這篇文檔,是我根據一個視訊教程作出來的筆記,上傳的PDF則為這個視訊的課件,想看看見不想看我這個的,可以下載下傳就是了,但下面所寫,均為我個人測試所得,有什麼問題,盡管可以回帖
DNS概述
DNS安裝
DNS常見名詞
DNS配置檔案詳解
配置主要DNS服務
DNS案例詳解
DNS域名系統簡介
四部分組成
DNS域名空間
資源記錄
DNS伺服器
DNS用戶端
DNS域名空間
根域-->頂極域-->子域-->主機
分成三個類型
組織域--位址域--反向域
DNS查詢工作的原理
兩部分組成
本地解析
查詢DNS伺服器
遞歸查詢 (伺服器與伺服器交流)
疊代查詢(流量會增大,伺服器與用戶端的交流)
hosts檔案
/etc/hosts解析網絡中的IP位址跟域名
DNS伺服器bind及chroot的安裝
比較注意的一個caching-nameserver很多檔案已經配置好,比較友善,故此,需要裝上
rpm -q bind查詢是否安裝
yum -y install bind-*
yum -y install caching-nameserver-*
rpm -ql caching-nameserver
/var/name/named.ca根伺服器的配置檔案
安裝chroot軟體包
原因
優點
危害減少
啟動/停止/重新開機 DNS
區
資源記錄
區檔案
DNS緩存
正向解析
反向解析
/etc/named.conf
/var/named/named.ca
/var/named/localhost.zone
/var/named/name.local
/var/named/
SOA資源記錄
主配置檔案named.conf
options{
directory "/var/named"; 指定工作目錄
forwards {192.168.31.2} 指定查詢的目标DNS伺服器
allow-transfer -->輔助DNS的時候用到
};
type字段指定的區域類型
master:定義的是主域名伺服器
slave:輔助域名伺服器
hint:網際網路中根域伺服器
forward:
stub:
delegation-only
DNS伺服器架設流程
建立named.conf
建立區域檔案
重新加載配置檔案使配置生效
配置主要名稱伺服器的概述
主配置檔案
設定根區域
zone "."{
type hint;
設定主區域
zone "example.com"{
type master;
設定反向解析區域
zone "16.168.192.in-addr.arpa"{
file "192.168.16.arpa";
根伺服器資訊檔案named.ca
ftp下載下傳複制到/var/named/chroot/var/named/目錄下
正向區域檔案
反向解析區域檔案
/var/named/chroot/var/named/192.168.16.arpa
實作負載均衡功能
主要名稱伺服器的測試
1 測試前的準備
啟動DNS服務
配置/etc/resolv.conf
2 使用nslookup程式測試
3 host [-t type] hostname [server][ip]
4 dig [-t type] hostname [server][ip]
最簡單的伺服器配置
host 51CTO提醒您,請勿濫發廣告!
發現,逾時
cd /var/named/chroot/
cd etc;ls
建立named.conf檔案
options {
directory "/var/named";
file "named.ca"
ls -l named.conf
預設是root使用者組
如果沒有安裝chroot的包的話,比需要把檔案的權限更改掉
host ip
dig 51CTO提醒您,請勿濫發廣告!
nslookup 51CTO提醒您,請勿濫發廣告!
named-checkconf 檢查區域檔案
named-checkconf named.conf檢查
named-checkconf named.ca /var/named/chroot/var/named/named.ca
配置輔助名稱伺服器
提供容錯能力
分擔主伺服器的負擔
加快查詢的速度
配置緩存cache-only伺服器
類似于代理伺服器
dirc
forward only;
forwarders{
ip;
案例
執行個體1】技術部所在域為“tech.org”,部門内有三台主機,主機名分别是 client1.tech.org,client2.tech.org,client3.tech.org。現要求DNS伺服器dns.tech.org 可以解析3台主機名和IP位址的對應關系。
[root@localhost etc]# yum -y install bind-*
[root@localhost etc]# yum -y install caching-nameserver-*
[root@localhost /]# cd /var/named/chroot/etc/
[root@localhost etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@localhost etc]# vim named.conf
directory "/var/named";
type hint;
file "named.ca"
zone "tech.org"{
type master;
file "tech.org.zone";
zone "141.16.172.in-addr.arpa"{
file "172.16.141.zone";
~
建立區域檔案
[root@localhost etc]# cd ..
