1.關于父域伺服器配置
vim /etc/named.conf編輯配置檔案。systemctl reload named載入配置。cat /etc/named.conf | grep -v ^$ | grep -v ^\/檢視配置檔案。vim /etc/named.rfc1912.zones 編輯配置檔案。tail -5 /etc/named.rfc1912.zones檢視增加的父域解析檔案定義。 rndc reload載入配置。tail /var/log/messages檢視日志。vim /var/named/example.com.zone編輯父域解析檔案。 cat /var/named/example.com.zone 檢視父域解析檔案。rndc reload載入配置。
[[email protected] ~]# vim /etc/named.conf
[[email protected] ~]# systemctl reload named
[[email protected] ~]# cat /etc/named.conf | grep -v ^$ | grep -v ^\/
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[[email protected] ~]# vim /etc/named.rfc1912.zones
[[email protected] ~]# tail -5 /etc/named.rfc1912.zones
zone "example.com" IN {
type master;
file "example.com.zone";
};
[[email protected] ~]# rndc reload
server reload successful
[[email protected] ~]# tail /var/log/messages
Jan 17 07:07:11 lab1 named[975]: automatic empty zone: 8.E.F.IP6.ARPA
Jan 17 07:07:11 lab1 named[975]: automatic empty zone: 9.E.F.IP6.ARPA
Jan 17 07:07:11 lab1 named[975]: automatic empty zone: A.E.F.IP6.ARPA
Jan 17 07:07:11 lab1 named[975]: automatic empty zone: B.E.F.IP6.ARPA
Jan 17 07:07:11 lab1 named[975]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 17 07:07:11 lab1 named[975]: zone 0.20.172.in-addr.arpa/IN: (master) removed
Jan 17 07:07:11 lab1 named[975]: reloading configuration succeeded
Jan 17 07:07:11 lab1 named[975]: reloading zones succeeded
Jan 17 07:07:11 lab1 named[975]: all zones loaded
Jan 17 07:07:11 lab1 named[975]: running
[[email protected] ~]# vim /var/named/example.com.zone
[[email protected] ~]# cat /var/named/example.com.zone
$TTL 86400
$ORIGIN example.com.
@ IN SOA ns1.example.com. admin.example.com. (
2019011701
1H
5M
3D
1D )
IN NS ns1
IN NS ns2
ns1 IN A 172.20.0.131
ns2 IN A 172.20.0.132
www IN A 172.20.0.131
* IN A 172.20.0.131
[[email protected] ~]# named-checkzone "example.com" /var/named/example.com.zone
zone example.com/IN: loaded serial 2019011701
OK
[[email protected] ~]# ll /var/named/example.com.zone
-rw-r-----. 1 root named 459 Jan 17 07:09 /var/named/example.com.zone
[[email protected] ~]# rndc reload
server reload successful
[[email protected] ~]# tail /var/log/messages
Jan 17 07:11:26 lab1 named[975]: automatic empty zone: B.E.F.IP6.ARPA
Jan 17 07:11:26 lab1 named[975]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 17 07:11:26 lab1 named[975]: reloading configuration succeeded
Jan 17 07:11:26 lab1 named[975]: reloading zones succeeded
Jan 17 07:11:26 lab1 named[975]: zone example.com/IN: loaded serial 2019011701
Jan 17 07:11:26 lab1 named[975]: all zones loaded
Jan 17 07:11:26 lab1 named[975]: running
Jan 17 07:11:26 lab1 named[975]: zone example.com/IN: sending notifies (serial 2019011701)
Jan 17 07:11:26 lab1 named[975]: client 172.20.0.132#41389 (example.com): transfer of 'example.com/IN': AXFR-style IXFR started
Jan 17 07:11:26 lab1 named[975]: client 172.20.0.132#41389 (example.com): transfer of 'example.com/IN': AXFR-style IXFR ended
[r[email protected] ~]# dig -t A www.example.com @172.20.0.131 | grep flags
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
; EDNS: version: 0, flags:; udp: 4096
[r[email protected] ~]# dig -t A ftp.example.com @172.20.0.131 | grep flags
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
; EDNS: version: 0, flags:; udp: 4096
[[email protected] ~]# vim /var/named/example.com.zone
[[email protected] ~]# cat /var/named/example.com.zone
$TTL 86400
$ORIGIN example.com.
