DNS(4) -- dns功能实现-配置正向解析和反向解析以及DNS递归查询示例
1 DNS配置示例
1.1 DNS解析类型
DNS在一个区域中有正向解析和反向解析两种类型:
正向解析:
FQDN->IP
反向解析:
IP->FQDN
反向解析用到根域下一个特殊的名为ARPA域,叫反向解析域;
反向解析域下面有一个in-addr,再往下为IP地址;
以172.20.0.100为例,查询路线为访问根–>arpa域–>in-addr–>172–>20–>0–>100,但是在PTR记录中要反着写:100.0.20.172.in-addr-arpa.;
1.2 配置正向解析
自定义域分为如下两类:
- 主机域:
- 1.主机域其实是一个假域;
- 2.主机域其实是不能解析到互联网上;
- 3.主机域它只对局域网(内网)提供服务;
- 业务域:
- 1.业务域一般都是真实可用的;
- 2.业务域则为一个真正需要对外提供服务的域名;
以xuzhichao.com域为例进行配置。
启动named服务:
[root@dns01 ~]# systemctl start named.service [root@dns01 ~]# rndc status
version: BIND 9.11.4-P2-RedHat-9.11.4-16.P2.el7 (Extended Support Version) <id:7107deb>
running on dns01: Linux x86_64 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020
boot time: Fri, 16 Jul 2021 15:51:04 GMT
last configured: Fri, 16 Jul 2021 15:54:19 GMT
configuration file: /etc/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 104 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 8/150
server is up and running [root@dns01 ~]# ss -ntulp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 192.168.50.70:53 *:* users:(("named",pid=1743,fd=515))
udp UNCONN 0 0 192.168.20.70:53 *:* users:(("named",pid=1743,fd=514))
udp UNCONN 0 0 192.168.2.123:53 *:* users:(("named",pid=1743,fd=513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",pid=1743,fd=512))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=1743,fd=516))
tcp LISTEN 0 10 192.168.50.70:53 *:* users:(("named",pid=1743,fd=24))
tcp LISTEN 0 10 192.168.20.70:53 *:* users:(("named",pid=1743,fd=23))
tcp LISTEN 0 10 192.168.2.123:53 *:* users:(("named",pid=1743,fd=22))
tcp LISTEN 0 10 127.0.0.1:53 *:* users:(("named",pid=1743,fd=21))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=1743,fd=25))
主配置文件修改如下:
[root@dns01 ~]# cat /etc/named.conf
options {
listen-on port 53 { localhost; };
listen-on-v6 port 53 { localhost; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
}; logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
}; zone "." IN {
type hint;
file "named.ca";
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.xuzhichao.com.zone"; <==新增一个区域配置文件
新增区域配置文件,主要区域配置的属主为root,属组为named,权限为640:
#修改区域配置文件属性
[root@dns01 ~]# chgrp named /etc/named.xuzhichao.com.zone
[root@dns01 ~]# chmod 640 /etc/named.xuzhichao.com.zone #区域配置文件内容:
[root@dns01 ~]# cat /etc/named.xuzhichao.com.zone
zone "xuzhichao.com" IN {
type master;
file "xuzhichao.com.zone"; <==指定区域解析文件名称,此处为相对路径,存放在/var/named/目录下;
};
新增区域解析文件:
[root@dns01 ~]# cat /var/named/xuzhichao.com.zone
$TTL 86400 xuzhichao.com. IN SOA ns1.xuzhichao.com. mail.xuzhichao.com. (
2021071601
10800
900
604800
86400
) xuzhichao.com. IN NS ns1.xuzhichao.com.
xuzhichao.com. IN NS ns2.xuzhichao.com. ns1 IN A 192.168.20.70
ns2 IN A 192.168.20.71 xuzhichao.com. IN MX 10 mx1.xuzhichao.com.
