1.任务背景
公司内网中需要通过域名访问到开发的web应用。获得更好的访问体
验。故需要在内网中搭建DNS服务器解析域名,开发、测试、运维人员。可
以通过内网DNS服务,访问到公司内部应用。
2.任务要求
自建dns服务器
解析内网域名,能够访问内网web应用
www.yuanyu.zhangmin 解析到服务器IP
3、任务拆解
搭建DNS服务
客户端配置DNS服务地址
4、课程目标
DNS服务的作用
域名的构成
DNS服务搭建(掌握)
解析域名操作 (掌握)
正向和逆向解析
Dns=domain name system
域名管理系统
域名:
由特定的格式组成
用来表示互联网这某一台计算机或者计算机组逇名称
能够让人更方便的访问互联网
而不用记忆能够被机器直接读取的ip地址
互联网中的计算机都是通过ip地址相互访问的
ipv4|ipv6
域名代替ip实现计算机的访问,是ip地址的别名
每个域名都应该有一个对应的ip地址
将域名正向解析为IP
A记录
DNS IP反向解析域名 PTR反向解析
www.baidu.com.
.点 根域
从右向左解析
在整个DNS系统的最上方一点是.,这个dns服务器称为root,也叫根域,
共有13个根域,一个为主根域服务器在美国,其余12个为辅根域,美国9
个,欧洲2个英国和瑞典,亚洲一个,位于日本。
一级域名 国家域名 顶级域名
com edu gov org cc io
cn uk us ru ja ko
com
商业公司
net 互联网公司
edu 教育,学校gov 政府部门
io 存储设备
cn|uk|us|hk|tw 国家域
二级域名
自己购买域名
qq.com baidu.com
购买域名的机构
新网
万网(阿里云)
查询方式
1.递归查询,逐级查询,一次到位,但是速度慢
2.迭代查询,多次查询一个地址,可以缓存
一次递归,多次迭代
dig解析域名
yum -y install bind-utils.x86_64
==dig +trace www.baidu.com==
解析.
解析com.解析baidu.com.
解析www.baidu.com
只要ip地址,不要解析过程
[root@localhost ~]# dig @server www.baidu.com
dig: couldn't get address for 'server': not found
[root@localhost ~]# dig www.baidu.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>>
www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36090
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0,
ADDITIONAL: 0
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 180.101.50.188
www.a.shifen.com. 5 IN A 180.101.50.242;; Query time: 78 msec
;; SERVER: 192.168.83.2#53(192.168.83.2)
;; WHEN: 一 7月 22 23:11:22 CST 2024
;; MSG SIZE rcvd: 90
反向解析
[root@localhost ~]# dig -x 180.101.50.188
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> -x
180.101.50.188
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6416
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 0
;; QUESTION SECTION:
;188.50.101.180.in-addr.arpa. IN PTR
;; Query time: 73 msec
;; SERVER: 192.168.83.2#53(192.168.83.2)
;; WHEN: 一 7月 22 23:16:32 CST 2024
;; MSG SIZE rcvd: 45
编号
主机名称
说明
1
cli.yuanyu.zhangmin
客户端,用户测试
2
dns.yuanyu.zhangmin
dns服务器,用于实现域名解析
3
web.yuanyu.zhangmin
web访问测试
DNS域名解析都是udp/53,主从之间的数据传输默认使用tcp/53
dns服务端软件
1.bind
DNS服务搭建
环境准备
setenforce 0
vim /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
安装bind软件
yum search bind
[root@dns ~]# yum -y install bind
安装可以使用rpm -ql是否安装
find查询文件
[root@dns ~]# rpm -qa|grep bind
bind-libs-9.11.4-26.P2.el7_9.16.x86_64
bind-9.11.4-26.P2.el7_9.16.x86_64
bind-libs-lite-9.11.4-26.P2.el7_9.16.x86_64
bind-export-libs-9.11.4-26.P2.el7_9.16.x86_64
bind-license-9.11.4-26.P2.el7_9.16.noarch
查看配置文件
[root@dns ~]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
# 配置文件
/etc/named.conf
/etc/named.iscdlv.key
# 定义区域文件 正向和负向解析
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named/run/named
/usr/bin/arpaname
/usr/bin/named-rrchecker
/usr/lib/python2.7/site-packages/isc
/usr/lib/python2.7/site-packages/isc-2.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/isc/__init__.py
/usr/lib/python2.7/site-packages/isc/__init__.pyc
/usr/lib/python2.7/site-packages/isc/__init__.pyo
/usr/lib/python2.7/site-packages/isc/checkds.py
/usr/lib/python2.7/site-packages/isc/checkds.pyc
/usr/lib/python2.7/site-packages/isc/checkds.pyo
/usr/lib/python2.7/site-packages/isc/coverage.py
/usr/lib/python2.7/site-packages/isc/coverage.pyc
/usr/lib/python2.7/site-packages/isc/coverage.pyo
/usr/lib/python2.7/site-packages/isc/dnskey.py
/usr/lib/python2.7/site-packages/isc/dnskey.pyc
/usr/lib/python2.7/site-packages/isc/dnskey.pyo
/usr/lib/python2.7/site-packages/isc/eventlist.py
