为了适应人类对文字的印象比数字高
1./etc/hosts
2.分布式,阶层式管理架构:DNS系统
DNS采用树型结构框架
完整主机名FQDN
一般顶级域名:.com,.org,.gov等
地区顶级层域名:.uk,.jp,.cn等
每上一层的DNS服务器所记录的信息,其实只有其下一层的主机名而已.
主机名追踪:dig +trace
[t@bjb0541 ~]$ cat /etc/services |grep domain
domain 53/tcp # name-domain server
domain 53/udp
DNS标记
SOA:开始验证
NS:域名服务器
A:地址
PTR:反解指向
客户端相关配置文件:
/etc/hosts本地解析
/etc/resolv.conf域名解析
/etc/nsswitch.conf决定以上两个配置的解析顺序
解析常用命令:host,nslookup,dig,whois
服务器架设:
[root@192-168-174-42 ~]# yum install bind bind-chroot
配置文件:
/etc/named.conf主配置文件
/var/named数据库
/etc/sysconfig/named额外参数
/var/run/named PID文件
-
[root@192-168-174-42 ~]# cat /etc/named.conf
-
//
-
// named.conf
-
//
-
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
-
// server as a caching only nameserver (as a localhost DNS resolver only).
-
//
-
// See /usr/share/doc/bind*/sample/ for example named configuration files.
-
//
-
-
options {
-
// listen-on port 53 { 127.0.0.1; };
-
listen-on port 53 { any; };//修改监听所有接口
-
//listen-on-v6 port 53 { ::1; };
-
directory "/var/named";//数据库目录
-
dump-file "/var/named/data/cache_dump.db";//一些统计信息
-
statistics-file "/var/named/data/named_stats.txt";
-
memstatistics-file "/var/named/data/named_mem_stats.txt";
-
//allow-query { localhost; };
-
allow-query { any; };
-
-
/*
-
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
-
- If you are building a RECURSIVE (caching) DNS server, you need to enable
-
recursion.
-
- If your recursive DNS server has a public IP address, you MUST enable access
-
control to limit queries to your legitimate users. Failing to do so will
-
cause your server to become part of large scale DNS amplification
-
attacks. Implementing BCP38 within your network would greatly
-
reduce such attack surface
-
*/
-
recursion yes;//将自己视为客户端
-
allow-recursion { localhost; 192.168.184.0/24; };
-
forward only;
-
forwarders {
-
223.5.5.5;
-
114.114.114.114;
-
};
-
dnssec-enable no;
-
dnssec-validation no;
-
-
/* Path to ISC DLV key */
-
bindkeys-file "/etc/named.iscdlv.key";
-
-
managed-keys-directory "/var/named/dynamic";
-
-
pid-file "/run/named/named.pid";
-
session-keyfile "/run/named/session.key";
-
};
-
-
logging {
-
channel default_debug {
-
file "data/named.run";
-
severity dynamic;
-
};
-
};
-
-
zone "." IN {
-
type hint;
-
file "named.ca";
-
};
-
zone "skyovirt.com" IN {
-
type master;
-
file "named.skyovirt.com";
-
};
-
zone "192.168.184.in-addr.arpa" IN {
-
type master;
-
file "named.192.168.184";
-
};
-
-
include "/etc/named.rfc1912.zones";//默认读取
-
include "/etc/named.root.key"
-
[root@192-168-174-42 ~]# cat /var/named/named.skyovirt.com
-
$TTL 600
-
$ORIGIN skyovirt.com.
-
@ IN SOA skyovirt.com. master.skyovirt.com. (
-
0 ; serial
-
3H ; refresh
-
15M ; retry
-
1W ; expire
-
1D ) ; minimum
-
IN NS skyovirt.com.
-
skyovirt.com. IN A 192.168.184.11
-
master.skyovirt.com. IN A 192.168.184.11
-
ovirthost18.skyovirt.com. IN A 192.168.184.18
-
ovirthost17.skyovirt.com. IN A 192.168.184.17
-
ovirthost15.skyovirt.com. IN A 192.168.184.15
-
ovirthost14.skyovirt.com. IN A 192.168.184.14
-
ovirthost13.skyovirt.com. IN A 192.168.184.13
-
ovirt.skyovirt.com. IN A 192.168.184.10
-
dns.skyovirt.com. IN CNAME master.skyovirt.com.
-
[root@192-168-174-42 ~]#
-
[root@192-168-174-42 ~]# cat /var/named/named.192.168.184
-
$TTL 600
-
@ IN SOA skyovirt.com. master.skyovirt.com. (
-
0 ; serial
-
1D ; refresh
-
1H ; retry
-
1W ; expire
-
3H ) ; minimum
-
@ IN NS master.skyovirt.com.
-
11 IN PTR master.skyovirt.com.
-
18 IN PTR ovirthost18.skyovirt.com.
-
10 IN PTR ovirt.skyovirt.
重启服务.
-
[root@192-168-174-42 ~]# service named restart
-
Redirecting to /bin/systemctl restart named.service
-
[root@192-168-174-42 ~]# netstat -lntp |grep named
-
tcp 0 0 192.168.184.11:53 0.0.0.0:* LISTEN 10210/named
-
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 10210/named
-
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 10210/named
-
tcp6 0 0 ::1:53 :::* LISTEN 10210/named
-
tcp6 0 0 ::1:953 :::* LISTEN 10210/named
-
[root@192-168-174-42 ~]#
访问外网与自定义域名都OK
-
[root@192-168-174-42 ~]# dig ovirt.skyovirt.com
-
-
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> ovirt.skyovirt.com
-
;; global options: +cmd
-
;; Got answer:
-
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30879
-
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
-
-
;; OPT PSEUDOSECTION:
-
; EDNS: version: 0, flags:; udp: 4096
-
;; QUESTION SECTION:
-
;ovirt.skyovirt.com. IN A
-
-
;; ANSWER SECTION:
-
ovirt.skyovirt.com. 600 IN A 192.168.184.10
-
-
;; AUTHORITY SECTION:
-
skyovirt.com. 600 IN NS skyovirt.com.
-
-
;; ADDITIONAL SECTION:
-
skyovirt.com. 600 IN A 192.168.184.11
-
-
;; Query time: 0 msec
-
;; SERVER: 127.0.0.1#53(127.0.0.1)
-
;; WHEN: Thu Mar 10 17:05:16 CST 2016
-
;; MSG SIZE rcvd: 93
-
-
[root@192-168-174-42 ~]# dig www.sky-mobi.com
-
-
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> www.sky-mobi.com
-
;; global options: +cmd
-
;; Got answer:
-
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62581
-
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
-
-
;; OPT PSEUDOSECTION:
-
; EDNS: version: 0, flags:; udp: 4096
-
;; QUESTION SECTION:
-
;www.sky-mobi.com. IN A
-
-
;; ANSWER SECTION:
-
www.sky-mobi.com. 200 IN A 111.1.17.157
-
-
;; Query time: 27 msec
-
;; SERVER: 127.0.0.1#53(127.0.0.1)
-
;; WHEN: Thu Mar 10 17:05:27 CST 2016
-
;; MSG SIZE rcvd: 61
阅读(1471) | 评论(0) | 转发(0) |
