" versions 3 size 10M;print-time yes;print-severity yes;print-category yes;severity dynamic;};channel axfr_log {file "/var/log/named/transfer_log.log" versions 5 size 10M;print-time yes;print-severity yes;print-category yes;severity dynamic;};category queries { query_log; };category xfer-out { axfr_log; };
};
acl china_zz {10.207.237.0/24;
};
acl china_cd {10.244.0.0/16;
};
view china_zz{match-clients { china_zz; };zone "vmware.xx" IN {type master;file "china_zz.vmware.xx.zone";allow-transfer { any; };};zone "207.10.in-addr.arpa" IN {type master;file "237.10.zone";allow-transfer { 10.207.237.111; };};
};
view china_cd{match-clients { china_cd; };zone "vmware.xx" IN {type master;file "china_cd.vmware.xx.zone";allow-transfer { 10.207.237.111; };};zone "244.10.in-addr.arpa" IN {type master;file "244.10.zone";allow-transfer { 10.207.237.111; };};
};
view any{match-clients { any; };zone "vmware.xx" IN {type master;file "other.vmware.xx.zone";allow-transfer { 10.207.237.111; };};
zone "." IN {type hint;file "named.ca";};
zone "localhost" IN {type master;file "named.localhost";allow-transfer { none; };};
zone "0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-transfer { none; };};
};
#include "/etc/named.rfc1912.zones";china_zz.vmware.xx.zone
$TTL 600
@ IN SOA ns01.vmware.xx. admin.vmware.xx. (2015010701 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns01.vmware.xx.NS ns02.vmware.xx.MX 10 mail.vmware.xx.
mail A 10.207.237.113
ns02 A 10.207.237.111
ns01 A 10.207.237.110
www A 10.207.237.112
www A 10.207.237.109china_cd.vmware.xx.zone
$TTL 600
@ IN SOA ns01.vmware.xx. admin.vmware.xx. (2015010701 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns01.vmware.xx.NS ns02.vmware.xx.MX 10 mail.vmware.xx.
mail A 10.207.237.113
ns01 A 10.207.237.110
ns02 A 10.207.237.111
www A 10.244.235.235
www A 10.244.235.236237.207.10.zone
$TTL 600
@ IN SOA ns01.vmware.xx. admin.vmware.xx. (2015010701 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns01.vmware.xx.NS ns02.vmware.xx.
113 PTR mail.vmware.xx.
111 PTR ns02.vmware.xx.
110 PTR ns01.vmware.xx.
112 PTR www.vmware.xx.
109 PTR www.vmware.xx.主从区域传送时,必须在区域文件中指明辅助DNS的NS记录,才可以进行区域传送,如上所示;
rndc 远程管理DNS服务器
子域授权
SUB_ZONE_NAMEINNSNSSERVER_SUB_ZONE_NAME
NSSERVER_SUB_ZONE_NAME INA IPDNS 视图定义;
viewchina_zz {
match-clients { china_zz; };
zone"vmware.xx" IN {
typemaster;
file"china_zz.vmware.xx.zone"
allow-transfer
};
};linux bind DNS配置以下为所有之配置文件
named.conf
options {
listen-on port 53 { any; };
directory "/usr/local/named/etc";
pid-file "/usr/local/named/var/run/named.pid";
dump-file "/usr/local/named/data/cache_dump.db";statistics-file "/usr/local/named/data/named_stats.txt";memstatistics-file "/usr/local/named/data/named_mem_stats.txt";
forwarders { 10.207.238.100; };
allow-query { any; };
recursion yes;
notify yes;
};
logging {channel query_log {file "/var/log/named/query_log.log" versions 3 size 10M;print-time yes;print-severity yes;print-category yes;severity dynamic;
};channel axfr_log {file "/var/log/named/transfer_log.log" versions 5 size 10M;print-time yes;print-severity yes;print-category yes;severity dynamic;
};category queries { query_log; };category xfer-out { axfr_log; };
};
zone "." IN {type hint;file "named.root";
};
zone "localhost" IN {type master;file "named.localhost";allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-transfer { none; };
};
zone "vmware.xx" IN {type master;file "vmware.xx.zone";allow-transfer { 10.207.237.200; };
};
zone "vmware.zz" {type master;database "mysqldb vmware sc 127.0.0.1 root cisco1989";allow-transfer { 10.207.237.200; };
};
zone "237.207.10.in-addr.arpa" IN {type master;file "10.207.237.zone";allow-transfer { 10.207.237.200; };
};
zone "238.207.10.in-addr.arpa" IN {type master;file "10.207.238.zone";allow-transfer { 10.207.237.200; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "PESyIEZ6P7LE6D1v0MFQBA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};named.localhost 本地正向解析
$TTL 1D
@ IN SOA @ rname.invalid. (0; serial1D; refresh1H; retry1W; expire3H ); minimumNS @A 127.0.0.1AAAA ::1named.loopback 本地反向解析
$TTL 1D
@ IN SOA @ rname.invalid. (0; serial1D; refresh1H; retry1W; expire3H ); minimumNS @A 127.0.0.1AAAA ::1PTR localhost.named.root 顶级域解析
; <<>> DiG 9.9.7 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56849
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 25;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;. IN NS;; ANSWER SECTION:
. 11055 IN NS k.root-servers.net.