@ IN SOA ns1.example.com. admin.example.com. (
2019011701
1H
5M
3D
1D )
IN NS ns1
IN NS ns2
ns1 IN A 172.20.0.131
ns2 IN A 172.20.0.132
www IN A 172.20.0.131
* IN A 172.20.0.131
ops IN NS ns1.ops
ops IN NS ns2.ops
ns1.ops IN A 172.20.0.131
ns1.ops IN A 172.20.0.139
[[email protected] ~]# rndc reload
server reload successful
2.關于子域伺服器配置
vim /etc/named.conf編輯檔案。cat /etc/named.conf | grep -v ^$ | grep -v ^\/檢視檔案。systemctl reload named載入配置。ss -tunl | grep :53檢視監聽狀态。vim /etc/named.rfc1912.zones編輯配置檔案。tail -5 /etc/named.rfc1912.zones檢視配置檔案增加的子域解析檔案定義。rndc reload載入配置。vim /var/named/ops.example.com.zone編輯子域解析檔案。cat /var/named/ops.example.com.zone檢視子域解析檔案。ll /var/named/ops.example.com.zone 檢視權限和權屬并最終完成修改。rndc reload載入配置。dig -t A www.ops.example.com @172.20.0.132 | grep ANSWER -A1嘗試正向解析。dig -t NS ops.example.com @172.20.0.132 | grep ANSWER -A1嘗試名稱服務解析。
[[email protected] ~]# vim /etc/named.conf
[[email protected] ~]# cat /etc/named.conf | grep -v ^$ | grep -v ^\/
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[[email protected] ~]# systemctl reload named
[[email protected] ~]# ss -tunl | grep :53
udp UNCONN 0 0 172.20.0.132:53 *:*
udp UNCONN 0 0 127.0.0.1:53 *:*
tcp LISTEN 0 10 172.20.0.132:53 *:*
tcp LISTEN 0 10 127.0.0.1:53 *:*
[[email protected] ~]# vim /etc/named.rfc1912.zones
[[email protected] ~]# tail -5 /etc/named.rfc1912.zones
zone "ops.example.com" IN {
type master;
file "ops.example.com.zone";
};
[[email protected] ~]# rndc reload
server reload successful
[[email protected] ~]# vim /var/named/ops.example.com.zone
[[email protected] ~]# cat /var/named/ops.example.com.zone
$TTL 1d
$ORIGIN ops.example.com.
@ IN SOA ns1.ops.example.com admin.ops.example.com. (
2019011701
1H
10M
3D
1D )
IN NS ns1
IN NS ns2
ns1 IN A 172.20.0.132
ns2 IN A 172.20.0.139
www IN A 172.20.0.140
* IN A 172.20.0.140
[[email protected] ~]# ll /var/named/ops.example.com.zone
-rw-r--r--. 1 root root 546 Jan 17 07:28 /var/named/ops.example.com.zone
[[email protected] ~]# chmod 640 /var/named/ops.example.com.zone
[[email protected] ~]# chown :named /var/named/ops.example.com.zone
[[email protected] ~]# ll /var/named/ops.example.com.zone
-rw-r-----. 1 root named 546 Jan 17 07:28 /var/named/ops.example.com.zone
[[email protected] ~]# rndc reload
server reload successful
[[email protected] ~]# tail /var/log/messages
Jan 17 07:29:05 lab2 named[971]: automatic empty zone: 9.E.F.IP6.ARPA
Jan 17 07:29:05 lab2 named[971]: automatic empty zone: A.E.F.IP6.ARPA
Jan 17 07:29:05 lab2 named[971]: automatic empty zone: B.E.F.IP6.ARPA
Jan 17 07:29:05 lab2 named[971]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 17 07:29:05 lab2 named[971]: reloading configuration succeeded
Jan 17 07:29:05 lab2 named[971]: reloading zones succeeded
Jan 17 07:29:05 lab2 named[971]: zone ops.example.com/IN: loaded serial 2019011701
Jan 17 07:29:05 lab2 named[971]: zone ops.example.com/IN: sending notifies (serial 2019011701)
Jan 17 07:29:05 lab2 named[971]: all zones loaded
Jan 17 07:29:05 lab2 named[971]: running
[[email protected] ~]# dig -t A www.ops.example.com @172.20.0.132 | grep ANSWER -A1
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
--
;; ANSWER SECTION:
www.ops.example.com. 86400 IN A 172.20.0.140
[[email protected] ~]# dig -t NS ops.example.com @172.20.0.132 | grep ANSWER -A1
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
--
;; ANSWER SECTION:
ops.example.com. 86400 IN NS ns1.ops.example.com.
