DNS(4) -- dns功能实现-配置正向解析和反向解析以及DNS递归查询示例
1 DNS配置示例
1.1 DNS解析类型
DNS在一个区域中有正向解析和反向解析两种类型:
正向解析:
FQDN->IP
反向解析:
IP->FQDN
反向解析用到根域下一个特殊的名为ARPA域,叫反向解析域;
反向解析域下面有一个in-addr,再往下为IP地址;
以172.20.0.100为例,查询路线为访问根–>arpa域–>in-addr–>172–>20–>0–>100,但是在PTR记录中要反着写:100.0.20.172.in-addr-arpa.;
1.2 配置正向解析
自定义域分为如下两类:
- 主机域:
- 1.主机域其实是一个假域;
- 2.主机域其实是不能解析到互联网上;
- 3.主机域它只对局域网(内网)提供服务;
- 业务域:
- 1.业务域一般都是真实可用的;
- 2.业务域则为一个真正需要对外提供服务的域名;
以xuzhichao.com域为例进行配置。
启动named服务:
[root@dns01 ~]# systemctl start named.service [root@dns01 ~]# rndc status
version: BIND 9.11.4-P2-RedHat-9.11.4-16.P2.el7 (Extended Support Version) <id:7107deb>
running on dns01: Linux x86_64 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020
boot time: Fri, 16 Jul 2021 15:51:04 GMT
last configured: Fri, 16 Jul 2021 15:54:19 GMT
configuration file: /etc/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 104 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 8/150
server is up and running [root@dns01 ~]# ss -ntulp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 192.168.50.70:53 *:* users:(("named",pid=1743,fd=515))
udp UNCONN 0 0 192.168.20.70:53 *:* users:(("named",pid=1743,fd=514))
udp UNCONN 0 0 192.168.2.123:53 *:* users:(("named",pid=1743,fd=513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",pid=1743,fd=512))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=1743,fd=516))
tcp LISTEN 0 10 192.168.50.70:53 *:* users:(("named",pid=1743,fd=24))
tcp LISTEN 0 10 192.168.20.70:53 *:* users:(("named",pid=1743,fd=23))
tcp LISTEN 0 10 192.168.2.123:53 *:* users:(("named",pid=1743,fd=22))
tcp LISTEN 0 10 127.0.0.1:53 *:* users:(("named",pid=1743,fd=21))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=1743,fd=25))
主配置文件修改如下:
[root@dns01 ~]# cat /etc/named.conf
options {
listen-on port 53 { localhost; };
listen-on-v6 port 53 { localhost; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
}; logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
}; zone "." IN {
type hint;
file "named.ca";
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.xuzhichao.com.zone"; <==新增一个区域配置文件
新增区域配置文件,主要区域配置的属主为root,属组为named,权限为640:
#修改区域配置文件属性
[root@dns01 ~]# chgrp named /etc/named.xuzhichao.com.zone
[root@dns01 ~]# chmod 640 /etc/named.xuzhichao.com.zone #区域配置文件内容:
[root@dns01 ~]# cat /etc/named.xuzhichao.com.zone
zone "xuzhichao.com" IN {
type master;
file "xuzhichao.com.zone"; <==指定区域解析文件名称,此处为相对路径,存放在/var/named/目录下;
};
新增区域解析文件:
[root@dns01 ~]# cat /var/named/xuzhichao.com.zone
$TTL 86400 xuzhichao.com. IN SOA ns1.xuzhichao.com. mail.xuzhichao.com. (
2021071601
10800
900
604800
86400
) xuzhichao.com. IN NS ns1.xuzhichao.com.
xuzhichao.com. IN NS ns2.xuzhichao.com. ns1 IN A 192.168.20.70
ns2 IN A 192.168.20.71 xuzhichao.com. IN MX 10 mx1.xuzhichao.com.