[root@localhost chroot]# ls
dev etc var
[root@localhost chroot]# cd var/named/
[root@localhost named]# ls
data localhost.zone named.ca named.local slaves
localdomain.zone named.broadcast named.ip6.local named.zero
[root@localhost named]# vim tech.org.zone
$TTL 86400
@ IN SOA dns.tech.org. root(
2011071300
3H
1H
0)
@ IN NS dns.tech.org.
dns IN A 172.16.141.132
client1 IN A 172.16.141.133
client2 IN A 172.16.141.134
client3 IN A 172.16.141.135
建立反向區域
[root@localhost named]# vim 172.16.141.zone
@ IN SOA dns.tech.org. root.tech.org. (
2011071300
3H
1H
1W
0)
@ IN NS dns.tech.org.
132.141.16.172.in-addr.arpa. IN PTR dns.tech.org.
133 IN PTR client1.tech.org.
134 IN PTR client2.tech.org.
135 IN PTR client3.tech.org.
~
檢查區域檔案
[root@localhost named]# named-checkzone tech.org.zone /var/named/chroot/var/named/tech.org.zone
zone tech.org.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone 172.16.141.zone /var/named/chroot/var/named/172.16.141.zone
/var/named/chroot/var/named/172.16.141.zone:9: ignoring out-of-zone data (132.141.16.172.in-addr.arpa)
zone 172.16.141.zone/IN: loaded serial 2011071300
[root@localhost named]#
[root@localhost named]# service named start
Starting named: [ OK ]
[root@localhost named]# dig -t PTR 133.141.16.172.in-addr.arpa
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -t PTR 133.141.16.172.in-addr.arpa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39593
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;133.141.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
133.141.16.172.in-addr.arpa. 86400 IN PTR client1.tech.org.
;; AUTHORITY SECTION:
141.16.172.in-addr.arpa. 86400 IN NS dns.tech.org.
;; ADDITIONAL SECTION:
dns.tech.org. 86400 IN A 172.16.141.132
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 13 16:21:15 2011
;; MSG SIZE rcvd: 109
執行個體2】企業采用多個區域管理各部門網絡,技術部屬于“tech.boobooke”域,市場部屬于“mart.boobooke”域,其他人員屬于“freedom.boobooke”域。
技術部門共有100人,采用的IP位址為192.168.31.1-192.168.31.100。
市場部門共有100人,采用IP位址為192.168.32.1-192.168.32.100。
其他人員隻有50人,采用IP位址為192.168.33.1-192.168.33.50。
現采用一台主機搭建DNS伺服器,其IP位址為192.168.31.134,要求這台DNS伺服器可以完成内網所有區域的正/反向解析,
并且所有員工均可以通路外網位址。
配置named.conf
file "named.ca";
zone "tech.boobooke"{
file "tech.boobooke.zone";
zone "mark.boobooke"{
file "mark.boobooke.zone";
zone "142.16.172.in-addr.arpa"{
file "172.16.142.zone";
zone "freedom.boobooke"{
file "freedom.boobooke.zone";
zone "143.16.172.in-addr.arpa"{
file "172.16.143.zone";
[root@localhost named]# mv tech.org.zone tech.boobooke.zone
[root@localhost named]# cp tech.boobooke.zone mark.boobooke.zone
[root@localhost named]# cp tech.boobooke.zone freedom.boobooke.zone
[root@localhost named]# cp 172.16.141.zone 172.16.142.zone
[root@localhost named]# cp 172.16.141.zone 172.16.143.zone
[root@localhost named]# vim tech.boobooke.zone
@ IN SOA dns.tech.boobooke. root (
1W
@ IN NS dns.tech.boobooke.