/usr/lib/python2.7/site-packages/isc/eventlist.pyc
/usr/lib/python2.7/site-packages/isc/eventlist.pyo
/usr/lib/python2.7/site-packages/isc/keydict.py
/usr/lib/python2.7/site-packages/isc/keydict.pyc
/usr/lib/python2.7/site-packages/isc/keydict.pyo
/usr/lib/python2.7/site-packages/isc/keyevent.py
/usr/lib/python2.7/site-packages/isc/keyevent.pyc
/usr/lib/python2.7/site-packages/isc/keyevent.pyo
/usr/lib/python2.7/site-packages/isc/keymgr.py
/usr/lib/python2.7/site-packages/isc/keymgr.pyc
/usr/lib/python2.7/site-packages/isc/keymgr.pyo
/usr/lib/python2.7/site-packages/isc/keyseries.py
/usr/lib/python2.7/site-packages/isc/keyseries.pyc
/usr/lib/python2.7/site-packages/isc/keyseries.pyo
/usr/lib/python2.7/site-packages/isc/keyzone.py
/usr/lib/python2.7/site-packages/isc/keyzone.pyc
/usr/lib/python2.7/site-packages/isc/keyzone.pyo
/usr/lib/python2.7/site-packages/isc/parsetab.py
/usr/lib/python2.7/site-packages/isc/parsetab.pyc
/usr/lib/python2.7/site-packages/isc/parsetab.pyo
/usr/lib/python2.7/site-packages/isc/policy.py
/usr/lib/python2.7/site-packages/isc/policy.pyc/usr/lib/python2.7/site-packages/isc/policy.pyo
/usr/lib/python2.7/site-packages/isc/rndc.py
/usr/lib/python2.7/site-packages/isc/rndc.pyc
/usr/lib/python2.7/site-packages/isc/rndc.pyo
/usr/lib/python2.7/site-packages/isc/utils.py
/usr/lib/python2.7/site-packages/isc/utils.pyc
/usr/lib/python2.7/site-packages/isc/utils.pyo
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-checkds
/usr/sbin/dnssec-coverage
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-importkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-keymgr
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/dnssec-verify
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
#可执行文件
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen/usr/sbin/tsig-keygen
/usr/share/doc/bind-9.11.4
/usr/share/doc/bind-9.11.4/Bv9ARM.ch01.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch02.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch03.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch04.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch05.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch06.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch07.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch08.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch09.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch10.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch11.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch12.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch13.html
/usr/share/doc/bind-9.11.4/Bv9ARM.html
/usr/share/doc/bind-9.11.4/Bv9ARM.pdf
/usr/share/doc/bind-9.11.4/CHANGES
/usr/share/doc/bind-9.11.4/README
/usr/share/doc/bind-9.11.4/isc-logo.pdf
/usr/share/doc/bind-9.11.4/man.arpaname.html
/usr/share/doc/bind-9.11.4/man.ddns-confgen.html
/usr/share/doc/bind-9.11.4/man.delv.html
/usr/share/doc/bind-9.11.4/man.dig.html
/usr/share/doc/bind-9.11.4/man.dnssec-checkds.html
/usr/share/doc/bind-9.11.4/man.dnssec-coverage.html
/usr/share/doc/bind-9.11.4/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-importkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.11.4/man.dnssec-keygen.html
/usr/share/doc/bind-9.11.4/man.dnssec-keymgr.html
/usr/share/doc/bind-9.11.4/man.dnssec-revoke.html
/usr/share/doc/bind-9.11.4/man.dnssec-settime.html
/usr/share/doc/bind-9.11.4/man.dnssec-signzone.html
/usr/share/doc/bind-9.11.4/man.dnssec-verify.html
