标签:linux dns
DNS(Domain Name System),域名解析,简单说就是域名查找ip,也可以是ip查找域名,可以相互解析。资源记录:Resource Record, 简称rr; 记录有类型:A, AAAA, PTR, SOA, NS, CNAME, MX
SOA:Start Of Authority,起始授权记录; 一个区域解析库有且只能有一个SOA记录,而且必须放在第一条;
NS:Name Service,域名服务记录;一个区域解析库可以有多个NS记录;其中一个为主的;
A: Address, 地址记录,FQDN --> IPv4;
AAAA:地址记录, FQDN --> IPv6;
CNAME:Canonical Name,别名记录;
PTR:Pointer,IP --> FQDN
MX:Mail eXchanger,邮件交换器;优先级:0-99,数字越小优先级越高;
1、安装
[root@node1 certs]# yum install bind
#可能安装
[root@node1 certs]# yum install bind-libs #依赖库
[root@node1 certs]# yum install bind-utils #dns 工具 dig host等
2、配置主配置文件
[root@ns1 named]# vim /etc/named.conf
acl allow_querys {
localhost;
};
acl allow_transfers {
none;
};
acl allow_recursions {
any;
};
acl allow_updates {
none;
};
options {
listen-on port 53 { 192.168.1.102; }; //绑定ip 端口
//listen-on-v6 port 53 { ::1; }; //ipv6 不用注释
allow-query { allow_querys; }; //允许查询的主机;白名单;
allow-recursion { allow_recursions; }; //允许递归查询白名单
dnssec-enable no;
dnssec-validation no;
//其余不变
}
#检查配置文件
[root@ns1 named]# named-checkconf
3、启动
[root@ns1 named]# systemctl start named
[root@ns1 named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2018-05-11 12:04:26 EDT; 19s ago
.....
[root@ns1 named]# netstat -lntup|grep named
tcp 0 0 192.168.1.102:53 0.0.0.0:* LISTEN 26195/named #用户主从等其他服务
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 26195/named #rndc 端口,这个进程不能对外开放,dns进程管理
tcp6 0 0 ::1:953 :::* LISTEN 26195/named
udp 0 0 192.168.1.102:53 0.0.0.0:* 26195/named #dns解析进程
4、测试
#dig [+(no)trace] -t 资源类型 查询对象 [dns serverip]
[root@ns1 named]# dig -t A www.baidu.com @192.168.1.102 #如果本机dns指向 不是本机的话
[root@node1 test]# vim /etc/resolv.conf #dns指向本机
search localdomain zander.com
nameserver 192.168.1.106
#host 工具
[root@node1 test]# host -t A www.baidu.com
www.baidu.com has address 183.232.231.173
www.baidu.com has address 183.232.231.172
[root@node1 test]# host -t NS www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
[root@node1 test]# host -t NS www.a.shifen.com.
1、配置文件添加zone
#这个文件在/etc/named.conf 中被引入
[root@node1 certs]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
type master;
file "zander.com.zone";
allow-transfer { allow_transfers; };
allow-update { allow_updates; };
};
[root@node1 named]# named-checkconf
2、具体区域配置添加
[root@ns1 named]# cd /var/named/
[root@ns1 named]# vim zander.com.zone
$TTL 3600
$ORIGIN zander.com.
@ IN SOA zander.com. admin.zander.com. ( ;Start Of Authority,起始授权记录,只能第一条,且唯一
20180530 ;每次修改配置文件都要修改序列号
1H ;refresh
10M ;retry
3D ;expire
1D) ; 放弃
IN NS ns1 ;Name Service,域名服务记录;一个区域解析库可以有多个NS记录;其中一个为主的;
IN MX 10 mx1 ;Mail eXchanger,邮件交换器;
ns1 IN A 192.168.1.102 ;Address, 地址记录,FQDN --> IPv4;
mx1 IN A 192.168.1.106
www IN A 192.168.1.106
web IN CNAME www ;别名
bbs IN A 192.168.1.103
bbs IN A 192.168.1.106
#修改文件属性
[root@node1 named]# chgrp named /var/named/zander.com.zone
[root@node1 named]# chmod o= /var/named/zander.com.zone
[root@ns1 named]# named-checkzone zander.com /var/named/zander.com.zone
3、配置重载
[root@ns1 named]# rndc reload
#或者
[root@ns1 named]# systemctl reload named
4、测试
[root@ns1 named]# host -t A www.zander.com
www.zander.com has address 192.168.1.106
#轮询
[root@node1 named]# host -t A bbs.zander.com
bbs.zander.com has address 192.168.1.106
bbs.zander.com has address 192.168.1.103
[root@node1 named]# host -t A bbs.zander.com
bbs.zander.com has address 192.168.1.103
bbs.zander.com has address 192.168.1.106
#别名
[root@ns1 named]# host -t A web.zander.com
web.zander.com is an alias for www.zander.com.