. 11055 IN NS i.root-servers.net.
. 11055 IN NS c.root-servers.net.
. 11055 IN NS e.root-servers.net.
. 11055 IN NS a.root-servers.net.
. 11055 IN NS m.root-servers.net.
. 11055 IN NS g.root-servers.net.
. 11055 IN NS d.root-servers.net.
. 11055 IN NS f.root-servers.net.
. 11055 IN NS h.root-servers.net.
. 11055 IN NS j.root-servers.net.
. 11055 IN NS l.root-servers.net.
. 11055 IN NS b.root-servers.net.;; ADDITIONAL SECTION:
k.root-servers.net. 8316 IN A 193.0.14.129
k.root-servers.net. 8978 IN AAAA 2001:7fd::1
i.root-servers.net. 8323 IN A 192.36.148.17
i.root-servers.net. 8244 IN AAAA 2001:7fe::53
c.root-servers.net. 8153 IN A 192.33.4.12
c.root-servers.net. 8422 IN AAAA 2001:500:2::c
e.root-servers.net. 8253 IN A 192.203.230.10
a.root-servers.net. 14310 IN A 198.41.0.4
a.root-servers.net. 8316 IN AAAA 2001:503:ba3e::2:30
m.root-servers.net. 8323 IN A 202.12.27.33
m.root-servers.net. 9520 IN AAAA 2001:dc3::35
g.root-servers.net. 8253 IN A 192.112.36.4
d.root-servers.net. 8253 IN A 199.7.91.13
d.root-servers.net. 8258 IN AAAA 2001:500:2d::d
f.root-servers.net. 8253 IN A 192.5.5.241
f.root-servers.net. 8275 IN AAAA 2001:500:2f::f
h.root-servers.net. 8323 IN A 128.63.2.53
h.root-servers.net. 8623 IN AAAA 2001:500:1::803f:235
j.root-servers.net. 8323 IN A 192.58.128.30
j.root-servers.net. 8518 IN AAAA 2001:503:c27::2:30
l.root-servers.net. 8279 IN A 199.7.83.42
l.root-servers.net. 8244 IN AAAA 2001:500:3::42
b.root-servers.net. 8151 IN A 192.228.79.201
b.root-servers.net. 8153 IN AAAA 2001:500:84::b;; Query time: 34 msec
;; SERVER: 10.191.131.131#53(10.191.131.131)
;; WHEN: Thu Apr 02 13:52:18 CST 2015
;; MSG SIZE rcvd: 768rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "PESyIEZ6P7LE6D1v0MFQBA==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "PESyIEZ6P7LE6D1v0MFQBA==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of rndc.confvmware.xx.zone 正向解析
$TTL 600
@ IN SOA ns01.vmware.xx. jason.cahng.vmware.xx. (2015040201; serial1D; refresh1H; retry1W; expire3H ); minimumNS ns01.vmware.xx.MX 10 mail.vmware.xx.A 10.207.237.122
mail A 10.207.238.199
nessus01 A 10.207.238.93
nessus02 A 10.207.238.94
nessus03 A 10.207.238.95
nessus04 A 10.207.238.96
symantec CNAM Email.vmware.xx.
ns01 A 10.207.237.122
ubuntu A 10.207.237.124
rd A 10.207.237.123
nessus A 10.207.237.12110.207.237.zone 反向解析配置
$TTL 600
@ IN SOA ns01.vmware.xx. jason.chang.vmware.xx. (2015040201; serial1D; refresh1H; retry1W; expire3H ); minimumNS ns01.vmware.xx.
122 PTR ns01.vmware.xx.
124 PTR ubuntu.vmware.xx.
123 PTR rd.vmware.xx.
121 PTR nessus.vmware.xx.10.207.238.zone 反向解析文件
$TTL 600
@ IN SOA ns01.vmware.xx. jason.chang.vmware.xx. (2015040201; serial1D; refresh1H; retry1W; expire3H ); minimumNS ns01.vmware.xx.