/usr/share/doc/bind-9.11.4/man.dnstap-read.html
/usr/share/doc/bind-9.11.4/man.genrandom.html
/usr/share/doc/bind-9.11.4/man.host.html
/usr/share/doc/bind-9.11.4/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.11.4/man.lwresd.html/usr/share/doc/bind-9.11.4/man.mdig.html
/usr/share/doc/bind-9.11.4/man.named-checkconf.html
/usr/share/doc/bind-9.11.4/man.named-checkzone.html
/usr/share/doc/bind-9.11.4/man.named-journalprint.html
/usr/share/doc/bind-9.11.4/man.named-nzd2nzf.html
/usr/share/doc/bind-9.11.4/man.named-rrchecker.html
/usr/share/doc/bind-9.11.4/man.named.conf.html
/usr/share/doc/bind-9.11.4/man.named.html
/usr/share/doc/bind-9.11.4/man.nsec3hash.html
/usr/share/doc/bind-9.11.4/man.nslookup.html
/usr/share/doc/bind-9.11.4/man.nsupdate.html
/usr/share/doc/bind-9.11.4/man.pkcs11-destroy.html
/usr/share/doc/bind-9.11.4/man.pkcs11-keygen.html
/usr/share/doc/bind-9.11.4/man.pkcs11-list.html
/usr/share/doc/bind-9.11.4/man.pkcs11-tokens.html
/usr/share/doc/bind-9.11.4/man.rndc-confgen.html
/usr/share/doc/bind-9.11.4/man.rndc.conf.html
/usr/share/doc/bind-9.11.4/man.rndc.html
/usr/share/doc/bind-9.11.4/named.conf.default
/usr/share/doc/bind-9.11.4/notes.html
/usr/share/doc/bind-9.11.4/notes.pdf
/usr/share/doc/bind-9.11.4/sample
/usr/share/doc/bind-9.11.4/sample/etc
/usr/share/doc/bind-9.11.4/sample/etc/named.conf
/usr/share/doc/bind-9.11.4/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.11.4/sample/var
/usr/share/doc/bind-9.11.4/sample/var/named
/usr/share/doc/bind-9.11.4/sample/var/named/data
/usr/share/doc/bind-
9.11.4/sample/var/named/my.external.zone.db
/usr/share/doc/bind-
9.11.4/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/named.ca
/usr/share/doc/bind-9.11.4/sample/var/named/named.empty
/usr/share/doc/bind-
9.11.4/sample/var/named/named.localhost
/usr/share/doc/bind-9.11.4/sample/var/named/named.loopback
/usr/share/doc/bind-9.11.4/sample/var/named/slaves
/usr/share/doc/bind-
9.11.4/sample/var/named/slaves/my.ddns.internal.zone.db/usr/share/doc/bind-
9.11.4/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man1/named-rrchecker.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-checkds.8.gz
/usr/share/man/man8/dnssec-coverage.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-importkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-keymgr.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/dnssec-verify.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/usr/share/man/man8/tsig-keygen.8.gz
# 日志文件
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
启动服务
systemctl start named
/etc/named.conf
主要配置访问权限控制
配置哪些主机可以访问dns服务器
/etc/named.rfc1912.zones
主要定义域名如何解析,正向解析,解析到具体的ip地址
备份文件
[root@dns ~]# cp /etc/named.conf /etc/named.conf.bak
[root@dns ~]# cp /etc/named.rfc1912.zones
/etc/named.rfc1912.zones.bak
[root@dns ~]# ls -l /etc/named*
-rw-r----- 1 root named 1806 6月 11 22:41 /etc/named.conf
-rw-r----- 1 root root 1806 7月 23 00:19
/etc/named.conf.bak
-rw-r--r-- 1 root named 3923 6月 11 22:41
/etc/named.iscdlv.key
-rw-r----- 1 root named 931 6月 21 2007
/etc/named.rfc1912.zones
-rw-r----- 1 root root 931 7月 23 00:19
/etc/named.rfc1912.zones.bak
-rw-r--r-- 1 root named 1886 4月 13 2017
/etc/named.root.key
配置主配置文件named.conf
添加any,所有主机都可以访问
[root@dns ~]# vim /etc/named.conf
##########################################################
######
options {
# 允许任何主机访问
listen-on port 53 { 127.0.0.1;any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file
"/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
