本实验在虚拟机Redhat上搭建DNS服务器:
域名: anyone.com
dns服务器:ns1 192.168.94.128(虚拟机IP)
邮件服务器:mail 192.168.94.128
web服务器:www 192.168.94.128
本文未涉及反向解析。
-
安装bind
[root@localhost ~]# yum install -y bind bind-utils -
查看生成的关键文件
[root@localhost ~]# rpm -ql bind /etc/logrotate.d/named /etc/named /etc/named.conf #bind主配置文件 /etc/named.iscdlv.key /etc/named.rfc1912.zones #定义zone的文件 /etc/named.root.key /etc/rc.d/init.d/named #bind脚本文件 /etc/rndc.conf #rndc配置文件 /etc/rndc.key /etc/sysconfig/named /usr/sbin/named /usr/sbin/named-checkconf #检测/etc/named.conf文件语法 /usr/sbin/named-checkzone #检测zone和对应zone文件的语法 /usr/sbin/nsec3hash /usr/sbin/rndc #远程dns管理工具 /usr/sbin/rndc-confgen #生成rndc密钥 /var/log/named.log /var/named /var/named/data /var/named/named.ca #根解析库 /var/named/named.empty /var/named/named.localhost #本地主机解析库 /var/named/named.loopback /var/run/named [root@localhost ~]# rpm -ql bind-utils #bind-utils包主要提供了一些检测工具 /usr/bin/dig /usr/bin/host /usr/bin/nslookup /usr/bin/nsupdate 查看bind主配置文件 [root@localhost etc]# more named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
-
检查、启动
[root@localhost etc]# named-checkconf #检查配置文件语法
[root@localhost etc]# named-checkzone "localhost" /var/named/named.localhost
#检查localhost zone所对应的解析库文件
[root@localhost etc]# service named start
Starting named: [ OK ] -
在/etc/named.rfc1912.zones文件中添加区域配置文件
zone "anyone.com" IN {
type master;
file "anyone.com.zone";
allow-update { none; };
}; -
在/var/named 目录下创建anyone.com.zone区域文件,如下:
并修改此文件权限:chown root:named /var/named/anyone.com.zone[root@REDHAT named]# more anyone.com.zone $TTL 600 $ORIGIN anyone.com. @ IN SOA ns1.anyone.com. admin.anyone.com. ( 20180930 ; serial 1H ; refresh 1M ; retry 1W ; expire 10M ) ; minimum IN NS ns1 IN MX 10 mail ns1 IN A 192.168.94.128 mail IN A 192.168.94.128 www IN A 192.168.94.128 * IN A 192.168.94.128
6.检查修改后的配置(named.conf)和区域文件(anyone.com.zone)参考第3步。
重启DNS服务 #service named restart
7. 测试DNS服务
[root@REDHAT etc]# nslookup www.anyone.com
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
[root@REDHAT etc]# nslookup www.anyone.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.anyone.com
Address: 192.168.94.128
8 不用手动指定DNS地址,可修改/etc/resolv.conf添加本机IP
nameserver 192.168.94.128
同时修改/etc/named.conf 注释以下两行开放权限:
//listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
9.测试
[root@REDHAT etc]# dig -t A mail.anyone.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t A mail.anyone.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24535
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.anyone.com. IN A
;; ANSWER SECTION:
mail.anyone.com. 600 IN A 192.168.94.128
;; AUTHORITY SECTION:
anyone.com. 600 IN NS ns1.anyone.com.
;; ADDITIONAL SECTION:
ns1.anyone.com. 600 IN A 192.168.94.128
;; Query time: 0 msec
;; SERVER: 192.168.94.128#53(192.168.94.128)
;; WHEN: Sun Sep 30 00:22:19 2018
;; MSG SIZE rcvd: 83
[root@REDHAT etc]#
[root@REDHAT etc]# dig -t A www.anyone.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t A www.anyone.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16710
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.anyone.com. IN A
;; ANSWER SECTION:
www.anyone.com. 600 IN A 192.168.94.128
;; AUTHORITY SECTION:
anyone.com. 600 IN NS ns1.anyone.com.
;; ADDITIONAL SECTION:
ns1.anyone.com. 600 IN A 192.168.94.128
;; Query time: 0 msec
;; SERVER: 192.168.94.128#53(192.168.94.128)
;; WHEN: Sun Sep 30 00:22:35 2018
;; MSG SIZE rcvd: 82
附 dig 用法
语法
dig (选项) (参数)
选项
@<服务器地址>:指定进行域名解析的域名服务器;
-b<ip地址>:当主机具有多个IP地址,指定使用本机的哪个IP地址向域名服务器发送域名查询请求;
-f<文件名称>:指定dig以批处理的方式运行,指定的文件中保存着需要批处理查询的DNS任务信息;
-P:指定域名服务器所使用端口号;
-t<类型>:指定要查询的DNS数据类型;
-x<IP地址>:执行逆向域名查询;
-4:使用IPv4;
-6:使用IPv6;
-h:显示指令帮助信息。
参数
主机:指定要查询域名主机;
查询类型:指定DNS查询的类型;
查询类:指定查询DNS的class;
查询选项:指定查询选项。
注意:默认情况下,dig查找指定的域的“A”记录,但也可以指定其他记录。比如MX,CNAME,NS,PTR等,
只需将类型加在命令后面即可