mx1 IN A 192.168.20.11 ;业务域
www.xuzhichao.com. IN A 192.168.20.31
www.xuzhichao.com. IN A 192.168.20.32 web.xuzhichao.com. IN CNAME www.xuzhichao.com. ;主机域 nginx02.xuzhichao.com. IN A 192.168.20.22
ngxin03.xuzhichao.com. IN A 192.168.20.23 nginx-lb01.xuzhichao.com. IN A 192.168.20.19
nginx-lb02.xuzhichao.com. IN A 192.168.20.20 apache01.xuzhichao.com. IN A 192.168.20.21 lvs01.xuzhichao.com. IN A 192.168.20.31
lvs02.xuzhichao.com. IN A 192.168.20.32 mysql01.xuzhichao.com. IN A 192.168.20.50 redis01.xuzhichao.com. IN A 192.168.20.61 nfs01.xuzhichao.com. IN A 192.168.20.30 dns01.xuzhichao.com. IN A 192.168.20.70 #修改文件权限属性:
[root@dns01 ~]# chgrp named /etc/named.xuzhichao.com.zone
[root@dns01 ~]# chmod 640 /etc/named.xuzhichao.com.zone
检测配置文件语法:
[root@dns01 ~]# named-checkconf
[root@dns01 ~]# named-checkzone xuzhichao.com /var/named/xuzhichao.com.zone
zone xuzhichao.com/IN: loaded serial 2021071601
OK
重启named服务:
[root@dns01 ~]# rndc reload
server reload successful 或:
[root@dns01 ~]# systemctl restart named.service
测试域名解析:
#1.测试DNS的轮询功能
[root@xuzhichao ~]# dig @192.168.20.70 www.xuzhichao.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> @192.168.20.70 www.xuzhichao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28384
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.xuzhichao.com. IN A ;; ANSWER SECTION:
www.xuzhichao.com. 86400 IN A 192.168.20.32
www.xuzhichao.com. 86400 IN A 192.168.20.31 ;; AUTHORITY SECTION:
xuzhichao.com. 86400 IN NS ns1.xuzhichao.com.
xuzhichao.com. 86400 IN NS ns2.xuzhichao.com. ;; ADDITIONAL SECTION:
ns1.xuzhichao.com. 86400 IN A 192.168.20.70
ns2.xuzhichao.com. 86400 IN A 192.168.20.71 ;; Query time: 1 msec
;; SERVER: 192.168.20.70#53(192.168.20.70)
;; WHEN: Fri Jul 16 23:55:56 CST 2021
;; MSG SIZE rcvd: 146 #轮询访问
[root@xuzhichao ~]# dig @192.168.20.70 www.xuzhichao.com +short
192.168.20.32
192.168.20.31
[root@xuzhichao ~]# dig @192.168.20.70 www.xuzhichao.com +short
192.168.20.32
192.168.20.31
[root@xuzhichao ~]# dig @192.168.20.70 www.xuzhichao.com +short
192.168.20.31
192.168.20.32 #2.测试CNAME记录
[root@xuzhichao ~]# dig @192.168.20.70 web.xuzhichao.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> @192.168.20.70 web.xuzhichao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65041
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;web.xuzhichao.com. IN A ;; ANSWER SECTION:
web.xuzhichao.com. 86400 IN CNAME www.xuzhichao.com.
www.xuzhichao.com. 86400 IN A 192.168.20.32
www.xuzhichao.com. 86400 IN A 192.168.20.31 ;; AUTHORITY SECTION:
xuzhichao.com. 86400 IN NS ns2.xuzhichao.com.
xuzhichao.com. 86400 IN NS ns1.xuzhichao.com. ;; ADDITIONAL SECTION:
ns1.xuzhichao.com. 86400 IN A 192.168.20.70
ns2.xuzhichao.com. 86400 IN A 192.168.20.71 ;; Query time: 0 msec
;; SERVER: 192.168.20.70#53(192.168.20.70)
;; WHEN: Sat Jul 17 00:02:16 CST 2021
;; MSG SIZE rcvd: 164 [root@xuzhichao ~]# dig @192.168.20.70 web.xuzhichao.com +short
www.xuzhichao.com.
192.168.20.32
192.168.20.31
[root@xuzhichao ~]# dig @192.168.20.70 web.xuzhichao.com +short
www.xuzhichao.com.
192.168.20.32
192.168.20.31
[root@xuzhichao ~]# dig @192.168.20.70 web.xuzhichao.com +short
www.xuzhichao.com.