www.zander.com has address 192.168.1.106
#
[root@ns1 named]# dig -t A www.zander.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8271
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zander.com. IN A
;; ANSWER SECTION:
www.zander.com. 3600 IN A 192.168.1.106
;; AUTHORITY SECTION:
zander.com. 3600 IN NS ns1.zander.com.
zander.com. 3600 IN NS ns2.zander.com.
;; ADDITIONAL SECTION:
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102) #注意解析服务地址
;; WHEN: Fri May 11 12:25:02 EDT 2018
;; MSG SIZE rcvd: 127
1、配置文件添加
[root@ns1 named]# vim /etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN{
type master;
file "192.168.1.zone";
allow-transfer { allow_transfers; };
allow-update { allow_updates; };
};
[root@node1 named]# named-checkconf
2、反向区域配置
[root@ns1 named]# vim 192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA ns1.zander.com. admin.zander.com. (
20180513
1H
10M
3D
1D)
IN NS ns1.zander.com.
102 IN PTR ns1.zander.com.
106 IN PTR mx1.zander.com.
106 IN PTR www.zander.com.
103 IN PTR bbs.zander.com.
106 IN PTR bbs.zander.com.
[root@node1 named]# chgrp named 192.168.1.zone
[root@node1 named]# chmod o= 192.168.1.zone
[root@ns1 named]# named-checkzone 1.168.192.in-addr.arpa 192.168.1.zone
3、重载
[root@node1 named]# rndc reload
4、测试
[root@ns1 named]# dig -x 192.168.1.106
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -x 192.168.1.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
106.1.168.192.in-addr.arpa. 3600 IN PTR mx1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR pop3.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR www.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR bbs.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR ns1.zander.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS ns1.zander.com.
1.168.192.in-addr.arpa. 3600 IN NS ns2.zander.com.
;; ADDITIONAL SECTION:
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Fri May 11 12:47:49 EDT 2018
;; MSG SIZE rcvd: 220
1、同步时间
2、 从节点配置
[root@ns1 slaves]# vim /etc/named.conf
参考基本配置
[root@localhost named]# named-checkconf
[root@ns1 slaves]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
type slave;
file "slaves/zander.com.zone";
masters { 192.168.1.102; };
allow-transfer { allow_transfers; }; #none 从节点必须none
};
zone "1.168.192.in-addr.arpa" IN{
type slave;
file "slaves/192.168.1.zone";
masters { 192.168.1.102; };
allow-transfer { allow_transfers; }; #none 从节点必须none
};
[root@ns1 slaves]# named-checkconf
3、主节点配置
[root@ns1 named]# vim /etc/named.rfc1912.zones
zone "zander.com" IN{
type master;
file "zander.com.zone";
allow-transfer { allow_transfers; }; # 添加 节点
allow-update { allow_updates; };
};
zone "1.168.192.in-addr.arpa" IN{
type master;
file "192.168.1.zone";
allow-transfer { allow_transfers; };# 添加 节点
allow-update { allow_updates; };
};
[root@ns1 named]# vim /etc/named.conf
acl allow_transfers {
192.168.1.114;
};
[root@ns1 named]# vim /var/named/zander.com.zone
$TTL 3600
$ORIGIN zander.com.
@ IN SOA zander.com. admin.zander.com. (
20180530
1H
10M
3D
1D)
IN NS ns1
IN NS ns2 #添加从节点 名字随便取,跟节点真正名字无关
IN MX 10 mx1
ns2 IN A 192.168.1.114 #从节点指向
ns1 IN A 192.168.1.102
mx1 IN A 192.168.1.106
www IN A 192.168.1.106
web IN CNAME www
bbs IN A 192.168.1.103
bbs IN A 192.168.1.106
[root@ns1 named]# vim /var/named/192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA ns1.zander.com. admin.zander.com. (
20180513
1H
10M
3D
1D)
IN NS ns1.zander.com.
