码迷,mamicode.com
首页 > 系统相关 > 详细

Linux dns服务器介绍

时间:2018-05-11 16:09:59      阅读:236      评论:0      收藏:0      [点我收藏+]

标签:linux dns

DNS(Domain Name System),域名解析,简单说就是域名查找ip,也可以是ip查找域名,可以相互解析。
正向解析 :FQDN --> IP
反向解析 :IP --> FQDN
解析过程大致如下:
技术分享图片

资源记录:Resource Record, 简称rr; 记录有类型:A, AAAA, PTR, SOA, NS, CNAME, MX
SOA:Start Of Authority,起始授权记录; 一个区域解析库有且只能有一个SOA记录,而且必须放在第一条;
NS:Name Service,域名服务记录;一个区域解析库可以有多个NS记录;其中一个为主的;
A: Address, 地址记录,FQDN --> IPv4;
AAAA:地址记录, FQDN --> IPv6;
CNAME:Canonical Name,别名记录;
PTR:Pointer,IP --> FQDN
MX:Mail eXchanger,邮件交换器;优先级:0-99,数字越小优先级越高;


基本配置

1、安装

[root@node1 certs]# yum  install bind
#可能安装
[root@node1 certs]# yum  install bind-libs     #依赖库
[root@node1 certs]# yum  install bind-utils    #dns 工具 dig host等

2、配置主配置文件

[root@ns1 named]# vim /etc/named.conf
acl allow_querys {
        localhost;
};
acl allow_transfers {
        none;
};
acl allow_recursions {
        any;
};
acl allow_updates {
        none;
};

options {
    listen-on port 53 { 192.168.1.102; };   //绑定ip 端口
    //listen-on-v6 port 53 { ::1; };        //ipv6 不用注释
    allow-query     { allow_querys; };       //允许查询的主机;白名单;
    allow-recursion { allow_recursions; };  //允许递归查询白名单
    dnssec-enable no;        
    dnssec-validation no;
    //其余不变    
}

#检查配置文件
[root@ns1 named]# named-checkconf

3、启动

[root@ns1 named]# systemctl start named
[root@ns1 named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-05-11 12:04:26 EDT; 19s ago
   .....

[root@ns1 named]# netstat -lntup|grep named
tcp        0      0 192.168.1.102:53        0.0.0.0:*               LISTEN      26195/named      #用户主从等其他服务
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      26195/named      #rndc 端口,这个进程不能对外开放,dns进程管理
tcp6       0      0 ::1:953                 :::*                    LISTEN      26195/named
udp        0      0 192.168.1.102:53        0.0.0.0:*                           26195/named      #dns解析进程

4、测试

#dig  [+(no)trace]  -t 资源类型  查询对象  [dns serverip]
[root@ns1 named]# dig -t A www.baidu.com @192.168.1.102   #如果本机dns指向 不是本机的话

[root@node1 test]# vim /etc/resolv.conf    #dns指向本机
search localdomain zander.com
nameserver 192.168.1.106 

#host 工具
[root@node1 test]# host -t A www.baidu.com
www.baidu.com has address 183.232.231.173
www.baidu.com has address 183.232.231.172
[root@node1 test]# host -t NS www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
[root@node1 test]# host -t NS www.a.shifen.com.

区域配置

正向区域配置

1、配置文件添加zone

 #这个文件在/etc/named.conf 中被引入
[root@node1 certs]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
        type master;
        file "zander.com.zone";
        allow-transfer { allow_transfers; };
        allow-update { allow_updates; };
};

