一. 背景
A 虚拟机: centos 7 IP: 172.30.22.100,gateway: 172.30.16.1, dns:114.114.114.114, 172.30.16.1,8.8.8.8
B 虚拟机:ubuntu18 IP: 172.30.22.60,gateway: 172.30.16.1, dns:114.114.114.114, 172.30.16.1,8.8.8.8 ,假设当做 www.mageedu.com主机
C 虚拟机:ubuntu18 IP: 172.30.22.66,gateway: 172.30.16.1, dns:114.114.114.114, 172.30.16.1,8.8.8.8,假设当做 mail.mageedu.com主机和 bbs.mageedu.com主机
D 虚拟机:ubuntu18 IP: 172.30.22.67,gateway: 172.30.16.1, dns:114.114.114.114, 172.30.16.1,8.8.8.8, 假设当做 blog.mageedu.com主机
E 虚拟机:centos7,普通主机,做为dns客户端
A安装bind做为域名服务器。 其它几个虚拟机只做为普通主机,E设置A做为dns服务器。
所有主机的 hostname不需要额外设置。
二.安装
A 机器:172.30.22.100
[root@localhost ~]# cat /etc/centos-release
CentOS Linux release 7.5.1804 (Core) #centos7应该通用
[root@localhost ~]# service iptables stop # centos6有iptables 服务,centos7应该没有了,改成firewalld了
Redirecting to /bin/systemctl stop iptables.service
Failed to stop iptables.service: Unit iptables.service not loaded.
[root@localhost ~]# systemctl status firewalld
[root@localhost ~]# systemctl disable firewalld #关闭开机自启动
[root@localhost ~]# systemctl stop firewalld #停止服务
关闭firewalld非常重要,我搭建的时候因为没有关闭,导致其它客户端不能设置本机作为dns服务器,我好郁闷,总是以为配置出问题了,浪费很多时间,后来才确定是由firewalld导致的.建议虚拟机模板把防火墙关闭,selinux关闭.
[root@localhost ~]# setenforce 0 #关闭selinux,立即生效
vi /etc/selinux/config 把第7行的 enforcing改成disabled,之后,开机禁止启动selinux
安装bind包:
yum install -y bind bind-utils bind-libs
说明:1 如果找不到这几个程序,则先使用 yum install -y epel
2 bind-utils里有几个客户端命令,如dig,host,nslookup等
查询bind包里的文件列表:
rpm -ql bind
说明:
1 服务程序是 /usr/sbin/named
2 配置文件 /etc/named.conf
3 区域数据文件在 /var/named目录下,这个是在 /etc/named.conf里配置的,并且权限很特殊: root:named
4 如何让配置生效:
systemctl restart named
或者
service named restart
5 检查:
[root@dns named]# netstat -apntul | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6499/named
tcp 0 0 172.30.22.100:53 0.0.0.0:* LISTEN 6499/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6499/named
tcp6 0 0 ::1:953 :::* LISTEN 6499/named
udp 0 0 172.30.22.100:53 0.0.0.0:* 6499/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 6499/named
二.配置
[root@dns etc]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 114.114.114.114
nameserver 172.30.16.1
nameserver 8.8.8.8
cd /etc
mv named.conf named.conf.ori # 不使用默认配置
vi named.conf:
####################################################################
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
####################################################################
[root@dns etc]# chown root.named named.conf
[root@dns etc]# systemctl restart named
使用上面的配置,重启服务后,已经能作为缓存dns服务器了,其它主机如果设置它做dns,已经可以使用了。
添加本机器所负责的正向区域和反向区域文件:
zone "mageedu.com" IN {
type master;
file "mageedu.com.zone";
};
zone "22.30.172.in-addr.arpa" IN {
type master;
file "172.30.22.zone";
};
cd /var/named
[root@dns named]# cat mageedu.com.zone
$TTL 600
mageedu.com. IN SOA ns1.mageedu.com. admin.mageedu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
IN MX 10 mail
ns1 IN A 172.30.22.100
mail IN A 172.30.22.66
www IN A 172.30.22.60
bbs IN A 172.30.22.66
blog IN A 172.30.22.67
[root@dns named]#
[root@dns named]# cat 172.30.22.zone
$TTL 600
@ IN SOA ns1.mageedu.com. admin.mageedu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.mageedu.com.