client1 IN A 172.16.141.1
client2 IN A 172.16.141.2
client3 IN A 172.16.141.3
client100 IN A 172.16.141.100
[root@localhost named]# vim mark.boobooke.zone
@ IN SOA dns.mark.boobooke. root (
@ IN NS dns.mark.boobooke.
client1 IN A 172.16.142.1
client2 IN A 172.16.142.2
client3 IN A 172.16.142.3
client100 IN A 172.16.142.100
[root@localhost named]# vim freedom.boobooke.zone
@ IN SOA dns.freedom.boobooke. root (
@ IN NS dns.freedom.boobooke.
client1 IN A 172.16.143.1
client2 IN A 172.16.143.2
client3 IN A 172.16.143.3
client50 IN A 172.16.143.50
然後編輯反向區域
@ IN SOA dns.tech.boobooke. root.tech.boobooke. (
@ IN NS dns.tech.boobooke.
132 IN PTR dns.tech.boobooke.
1 IN PTR client1.tech.boobooke.
2 IN PTR client2.tech.boobooke.
3 IN PTR client3.tech.boobooke.
100 IN PTR client100.tech.boobooke.
[root@localhost named]# cp 172.16.141.zone 172.16.142.zone
cp: overwrite `172.16.142.zone'? y
cp: overwrite `172.16.143.zone'? y
[root@localhost named]# vim 172.16.142.zone
$TTL 86400
@ IN SOA dns.mark.boobooke. root.mark.boobooke. (
@ IN NS dns.mark.boobooke.
132 IN PTR dns.mark.boobooke.
1 IN PTR client1.mark.boobooke.
2 IN PTR client2.mark.boobooke.
3 IN PTR client3.mark.boobooke.
100 IN PTR client100.mark.boobooke.
[root@localhost named]# vim 172.16.143.zone
@ IN SOA dns.freedom.boobooke. root.freedom.boobooke. (
@ IN NS dns.freedom.boobooke.
132 IN PTR dns.freedom.boobooke.
1 IN PTR client1.freedom.boobooke.
2 IN PTR client2.freedom.boobooke.
3 IN PTR client3.freedom.boobooke.
50 IN PTR client50.freedom.boobooke.
[root@localhost named]# named-checkconf /var/named/chroot/etc/named.conf
[root@localhost named]# named-checkzone 172.16.142.zone /var/named/chroot/var/named/172.16.142.zone
zone 172.16.142.zone/IN: loaded serial 2011071300
[root@localhost named]# named-checkzone 172.16.143.zone /var/named/chroot/var/named/172.16.143.zone
zone 172.16.143.zone/IN: loaded serial 2011071300
[root@localhost named]# named-checkzone tech.boobooke.zone /var/named/chroot/var/named/tech.boobooke.zone
zone tech.boobooke.zone/IN: loaded serial 2011071300
[root@localhost named]# named-checkzone mark.boobooke.zone /var/named/chroot/var/named/mart.boobooke.zone
zone mart.boobooke.zone/IN: loaded serial 2011071300
[root@localhost named]# named-checkzone freedom.boobooke.zone /var/named/chroot/var/named/freedom.boobooke.zone
zone freedom.boobooke.zone/IN: loaded serial 2011071300
[root@localhost named]# service named restart
Stopping named: [ OK ]
[root@localhost named]# host client1.tech.boobooke
client1.tech.boobooke has address 172.16.141.1
[root@localhost named]# host client1.mark.boobooke
client1.mark.boobooke has address 172.16.142.1
[root@localhost named]# host client1.freedom.boobooke
client1.freedom.boobooke has address 172.16.143.1
[root@localhost named]# host 172.16.141.100
100.141.16.172.in-addr.arpa domain name pointer client100.tech.boobooke.
[root@localhost named]# host 172.16.142.100
100.142.16.172.in-addr.arpa domain name pointer client100.mark.boobooke.