3.父域伺服器轉發的配置
dig -t A www.baidu.com @172.20.0.2使用網關解析。vim /etc/named.conf編輯配置檔案。cat /etc/named.conf | grep recursion[[:space:]] -A2檢視增加的轉發定義。rndc reload重新載入。dig -t A www.baidu.com @172.20.0.131使用父域伺服器進行解析。
[[email protected] ~]# dig -t A www.baidu.com @172.20.0.2
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A www.baidu.com @172.20.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 926
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0005 , udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
WWW.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 163.177.151.110
www.a.shifen.com. 5 IN A 163.177.151.109
;; Query time: 38 msec
;; SERVER: 172.20.0.2#53(172.20.0.2)
;; WHEN: Thu Jan 17 07:51:18 EST 2019
;; MSG SIZE rcvd: 105
[[email protected] ~]# vim /etc/named.conf
[r[email protected] ~]# cat /etc/named.conf | grep recursion[[:space:]] -A2
recursion yes;
forward first;
forwarders { 172.20.0.2; };
[[email protected] ~]# rndc reload
server reload successful
[[email protected] ~]# dig -t A www.baidu.com @172.20.0.131
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A www.baidu.com @172.20.0.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42178
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 163.177.151.110
www.a.shifen.com. 5 IN A 163.177.151.109
;; AUTHORITY SECTION:
com. 172799 IN NS h.gtld-servers.net.
com. 172799 IN NS l.gtld-servers.net.
com. 172799 IN NS a.gtld-servers.net.
com. 172799 IN NS b.gtld-servers.net.
com. 172799 IN NS k.gtld-servers.net.
com. 172799 IN NS i.gtld-servers.net.
com. 172799 IN NS j.gtld-servers.net.
com. 172799 IN NS f.gtld-servers.net.
com. 172799 IN NS e.gtld-servers.net.
com. 172799 IN NS c.gtld-servers.net.
com. 172799 IN NS m.gtld-servers.net.
com. 172799 IN NS g.gtld-servers.net.
com. 172799 IN NS d.gtld-servers.net.
;; ADDITIONAL SECTION:
e.gtld-servers.net. 172799 IN A 192.12.94.30
e.gtld-servers.net. 172799 IN AAAA 2001:502:1ca1::30
b.gtld-servers.net. 172799 IN A 192.33.14.30
b.gtld-servers.net. 172799 IN AAAA 2001:503:231d::2:30
j.gtld-servers.net. 172799 IN A 192.48.79.30
j.gtld-servers.net. 172799 IN AAAA 2001:502:7094::30
m.gtld-servers.net. 172799 IN A 192.55.83.30
m.gtld-servers.net. 172799 IN AAAA 2001:501:b1f9::30
i.gtld-servers.net. 172799 IN A 192.43.172.30
i.gtld-servers.net. 172799 IN AAAA 2001:503:39c1::30
f.gtld-servers.net. 172799 IN A 192.35.51.30
f.gtld-servers.net. 172799 IN AAAA 2001:503:d414::30
a.gtld-servers.net. 172799 IN A 192.5.6.30
a.gtld-servers.net. 172799 IN AAAA 2001:503:a83e::2:30
g.gtld-servers.net. 172799 IN A 192.42.93.30
g.gtld-servers.net. 172799 IN AAAA 2001:503:eea3::30
h.gtld-servers.net. 172799 IN A 192.54.112.30
h.gtld-servers.net. 172799 IN AAAA 2001:502:8cc::30
l.gtld-servers.net. 172799 IN A 192.41.162.30
l.gtld-servers.net. 172799 IN AAAA 2001:500:d937::30
k.gtld-servers.net. 172799 IN A 192.52.178.30
k.gtld-servers.net. 172799 IN AAAA 2001:503:d2d::30
c.gtld-servers.net. 172799 IN A 192.26.92.30
c.gtld-servers.net. 172799 IN AAAA 2001:503:83eb::30
d.gtld-servers.net. 172799 IN A 192.31.80.30