122 PTR ns01.vmware.xx.
93 PTR nessus01.vmware.xx.
94 PTR nessus02.vmware.xx.
95 PTR nessus03.vmware.xx.
96 PTR nessus04.vmware.xx.转载于:https://my.oschina.net/ambari/blog/601761
Linux bind DNS配置相关推荐
- linux bind命令,Linux初学者DNS配置指南(一)安装Bind
手把手教你如何配置Linux下的DNS(一)安装Bind 最近配置linux下DNS时,遇到些问题,查了网上的很多资料,内容都比较全面,但是没有一个能让linux初学者,按照所写的步骤一步一步执行下去 ...
- Linux的DNS配置2-主从服务器
1.实验背景 之前写了Linux的DNS配置1-DNS入门,其中只用了一台DNS服务器,但一般在大型网络中,都要通过配置辅助DNS服务器可以提高DNS服务的可靠性,本次实验即配置DNS主从服务器 2. ...
- linux下DNS配置详解
linux下DNS配置详解 DNS 是域名系统 (Domain Name Server) 的缩写,该系统用于命名组织到域层次结构中的计算机和网络服务.在Internet上域名与IP地址之间是一一对应的 ...
- linux系统dns配置
linux系统dns配置 DNS(Domain Name System,域名系统): 因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取 ...
- linux下dns配置方法与常用dns
linux下dns配置方法: 1.修改网卡配置文件 echo 'DNS1="114.114.114.114" ' >> /etc/sysconfig/network-s ...
- linux配置dns 视频教程,linux下DNS配置视频
yaoxinrisk 于 2013-12-02 20:07:11发表: 现在都打不开了 657129880@qq.co 于 2013-04-21 18:01:29发表: 谢谢分享!!! qwertpa ...
- linux下 DNS配置过程『罗斌原创』
DNS配置过程 任务1:配置主DNS 1.检查是否安装了bind软件包,rpm -qa | grep bind 如果没有安装则挂载第四张光盘, mount -t iso9660 /dev/cdrom ...
- linux 内核配置 dns,Linux的dns配置 - Linux操作系统基础进阶练习题_Linux教程_Linux公社-Linux系统门户网站...
1.1)查询是否安装DNS软体 1.2)安装bind_chroot 1.3)编辑/etc/sysconfig/named,查看chroot的路径 1.4)注释掉/etc/resolv.conf中其它D ...
- Linux网络DNS配置反向解析与构建主从域名服务器
DNS配置反向解析与构建主从域名服务器 一.DNS反向解析 ①配置反向解析 1.编辑主配置文件 2.修改区域配置文件,添加反向区域配置 3.配置反向区域数据文件 4.重启服务进行测试 ②配置反向解析( ...
最新文章
- Maven install 中文乱码问题
- python浮点数占多少字节_Python的浮点数损失精度问题
- document.compatMode的CSS1compat
- 苏炳添:发C刊与拿冠军相比,哪个更难?
- 使用Express和MongoDB构建CRUD应用程序-第2部分
- Spring源代码分析-Persist--JdbcTemplate
- mysql到底可不可以使用join_《Mysql 到底可不可以使用 Join ?》
- 第一篇:你不一定了解的推荐系统
- 关于数据挖掘(协同过滤、关联推荐、聚类分类)一些资料(转)
- chage 修改用户密码的有效期限
- MFC界面库BCGControlBar Pro for MFC v33.1 - 更适配Windows 11
- c语言的异步回调函数,C语言函数的回调函数
- android多开技术,多开常见配置 - 技术交流 - 逍遥安卓论坛 - Powered by Discuz!
- JAVA-银行卡归属地查询
- Docker学习之day01 Docker的前世今生
- 梯度下降算法笔记整理6 - 梯度下降 偏导数及其几何意义
- Reference 类
- 为什么软件系统上云是大势所趋?
- 聚类 k-means、yellowbrick和信用卡用户实例 -- 023
- jrtplib收发实例
热门文章
- 2.2 获取图像感兴趣区域_超火的机器视觉OpenCVSharp学习笔记3——图像形态学处理...
- angular post php 404,AngularJS POST失败:飞行前响应具有无效的HTTP状态代码404
- 服务器系统bios,服务器bios下查看系统配置
- java 顺序输出_java输出顺序
- 联调测试是什么意思_功能模块提测前注意这几件事,再也不怕被测试diss了
- css设置子盒子水平垂直居中(四种方式)
- js获取el表达式的值_Vue.js
- php 增加数组下标_PHP数组排序更改下标KEY方法
- java 植入 form_pdf form表单制作以及用java程序填充表单
- 使用si ob 导出,导入部分表