mx1 IN A 192.168.20.11 ;业务域
www.xuzhichao.com. IN A 192.168.20.31
www.xuzhichao.com. IN A 192.168.20.32 web.xuzhichao.com. IN CNAME www.xuzhichao.com. ;主机域 nginx02.xuzhichao.com. IN A 192.168.20.22
ngxin03.xuzhichao.com. IN A 192.168.20.23 nginx-lb01.xuzhichao.com. IN A 192.168.20.19
nginx-lb02.xuzhichao.com. IN A 192.168.20.20 apache01.xuzhichao.com. IN A 192.168.20.21 lvs01.xuzhichao.com. IN A 192.168.20.31
lvs02.xuzhichao.com. IN A 192.168.20.32 mysql01.xuzhichao.com. IN A 192.168.20.50 redis01.xuzhichao.com. IN A 192.168.20.61 nfs01.xuzhichao.com. IN A 192.168.20.30 dns01.xuzhichao.com. IN A 192.168.20.70 #修改文件权限属性:
[root@dns01 ~]# chgrp named /etc/named.xuzhichao.com.zone
[root@dns01 ~]# chmod 640 /etc/named.xuzhichao.com.zone
检测配置文件语法:
[root@dns01 ~]# named-checkconf
[root@dns01 ~]# named-checkzone xuzhichao.com /var/named/xuzhichao.com.zone
zone xuzhichao.com/IN: loaded serial 2021071601
OK
重启named服务:
[root@dns01 ~]# rndc reload
server reload successful 或:
[root@dns01 ~]# systemctl restart named.service
测试域名解析:
#1.测试DNS的轮询功能
[root@xuzhichao ~]# dig @192.168.20.70 www.xuzhichao.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> @192.168.20.70 www.xuzhichao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28384
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.xuzhichao.com. IN A ;; ANSWER SECTION:
www.xuzhichao.com. 86400 IN A 192.168.20.32
www.xuzhichao.com. 86400 IN A 192.168.20.31 ;; AUTHORITY SECTION:
xuzhichao.com. 86400 IN NS ns1.xuzhichao.com.
xuzhichao.com. 86400 IN NS ns2.xuzhichao.com. ;; ADDITIONAL SECTION:
ns1.xuzhichao.com. 86400 IN A 192.168.20.70
ns2.xuzhichao.com. 86400 IN A 192.168.20.71 ;; Query time: 1 msec
;; SERVER: 192.168.20.70#53(192.168.20.70)
;; WHEN: Fri Jul 16 23:55:56 CST 2021
;; MSG SIZE rcvd: 146 #轮询访问
[root@xuzhichao ~]# dig @192.168.20.70 www.xuzhichao.com +short
192.168.20.32
192.168.20.31
[root@xuzhichao ~]# dig @192.168.20.70 www.xuzhichao.com +short
192.168.20.32
192.168.20.31
[root@xuzhichao ~]# dig @192.168.20.70 www.xuzhichao.com +short
192.168.20.31
192.168.20.32 #2.测试CNAME记录
[root@xuzhichao ~]# dig @192.168.20.70 web.xuzhichao.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> @192.168.20.70 web.xuzhichao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65041
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;web.xuzhichao.com. IN A ;; ANSWER SECTION:
web.xuzhichao.com. 86400 IN CNAME www.xuzhichao.com.
www.xuzhichao.com. 86400 IN A 192.168.20.32
www.xuzhichao.com. 86400 IN A 192.168.20.31 ;; AUTHORITY SECTION:
xuzhichao.com. 86400 IN NS ns2.xuzhichao.com.
xuzhichao.com. 86400 IN NS ns1.xuzhichao.com. ;; ADDITIONAL SECTION:
ns1.xuzhichao.com. 86400 IN A 192.168.20.70
ns2.xuzhichao.com. 86400 IN A 192.168.20.71 ;; Query time: 0 msec
;; SERVER: 192.168.20.70#53(192.168.20.70)
;; WHEN: Sat Jul 17 00:02:16 CST 2021
;; MSG SIZE rcvd: 164 [root@xuzhichao ~]# dig @192.168.20.70 web.xuzhichao.com +short
www.xuzhichao.com.
192.168.20.32
192.168.20.31
[root@xuzhichao ~]# dig @192.168.20.70 web.xuzhichao.com +short
www.xuzhichao.com.
192.168.20.32
192.168.20.31
[root@xuzhichao ~]# dig @192.168.20.70 web.xuzhichao.com +short
www.xuzhichao.com.