[root@localhost named]# host 172.16.143.100
Host 100.143.16.172.in-addr.arpa. not found: 3(NXDOMAIN)
[root@localhost named]# host 172.16.143.50
50.143.16.172.in-addr.arpa domain name pointer client50.freedom.boobooke.
【執行個體3】安裝基于chroot的DNS伺服器,并将其配置成緩存Cache-only伺服器,然後将客戶機的查詢轉發到202.100.138.68和202.100.128.68的DNS伺服器上。
配置named.conf檔案
删除所有檔案的内容,建立緩存伺服器
forwarders {
202.100.138.68;
202.100.128.68;};
forward only;
重新開機服務
[root@localhost etc]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 220.181.111.148
www.a.shifen.com has address 220.181.112.143
【執行個體4】安裝基于chroot的DNS伺服器,并根據以下要求配置主要名稱伺服器。
(1)定義伺服器的版本資訊為“9.3.4”。
(2)設定根區域,以便DNS伺服器在本地區域檔案不能進行查詢的解析時,能轉到根DNS伺服器查詢。
(3)建立xyz.org主區域,設定允許區域複制的輔域名伺服器的位址為192.168.31.134。
(4)建立以下A資源記錄。
dns.xyz.org. IN A 192.168.31.1
www.xyz.org. IN A 192.168.31.2
mail.xyz.org. IN A 192.168.31.3
(5)建立以下别名CNAME資源記錄。
bbs IN CNAME www
(6)建立以下郵件交換器MX資源記錄
Xyz.org. IN MX 10 mail.xyz.org.
(7)建立反向解析區域31.168.192.in-addr.arpa,并為以上A資源記錄建立對應的指針PTR資源記錄。
version "9.3.4";
allow-transfer {172.16.141.139;};
zone "." {
zone "xyz.org" {
file "xyz.org.zone";
zone "141.16.172.in-addr.arpa" {
[root@localhost named]# vim xyz.org.zone
@ IN SOA dns.xyz.org. root (
2011071400;
3H;
1H;
1W
1D)
@ IN NS dns
dns IN A 172.16.141.1
www IN A 172.16.141.2
mail IN A 172.16.141.3
bbs IN CNAME www
xyz.org. IN MX 10 mail.xyz.org.
@ IN SOA dns.xyz.org. root (
2011071400
1D)
@ IN NS dns.xyz.org.
1 IN PTR dns.xyz.org.
2 IN PTR www.xyz.org.
3 IN PTR mail.xyz.org.
配置好之後,一定要留意/etc/resolve.conf中,
; generated by /sbin/dhclient-script
search localdomain
nameserver 127.0.0.1
nameserver一定要是本地的回環位址,不然會錯誤
執行個體5】安裝基于chroot的DNS伺服器,并根據以下要求配置輔助名稱伺服器。
(1)建立xyz.org從區域,設定主要名稱伺服器的位址為192.168.31.132。
(2)建立反向解析從區域31.168.192.in-addr.arpa,設定主要名稱伺服器的位址為192.168.31.132。
輔助域名伺服器的配置
[root@localhost yum.repos.d]# yum -y install bind-*
[root@localhost yum.repos.d]# yum -y install caching-nameserver-*
設定主配置檔案
type slave;
masters { 172.16.141.132; };
file "slaves/xyz.org.zone";
file "slaves/172.16.141.zone";
去到/var/named/slaves 中,此時
[root@localhost slaves]# ls
沒有檔案
[root@localhost slaves]# service named start
172.16.141.zone xyz.org.zone
[root@localhost slaves]#
重新開機服務即可看到
[root@localhost slaves]# host dns.xyz.org
;; connection timed out; no servers could be reached
發現,解析不了,因為我們需要修改DNS
[root@localhost slaves]# vim /etc/resolv.conf
dns.xyz.org has address 172.16.141.1
即可實作
![【網絡篇】第五篇——網絡套接字程式設計(一)(socket詳解)socket程式設計LINUX下socket程式的示範[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)