为了适应人类对文字的印象比数字高
1./etc/hosts
2.分布式,阶层式管理架构:DNS系统
DNS采用树型结构框架
完整主机名FQDN
一般顶级域名:.com,.org,.gov等
地区顶级层域名:.uk,.jp,.cn等
每上一层的DNS服务器所记录的信息,其实只有其下一层的主机名而已.
主机名追踪:dig +trace
[t@bjb0541 ~]$ cat /etc/services |grep domain
domain 53/tcp # name-domain server
domain 53/udp
DNS标记
SOA:开始验证
NS:域名服务器
A:地址
PTR:反解指向
客户端相关配置文件:
/etc/hosts本地解析
/etc/resolv.conf域名解析
/etc/nsswitch.conf决定以上两个配置的解析顺序
解析常用命令:host,nslookup,dig,whois
服务器架设:
[root@192-168-174-42 ~]# yum install bind bind-chroot
配置文件:
/etc/named.conf主配置文件
/var/named数据库
/etc/sysconfig/named额外参数
/var/run/named PID文件
重启服务.
访问外网与自定义域名都OK
1./etc/hosts
2.分布式,阶层式管理架构:DNS系统
DNS采用树型结构框架
完整主机名FQDN
一般顶级域名:.com,.org,.gov等
地区顶级层域名:.uk,.jp,.cn等
每上一层的DNS服务器所记录的信息,其实只有其下一层的主机名而已.
主机名追踪:dig +trace
[t@bjb0541 ~]$ cat /etc/services |grep domain
domain 53/tcp # name-domain server
domain 53/udp
DNS标记
SOA:开始验证
NS:域名服务器
A:地址
PTR:反解指向
客户端相关配置文件:
/etc/hosts本地解析
/etc/resolv.conf域名解析
/etc/nsswitch.conf决定以上两个配置的解析顺序
解析常用命令:host,nslookup,dig,whois
服务器架设:
[root@192-168-174-42 ~]# yum install bind bind-chroot
配置文件:
/etc/named.conf主配置文件
/var/named数据库
/etc/sysconfig/named额外参数
/var/run/named PID文件
点击(此处)折叠或打开
- [root@192-168-174-42 ~]# cat /etc/named.conf
- //
- // named.conf
- //
- // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
- // server as a caching only nameserver (as a localhost DNS resolver only).
- //
- // See /usr/share/doc/bind*/sample/ for example named configuration files.
- //
-
- options {
- // listen-on port 53 { 127.0.0.1; };
- listen-on port 53 { any; };//修改监听所有接口
- //listen-on-v6 port 53 { ::1; };
- directory "/var/named";//数据库目录
- dump-file "/var/named/data/cache_dump.db";//一些统计信息
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- //allow-query { localhost; };
- allow-query { any; };
-
- /*
- - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- - If you are building a RECURSIVE (caching) DNS server, you need to enable
- recursion.
- - If your recursive DNS server has a public IP address, you MUST enable access
- control to limit queries to your legitimate users. Failing to do so will
- cause your server to become part of large scale DNS amplification
- attacks. Implementing BCP38 within your network would greatly
- reduce such attack surface
- */
- recursion yes;//将自己视为客户端
- allow-recursion { localhost; 192.168.184.0/24; };
- forward only;
- forwarders {
- 223.5.5.5;
- 114.114.114.114;
- };
- dnssec-enable no;
- dnssec-validation no;
-
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
-
- managed-keys-directory "/var/named/dynamic";
-
- pid-file "/run/named/named.pid";
- session-keyfile "/run/named/session.key";
- };
-
- logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- };
- };
-
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "skyovirt.com" IN {
- type master;
- file "named.skyovirt.com";
- };
- zone "192.168.184.in-addr.arpa" IN {
- type master;
- file "named.192.168.184";
- };
-
- include "/etc/named.rfc1912.zones";//默认读取
- include "/etc/named.root.key"
点击(此处)折叠或打开
- [root@192-168-174-42 ~]# cat /var/named/named.skyovirt.com
- $TTL 600
- $ORIGIN skyovirt.com.
- @ IN SOA skyovirt.com. master.skyovirt.com. (
- 0 ; serial
- 3H ; refresh
- 15M ; retry
- 1W ; expire
- 1D ) ; minimum
- IN NS skyovirt.com.
- skyovirt.com. IN A 192.168.184.11
- master.skyovirt.com. IN A 192.168.184.11
- ovirthost18.skyovirt.com. IN A 192.168.184.18
- ovirthost17.skyovirt.com. IN A 192.168.184.17
- ovirthost15.skyovirt.com. IN A 192.168.184.15
- ovirthost14.skyovirt.com. IN A 192.168.184.14
- ovirthost13.skyovirt.com. IN A 192.168.184.13
- ovirt.skyovirt.com. IN A 192.168.184.10
- dns.skyovirt.com. IN CNAME master.skyovirt.com.
- [root@192-168-174-42 ~]#
点击(此处)折叠或打开
- [root@192-168-174-42 ~]# cat /var/named/named.192.168.184
- $TTL 600
- @ IN SOA skyovirt.com. master.skyovirt.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
- @ IN NS master.skyovirt.com.
- 11 IN PTR master.skyovirt.com.
- 18 IN PTR ovirthost18.skyovirt.com.
- 10 IN PTR ovirt.skyovirt.
重启服务.
点击(此处)折叠或打开
- [root@192-168-174-42 ~]# service named restart
- Redirecting to /bin/systemctl restart named.service
- [root@192-168-174-42 ~]# netstat -lntp |grep named
- tcp 0 0 192.168.184.11:53 0.0.0.0:* LISTEN 10210/named
- tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 10210/named
- tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 10210/named
- tcp6 0 0 ::1:53 :::* LISTEN 10210/named
- tcp6 0 0 ::1:953 :::* LISTEN 10210/named
- [root@192-168-174-42 ~]#
点击(此处)折叠或打开
- [root@192-168-174-42 ~]# dig ovirt.skyovirt.com
-
- ; >> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 >> ovirt.skyovirt.com
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 30879
- ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
-
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;ovirt.skyovirt.com. IN A
-
- ;; ANSWER SECTION:
- ovirt.skyovirt.com. 600 IN A 192.168.184.10
-
- ;; AUTHORITY SECTION:
- skyovirt.com. 600 IN NS skyovirt.com.
-
- ;; ADDITIONAL SECTION:
- skyovirt.com. 600 IN A 192.168.184.11
-
- ;; Query time: 0 msec
- ;; SERVER: 127.0.0.1#53(127.0.0.1)
- ;; WHEN: Thu Mar 10 17:05:16 CST 2016
- ;; MSG SIZE rcvd: 93
-
- [root@192-168-174-42 ~]# dig www.sky-mobi.com
-
- ; >> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 >> www.sky-mobi.com
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 62581
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
-
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;www.sky-mobi.com. IN A
-
- ;; ANSWER SECTION:
- www.sky-mobi.com. 200 IN A 111.1.17.157
-
- ;; Query time: 27 msec
- ;; SERVER: 127.0.0.1#53(127.0.0.1)
- ;; WHEN: Thu Mar 10 17:05:27 CST 2016
- ;; MSG SIZE rcvd: 61