[root@node1 named]# named-checkconf

2、具体区域配置添加

[root@ns1 named]# cd /var/named/
[root@ns1 named]# vim zander.com.zone
$TTL 3600
$ORIGIN zander.com.
@       IN      SOA     zander.com.     admin.zander.com. (       ;Start Of Authority,起始授权记录,只能第一条,且唯一
        20180530                                                  ;每次修改配置文件都要修改序列号
        1H                                                        ;refresh
        10M                                                       ;retry
        3D                                                        ;expire
        1D)                                                       ;  放弃
        IN      NS      ns1                                       ;Name Service,域名服务记录;一个区域解析库可以有多个NS记录;其中一个为主的;
        IN      MX      10      mx1                               ;Mail eXchanger,邮件交换器;
ns1     IN      A       192.168.1.102                             ;Address, 地址记录,FQDN --> IPv4;
mx1     IN      A       192.168.1.106
www     IN      A       192.168.1.106
web     IN      CNAME   www                                       ;别名
bbs     IN      A       192.168.1.103
bbs     IN      A       192.168.1.106

#修改文件属性
[root@node1 named]# chgrp  named  /var/named/zander.com.zone
[root@node1 named]# chmod  o=  /var/named/zander.com.zone
[root@ns1 named]# named-checkzone zander.com /var/named/zander.com.zone   

3、配置重载

[root@ns1 named]# rndc reload
#或者
[root@ns1 named]# systemctl reload named

4、测试

[root@ns1 named]# host -t A www.zander.com
www.zander.com has address 192.168.1.106
#轮询
[root@node1 named]# host -t A bbs.zander.com
bbs.zander.com has address 192.168.1.106
bbs.zander.com has address 192.168.1.103
[root@node1 named]# host -t A bbs.zander.com
bbs.zander.com has address 192.168.1.103
bbs.zander.com has address 192.168.1.106
#别名
[root@ns1 named]# host -t A  web.zander.com
web.zander.com is an alias for www.zander.com.
www.zander.com has address 192.168.1.106

#
[root@ns1 named]# dig -t A www.zander.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8271
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zander.com.            IN  A

;; ANSWER SECTION:
www.zander.com.     3600    IN  A   192.168.1.106

;; AUTHORITY SECTION:
zander.com.     3600    IN  NS  ns1.zander.com.
zander.com.     3600    IN  NS  ns2.zander.com.

;; ADDITIONAL SECTION:
ns1.zander.com.     3600    IN  A   192.168.1.102
ns2.zander.com.     3600    IN  A   192.168.1.114

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)     #注意解析服务地址
;; WHEN: Fri May 11 12:25:02 EDT 2018
;; MSG SIZE  rcvd: 127

反向区域配置

1、配置文件添加

[root@ns1 named]# vim /etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN{
        type master;
        file "192.168.1.zone";
        allow-transfer { allow_transfers; };
        allow-update { allow_updates; };
};
[root@node1 named]# named-checkconf

2、反向区域配置

[root@ns1 named]# vim 192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@       IN      SOA     ns1.zander.com. admin.zander.com. (
        20180513
        1H
        10M
        3D
        1D)
        IN      NS      ns1.zander.com.
102     IN      PTR     ns1.zander.com.
106     IN      PTR     mx1.zander.com.
106     IN      PTR     www.zander.com.
103     IN      PTR     bbs.zander.com.
106     IN      PTR     bbs.zander.com.

[root@node1 named]# chgrp  named 192.168.1.zone
[root@node1 named]# chmod  o= 192.168.1.zone

[root@ns1 named]# named-checkzone 1.168.192.in-addr.arpa  192.168.1.zone

3、重载

[root@node1 named]# rndc reload

4、测试

[root@ns1 named]# dig -x 192.168.1.106

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -x 192.168.1.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.1.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
106.1.168.192.in-addr.arpa. 3600 IN PTR mx1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR pop3.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR www.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR bbs.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR ns1.zander.com.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600    IN  NS  ns1.zander.com.
1.168.192.in-addr.arpa. 3600    IN  NS  ns2.zander.com.

