正向解析
-
编辑/etc/named.conf
listen-on port 53 { 172.0.0.1; 192.168.209.134; }; //listen-on-v6 port 53 { ::1; }; allow-query { any; }; dnssec-enable no; dnssec-validation no; -
编辑/etc/named.rfc1912.zones
zone "iounix.com" IN { type master; file "iounix.com.zone"; }; -
创建/var/named/iounix.com.zone
$TTL 3600 iounix.com. IN SOA iounix.com. admin.iounix.com. ( 2017052301 1H 10M 3D 1D ) IN NS ns1.iounix.com. ns1 IN A 192.168.209.134 www IN A 172.16.0.1 aaa IN A 4.1.1.1 web IN CNAME www -
检查
named-checkconf named-checkzone iounix.com iounix.com.zone
-
rndc reload
-
修改问价权限
~]# chown .named /var/named/iounix.com.zone ~]# chmod o= /var/named/iounix.com.zone
-
测试
~]# dig -t A www.iounix.com @192.168.209.134
或
如果未指定DNS服务器地址,则采用默认的地址;在/etc/resolv.conf中设置默认DNS服务器;~]# vim /etc/resolv.conf # Generated by NetworkManager search localdomain nameserver 192.168.209.134 ~]# dig -t A www.iounix.com
反向解析
-
编辑/etc/named.rfc1912.zones
zone "209.168.192.in-addr.arpa" IN { type master; file "192.168.209.zone"; }; -
编辑/var/named/192.168.209.zone
$TTL 3600 @ IN SOA iounix.com. admin.iounix.com. ( 2017052301 1H 10M 3D 1D ) @ IN NS ns1.iounix.com. 100 IN PTR www.iounix.com. 200 IN PTR bbc.iounix.com. -
检查
~]# named-checkconf ~]# named-checkzone 209.168.192.in-addr.arpa 192.168.209.zone
-
修改问价权限
~]#chown .named /var/named/192.168.209.zone ~]#chmod o= /var/named/192.168.209.zone
-
测试
~]# dig -x 192.168.209.100 @192.168.209.134 ;; QUESTION SECTION: ;100.209.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.209.168.192.in-addr.arpa. 3600 IN PTR www.iounix.com. ;; AUTHORITY SECTION: 209.168.192.in-addr.arpa. 3600 IN NS ns1.iounix.com. ;; ADDITIONAL SECTION: ns1.iounix.com. 3600 IN A 192.168.209.134
主从服务器
- 当主服务器发生改变时,序列号加1,之后tail /var/log/messages,消息显示从服务器到主服务器中更新数据;
-
在从服务器中,编辑:/etc/named.rfc1912.zones
正向解析: zone "iounix.com" IN { type slave; file "slaves/iounix.zone"; masters { 192.168.209.134; }; }; 反向解析: zone "209.168.192.in-addr.arpa" IN { type slave; file "slaves/192.168.209.zone"; masters { 192.168.209.134; }; }; -
-
在主服务器中编辑:/var/named/linux.io.zone
$TTL 3600 iounix.com. IN SOA iounix.com. admin.iounix.com. ( 2017052301 1H 10M 3D 1D ) IN NS ns1.iounix.com. IN NS ns2.iounix.com. ns1 IN A 192.168.209.134 ns2 IN A 192.168.209.137 www IN A 172.16.0.1 aaa IN A 4.1.1.1 web IN CNAME www 注:编辑完之后,修改序列号,以便通知从服务器;主服务器上:rndc reload
主服务器上:tail /var/log/messagesMay 27 22:36:58 localhost named[4447]: client 192.168.209.137#57555 (iounix.com): transfer of 'iounix.com/IN': AXFR started May 27 22:36:58 localhost named[4447]: client 192.168.209.137#57555 (iounix.com): transfer of 'iounix.com/IN': AXFR ended May 27 22:36:58 localhost named[4447]: client 192.168.209.137#50945: received notify for zone 'iounix.com'
-
在主服务器上编辑:/var/named/192.168.209.zone
$TTL 3600 @ IN SOA iounix.com. admin.iounix.com. ( 2017052303 1H 10M 3D 1D ) @ IN NS ns1.iounix.com. 137 IN NS ns2.iounix.com. 100 IN PTR www.iounix.com. 200 IN PTR bbc.iounix.com. 注:编辑完之后,修改序列号,以便通知从服务器;主服务器上:rndc reload
主服务器上:tail /var/log/messagesMay 27 22:54:34 localhost named[4447]: zone 209.168.192.in-addr.arpa/IN: loaded serial 2017052303 May 27 22:54:34 localhost named[4447]: zone 209.168.192.in-addr.arpa/IN: sending notifies (serial 2017052303)