192.168.20.31
192.168.20.32 #3.测试A记录
[root@xuzhichao ~]# dig @192.168.20.70 nginx02.xuzhichao.com +short
192.168.20.22 #4.修改客户端的dns为192.168.20.70.测试ping域名访问:
[root@dns01 named]# vim /etc/resolv.conf
[root@dns01 named]# ping dns01.xuzhichao.com
PING dns01.xuzhichao.com (192.168.20.70) 56(84) bytes of data.
64 bytes from dns01.xuzhichao.com (192.168.20.70): icmp_seq=1 ttl=64 time=0.009 ms
64 bytes from dns01.xuzhichao.com (192.168.20.70): icmp_seq=2 ttl=64 time=0.035 ms
1.3 配置反向解析
为上面的正向解析配置反向解析域。
增加区域配置文件:
[root@dns01 ~]# cat /etc/named.xuzhichao.com.zone
zone "xuzhichao.com" IN {
type master;
file "xuzhichao.com.zone";
}; zone "20.168.198.in-addr.arpa" IN {
type master;
file "20.168.198.in-addr.arpa.zone";
};
增加区域解析文件:
[root@dns01 named]# cat /var/named/20.168.198.in-addr.arpa.zone
$TTL 86400 @ IN SOA ns1.xuzhichao.com. mail.xuzhichao.com. (
2021071601
10800
900
604800
86400
) @ IN NS ns1.xuzhichao.com.
@ IN NS ns2.xuzhichao.com. 70 IN PTR ns1.xuzhichao.com.
71 IN PTR ns2.xuzhichao.com. ;业务域
31 IN PTR www.xuzhichao.com.
32 IN PTR www.xuzhichao.com. ;主机域 22 IN PTR nginx02.xuzhichao.com.
23 IN PTR ngxin03.xuzhichao.com. 19 IN PTR nginx-lb01.xuzhichao.com.
20 IN PTR nginx-lb02.xuzhichao.com. 21 IN PTR apache01.xuzhichao.com. 31 IN PTR lvs01.xuzhichao.com.
32 IN PTR lvs02.xuzhichao.com. 50 IN PTR mysql01.xuzhichao.com. 61 IN PTR redis01.xuzhichao.com. 30 IN PTR nfs01.xuzhichao.com. 70 IN PTR dns01.xuzhichao.com. [root@dns01 named]# chgrp named 20.168.198.in-addr.arpa.zone
[root@dns01 named]# chmod 640 20.168.198.in-addr.arpa.zone
检测语法,重启bind服务:
#检测语法
[root@dns01 named]# named-checkconf
[root@dns01 named]# named-checkzone 20.168.198.in-addr.arpa /var/named/20.168.198.in-addr.arpa.zone
zone 20.168.198.in-addr.arpa/IN: loaded serial 2021071601
OK #重启bind服务
[root@dns01 named]# rndc reload
server reload successful [root@dns01 named]# rndc status
version: BIND 9.11.4-P2-RedHat-9.11.4-16.P2.el7 (Extended Support Version) <id:7107deb>
running on dns01: Linux x86_64 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020
boot time: Sat, 17 Jul 2021 01:39:12 GMT
last configured: Sat, 17 Jul 2021 01:39:16 GMT
configuration file: /etc/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 105 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 8/150
server is up and running
客户端测试反向域名解析:
#192.168.20.31配置了两个域名,会进行轮询访问
[root@xuzhichao ~]# dig -x 192.168.20.31 @192.168.20.70 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> -x 192.168.20.31 @192.168.20.70
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10821
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;31.20.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION:
31.20.168.192.in-addr.arpa. 86400 IN PTR lvs01.xuzhichao.com.
31.20.168.192.in-addr.arpa. 86400 IN PTR www.xuzhichao.com. ;; AUTHORITY SECTION:
20.168.192.in-addr.arpa. 86400 IN NS ns1.xuzhichao.com.