192.168.20.31
192.168.20.32 #3.测试A记录
[root@xuzhichao ~]# dig @192.168.20.70 nginx02.xuzhichao.com +short
192.168.20.22 #4.修改客户端的dns为192.168.20.70.测试ping域名访问:
[root@dns01 named]# vim /etc/resolv.conf
[root@dns01 named]# ping dns01.xuzhichao.com
PING dns01.xuzhichao.com (192.168.20.70) 56(84) bytes of data.
64 bytes from dns01.xuzhichao.com (192.168.20.70): icmp_seq=1 ttl=64 time=0.009 ms
64 bytes from dns01.xuzhichao.com (192.168.20.70): icmp_seq=2 ttl=64 time=0.035 ms
1.3 配置反向解析
为上面的正向解析配置反向解析域。
增加区域配置文件:
[root@dns01 ~]# cat /etc/named.xuzhichao.com.zone
zone "xuzhichao.com" IN {
type master;
file "xuzhichao.com.zone";
}; zone "20.168.198.in-addr.arpa" IN {
type master;
file "20.168.198.in-addr.arpa.zone";
};
增加区域解析文件:
[root@dns01 named]# cat /var/named/20.168.198.in-addr.arpa.zone
$TTL 86400 @ IN SOA ns1.xuzhichao.com. mail.xuzhichao.com. (
2021071601
10800
900
604800
86400
) @ IN NS ns1.xuzhichao.com.
@ IN NS ns2.xuzhichao.com. 70 IN PTR ns1.xuzhichao.com.
71 IN PTR ns2.xuzhichao.com. ;业务域
31 IN PTR www.xuzhichao.com.
32 IN PTR www.xuzhichao.com. ;主机域 22 IN PTR nginx02.xuzhichao.com.
23 IN PTR ngxin03.xuzhichao.com. 19 IN PTR nginx-lb01.xuzhichao.com.
20 IN PTR nginx-lb02.xuzhichao.com. 21 IN PTR apache01.xuzhichao.com. 31 IN PTR lvs01.xuzhichao.com.
32 IN PTR lvs02.xuzhichao.com. 50 IN PTR mysql01.xuzhichao.com. 61 IN PTR redis01.xuzhichao.com. 30 IN PTR nfs01.xuzhichao.com. 70 IN PTR dns01.xuzhichao.com. [root@dns01 named]# chgrp named 20.168.198.in-addr.arpa.zone
[root@dns01 named]# chmod 640 20.168.198.in-addr.arpa.zone
检测语法,重启bind服务:
#检测语法
[root@dns01 named]# named-checkconf
[root@dns01 named]# named-checkzone 20.168.198.in-addr.arpa /var/named/20.168.198.in-addr.arpa.zone
zone 20.168.198.in-addr.arpa/IN: loaded serial 2021071601
OK #重启bind服务
[root@dns01 named]# rndc reload
server reload successful [root@dns01 named]# rndc status
version: BIND 9.11.4-P2-RedHat-9.11.4-16.P2.el7 (Extended Support Version) <id:7107deb>
running on dns01: Linux x86_64 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020
boot time: Sat, 17 Jul 2021 01:39:12 GMT
last configured: Sat, 17 Jul 2021 01:39:16 GMT
configuration file: /etc/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 105 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 8/150
server is up and running
客户端测试反向域名解析:
#192.168.20.31配置了两个域名,会进行轮询访问
[root@xuzhichao ~]# dig -x 192.168.20.31 @192.168.20.70 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> -x 192.168.20.31 @192.168.20.70
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10821
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;31.20.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION:
31.20.168.192.in-addr.arpa. 86400 IN PTR lvs01.xuzhichao.com.
31.20.168.192.in-addr.arpa. 86400 IN PTR www.xuzhichao.com. ;; AUTHORITY SECTION:
20.168.192.in-addr.arpa. 86400 IN NS ns1.xuzhichao.com.
20.168.192.in-addr.arpa. 86400 IN NS ns2.xuzhichao.com. ;; ADDITIONAL SECTION:
ns1.xuzhichao.com. 86400 IN A 192.168.20.70
ns2.xuzhichao.com. 86400 IN A 192.168.20.71 ;; Query time: 0 msec
;; SERVER: 192.168.20.70#53(192.168.20.70)
;; WHEN: Sat Jul 17 09:46:24 CST 2021
;; MSG SIZE rcvd: 174 [root@xuzhichao ~]# dig -x 192.168.20.31 @192.168.20.70 +short
www.xuzhichao.com.
lvs01.xuzhichao.com.