IN NS ns2.zander.com. #添加从节点
114 IN PTR ns2.zander.com. #从节点指向
102 IN PTR ns1.zander.com.
106 IN PTR mx1.zander.com.
106 IN PTR www.zander.com.
103 IN PTR bbs.zander.com.
106 IN PTR bbs.zander.com.
[root@ns1 named]# named-checkconf
[root@ns1 named]# named-checkzone zander.com /var/named/zander.com.zone
[root@ns1 named]# named-checkzone 1.168.192.in-addr.arpa 192.168.1.zone
[root@ns1 named]# rndc reload
4、从节点重启
[root@ns1 slaves]# systemctl restart named
[root@ns1 slaves]# ls
192.168.1.zone zander.com.zone
5、从各自节点测试
[root@ns1 slaves]# dig -t A www.zander.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33358
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.zander.com. IN A
;; ANSWER SECTION:
www.zander.com. 3600 IN A 192.168.1.106
;; AUTHORITY SECTION:
zander.com. 3600 IN NS ns2.zander.com.
zander.com. 3600 IN NS ns1.zander.com.
;; ADDITIONAL SECTION:
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
;; Query time: 0 msec
;; SERVER: 192.168.1.114#53(192.168.1.114)
;; WHEN: 五 5月 11 14:19:22 CST 2018
;; MSG SIZE rcvd: 127
# 从节点
[root@ns1 slaves]# dig -x 192.168.1.106
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.1.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
106.1.168.192.in-addr.arpa. 3600 IN PTR mx1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR pop3.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR ns1.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR www.zander.com.
106.1.168.192.in-addr.arpa. 3600 IN PTR bbs.zander.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS ns1.zander.com.
1.168.192.in-addr.arpa. 3600 IN NS ns2.zander.com.
;; ADDITIONAL SECTION:
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
;; Query time: 0 msec
;; SERVER: 192.168.1.114#53(192.168.1.114)
;; WHEN: 五 5月 11 14:24:50 CST 2018
;; MSG SIZE rcvd: 220
6、在主节点添加一条记录
[root@ns1 named]# vim /var/named/zander.com.zone
pop3 IN A 192.168.1.106
更新序列号
[root@node1 named]# named-checkconf
[root@ns1 named]# rndc reload
7、从服务器查看
[root@ns1 slaves]# dig -t A pop3.zander.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A pop3.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42653
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pop3.zander.com. IN A
;; ANSWER SECTION:
pop3.zander.com. 3600 IN A 192.168.1.106
.....
8、模拟测试区域传送
#从主的地方拉
[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.102
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr zander.com @192.168.1.102
;; global options: +cmd
zander.com. 3600 IN SOA zander.com. admin.zander.com. 20180530 3600 600 259200 86400
zander.com. 3600 IN NS ns1.zander.com.
zander.com. 3600 IN NS ns2.zander.com.
bbs.zander.com. 3600 IN A 192.168.1.103
bbs.zander.com. 3600 IN A 192.168.1.106
mx1.zander.com. 3600 IN A 192.168.1.106
ns1.zander.com. 3600 IN A 192.168.1.102
ns2.zander.com. 3600 IN A 192.168.1.114
ops.zander.com. 3600 IN NS ns2.ops.zander.com.
ops.zander.com. 3600 IN MX 10 mx1.zander.com.
ns2.ops.zander.com. 3600 IN A 192.168.1.125
pop3.zander.com. 3600 IN A 192.168.1.106
web.zander.com. 3600 IN CNAME www.zander.com.
www.zander.com. 3600 IN A 192.168.1.106
zander.com. 3600 IN SOA zander.com. admin.zander.com. 20180530 3600 600 259200 86400
;; Query time: 1 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: 五 5月 11 14:26:51 CST 2018
;; XFR size: 15 records (messages 1, bytes 343)
#从 从节点拉,因为从节点关闭拉节点传输功能
[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.104
^C[root@ns1 slaves]# dig -t axfr zander.com @192.168.1.114
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr zander.com @192.168.1.114
;; global options: +cmd
; Transfer failed.
