DNS学习笔记
1.DNS概述
- DNS(Domain Name System)
- 分布式数据库,域名空间
- DNS服务运行在UDP协议之上,使用端口号53。
2.DNS解析过程
- 本地缓存
- DNS服务器缓存
- DNS服务器数据库
- 根域DNS服务器,顶级-》二级域 -》三级域
- 解析结果返回或返回错误信息
3.DNS的分类
- 主DNS服务器
- 从DNS服务器
- 缓存服务器
- 转发器
4.DNS的记录类型
- SOA - 自己dns说明文本
- NS - 域的授权名称服务器
- MX - 域的邮件交换器,优先级值,越小越高
- A - IPV4主机地址
- AAAA - IPV6主机地址
- PTR - 解析IP的指针,反向记录
- CNAME - 权威名称,定义别名记录
5.DNS命名规范
- 字母、数字、下划线、最多63字节长度
- 如果命名不规范,在master-view文件上配置check-names ignore
6.DIG,NSLOOKUP,HOST
[root@linux-node1 ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 14.215.177.38
www.a.shifen.com has address 14.215.177.37
[root@linux-node1 ~]# nslookup www.baidu.com
Server: 192.168.88.2
Address: 192.168.88.2#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.38
Name: www.a.shifen.com
Address: 14.215.177.37
[root@linux-node1 ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50183
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0005 , udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 14.215.177.38
www.a.shifen.com. 5 IN A 14.215.177.37
;; Query time: 2481 msec
;; SERVER: 192.168.88.2#53(192.168.88.2)
;; WHEN: Thu Aug 17 11:42:28 CST 2017
;; MSG SIZE rcvd: 101
7. 部署BIND9
Bind是一款开源DNS服务器软件,Berkeley Internet Name Domain
- 安装软件
yum install -y bind-utils bind bind-devel bind-chroot
- vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named/chroot/etc/";
allow-query { any; };
dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {202.106.196.115;8.8.8.8; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys {"rndc-key";};
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
- vim /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
- vim /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
- vim /var/named/chroot/etc/view.conf
view "View" {
zone "fbo.com" {
type master;
file "fbo.com.zone";
allow-transfer {
192.168.57.200;
};
notify yes;
also-notify {
192.168.57.200;
};
};
};
- vim /var/named/chroot/etc/fbo.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
fbo.com IN SOA op.fbo.com. dns.fbo.com. (
2000 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.fbo.com.
$ORIGIN fbo.com.
shanks A 1.2.3.4
op A 1.2.3.4
- 启动服务
systemctl enable named
systemctl start named
- 检查结果
[root@linux-node1 var]# dig @127.0.0.1 shanks.fbo.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> @127.0.0.1 shanks.fbo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23459
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;shanks.fbo.com. IN A
;; ANSWER SECTION:
shanks.fbo.com. 3600 IN A 1.2.3.4
;; AUTHORITY SECTION:
fbo.com. 3600 IN NS op.fbo.com.
;; ADDITIONAL SECTION:
op.fbo.com. 3600 IN A 1.2.3.4
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 17 15:05:18 CST 2017
;; MSG SIZE rcvd: 92
8.部署从DNS服务器
- 安装软件
yum install -y bind-utils bind bind-devel bind-chroot
- vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named/chroot/etc/";
allow-query { any; };
dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {202.106.196.115;8.8.8.8; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys {"rndc-key";};
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
- vim /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
- vim /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
- vim /var/named/chroot/etc/view
view "SalveView" {
zone "fbo.com" {
type slave;
masters {192.168.57.100;};
file "slave.fbo.com.zone";
};
};
- 修改master上的view.conf配置,将slave节点ip加入,之后再fbo.com.zone将serial+1
- 在salve上修改目录权限,并启动
- 在master上执行
rdnc reload
9.添加A、CNAME、MX、PTR记录
- 在zone文件末尾里添加A记录(实现负载均衡)
a A x.x.x.x
[root@linux-node1 ~]# host a.fbo.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
a.fbo.com has address 192.168.122.100
- 在zone文件末尾里添加CNAME
cname CNAME a.fbo.com.
[root@linux-node1 ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@linux-node1 ~]# host cname.fbo.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
cname.fbo.com is an alias for a.fbo.com.
a.fbo.com has address 192.168.122.100
- 在zone文件末尾添加mx记录,mx值越小优先级越高
mx mx 5 x.x.x.x
mx mx 10 x.x.x.x
- 添加PTR记录
# /var/named/chroot/etc/view.conf
zone "168.192.in-addr.arpa" {
type master;
file "168.192.zone";
allow-transfer {
10.6.0.254;
};
notify yes;
also-notify {
10.6.0.254;
};
};
# /var/named/chroot/etc/168.192.zone
$TTL 3600 ; 1 hour
IN SOA op.fbo.com. dns.fbo.com. (
2004 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.fbo.com.
102.122 IN PTR a.fbo.com.
- 配置DNS视图(智能DNS)- 分区访问
# master节点/var/name/chroot/etc/named.conf,在include上面添加
acl group1 {
192.168.57.100;
};
acl group2 {
192.168.57.200;
};
# 修改/var/named/chroot/etc/view.conf为
view "GROUP1" {
match-clients { group1; };
zone "viewfbo.com" {
type master;
file "group1.viewfbo.com.zone";
};
};
view "GROUP2" {
match-clients { group2; };
zone "viewfbo.com" {
type master;
file "group2.viewfbo.com.zone";
};
};
# master节点/var/named/chroot/etc/group1.viewfbo.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
viewfbo.com IN SOA op.viewfbo.com. dns.viewfbo.com. (
2004 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.viewfbo.com.
$ORIGIN viewfbo.com.
op A 192.168.122.1
view A 192.168.122.1
# master节点/var/named/chroot/etc/group2.viewfbo.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
viewfbo.com IN SOA op.viewfbo.com. dns.viewfbo.com. (
2004 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.viewfbo.com.
$ORIGIN viewfbo.com.
op A 192.168.122.2
view A 192.168.122.2
# 修改文件权限
chown named.named /var/named/chroot/etc/group*.zone
rndc reload
dig @192.168.57.100 view.viewfbo.com
高可用、高性能
压测:queryperf
queryperf -d test.txt -s 8.8.8.8
配置管理自动化:bind-dlz
https://github.com/shanks1127/dns
其他软件
- DNSMASQ
- HTTPDNS
网友评论