域名系统DNS

泛黄的咖啡店2025-04-28 10:24

DNS介绍

  • DNS是一个域名系统,在互联网环境中为域名和IP地址相互映射的一个分布式数据库 , 能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。类似于生活中的114服务,可以通过人名找到电话号码,也可以通过电话号码找到人名(生活中没有那么准确的原因是人名有重名,而域名是全世界唯一的)。
  • ONS协议运行在UDP协议之上,使用端口号53
  • 应用场景:需要域名解析的地方

DNS查询

DNS服务器部署

DNS安装

bash 复制代码 
yum -y install bind bind-chroot
  • bind DNS主程序包
  • bind-chroot DNS安全包,改变默认DNS根目录,将DNS运行在监牢模式

DNS启动

  • 方法一:不使用chroot模式启动DNS
bash 复制代码 
开启开机启动
systemctl enable named
# Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

启动DNS服务
systemctl start named
  • 方法二:使用chroot模式DNS
bash 复制代码 
将对应的文件移动到chroot根目录
主配文件
cp -p /etc/named.conf /var/named/chroot/etc/
chgrp named /var/named/chroot/etc/named.conf
named-checkconf /var/named/chroot/etc/named.conf

区域数据库文件
cp /var/named/named.localhost /var/named/chroot/var/named/ayitula.com.zone
chgrp named /var/named/chroot/var/named/ayitula.com.zone
cp -p /var/named/named.*/var/named/chroot/var/named/

启动DNS服务
开机启动
systemctl enable named-chroot.service
# Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.

启动服务
systemctl start named-chroot

DNS配置文件详解

  1. 默认情况下,如果不安装named-chroot这个包,配置文件的路径如下:

  2. 配置文件:/etc/named.conf

  3. 区域数据库文件:/var/named/

  4. 由于我们安装了named-chroot这个用于改变默认DNS配置文件的路径的包,所以相对应的配置文件的路径也发生了变化。变化如下 :

  5. 配置文件:/var/named/chroot/etc/named.conf

  6. 区域数据库文件:/var/named/chroot/var/named/

域名解析

正向解析

案例:对yudan.com域名做解析,解析要求如下:www解析为A记录IP地址为192.168.10.88,news做别名解析CNAME解析为www

  • 修改主配文件 /var/named/chroot/etc/named.conf
bash 复制代码 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 192.168.10.110; };
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	//dump-file 	"/var/named/data/cache_dump.db";
	//statistics-file "/var/named/data/named_stats.txt";
	//memstatistics-file "/var/named/data/named_mem_stats.txt";
	//recursing-file  "/var/named/data/named.recursing";
	//secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };

	recursion yes;

	//dnssec-enable yes;
	//dnssec-validation yes;

	/* Path to ISC DLV key */
	//bindkeys-file "/etc/named.root.key";

	//managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "yudan.com" IN {
	// hint master slave forward
	type master;
	file "yudan.com.zone";
}
  • 切换到/var/named/chroot/var/named/目录下
bash 复制代码 
// 自己复制一个区域数据文件
cp named.localhost yudan.com.zone
  • 修改yudan.com.zone配置文件
bash 复制代码 
$TTL 1D
yudan.com.	IN SOA	ns1.yudan.com. rname.invalid. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	ns1.yudan.com.
;A
;PTR
;Mx
;CNAME
ns1	A	192.168.10.110
www	A	192.168.10.88
news	CNAME	www
bash 复制代码 
// 检查主配文件
named-checkconf /var/named/chroot/etc/named.conf
// 检查区域数据文件
named-checkzone yudan.com /var/named/chroot/var/named/yudan.com.zone

域名解析命令

  • host:host采用非交互式解析
  • nslookup:nslookup可以采用交互或非交互式解析
  • dig:dig显示详细的解析流程
bash 复制代码 
// host命令
[root@Server named]# host www.yudan.com
www.yudan.com has address 192.168.10.88
[root@Server named]# host news.yudan.com
news.yudan.com is an alias for www.yudan.com.
www.yudan.com has address 192.168.10.88

// nslookup命令
[root@Server named]# nslookup www.yudan.com
Server:		192.168.10.110
Address:	192.168.10.110#53

Name:	www.yudan.com
Address: 192.168.10.88

// dig命令
[root@Server named]# dig www.yudan.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> www.yudan.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23645
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yudan.com.			IN	A

;; ANSWER SECTION:
www.yudan.com.		86400	IN	A	192.168.10.88

;; AUTHORITY SECTION:
yudan.com.		86400	IN	NS	ns1.yudan.com.

;; ADDITIONAL SECTION:
ns1.yudan.com.		86400	IN	A	192.168.10.110

;; Query time: 0 msec
;; SERVER: 192.168.10.110#53(192.168.10.110)
;; WHEN: 日 4月 27 11:44:00 CST 2025
;; MSG SIZE  rcvd: 92

反向解析

案例:对www.yudan.com做反向解析,其对应的lP地址为192.168.10.88

  • 配置主配文件named.conf
bash 复制代码 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 192.168.10.110; };
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	//dump-file 	"/var/named/data/cache_dump.db";
	//statistics-file "/var/named/data/named_stats.txt";
	//memstatistics-file "/var/named/data/named_mem_stats.txt";
	//recursing-file  "/var/named/data/named.recursing";
	//secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };

	recursion yes;

	//dnssec-enable yes;
	//dnssec-validation yes;

	/* Path to ISC DLV key */
	//bindkeys-file "/etc/named.root.key";

	//managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "yudan.com" IN {
	// hint master slave forward
	type master;
	file "yudan.com.zone";
};

// 反向解析IP地址
zone "10.168.192.in-addr.arpa" IN {
	type master;
	file "192.168.10.arpa";
};
  • 配置区域数据库文件192.168.10.arpa
bash 复制代码 
$TTL 1D
10.168.192.in-addr.arpa.	IN SOA	ns1.yudan.com. rname.invalid. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	ns1.yudan.com.
88	PTR	www.yudan.com.