20.168.192.in-addr.arpa. 86400 IN NS ns2.xuzhichao.com. ;; ADDITIONAL SECTION:
ns1.xuzhichao.com. 86400 IN A 192.168.20.70
ns2.xuzhichao.com. 86400 IN A 192.168.20.71 ;; Query time: 0 msec
;; SERVER: 192.168.20.70#53(192.168.20.70)
;; WHEN: Sat Jul 17 09:46:24 CST 2021
;; MSG SIZE rcvd: 174 [root@xuzhichao ~]# dig -x 192.168.20.31 @192.168.20.70 +short
www.xuzhichao.com.
lvs01.xuzhichao.com.
[root@xuzhichao ~]# dig -x 192.168.20.31 @192.168.20.70 +short
lvs01.xuzhichao.com.
www.xuzhichao.com. #测试其他的PTR记录
[root@xuzhichao ~]# dig -x 192.168.20.50 @192.168.20.70 +short
mysql01.xuzhichao.com.
[root@xuzhichao ~]# dig -x 192.168.20.21 @192.168.20.70 +short
apache01.xuzhichao.com.
[root@xuzhichao ~]# dig -x 192.168.20.19 @192.168.20.70 +short
nginx-lb01.xuzhichao.com.
1.4 DNS递归查询
- 如果你要建立一个授权域名服务器,仅提供本地已存在域名解析即可;那么不要开启 recursion 功能。
- 如果你要建立一个递归 DNS 服务器, 那么需要开启 recursion 功能。
- 如果你的递归DNS服务器有公网IP地址, 你必须开启访问控制功能,只有合法用户才可以发询问。
递归配置参数如下:
#开启递归查询,yes表示开启,no表示关闭
recurison yes|no
#允许进行递归查询的客户端:
allow-recursion {address_match_list | any | none };
1.4.1 开启递归查询
修改配置文件如下:
[root@dns01 named]# cat /etc/named.conf
options {
......
recursion yes;
allow-recursion { 192.168.20.0/24; 192.168.50.0/24; };
......
} [root@dns01 named]# named-checkconf
[root@dns01 named]# rndc reload
server reload successful
客户端进行测试:
#1.可以解析DNS存在的域名
[root@xuzhichao ~]# dig nginx02.xuzhichao.com @192.168.20.70 +short
192.168.20.22 #2.可以解析DNS上不存在的域名,使用就是递归查询
[root@xuzhichao ~]# dig www.baidu.com @192.168.20.70 +short
www.a.shifen.com.
110.242.68.4
110.242.68.3
1.4.2 关闭递归查询
配置文件修改如下:
[root@dns01 named]# cat /etc/named.conf
options {
......
recursion no;
//allow-recursion { 192.168.20.0/24; 192.168.50.0/24; };
......
} [root@dns01 named]# named-checkconf
[root@dns01 named]# rndc reload
server reload successful
客户端测试:
#1.仍然可以解析DNS存在的域名
[root@xuzhichao ~]# dig -x 192.168.20.19 @192.168.20.70 +short
nginx-lb01.xuzhichao.com. #2.不能解析DNS服务器上不存在的域名,即无法进行递归查询
[root@xuzhichao ~]# dig www.baidu.com @192.168.20.70 +short
DNS(4) -- dns功能实现-配置正向解析和反向解析以及DNS递归查询示例的更多相关文章
- DNS的正向解析与反向解析
DNS域名解析服务(Domain Name System)是用于解析域名与IP地址对应关系的服务,功能上可以实现正向解析与反向解析: 正向解析:根据主机名(域名)查找对应的IP地址. 反向解析:根据I ...
- Python3.6正向解析与反向解析域中主机
公司最近接手的一家跨国企业的项目,该企业单域.多站点,且遍布美国.巴西.日本.东京.新加坡等多个国家,服务器及客户端计算机数量庞大.由于处理一些特殊故障,需要找出一些不在域中的网络设备及存储.NBU等 ...
- Django 正向解析与反向解析
正向解析就是按照顺序查找访问(urls.py---view--templates) 反向解析就是根据命名空间命名来调到指定的页面 用反向解析的原因: 随着功能的增加会出现更多的视图,可能之前配置的正则 ...
- DNS正向解析与反向解析
DNS:(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网, 而不去记住能够被机器直接读取的IP数串.通过主机名,最 ...