;; ADDITIONAL SECTION:
ns1.zander.com.     3600    IN  A   192.168.1.102
ns2.zander.com.     3600    IN  A   192.168.1.114

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Fri May 11 12:47:49 EDT 2018
;; MSG SIZE  rcvd: 220

从节点配置

1、同步时间
2、 从节点配置

[root@ns1 slaves]# vim /etc/named.conf
参考基本配置

[root@localhost named]# named-checkconf

[root@ns1 slaves]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
        type slave;
        file "slaves/zander.com.zone";
        masters { 192.168.1.102; };
        allow-transfer { allow_transfers; };    #none  从节点必须none
};

zone "1.168.192.in-addr.arpa" IN{
        type slave;
        file "slaves/192.168.1.zone";
        masters { 192.168.1.102; };
        allow-transfer { allow_transfers; };     #none  从节点必须none
};

[root@ns1 slaves]# named-checkconf

3、主节点配置

[root@ns1 named]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
        type master;
        file "zander.com.zone";
        allow-transfer { allow_transfers; };   # 添加 节点
        allow-update { allow_updates; };
};
zone "1.168.192.in-addr.arpa" IN{
        type master;
        file "192.168.1.zone";
        allow-transfer { allow_transfers; };# 添加 节点
        allow-update { allow_updates; };
};

[root@ns1 named]# vim /etc/named.conf
acl allow_transfers {
        192.168.1.114;
};

[root@ns1 named]# vim /var/named/zander.com.zone
$TTL 3600
$ORIGIN zander.com.
@       IN      SOA     zander.com.     admin.zander.com. (
        20180530
        1H
        10M
        3D
        1D)
        IN      NS      ns1
        IN      NS      ns2                #添加从节点      名字随便取,跟节点真正名字无关
        IN      MX      10      mx1
ns2     IN      A       192.168.1.114      #从节点指向
ns1     IN      A       192.168.1.102
mx1     IN      A       192.168.1.106
www     IN      A       192.168.1.106
web     IN      CNAME   www
bbs     IN      A       192.168.1.103
bbs     IN      A       192.168.1.106

[root@ns1 named]# vim /var/named/192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@       IN      SOA     ns1.zander.com. admin.zander.com. (
        20180513
        1H
        10M
        3D
        1D)
        IN      NS      ns1.zander.com.
        IN      NS      ns2.zander.com.  #添加从节点      
114     IN      PTR     ns2.zander.com.  #从节点指向
102     IN      PTR     ns1.zander.com.
106     IN      PTR     mx1.zander.com.
106     IN      PTR     www.zander.com.
103     IN      PTR     bbs.zander.com.
106     IN      PTR     bbs.zander.com.

[root@ns1 named]# named-checkconf
[root@ns1 named]# named-checkzone zander.com /var/named/zander.com.zone
[root@ns1 named]# named-checkzone 1.168.192.in-addr.arpa  192.168.1.zone

[root@ns1 named]# rndc reload

4、从节点重启

[root@ns1 slaves]# systemctl restart named
[root@ns1 slaves]# ls
192.168.1.zone  zander.com.zone

5、从各自节点测试

[root@ns1 slaves]# dig -t A www.zander.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33358
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zander.com.            IN  A

;; ANSWER SECTION:
www.zander.com.     3600    IN  A   192.168.1.106

;; AUTHORITY SECTION:
zander.com.     3600    IN  NS  ns2.zander.com.
zander.com.     3600    IN  NS  ns1.zander.com.

;; ADDITIONAL SECTION:
ns1.zander.com.     3600    IN  A   192.168.1.102
ns2.zander.com.     3600    IN  A   192.168.1.114

;; Query time: 0 msec
;; SERVER: 192.168.1.114#53(192.168.1.114)
;; WHEN: 五 5月 11 14:19:22 CST 2018
;; MSG SIZE  rcvd: 127

# 从节点
[root@ns1 slaves]# dig -x 192.168.1.106

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.1.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.1.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
106.1.168.192.in-addr.arpa. 3600 IN PTR mx1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR pop3.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR ns1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR www.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR bbs.zander.com.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600    IN  NS  ns1.zander.com.
1.168.192.in-addr.arpa. 3600    IN  NS  ns2.zander.com.

