标签:elements 控制 primary 解释 html 语法 namespace which strong
Bind Version: 9.11.4
Domain Name System, 即域名系统. 它使用树状层次结构的命名空间, 将域名和IP地址相互映射, 形成一个分布式数据库系统.
Fully Qualified Domain Name
## FQDN format: host.[lld.]sld.tld.root # lld: lower-level domain # sld: second-level domain # tld: top-level domain
解析方式:
正向解析
FQDN ---> IP
反向解析
IP ---> FQDN
解析结果:
肯定答案 (Definitive Answer)
存在查询的域名, 返回的答案会被缓存下来.
否定答案 (Negative Answer)
不存在查询的域名, 返回的答案会被缓存下来.
权威答案 (Authoritative Answer)
由权威DNS服务器返回的答案.
非权威答案 (Nonauthoritative Answer)
由DNS的缓存中查询到的答案.
域名解析呈树状的层次结构, 如下图所示:
互联网场景
局域网场景
1984年, UC Berkeley的四个学生, Douglas Terry, Mark Painter, David Riggle 和 周松年, 为Berkeley Internet Name Domain (简称BIND) 编写了第一个Unix名称服务器实现.
1985年, Digital Equipment Corporation的Kevin Dunlap大幅修改了BIND.
现在, BIND由Internet Systems Consortium负责维护.
程序包:
bind
提供DNS服务程序(named), 语法检查工具(named-checkconf, named-checkzone)和控制工具(rndc).
bind-chroot
将named进程限制在指定的chroot目录中, 增强安全性.
bind-utils
提供DNS查询工具集, 例如dig, host, nslookup等.
bind-libs
被bind和bind-utils共同依赖的库文件.
二进制文件:
示例文件:
配置文件:
/etc/named.conf
options { // 全局选项 }; logging { // 定义日志 }; zone "ZONE_NAME" IN { // 定义区域 }; ... ... ... ... // 包含文件 include FILEPATH;
INCLUDE:
/etc/named.rfs1912.zones
- type forward;
zone "ZONE_NAME" IN { type forward; forward {first|only}; forwarders {SERVER_IPs;}; };
- type master;
zone "ZONE_NAME" IN { type master; file "ZONE_NAME.zone"; };
- type slave;
zone "ZONE_NAME" IN { type slave; file "slaves/ZONE_NAME.zone"; masters {MASTER_IPs;}; };
/etc/named.root.key
解析库文件:
UDP 53
用于域名解析
TCP 53
用于主从间区域传送
TCP 953
用于rndc管理bind服务
domain
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control on the Internet.
zone
A DNS zone is a distinct part of the domain namespace which is delegated to a legal entity—a person, organization or company, who are responsible for maintaining the DNS zone.
A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a singledomain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR).
资源记录类型
| Type | Description | Function |
|---|---|---|
| SOA | Start of Authority | Specifies the primary authoritative name server for the DNS Zone. |
| NS | Name server record | Delegates a DNS zone to use the given authoritative name servers. |
| A | Address record | Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host. |
| AAAA | IPv6 address record | Same as above, but returning a 128-bit IPv6 address. |
| CNAME | Canonical name record | Alias of one name to another. |
| MX | Mail exchange record | Maps a domain to a list of message transfer agents for that domain. |
| PTR | Pointer record | Pointer to a canonical name. The most common use is for implementing reverse DNS lookups. |
| ... | ... | ... |
资源记录格式
一般格式:
NAME TTL RECORD_CLASS RECORD_TYPE RECORD_DATA
- Name is an alphanumeric identifier of the DNS record. It can be left blank, and inherits its value from the previous record.
- TTL (time to live) specifies how long the record should be kept in the local cache of a DNS resolver. If not specified, the global TTL (
$TTL) value at the top of the zone file is used.- Record class indicates the namespace—typically IN, which is the Internet namespace.
- Record type is the DNS record type.
- Record data has one or more information elements, depending on the record type, separated by a white space.
示例:
SOA
$TTL 86400
; ZONE_NAME. MASTER_NS_FQDN hostmaster@zakzhu.com.
zakzhu.com. IN SOA ns0.zakzhu.com. hostmaster.zakzhu.com. (
2020031700 ; serial
1H ; refresh (1 hours)
15M ; retry (15 mins)
7D ; expire (7 days)
20M ) ; minimum (20 mins)字段解释:
serial
Serial number of this zone file .
The recommended syntax is YYYYMMDDnn .
( YYYY=year, MM=month, DD=day, nn=revision number )refresh
How often a secondary will poll the primary server to see if the serial number for the zone has increased (so it knows to request a new copy of the data for the zone).
retry
If a secondary was unable to contact the primary at the last refresh, wait the retry value before trying again.
expire
How long a secondary will still treat its copy of the zone data as valid if it can‘t contact the primary.
After a zone is expired a secondary will still continue to try to contact the primary, but it will no longer provide nameservice for the zone.
minimum
How long a resolver may cache the negative answer.
上述字段取值一般遵循以下原则:
- refresh >= retry * 2
- refresh + retry < expire
- expire >= retry * 10
- expire >= 7 days
NS
zakzhu.com. IN NS ns0.zakzhu.com.
zakzhu.com. IN NS ns1.zakzhu.com.A
ns0.zakzhu.com. IN A 192.168.199.200
ns1.zakzhu.com. IN A 192.168.199.201
www.zakzhu.com. IN A 192.168.199.200
mx1.zakzhu.com. IN A 192.168.199.200
mx2.zakzhu.com. IN A 192.168.199.201CNAME
web.zakzhu.com. IN CNAME www.zakzhu.com.MX
zakzhu.com. IN MX 10 mx1.zakzhu.com.
zakzhu.com. IN MX 20 mx2.zakzhu.com.PTR
200.199.168.192.in-addr.arpa. IN PTR www.zakzhu.com.标签:elements 控制 primary 解释 html 语法 namespace which strong
原文地址:https://www.cnblogs.com/zakzhu/p/12515090.html