- Bind+DLZ+MySQL智能DNS的正向解析和反向解析实现方法
使用文本配置文件的配置方式结合bind的最新的acl和view特性来实现智能DNS想必很多人已经很熟悉了,使用MySQL数据库来存放zone文件的方式可能也不少.对于两者都熟悉的,实现 Bind+DL ...
- Django正向解析和反向解析
转载:https://blog.csdn.net/jeekmary/article/details/79673867 先创建一个视图界面 urls.py index.html index页面加载的效果 ...
- DNS BIND配置 配置基本缓存服务器 DNS正向解析 DNS反向解析
一. 缓存服务器配置 1.DNS:BIND Berkeley Internet Name Domain 版本bind97: RPM服务器端包的名字 安装bind-libs bind ...
- DNS解析原理与Bind部署DNS服务
DNS是什么? DNS(Domain Name System,域名系统)是互联网上最核心的带层级的分布式系统,它负责把域名转换为IP地址.反查IP到域名的反向解析以及宣告邮件路由等信息,使得基于域名提 ...
- DNS服务反向解析实验
DNS域名解析服务是用于解析域名与ip地址对应关系的服务,功能上可以实现正向解析和反向解析 正向解析:根据主机名(域名)查找对应的IP地址. 反向解析:根据IP地址查找对应的主机名(域名). 下面我来 ...
- DNS域名解析之反向解析and主从域名服务器 (今天大小便正常,未来可期)
DNS解析之反向解析和域名主从服务器 反向解析:根据IP地址查找对应的域名 yum -y install bind 安装软件包 查看需要修改的配置文件所在路径 rpm -qc bind 查询bind软 ...
随机推荐
- 优先队列(PriorityQueue)
> 此代码是在最大堆的基础上二次封装,请先阅读底层代码MaxHeap 优先队列 普通队列:先进先出:后进后出 优先队列:出队顺序和⼊入队顺序无关:和优先级相关: 为什么使用堆 代码清单 Queu ...
- #欧拉序,线段树#洛谷 6845 [CEOI2019] Dynamic Diameter
题目 动态修改边权,强制在线询问树的直径. 分析 设 \(dis[x]\) 表示 \(x\) 到1号点的距离. 那么树的直径就可以表示成 \(dis[x]+dis[y]-2*dis[lca]\) 只需 ...
- 【FAQ】HarmonyOS SDK 闭源开放能力 —IAP Kit
1.问题描述 根据https://developer.huawei.com/consumer/cn/doc/harmonyos-references/iap-data-model-0000001736 ...
- Python数据分析 numpy 笔记
B站课链接:[Python数据分析三剑客:NumPy.Pandas与Matplotlib] https://www.bilibili.com/video/BV1Yb4y1g7SV/?p=16& ...
- spring复习(二)AOP
1.aop基于xml以及注解的AOP配置 什么是AOP 简单的说它就是把我们程序重复的代码抽取出来,在需要执行的时候,使用动态代理的技术,在不修改源码的基础上,对我们的已有方法进行增强. AOP术语: ...
- “最新趋势:R语言lavaan结构方程模型(SEM)的实践应用与技巧”
结构方程模型(Sructural Equation Modeling,SEM)是分析系统内变量间的相互关系的利器,可通过图形化方式清晰展示系统中多变量因果关系网,具有强大的数据分析功能和广泛的适用性, ...
- Mysql之innodb架构
Innodb存储引擎的架构 内存结构 Bufer Pool 缓冲池是主内存中的一个区域,里面可以缓存磁盘上经常操作的真实数据,在执行增删改查操作时,先操作缓冲池中的数据(若缓冲池没有数据,则从磁盘加载 ...
- CSS 布局专题
0x01 浮动布局 (1)常见网页布局 顶部商标栏(Logo):展示网站的标志.名称以及具有代表性的图片 导航栏(Navigation):展示网站大概的分类 左侧边栏(Left-side Bar):展 ...
- 实训篇-Css-跳动的红心
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title> ...
- TypeScript 中接口的理解?应用场景?
一.是什么 「接口」是一系列抽象方法的声明,是一些方法特征的集合,这些方法都应该是抽象的,需要由具体的「类」去实现,然后第三方就可以通过这组抽象方法调用,让具体的类执行具体的方法 简单来讲,一个接口所 ...