;; ADDITIONAL SECTION:
ns1.zander.com.     3600    IN  A   192.168.1.102
ns2.zander.com.     3600    IN  A   192.168.1.114

;; Query time: 0 msec
;; SERVER: 192.168.1.114#53(192.168.1.114)
;; WHEN: 五 5月 11 14:24:50 CST 2018
;; MSG SIZE  rcvd: 220

6、在主节点添加一条记录

[root@ns1 named]# vim /var/named/zander.com.zone
pop3    IN      A       192.168.1.106
更新序列号

[root@node1 named]# named-checkconf
[root@ns1 named]# rndc reload

7、从服务器查看

[root@ns1 slaves]# dig -t A  pop3.zander.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A pop3.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42653
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pop3.zander.com.       IN  A

;; ANSWER SECTION:
pop3.zander.com.    3600    IN  A   192.168.1.106
.....

8、模拟测试区域传送

#从主的地方拉 
[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.102

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr zander.com @192.168.1.102
;; global options: +cmd
zander.com.     3600    IN  SOA zander.com. admin.zander.com. 20180530 3600 600 259200 86400
zander.com.     3600    IN  NS  ns1.zander.com.
zander.com.     3600    IN  NS  ns2.zander.com.
bbs.zander.com.     3600    IN  A   192.168.1.103
bbs.zander.com.     3600    IN  A   192.168.1.106
mx1.zander.com.     3600    IN  A   192.168.1.106
ns1.zander.com.     3600    IN  A   192.168.1.102
ns2.zander.com.     3600    IN  A   192.168.1.114
ops.zander.com.     3600    IN  NS  ns2.ops.zander.com.
ops.zander.com.     3600    IN  MX  10 mx1.zander.com.
ns2.ops.zander.com. 3600    IN  A   192.168.1.125
pop3.zander.com.    3600    IN  A   192.168.1.106
web.zander.com.     3600    IN  CNAME   www.zander.com.
www.zander.com.     3600    IN  A   192.168.1.106
zander.com.     3600    IN  SOA zander.com. admin.zander.com. 20180530 3600 600 259200 86400
;; Query time: 1 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: 五 5月 11 14:26:51 CST 2018
;; XFR size: 15 records (messages 1, bytes 343)

#从 从节点拉,因为从节点关闭拉节点传输功能
[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.104
^C[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.114

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr zander.com @192.168.1.114
;; global options: +cmd
; Transfer failed.

子域配置 转发

1、主节点

[root@ns1 named]# vim /etc/named.conf
acl allow_querys {
        any;            #配置查询白名单 
};

[root@ns1 named]# vim zander.com.zone
ops.zander.com. IN      NS      ns2.ops.zander.com.
ns2.ops.zander.com.     IN      A       192.168.1.125
修改序列号

[root@ns1 named]# named-checkconf
[root@ns1 named]# rndc reload

2、子节点配置

[root@localhost named]# vim /etc/named.conf
acl allow_querys {
        any;
};
acl allow_transfers {
        none;
};
acl allow_recursions {
        any;
};
acl allow_updates {
        none;
};
options {
        listen-on port 53 { 192.168.1.125; };
         allow-query     { allow_querys; };
         rallow-recursion { allow_recursions; };
}

[root@localhost named]# vim /etc/named.rfc1912.zones
zone "ops.zander.com" IN {
        type master;
        file "ops.zander.com.zone";
        allow-update { allow_updates; };
        allow-transfer { allow_transfers; };
};
#子域转发父域
zone "zander.com" IN {
        type forward;
        forward only;
        forwarders { 192.168.1.102; 192.168.1.114; };
};