1、主节点
[root@ns1 named]# vim /etc/named.conf
acl allow_querys {
any; #配置查询白名单
};
[root@ns1 named]# vim zander.com.zone
ops.zander.com. IN NS ns2.ops.zander.com.
ns2.ops.zander.com. IN A 192.168.1.125
修改序列号
[root@ns1 named]# named-checkconf
[root@ns1 named]# rndc reload
2、子节点配置
[root@localhost named]# vim /etc/named.conf
acl allow_querys {
any;
};
acl allow_transfers {
none;
};
acl allow_recursions {
any;
};
acl allow_updates {
none;
};
options {
listen-on port 53 { 192.168.1.125; };
allow-query { allow_querys; };
rallow-recursion { allow_recursions; };
}
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "ops.zander.com" IN {
type master;
file "ops.zander.com.zone";
allow-update { allow_updates; };
allow-transfer { allow_transfers; };
};
#子域转发父域
zone "zander.com" IN {
type forward;
forward only;
forwarders { 192.168.1.102; 192.168.1.114; };
};
[root@localhost named]# cd /var/named/
[root@localhost named]# vim ops.zander.com.zone
$TTL 3600
$ORIGIN ops.zander.com.
@ IN SOA ops.zander.com. admin.ops.zander.com. (
20180512
1H
10M
3D
1D)
IN NS ns1
ns1 IN A 192.168.1.125
www IN A 192.168.1.125
[root@localhost named]# chgrp named ops.zander.com.zone
[root@localhost named]# chmod o= ops.zander.com.zone
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone ops.zander.com ops.zander.com.zone
[root@localhost named]# systemctl restart named
3、测试
#子域自测
[root@localhost named]# host -t A www.ops.zander.com
www.ops.zander.com has address 192.168.1.125
#子域转发到父域
[root@localhost named]# host -t A www.zander.com
www.zander.com has address 192.168.1.106
#父域解析子域
[root@ns1 named]# host -t A www.ops.zander.com
www.ops.zander.com has address 192.168.1.125
[root@ns1 named]# dig -t A www.ops.zander.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.ops.zander.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55064
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ops.zander.com. IN A
;; ANSWER SECTION:
www.ops.zander.com. 3591 IN A 192.168.1.125
;; AUTHORITY SECTION:
ops.zander.com. 3591 IN NS ns1.ops.zander.com.
;; ADDITIONAL SECTION:
ns1.ops.zander.com. 3591 IN A 192.168.1.125
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Fri May 11 13:35:51 EDT 2018
;; MSG SIZE rcvd: 97
测压使用queryperf工具,rpm默认没编译
1、安装
[root@ns1 ~]# wget http://ftp.isc.org/isc/bind9/9.9.4/bind-9.9.4.tar.gz
[root@ns1 ~]# tar xf bind-9.9.4.tar.gz
[root@ns1 ~]# cd bind-9.9.4/contrib/queryperf/
[root@ns1 queryperf]# sh configure
[root@ns1 queryperf]# make
[root@ns1 queryperf]# ls
config.h config.log configure input Makefile.in queryperf queryperf.o README
config.h.in config.status configure.in Makefile missing queryperf.c querytest.txt utils
2、解析条目
[root@ns1 queryperf]# vim querytest.txt
www.baidu.com A
www.163.com A
www.taobao.com A
www.zander.com A
bbs.zander.com A
www.ops.zander.com A
#复制2w行
3、测压
[root@ns1 queryperf]# wc -l querytest.txt
23646 querytest.txt
[root@ns1 queryperf]# ./queryperf -d querytest.txt -s 192.168.1.102
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 192.168.1.102)
[Timeout] Query timed out: msg id 146
[Timeout] Query timed out: msg id 147
[Timeout] Query timed out: msg id 149
[Timeout] Query timed out: msg id 150
[Timeout] Query timed out: msg id 151
[Timeout] Query timed out: msg id 152
[Timeout] Query timed out: msg id 153
[Timeout] Query timed out: msg id 167
[Timeout] Query timed out: msg id 171
[Timeout] Query timed out: msg id 176
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 23646 queries #发送个数
Queries completed: 23646 queries #成功
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.012205 sec
RTT min: 0.000022 sec
RTT average: 0.000239 sec
RTT std deviation: 0.000275 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Fri May 11 14:01:27 2018
Finished at: Fri May 11 14:01:32 2018
Ran for: 5.009058 seconds
Queries per second: 4720.648074 qps #每秒执行
标签:linux dns
原文地址:http://blog.51cto.com/marvin89/2115294