Linux的DNS正向解析和转发配置
DNS是Domain Name System(域名系统)的简称,用来解析域名和ip的对应关系。关于域名的定义以及解析原理大家都知道。
DNS搭建非常简单,所需软件:bind(服务主程序)、bind-utils(提供dns查询命令,如dig、host、nslookup)
[root@sed ~]# yum install bind bind-utils -y
bind的程序名称叫做named,服务的程序配置文件如下:
主程序 /usr/sbin/named
主配置文件 /etc/named.conf
区域配置文件 /etc/namd.rfc.1912.zones
配置域名myzdl.xin的解析配置参考,且DNS为企业内部DNS:
1、修改主配置文件
[root@sed ~]# vim /etc/named.conf
options {listen-on port 53 {192.168.1.104; };#开启监听接口 # listen-on-v6 port 53 { ::1; }; #关闭ipv6directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";# forward only;#只做转发用forwarders {114.114.114.114;8.8.8.8; };#添加转发DNSallow-query{any; };#允许哪些地址查询,可写地址网段
dnssec-enable no; #optins中的安全机制,对域名签名检查dnssec-validation no; #关闭
include "/etc/named.rfc1912.zones";include "/etc/named.myzdl.xin"; #添加自己新文件include "/etc/named.root.key";
2、创建区域文件,添加配置
[root@sed ~]# vim /etc/named.myzdl.xin
zone “myzdl.xin” IN {
type master;
file “named.myzdl.xin”;
allow-update { none; };
};
3、修改解析文件
[root@sed ~]# cp /var/named/named.localhost /var/named/named.myzdl.xin
[root@sed ~]# chmod o+r /var/named/named.myzdl.xin
[root@sed ~]# vim /var/named/named.myzdl.xin
$TTL 1D #表示解析后的dns缓存期为1天
@ IN SOA @ rname.invalid. (
0 ; serial #更新序列号,主从服务器之间根据此值是否一致来决定数据同步
1D ; refresh #更新一次的时间
1H ; retry #重试的间隔时间
1W ; expire #失效时间,1周
3H ) ; minimum #无效记录的缓存时间
NS @
A 127.0.0.1
AAAA ::1
解释参数:
SOA #表示本机器为该域的权威服务器
@ #代表区域,这里代表 myzdl.xin ,上面刚才自己定义了的域名
rname.invalid. #代表管理员邮箱地址(本来应该是rname@invalid. ,但是@被服务器用了,因此用"."来表示)
NS #表示是一个域服务器。后面跟域名
A #正向解析记录,后面跟IP地址
PTR #反向解析,后面跟域名
CNAME #别名记录,后面跟域名
MX #邮件记录,后面有邮件服务器的优先级,后面跟域名
$TTL 1D@ IN SOA @ . ( ;邮箱@被使用,这里用'.'代替@0 ; serial1D; refresh1H; retry1W; expire3H ) ; minimumNS@;NS指域名服务器,myzdl.xin.A 127.0.0.1; AAAA ::1wwwA 172.16.1.10 ;如果后面加'.',代表是完整的域名.ftpA 172.16.1.20@ NSdns1@ NSdns2dns1 A 192.168.1.104dns2 A 192.168.1.105@ MX 10 mail1@ MX 20 mail2mail1 A 192.168.2.100mail2 A 192.168.2.200web CNAMEwww
[root@sed ~]# systemctl enable named
[root@sed ~]# systemctl start named
---------------------------------------------------------------
测试:
C:\Users\Administrator>nslookup默认服务器: UnKnownAddress: 192.168.1.1> server 192.168.1.104默认服务器: [192.168.1.104]Address: 192.168.1.104> myzdl.xin服务器: [192.168.1.104]Address: 192.168.1.104名称: myzdl.xinAddress: 127.0.0.1> www.myzdl.xin服务器: [192.168.1.104]Address: 192.168.1.104名称: www.myzdl.xinAddress: 172.16.1.10> set type=ns> myzdl.xin服务器: [192.168.1.104]Address: 192.168.1.104myzdl.xin nameserver = myzdl.xinmyzdl.xin nameserver = dns2.myzdl.xinmyzdl.xin nameserver = dns1.myzdl.xinmyzdl.xin internet address = 127.0.0.1dns1.myzdl.xin internet address = 192.168.1.104dns2.myzdl.xin internet address = 192.168.1.105> set type=mx> myzdl.xin服务器: [192.168.1.104]Address: 192.168.1.104myzdl.xin MX preference = 10, mail exchanger = mail1.myzdl.xinmyzdl.xin MX preference = 20, mail exchanger = mail2.myzdl.xinmyzdl.xin nameserver = dns2.myzdl.xinmyzdl.xin nameserver = dns1.myzdl.xinmyzdl.xin nameserver = myzdl.xinmail1.myzdl.xin internet address = 192.168.2.100mail2.myzdl.xin internet address = 192.168.2.200myzdl.xin internet address = 127.0.0.1dns1.myzdl.xin internet address = 192.168.1.104dns2.myzdl.xin internet address = 192.168.1.105> set type=a> web.myzdl.xin服务器: [192.168.1.104]Address: 192.168.1.104名称: www.myzdl.xinAddress: 172.16.1.10Aliases: web.myzdl.xin> 服务器: [192.168.1.104]Address: 192.168.1.104非权威应答:名称: public.sparta.mig.tencent-Addresses: 14.18.175.154113.96.232.215Aliases: > 服务器: [192.168.1.104]Address: 192.168.1.104非权威应答:名称: spool.Address: 117.21.216.80Aliases: >