100 IN PTR ns1.mageedu.com.
66 IN PTR mail.mageedu.com.
60 IN PTR www.mageedu.com.
66 IN PTR bbs.mageedu.com.
67 IN PTR blog.megeedu.com.
[root@dns named]# systemctl restart named #重启服务
四.客户端
1 dig
2 host
3 nslookup
4 其它客户机设置DNS域名服务器
dig 用法:
1 dig 地址:
使用本机配置的dns服务器查询该网站主机的ip,通过 cat /etc/resolv.conf查看配置的dns服务器,
该文件也可以用root修改,修改后马上生效,但修改网卡的配置后重启网络会覆盖此文件。
如 dig www.baidu.com (A机器本机上执行)
以下注意查看 answer section:
root@u64:~# dig www.baidu.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.baidu.com ####此处显示命令信息
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40496
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: #question区
;www.baidu.com. IN A
;; ANSWER SECTION: #answer区
www.baidu.com. 300 IN CNAME www.a.shifen.com.
www.a.shifen.com. 300 IN A 14.215.177.38
www.a.shifen.com. 300 IN A 14.215.177.39
;; Query time: 6 msec
;; SERVER: 127.0.1.1#53(127.0.1.1) # 这是目前所使用的dns服务器IP
;; WHEN: Wed Dec 19 11:46:58 CST 2018
;; MSG SIZE rcvd: 90
2 dig 地址 @指定的DNS-IP:
可以在同一个局域网内任意机器上执行
使用指定的ip作为dns服务器(前提当然是该dns服务器上安装了bind等域名服务器程序并在运行),来查询该网站主机的IP,如:
[root@dns-client ~]# dig blog.mageedu.com @172.30.22.100
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> blog.mageedu.com @172.30.22.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blog.mageedu.com. IN A
;; ANSWER SECTION:
blog.mageedu.com. 600 IN A 172.30.22.67
;; AUTHORITY SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.30.22.100
;; Query time: 0 msec
;; SERVER: 172.30.22.100#53(172.30.22.100)
;; WHEN: 三 12月 19 01:55:55 EST 2018
;; MSG SIZE rcvd: 95
3 dig -t RT key @指定的DNS-IP:
可在同一个局域网内任意机器上执行
上面的RT指资源类型,一般就是正向区域文件里对应的各种类型,如SOA,NS,A,CNAME,MX等
如果资源类型是A,那这里的key就是具体的网站主机了,如
[root@dns-client ~]# dig -t A blog.mageedu.com @172.30.22.100
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A blog.mageedu.com @172.30.22.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15306
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blog.mageedu.com. IN A
;; ANSWER SECTION:
blog.mageedu.com. 600 IN A 172.30.22.67
;; AUTHORITY SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.30.22.100
;; Query time: 0 msec
;; SERVER: 172.30.22.100#53(172.30.22.100)
;; WHEN: 三 12月 19 01:54:48 EST 2018
;; MSG SIZE rcvd: 95
[root@dns-client ~]#
如果资源类型是SOA,那这里的key就是域名了,如
[root@dns-client ~]# dig -t SOA mageedu.com @172.30.22.100
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t SOA mageedu.com @172.30.22.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5433
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mageedu.com. IN SOA
;; ANSWER SECTION:
mageedu.com. 600 IN SOA ns1.mageedu.com. admin.mageedu.com. 0 86400 3600 604800 10800
;; AUTHORITY SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.30.22.100
;; Query time: 0 msec
;; SERVER: 172.30.22.100#53(172.30.22.100)
;; WHEN: 三 12月 19 01:57:24 EST 2018
;; MSG SIZE rcvd: 116
[root@dns-client ~]#
4 dig -x ip @dns-ip
反向查询ip对应的网站主机名
root@u64:~# dig -x 172.30.22.66 @172.30.22.100
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 172.30.22.66 @172.30.22.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57272
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;66.22.30.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
66.22.30.172.in-addr.arpa. 600 IN PTR mail.mageedu.com.
66.22.30.172.in-addr.arpa. 600 IN PTR bbs.mageedu.com.