# 允许任何主机访问
allow-query { localhost;any; };配置zones文件
创建文件 file "yuanyu.zhangmin.zone";
vim /var/named/yuanyu.zhangmin.zone 定义正向解析
复制文件修改
[root@dns ~]# vim /etc/named.rfc1912.zones
# 显示行
:set nu
# 复制内容
:19,23 co 42
42
43 zone "yuanyu.zhangmin" IN {
44 type master;
45 file "yuanyu.zhangmin.zone";
46 allow-update { none; };
47 };-p 保持文件原属性赋值
编辑域名文件
vim yuanyu.zhangmin.zone
[root@dns ~]# cd /var/named/
[root@dns named]# ls
data dynamic named.ca named.empty named.localhost
named.loopback slaves
[root@dns named]# cp -p named.localhost
yuanyu.zhangmin.zone
[root@dns named]# ls
data dynamic named.ca named.empty named.localhost
named.loopback slaves yuanyu.zhangmin.zone
[root@dns named]# ls -l
总用量 20
drwxrwx--- 2 named named 6 6月 11 22:40 data
drwxrwx--- 2 named named 6 6月 11 22:40 dynamic
-rw-r----- 1 root named 2253 4月 5 2018 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 6月 11 22:40 slaves
-rw-r----- 1 root named 152 6月 21 2007
yuanyu.zhangmin.zonezone文件格式说明
www.baidu.com
查询方式
递归
www.baidu.com.
迭代
缓存
一次递归,多次迭代
# 缓存周期 一天
$TTL 1D
# @ 当前域 IN互联网 SOA开始授权 @当前域 rname.invalid 邮箱
@ IN SOA @ rname.invalid. (
#更新序列号
0 ; serial
#跟新间隔
1D ; refresh
# 失败重试
1H ; retry
# 区域文件的过期时间
1W ; expire
#缓存的最小生存周期
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1检查文件
/etc/named.conf和zone文件
启动dns服务
[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
[root@dns named]#
[root@dns named]# named-checkzone yuanyu.zhangmin.zone
yuanyu.zhangmin.zone
zone yuanyu.zhangmin.zone/IN: loaded serial 0
OK
[root@dns named]# systemctl start named
[root@dns named]#
[root@dns named]# netstat -lnput|grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 1495/named
tcp 0 0 10.1.1.11:53 0.0.0.0:*
LISTEN 1495/namedtcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 1495/named
tcp6 0 0 ::1:953 :::*
LISTEN 1495/named
tcp6 0 0 ::1:53 :::*
LISTEN 1495/named
udp 0 0 10.1.1.11:53 0.0.0.0:*
1495/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
1495/named
udp6 0 0 ::1:53 :::*
1495/named
yum -y install nginx
添加dns服务器
临时
echo "nameserver 10.1.1.11" > /etc/resole.conf
永久
检测域名是否正确
[root@web ~]# echo "nameserver 10.1.1.11" >
/etc/resolv.conf
[root@web ~]#
#临时添加,重启network就还原了
[root@web ~]# vim /etc/sysconfig/network-scripts/ifcfg
ens33
# 添加dns服务就可以了
DNS:10.1.1.11
[root@web ~]# ping www.yuanyu.zhangmin
PING www.yuanyu.zhangmin (10.1.1.12) 56(84) bytes of data.
64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=1
ttl=64 time=0.011 ms
64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=2
ttl=64 time=0.026 ms
64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=3
ttl=64 time=0.022 ms
64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=4
ttl=64 time=0.043 ms64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=5
ttl=64 time=0.022 ms
64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=6
ttl=64 time=0.015 ms
64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=7
ttl=64 time=0.022 ms
64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=8
ttl=64 time=0.021 ms
64 bytes from web.yuanyu.zhangmin (10.1.1.12): icmp_seq=9
ttl=64 time=0.022 ms
^C
--- www.yuanyu.zhangmin ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time
8007ms
rtt min/avg/max/mdev = 0.011/0.022/0.043/0.010 ms
[root@web ~]#
curl www.yuanyu.zhangmin
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN">
<html>
<head>
<title>Welcome to CentOS</title>
<style rel="stylesheet" type="text/css">
[root@web ~]# yum -y install elinks.x86_64