[root@xuzhichao ~]# dig -x 192.168.20.31 @192.168.20.70 +short
lvs01.xuzhichao.com.
www.xuzhichao.com. #测试其他的PTR记录
[root@xuzhichao ~]# dig -x 192.168.20.50 @192.168.20.70 +short
mysql01.xuzhichao.com.
[root@xuzhichao ~]# dig -x 192.168.20.21 @192.168.20.70 +short
apache01.xuzhichao.com.
[root@xuzhichao ~]# dig -x 192.168.20.19 @192.168.20.70 +short
nginx-lb01.xuzhichao.com.
1.4 DNS递归查询
- 如果你要建立一个授权域名服务器,仅提供本地已存在域名解析即可;那么不要开启 recursion 功能。
- 如果你要建立一个递归 DNS 服务器, 那么需要开启 recursion 功能。
- 如果你的递归DNS服务器有公网IP地址, 你必须开启访问控制功能,只有合法用户才可以发询问。
递归配置参数如下:
#开启递归查询,yes表示开启,no表示关闭
recurison yes|no
#允许进行递归查询的客户端:
allow-recursion {address_match_list | any | none };
1.4.1 开启递归查询
修改配置文件如下:
[root@dns01 named]# cat /etc/named.conf
options {
......
recursion yes;
allow-recursion { 192.168.20.0/24; 192.168.50.0/24; };
......
} [root@dns01 named]# named-checkconf
[root@dns01 named]# rndc reload
server reload successful
客户端进行测试:
#1.可以解析DNS存在的域名
[root@xuzhichao ~]# dig nginx02.xuzhichao.com @192.168.20.70 +short
192.168.20.22 #2.可以解析DNS上不存在的域名,使用就是递归查询
[root@xuzhichao ~]# dig www.baidu.com @192.168.20.70 +short
www.a.shifen.com.
110.242.68.4
110.242.68.3
1.4.2 关闭递归查询
配置文件修改如下:
[root@dns01 named]# cat /etc/named.conf
options {
......
recursion no;
//allow-recursion { 192.168.20.0/24; 192.168.50.0/24; };
......
} [root@dns01 named]# named-checkconf
[root@dns01 named]# rndc reload
server reload successful
客户端测试:
#1.仍然可以解析DNS存在的域名
[root@xuzhichao ~]# dig -x 192.168.20.19 @192.168.20.70 +short
nginx-lb01.xuzhichao.com. #2.不能解析DNS服务器上不存在的域名,即无法进行递归查询
[root@xuzhichao ~]# dig www.baidu.com @192.168.20.70 +short
DNS(4) -- dns功能实现-配置正向解析和反向解析以及DNS递归查询示例的更多相关文章
- DNS的正向解析与反向解析
DNS域名解析服务(Domain Name System)是用于解析域名与IP地址对应关系的服务,功能上可以实现正向解析与反向解析: 正向解析:根据主机名(域名)查找对应的IP地址. 反向解析:根据I ...
- Python3.6正向解析与反向解析域中主机
公司最近接手的一家跨国企业的项目,该企业单域.多站点,且遍布美国.巴西.日本.东京.新加坡等多个国家,服务器及客户端计算机数量庞大.由于处理一些特殊故障,需要找出一些不在域中的网络设备及存储.NBU等 ...
- Django 正向解析与反向解析
正向解析就是按照顺序查找访问(urls.py---view--templates) 反向解析就是根据命名空间命名来调到指定的页面 用反向解析的原因: 随着功能的增加会出现更多的视图,可能之前配置的正则 ...
- DNS正向解析与反向解析
DNS:(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网, 而不去记住能够被机器直接读取的IP数串.通过主机名,最 ...
- Bind+DLZ+MySQL智能DNS的正向解析和反向解析实现方法
使用文本配置文件的配置方式结合bind的最新的acl和view特性来实现智能DNS想必很多人已经很熟悉了,使用MySQL数据库来存放zone文件的方式可能也不少.对于两者都熟悉的,实现 Bind+DL ...