[root@localhost named]# cd /var/named/
[root@localhost named]# vim ops.zander.com.zone
$TTL 3600
$ORIGIN ops.zander.com.
@       IN      SOA     ops.zander.com. admin.ops.zander.com. (
        20180512
        1H
        10M
        3D
        1D)
        IN      NS      ns1
ns1     IN      A       192.168.1.125
www     IN      A       192.168.1.125

[root@localhost named]# chgrp named ops.zander.com.zone
[root@localhost named]# chmod o= ops.zander.com.zone
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone ops.zander.com ops.zander.com.zone
[root@localhost named]# systemctl restart named

3、测试

#子域自测
[root@localhost named]# host -t A www.ops.zander.com
www.ops.zander.com has address 192.168.1.125
#子域转发到父域
[root@localhost named]# host -t A www.zander.com
www.zander.com has address 192.168.1.106

#父域解析子域
[root@ns1 named]#  host -t A www.ops.zander.com
www.ops.zander.com has address 192.168.1.125
[root@ns1 named]# dig -t A www.ops.zander.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.ops.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55064
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ops.zander.com.        IN  A

;; ANSWER SECTION:
www.ops.zander.com. 3591    IN  A   192.168.1.125

;; AUTHORITY SECTION:
ops.zander.com.     3591    IN  NS  ns1.ops.zander.com.

;; ADDITIONAL SECTION:
ns1.ops.zander.com. 3591    IN  A   192.168.1.125

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Fri May 11 13:35:51 EDT 2018
;; MSG SIZE  rcvd: 97

测压

测压使用queryperf工具,rpm默认没编译
1、安装

[root@ns1 ~]# wget http://ftp.isc.org/isc/bind9/9.9.4/bind-9.9.4.tar.gz
[root@ns1 ~]# tar xf bind-9.9.4.tar.gz
[root@ns1 ~]# cd bind-9.9.4/contrib/queryperf/
[root@ns1 queryperf]# sh configure
[root@ns1 queryperf]# make
[root@ns1 queryperf]# ls
config.h     config.log     configure     input     Makefile.in  queryperf    queryperf.o    README
config.h.in  config.status  configure.in  Makefile  missing      queryperf.c  querytest.txt  utils

2、解析条目

[root@ns1 queryperf]# vim querytest.txt
www.baidu.com  A
www.163.com  A
www.taobao.com  A
www.zander.com A
bbs.zander.com A
www.ops.zander.com A
#复制2w行

3、测压

[root@ns1 queryperf]# wc -l querytest.txt
23646 querytest.txt

[root@ns1 queryperf]# ./queryperf -d querytest.txt -s 192.168.1.102

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with 192.168.1.102)
[Timeout] Query timed out: msg id 146
[Timeout] Query timed out: msg id 147
[Timeout] Query timed out: msg id 149
[Timeout] Query timed out: msg id 150
[Timeout] Query timed out: msg id 151
[Timeout] Query timed out: msg id 152
[Timeout] Query timed out: msg id 153
[Timeout] Query timed out: msg id 167
[Timeout] Query timed out: msg id 171
[Timeout] Query timed out: msg id 176
[Status] Testing complete

Statistics:

  Parse input file:     once
  Ended due to:         reaching end of file

  Queries sent:         23646 queries    #发送个数
  Queries completed:    23646 queries    #成功
  Queries lost:         0 queries
  Queries delayed(?):   0 queries

  RTT max:          0.012205 sec
  RTT min:              0.000022 sec
  RTT average:          0.000239 sec
  RTT std deviation:    0.000275 sec
  RTT out of range:     0 queries

  Percentage completed: 100.00%
  Percentage lost:        0.00%

  Started at:           Fri May 11 14:01:27 2018
  Finished at:          Fri May 11 14:01:32 2018
  Ran for:              5.009058 seconds

  Queries per second:   4720.648074 qps    #每秒执行

Linux dns服务器介绍

标签:linux dns

原文地址:http://blog.51cto.com/marvin89/2115294

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!