-
-
-
测试时:dig -t A web.iounix.com @192.168.209.137
注意:使用从服务器进行解析;; ANSWER SECTION: web.iounix.com. 3600 IN CNAME www.iounix.com. www.iounix.com. 3600 IN A 172.16.0.1 ;; AUTHORITY SECTION: iounix.com. 3600 IN NS ns1.iounix.com. iounix.com. 3600 IN NS ns2.iounix.com. ;; ADDITIONAL SECTION: ns1.iounix.com. 3600 IN A 192.168.209.134 ns2.iounix.com. 3600 IN A 192.168.209.137
-
测试时:~]# dig -x 192.168.209.100 @192.168.209.137
注意:使用从服务器进行解析;; QUESTION SECTION: ;100.209.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.209.168.192.in-addr.arpa. 3600 IN PTR www.iounix.com. ;; AUTHORITY SECTION: 209.168.192.in-addr.arpa. 3600 IN NS ns1.iounix.com. ;; ADDITIONAL SECTION: ns1.iounix.com. 3600 IN A 192.168.209.134
-
子域授权
-
在主服务器中进行编辑/var/named/linux.io.zone
$TTL 3600 linux.io. IN SOA linux.io. admin.linux.io. ( 2017052302 1H 10M 3D 1D ) IN NS ns1.linux.io. IN NS ns2.linux.io. ns1 IN A 192.168.209.134 ns2 IN A 192.168.209.135 www IN A 172.16.0.1 aaa IN A 8.8.8.8 web IN CNAME www ops.linux.io. IN NS ns1.ops.linux.io. dev.linux.io. IN NS ns1.dev.linux.io. ns1.ops IN A 192.168.209.137 ns1.dev IN A 192.168.209.136 -
同步时间:ntpdate 172.16.0.1
-
编写子域服务器192.168.209.137中的/etc/named.conf文件;
options { listen-on port 53 { 127.0.0.1; 192.168.209.137; }; allow-query { any; }; dnssec-enable no; dnssec-validation no; -
在192.168.209.137中配置/etc/named.rfc1912.zones
zone "ops.linux.io" IN { type master; file "ops.linux.io.zone"; }; -
在子域服务器中编写/var/named/ops.linux.io.zone
$TTL 600 @ IN SOA ops.linux.io. admin.ops.linux.io. ( 2017052401 1H 5M 3D 2H ) @ IN NS ns1 ns1 IN A 192.168.209.137 abc IN A 6.6.6.6 -
修改文件权限
~]# chown .named /var/named/ops.linux.io.zone ~]# chmod o= /var/named/ops.linux.io.zone
-
检查53端口是否开启
-
rndc reload
-
检查错误
~]# named-checkconf ~]# named-checkzone ops.linux.io /var/named/ops.linux.io.zone zone ops.linux.io/IN: loaded serial 2017052401 OK [root@centos7 named]# tail /var/log/messages
-
父域解析:dig -t A ns1.ops.linux.io @192.168.209.134;flags:没有aa
子域解析:dig -t A ns1.ops.linux.io @192.168.209.137;flags:有aa
转发
- forward为only时找不到时,不找根;
-
forward为first找不到时,找根;
正常情况下,子域无法解析父域,如果实现转发可解析父域 -
区域转发
-
子域/etc/named.rfc1912.zones
zone "linux.io" IN { type forward; forward only; forwarders { 192.168.209.134; 192.168.209.135; }; }; -
此时子域解析父域,可以实现;但flags中没有aa
dig -t A ns1.linux.io @192.168.209.137
-
-
全局转发
-
在要设置全局转发的主机的/etc/named.conf中设置
options中加入 forward only; forwarders { SERVER_IP; }; - 再次测试dig -t A www.baidu.com @192.168.209.135
-
在要设置全局转发的主机的/etc/named.conf中设置
acl访问控制列表
-
在/etc/named.conf中先定义才能使用,放在options之前;
acl acl_name { ip; 或 net/prelen; }; -
如果是对于全局控制,则在options中:
allow-recursion { acl_name; };如果只是针对于某一个zone的控制,在相对应的zone中进行编辑:
zone "iounix.com" IN { type master; file "iounix.com.zone"; allow-query { acl_name; }; }; -
检查错误,重载配置文件
named-checkconf
rndc reload -
测试
不同的访问控制指令的表现:在192.168.209.134主机中进行操作;-
allow-query {}; 允许查询的主机;