- Django正向解析和反向解析
转载:https://blog.csdn.net/jeekmary/article/details/79673867 先创建一个视图界面 urls.py index.html index页面加载的效果 ...
- DNS BIND配置 配置基本缓存服务器 DNS正向解析 DNS反向解析
一. 缓存服务器配置 1.DNS:BIND Berkeley Internet Name Domain 版本bind97: RPM服务器端包的名字 安装bind-libs bind ...
- DNS解析原理与Bind部署DNS服务
DNS是什么? DNS(Domain Name System,域名系统)是互联网上最核心的带层级的分布式系统,它负责把域名转换为IP地址.反查IP到域名的反向解析以及宣告邮件路由等信息,使得基于域名提 ...
- DNS服务反向解析实验
DNS域名解析服务是用于解析域名与ip地址对应关系的服务,功能上可以实现正向解析和反向解析 正向解析:根据主机名(域名)查找对应的IP地址. 反向解析:根据IP地址查找对应的主机名(域名). 下面我来 ...
- DNS域名解析之反向解析and主从域名服务器 (今天大小便正常,未来可期)
DNS解析之反向解析和域名主从服务器 反向解析:根据IP地址查找对应的域名 yum -y install bind 安装软件包 查看需要修改的配置文件所在路径 rpm -qc bind 查询bind软 ...
随机推荐
- 我们正在被 DDoS 攻击,但是我们啥也不干,随便攻击...
最近,一场激烈的攻防大战在网络世界悄然上演. 主角不是什么国家安全局或者黑客组织,而是一家名不见经传的创业公司--TablePlus. DDoS 攻击者们摩拳擦掌,跃跃欲试.他们从四面八方蜂拥而至,誓 ...
- Android记账本界面实现
<!--activity_main.xml-->1 <?xml version="1.0" encoding="utf-8"?> 2 & ...
- 4 HTML表格标签
4 表格标签 表格标签也是一种复合标签.由:table,tr,td,th,thead,tbody组合,由行和列组合成,行和列交叉的地方就是单元格.在HTML中使用table来定义表格.网页的表格和办公 ...
- #轮廓线dp#HDU 1400 Mondriaan's Dream
题目传送门 分析 状压dp会TLE,考虑用轮廓线dp, 设 \(dp[i][j][S]\) 表示现在处理到 \((i,j)\) 这个位置轮廓线上状态为 \(S\) 的情况 二进制位为1表示左边或者上方 ...
- #矩阵乘法,线段树#CF575A Fibonotci
题目 分析 \(K\)那么大肯定是矩阵乘法, 带修改可以用线段树单点修改, 转移矩阵类似于斐波那契数列, 这题思维难度不大,细节很多,需要很长时间QWQ 时间复杂度\(O(mlog_2K)\),具体注 ...
- 深入探讨Java面试中内存泄漏:如何识别、预防和解决
引言 在编写和维护Java应用程序时,内存泄漏是一个重要的问题,可能导致性能下降和不稳定性.本文将介绍内存泄漏的概念,为什么它在Java应用程序中如此重要,并明确本文的目标,即识别.预防和解决内存泄漏 ...
- OpenHarmony应用实现二维码扫码识别
本文转载自<OpenHarmony应用实现二维码扫码识别>,作者zhushangyuan_ 概念介绍 二维码的应用场景非常广泛,在购物应用中,消费者可以直接扫描商品二维码,浏览并购买产品 ...
- OpenHarmony 3.2 Beta多媒体系列——音视频播放框架
一.简介 媒体子系统为开发者提供一套接口,方便开发者使用系统的媒体资源,主要包含音视频开发.相机开发.流媒体开发等模块.每个模块都提供给上层应用对应的接口,本文会对音视频开发中的音视频播放框架做一 ...
- OpenHarmony 官网文档有哪些上新?上篇:应用开发文档上新
随着 OpenAtom OpenHarmony(以下简称"OpenHarmony")系统能力持续升级,已具备支撑复杂带屏标准设备和应用开发的基础能力.相较于旧版本,OpenHarm ...
- Python从 requirements.txt 安装库
pip install -r requirements.txt