d.gtld-servers.net. 172799 IN AAAA 2001:500:856e::30
;; Query time: 2457 msec
;; SERVER: 172.20.0.131#53(172.20.0.131)
;; WHEN: Thu Jan 17 07:55:50 EST 2019
;; MSG SIZE rcvd: 897
4.子域伺服器轉發的配置
vim /etc/named.rfc1912.zones 編輯配置檔案。 tail -5 /etc/named.rfc1912.zones檢視增加的内容。rndc reload重新載入。tail /var/log/messages檢視日志。 dig -t A www.ops.example.com @172.20.0.132 | grep "ANSWER SECTION" -A2嘗試子域伺服器解析。dig -t A www.ops.example.com @172.20.0.131嘗試父域解析。vim /etc/named.conf編輯父域伺服器配置檔案。grep dnssec /etc/named.conf将父域伺服器安全功能關閉(不能注釋,注釋則預設是開啟)。vim /etc/named.conf編輯子域伺服器配置檔案。grep dnssec /etc/named.conf将子域伺服器安全功能關閉(不能注釋,注釋則預設是開啟)。dig -t A www.example.com @172.20.0.132用子域伺服器解析父域。
[[email protected] ~]# vim /etc/named.rfc1912.zones
[[email protected] ~]# tail -5 /etc/named.rfc1912.zones
zone "example.com" IN {
type forward;
forward only;
forwarders { 172.20.0.131; };
};
[[email protected] ~]# rndc reload
server reload successful
[[email protected] ~]# tail /var/log/messages
Jan 18 02:33:34 lab2 named[977]: automatic empty zone: D.F.IP6.ARPA
Jan 18 02:33:34 lab2 named[977]: automatic empty zone: 8.E.F.IP6.ARPA
Jan 18 02:33:34 lab2 named[977]: automatic empty zone: 9.E.F.IP6.ARPA
Jan 18 02:33:34 lab2 named[977]: automatic empty zone: A.E.F.IP6.ARPA
Jan 18 02:33:34 lab2 named[977]: automatic empty zone: B.E.F.IP6.ARPA
Jan 18 02:33:34 lab2 named[977]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 18 02:33:34 lab2 named[977]: reloading configuration succeeded
Jan 18 02:33:34 lab2 named[977]: reloading zones succeeded
Jan 18 02:33:34 lab2 named[977]: all zones loaded
Jan 18 02:33:34 lab2 named[977]: running
[[email protected] ~]# dig -t A www.ops.example.com @172.20.0.132 | grep "ANSWER SECTION" -A2
;; ANSWER SECTION:
www.ops.example.com. 86400 IN A 172.20.0.140
[[email protected] ~]# dig -t A www.ops.example.com @172.20.0.131
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A www.ops.example.com @172.20.0.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46587
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ops.example.com. IN A
;; Query time: 479 msec
;; SERVER: 172.20.0.131#53(172.20.0.131)
;; WHEN: Fri Jan 18 02:48:59 EST 2019
;; MSG SIZE rcvd: 48
[[email protected] ~]# vim /etc/named.conf
[[email protected] ~]# grep dnssec /etc/named.conf
dnssec-enable no;
dnssec-validation no;
[[email protected] ~]# vim /etc/named.conf
[[email protected] ~]# grep dnssec /etc/named.conf
dnssec-enable no;
dnssec-validation no;
[[email protected] ~]# dig -t A www.example.com @172.20.0.132
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A www.example.com @172.20.0.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1635
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.example.com. IN A
;; ANSWER SECTION:
www.example.com. 86400 IN A 172.20.0.131
;; AUTHORITY SECTION:
example.com. 86400 IN NS ns2.example.com.
example.com. 86400 IN NS ns1.example.com.
;; ADDITIONAL SECTION:
ns2.example.com. 86400 IN A 172.20.0.132
ns1.example.com. 86400 IN A 172.20.0.131
;; Query time: 1 msec
;; SERVER: 172.20.0.132#53(172.20.0.132)
;; WHEN: Fri Jan 18 03:02:00 EST 2019
;; MSG SIZE rcvd: 128