编辑:/etc/named.conf acl test { 192.168.209.137; }; 编辑:/etc/named.rfc1912.zones zone "iounix.com" IN { type master; file "iounix.com.zone"; allow-query { test; }; }; 在本地主机中(192.168.209.134): ~]# dig -t A www.iounix.com @192.168.209.134 ... ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.iounix.com. IN A ... 在192.168.209.137中进行: ~]# dig -t A www.iounix.com @192.168.209.134 ;; QUESTION SECTION: ;www.iounix.com. IN A ;; ANSWER SECTION: www.iounix.com. 3600 IN A 172.16.0.0 ;; AUTHORITY SECTION: iounix.com. 3600 IN NS dns2.iounix.com. iounix.com. 3600 IN NS dns1.iounix.com. ;; ADDITIONAL SECTION: dns1.iounix.com. 3600 IN A 192.168.209.134 dns2.iounix.com. 3600 IN A 192.168.209.137 -
allow-transfer {}; 允许哪些主机做区域传送;默认是所有主机;
编辑:/etc/named.conf acl slavesrvs { 192.168.209.137; 127.0.0.0/8; }; 编辑:/etc/named.rfc1912.zones zone "iounix.com" IN { type master; file "iounix.com.zone"; allow-transfer { slavesrvs; }; }; 在本地主机中(192.168.209.134) ~]# dig -t axfr iounix.com @192.168.209.134 ; Transfer failed. ~]# dig -t axfr iounix.com @127.0.0.1 显示列表 在192.168.209.137的主机 ~]# dig -t axfr iounix.com @192.168.209.134 显示列表 在slavesrvs中没有设置的主机 ~]# dig -t axfr iounix.com @192.168.209.134 ; Transfer failed. -
allow-recursion { }; 允许哪此主机向当前DNS服务器发起递归查询请求;
编辑:/etc/named.conf acl localnet { 192.168.209.0/24; 127.0.0.0/8; }; //recursion yes; allow-recursion { localnet; }; - allow-update { }; DDNS,允许动态更新区域数据库文件中内容; 一般为none
-
view 智能DNS解析
-
在/etc/named.conf中,先定义acl
acl localnet { 192.168.209.137; }; acl mynet { 192.168.209.138; }; -
编辑/etc/named.rfc1912.zones
view local { match-clients { localnet; }; . . . zone "iounix.com" IN { type master; file "iounix.com/localnet"; }; }; view my { match-clients { mynet; }; zone "iounix.com" IN { type master; file "iounix.com/mynet"; }; }; view ex { match-clients { any; }; zone "iounix.com" IN { type master; file "iounix.com/any"; }; }; -
操作命令:
named-checkconf
rndc reload
mkdir /var/named/iounix.com
cd iounix.com
vim localnet$TTL 600 @ IN SOA iounix.com. admin.iounix.com. ( 2017052701 1H 10M 1D 2H ) IN NS dns1 dns1 IN A 192.168.209.134 www IN A 2.2.2.2vim mynet
$TTL 600 @ IN SOA iounix.com. admin.iounix.com. ( 2017052701 1H 10M 1D 2H ) IN NS dns1 dns1 IN A 192.168.209.134 www IN A 3.3.3.3vim any
$TTL 600 @ IN SOA iounix.com. admin.iounix.com. ( 2017052701 1H 10M 1D 2H ) IN NS dns1 dns1 IN A 192.168.209.134 www IN A 4.4.4.4 -
测试:
-
在192.168.209.137主机
~]# dig -t A www.iounix.com @192.168.209.134 ;; QUESTION SECTION: ;www.iounix.com. IN A ;; ANSWER SECTION: www.iounix.com. 600 IN A 2.2.2.2 ;; AUTHORITY SECTION: iounix.com. 600 IN NS dns1.iounix.com. ;; ADDITIONAL SECTION: dns1.iounix.com. 600 IN A 192.168.209.134
-
在192.168.209.138主机:
~]# dig -t A www.iounix.com @192.168.209.134 ;; QUESTION SECTION: ;www.iounix.com. IN A ;; ANSWER SECTION: www.iounix.com. 600 IN A 3.3.3.3 ;; AUTHORITY SECTION: iounix.com. 600 IN NS dns1.iounix.com. ;; ADDITIONAL SECTION: dns1.iounix.com. 600 IN A 192.168.209.134
-
在其他主机上:
~]# dig -t A www.iounix.com @192.168.209.134 ;; QUESTION SECTION: ;www.iounix.com. IN A ;; ANSWER SECTION: www.iounix.com. 600 IN A 4.4.4.4 ;; AUTHORITY SECTION: iounix.com. 600 IN NS dns1.iounix.com. ;; ADDITIONAL SECTION: dns1.iounix.com. 600 IN A 192.168.209.134
-
原创文章,作者:s,如若转载,请注明出处:http://www.178linux.com/77276