;; AUTHORITY SECTION:
22.30.172.in-addr.arpa. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 172.30.22.100
;; Query time: 0 msec
;; SERVER: 172.30.22.100#53(172.30.22.100)
;; WHEN: Wed Dec 19 12:00:26 CST 2018
;; MSG SIZE rcvd: 136
5 dig +trace -t A www.baidu.com @172.30.22.100
打印trace过程,即把详细的查询过程日志打印处理
[root@dns-client ~]# dig +trace -t A www.baidu.com @172.30.22.100
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> +trace -t A www.baidu.com @172.30.22.100
;; global options: +cmd
. 518400 IN NS k.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS h.root-servers.net.
;; Received 239 bytes from 172.30.22.100#53(172.30.22.100) in 4367 ms
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20190101050000 20181219040000 2134 . IYKMuG7jMyhi6GKnY9JcOS/WbeprVAM8+n0lP4d1Yoi+w1vxnLV00KJI LZOSXpsN42WBcqlFoxH/mWrNDyxdzhe9R1QsqSub33Xgq+kej6kcf+aP BqsHufA32tIZT6ChK6CkAdkrjxjN+kitkj/3k+DPbTz67aXQtX79JgbX u6ODOGpSi/+nUzErkHUHaH2fJoasVvVlLdHMXDX0XCZ5wyr3ROw6xeEc ybBp4R/Sf4mZLhrU/hxeg97sbaIf6GuFsPveRsb2L/s3+r8XmPQ8ddL8 DVuFiTJiqZhqrvXn5dTNmJONhOWKRFOyWeRc9BtgiVTegFyyP+lWk1uX PARqIg==
;; Received 1173 bytes from 192.33.4.12#53(c.root-servers.net) in 1139 ms
baidu.com. 172800 IN NS dns.baidu.com.
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20181226054322 20181219043322 37490 com. JWVzOCYChHDr1fAgipsW3MNWnmcfLSdjcGUSLUMwHrI+ItvRvcZF7Vu/ bakMVykWYSt+WGEZ+ul1zBUsG3C16KgzQyfDLcy8HeD8uYcKVCft/t/B bLQUbZ7g5oaJHH/6A6PqfN7eLnGrhJzgSgBh3aklJTZz7fbkq7DTvSfo +68=
HPVV2B5N85O7HJJRB7690IB5UVF9O9UA.com. 86400 IN NSEC3 1 1 0 - HPVVN3Q5E5GOQP2QFE2LEM4SVB9C0SJ6 NS DS RRSIG
HPVV2B5N85O7HJJRB7690IB5UVF9O9UA.com. 86400 IN RRSIG NSEC3 8 2 86400 20181224060830 20181217045830 37490 com. cSrPdt4z2mvL14K3s148YmXf53ymFCD5lv5FK4+7S1yJzUlgZlclIrJT xMe1VcDzxxQkUDJRwlR7fcitDfmEDmvzcdyF/oA5cLUODSympGcA12fr KdbZ3Q1shMxRbeleVwXSCz/13YsgKUHTEenak6swOMPIK8SsK5T+Awlk wVY=
;; Received 697 bytes from 192.5.6.30#53(a.gtld-servers.net) in 20199 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
;; Received 239 bytes from 220.181.37.10#53(ns2.baidu.com) in 36 ms
6 dig -t axfr mageedu.com(待补充)
host命令用法:
正向查询
[root@dns named]# host blog.mageedu.com
blog.mageedu.com has address 172.30.22.67
也可以反向查询
[root@dns-client ~]# host 172.30.22.66
66.22.30.172.in-addr.arpa domain name pointer mail.mageedu.com.
66.22.30.172.in-addr.arpa domain name pointer bbs.mageedu.com.
nslookup命令用法:
nslookup 在window和linux都可以使用。
交互式使用:
[root@dns-client ~]# nslookup
> server 172.30.22.100
Default server: 172.30.22.100
Address: 172.30.22.100#53
> set q=A
> blog.mageedu.com
Server: 172.30.22.100
Address: 172.30.22.100#53
Name: blog.mageedu.com
Address: 172.30.22.67
4 其它客户机设置DNS域名服务器
修改 /etc/resolv.conf :
nameserver 172.30.22.100
然后去打开浏览器,或者在命令行下使用 curl ,ping , wget,yum 等会联网的命令。
结果是都能通的,不会出现网络错误的问题。
说明搭建成功。
总结:
1 关闭selinux,firewalld
2 配置文件权限
网友评论