主从同步

DNS主从

  • 主配置文件不会同步
  • 同步的是区域数据库文件

更改slave节点的主配文件

bash 复制代码 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 192.168.10.120; };
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	//dump-file 	"/var/named/data/cache_dump.db";
	//statistics-file "/var/named/data/named_stats.txt";
	//memstatistics-file "/var/named/data/named_mem_stats.txt";
	//recursing-file  "/var/named/data/named.recursing";
	//secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };

	recursion yes;

	//dnssec-enable yes;
	//dnssec-validation yes;

	/* Path to ISC DLV key */
	//bindkeys-file "/etc/named.root.key";

	//managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "yudan.com" IN {
	// hint master slave forward
	type slave;
	file "yudan.com.zone";
	masters { 192.168.10.110; };
};

zone "10.168.192.in-addr.arpa" IN {
	type slave;
	file "192.168.10.arpa";
	masters { 192.168.10.110; };
};

智能解析

在我们访问WEB的时候,发现有的网站打开的速度非常快,有的网站打开的非常慢,这是为什么呢?原因就是很多公司为了提升用户的体验,自己的网站使用了CDN内容加速服务,让你直接在你本地城市的服务器上拿数据并展示给你看。什么是CDN我们暂且理解为本地缓存服务器就好,那么你是怎么准确知道你本地的缓存服务器的呢!因为很多CDN公司的DNS使用了智能解析服务,根据你的源IP判断你属于哪个城市,让后再把本地的缓存服务器解析给你,你就会直接去找该服务器拿数据了。

在DNS中植入全世界的IP库以及IP对应的地域,当用户来请求解析时,DNS会根据其源IP来定位他属于哪个区域,然后去找这个区域的view视图查询对应的域名的区域数据库文件做解析。从而使得不同地域的用户解析不同。

bash 复制代码 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { 192.168.10.110; };
    //listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    //dump-file     "/var/named/data/cache_dump.db";
    //statistics-file "/var/named/data/named_stats.txt";
    //memstatistics-file "/var/named/data/named_mem_stats.txt";
    //recursing-file  "/var/named/data/named.recursing";
    //secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };

    recursion yes;

    //dnssec-enable yes;
    //dnssec-validation yes;

    /* Path to ISC DLV key */
    //bindkeys-file "/etc/named.root.key";

    //managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
    masterfile-format text;
};

//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};

acl bj {
    192.168.10.110;
};

acl sh {
    1.2.2.2;
};

view beijing {
    match-clients { bj; };

    zone "." IN {
        type hint;
        file "named.ca";
    };

    zone "yudan.com" IN {
        // hint master slave forward
        type master;
        file "yudan.com.zone.bj";
    };
};  // 闭合 beijing view

view shanghai {
    match-clients { sh; };

    zone "." IN {
        type hint;
        file "named.ca";
    };

    zone "yudan.com" IN {
        // hint master slave forward
        type master;
        file "yudan.com.zone.sh";
    };
};  // 闭合 shanghai view

view other {
    match-clients { bj; };

    zone "." IN {
        type hint;
        file "named.ca";
    };

    zone "yudan.com" IN {
        // hint master slave forward
        type master;
        file "yudan.com.zone.ot";
    };
};  // 闭合 other view
相关推荐
唐僧洗头爱飘柔952725 分钟前
(云计算HCIP)HCIP全笔记(九)本篇介绍操作系统基础,内容包含:操作系统组成、分类和定义,Linux的特性结构和Linux版本分类
linux·笔记·华为云·云计算·hcip·openeuler·操作系统概述
高峰君主1 小时前
全栈自动化:从零构建智能CI/CD流水线
运维·ci/cd·自动化
阻容降压1 小时前
腾讯云物联网平台
云计算·腾讯云
IT运维爱好者1 小时前
Ubuntu 22.04.4操作系统初始化详细配置
linux·运维·服务器·ubuntu
qq_543248522 小时前
正则表达式三剑客之——grep和sed
linux·运维·正则表达式
极小狐2 小时前
极狐GitLab 的合并请求部件能干什么?
运维·git·安全·gitlab·极狐gitlab
H1346948903 小时前
服务器异地备份,服务器异地备份有哪些方法?
运维·服务器
ImAlex3 小时前
运维大师教你使用流量监控神器nethogs分析Linux进程网络流量
linux·运维
24k小善3 小时前
FlinkUpsertKafka深度解析
java·大数据·flink·云计算
ImAlex3 小时前
运维大神教你如何用iftop和ss命令结合排查带宽占用高的进程
linux·运维
热门推荐
01西电B测-计算机网络综合实验(含验收问题)02KGG转MP3工具|非KGM文件|解密音频03从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑04Coze扣子平台完整体验和实践(附国内和国际版对比)05yolov8,yolo11,yolo12 服务器训练到部署全流程 笔记06我决定放弃搞 Java 了07YOLOv5改进 | 添加CA注意力机制 + 增加预测层 + 更换损失函数之GIoU08YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】09DeepSeek各版本说明与优缺点分析10yolov8实战第五天——yolov8+ffmpg实时视频流检测并进行实时推流——(推流,保姆教学)