域名系统DNS

泛黄的咖啡店2025-04-28 10:24

DNS介绍

  • DNS是一个域名系统,在互联网环境中为域名和IP地址相互映射的一个分布式数据库 , 能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。类似于生活中的114服务,可以通过人名找到电话号码,也可以通过电话号码找到人名(生活中没有那么准确的原因是人名有重名,而域名是全世界唯一的)。
  • ONS协议运行在UDP协议之上,使用端口号53
  • 应用场景:需要域名解析的地方

DNS查询

DNS服务器部署

DNS安装

bash 复制代码 
yum -y install bind bind-chroot
  • bind DNS主程序包
  • bind-chroot DNS安全包,改变默认DNS根目录,将DNS运行在监牢模式

DNS启动

  • 方法一:不使用chroot模式启动DNS
bash 复制代码 
开启开机启动
systemctl enable named
# Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

启动DNS服务
systemctl start named
  • 方法二:使用chroot模式DNS
bash 复制代码 
将对应的文件移动到chroot根目录
主配文件
cp -p /etc/named.conf /var/named/chroot/etc/
chgrp named /var/named/chroot/etc/named.conf
named-checkconf /var/named/chroot/etc/named.conf

区域数据库文件
cp /var/named/named.localhost /var/named/chroot/var/named/ayitula.com.zone
chgrp named /var/named/chroot/var/named/ayitula.com.zone
cp -p /var/named/named.*/var/named/chroot/var/named/

启动DNS服务
开机启动
systemctl enable named-chroot.service
# Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.

启动服务
systemctl start named-chroot

DNS配置文件详解

  1. 默认情况下,如果不安装named-chroot这个包,配置文件的路径如下:

  2. 配置文件:/etc/named.conf

  3. 区域数据库文件:/var/named/

  4. 由于我们安装了named-chroot这个用于改变默认DNS配置文件的路径的包,所以相对应的配置文件的路径也发生了变化。变化如下 :

  5. 配置文件:/var/named/chroot/etc/named.conf

  6. 区域数据库文件:/var/named/chroot/var/named/

域名解析

正向解析

案例:对yudan.com域名做解析,解析要求如下:www解析为A记录IP地址为192.168.10.88,news做别名解析CNAME解析为www

  • 修改主配文件 /var/named/chroot/etc/named.conf
bash 复制代码 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 192.168.10.110; };
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	//dump-file 	"/var/named/data/cache_dump.db";
	//statistics-file "/var/named/data/named_stats.txt";
	//memstatistics-file "/var/named/data/named_mem_stats.txt";
	//recursing-file  "/var/named/data/named.recursing";
	//secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };

	recursion yes;

	//dnssec-enable yes;
	//dnssec-validation yes;

	/* Path to ISC DLV key */
	//bindkeys-file "/etc/named.root.key";

	//managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "yudan.com" IN {
	// hint master slave forward
	type master;
	file "yudan.com.zone";
}
  • 切换到/var/named/chroot/var/named/目录下
bash 复制代码 
// 自己复制一个区域数据文件
cp named.localhost yudan.com.zone
  • 修改yudan.com.zone配置文件
bash 复制代码 
$TTL 1D
yudan.com.	IN SOA	ns1.yudan.com. rname.invalid. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	ns1.yudan.com.
;A
;PTR
;Mx
;CNAME
ns1	A	192.168.10.110
www	A	192.168.10.88
news	CNAME	www
bash 复制代码 
// 检查主配文件
named-checkconf /var/named/chroot/etc/named.conf
// 检查区域数据文件
named-checkzone yudan.com /var/named/chroot/var/named/yudan.com.zone

域名解析命令

  • host:host采用非交互式解析
  • nslookup:nslookup可以采用交互或非交互式解析
  • dig:dig显示详细的解析流程
bash 复制代码 
// host命令
[root@Server named]# host www.yudan.com
www.yudan.com has address 192.168.10.88
[root@Server named]# host news.yudan.com
news.yudan.com is an alias for www.yudan.com.
www.yudan.com has address 192.168.10.88

// nslookup命令
[root@Server named]# nslookup www.yudan.com
Server:		192.168.10.110
Address:	192.168.10.110#53

Name:	www.yudan.com
Address: 192.168.10.88

// dig命令
[root@Server named]# dig www.yudan.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> www.yudan.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23645
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yudan.com.			IN	A

;; ANSWER SECTION:
www.yudan.com.		86400	IN	A	192.168.10.88

;; AUTHORITY SECTION:
yudan.com.		86400	IN	NS	ns1.yudan.com.

;; ADDITIONAL SECTION:
ns1.yudan.com.		86400	IN	A	192.168.10.110

;; Query time: 0 msec
;; SERVER: 192.168.10.110#53(192.168.10.110)
;; WHEN: 日 4月 27 11:44:00 CST 2025
;; MSG SIZE  rcvd: 92

反向解析

案例:对www.yudan.com做反向解析,其对应的lP地址为192.168.10.88

  • 配置主配文件named.conf
bash 复制代码 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 192.168.10.110; };
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	//dump-file 	"/var/named/data/cache_dump.db";
	//statistics-file "/var/named/data/named_stats.txt";
	//memstatistics-file "/var/named/data/named_mem_stats.txt";
	//recursing-file  "/var/named/data/named.recursing";
	//secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };

	recursion yes;

	//dnssec-enable yes;
	//dnssec-validation yes;

	/* Path to ISC DLV key */
	//bindkeys-file "/etc/named.root.key";

	//managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "yudan.com" IN {
	// hint master slave forward
	type master;
	file "yudan.com.zone";
};

// 反向解析IP地址
zone "10.168.192.in-addr.arpa" IN {
	type master;
	file "192.168.10.arpa";
};
  • 配置区域数据库文件192.168.10.arpa
bash 复制代码 
$TTL 1D
10.168.192.in-addr.arpa.	IN SOA	ns1.yudan.com. rname.invalid. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	ns1.yudan.com.
88	PTR	www.yudan.com.

主从同步

DNS主从

  • 主配置文件不会同步
  • 同步的是区域数据库文件

更改slave节点的主配文件

bash 复制代码 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 192.168.10.120; };
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	//dump-file 	"/var/named/data/cache_dump.db";
	//statistics-file "/var/named/data/named_stats.txt";
	//memstatistics-file "/var/named/data/named_mem_stats.txt";
	//recursing-file  "/var/named/data/named.recursing";
	//secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };

	recursion yes;

	//dnssec-enable yes;
	//dnssec-validation yes;

	/* Path to ISC DLV key */
	//bindkeys-file "/etc/named.root.key";

	//managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "yudan.com" IN {
	// hint master slave forward
	type slave;
	file "yudan.com.zone";
	masters { 192.168.10.110; };
};

zone "10.168.192.in-addr.arpa" IN {
	type slave;
	file "192.168.10.arpa";
	masters { 192.168.10.110; };
};

智能解析

在我们访问WEB的时候,发现有的网站打开的速度非常快,有的网站打开的非常慢,这是为什么呢?原因就是很多公司为了提升用户的体验,自己的网站使用了CDN内容加速服务,让你直接在你本地城市的服务器上拿数据并展示给你看。什么是CDN我们暂且理解为本地缓存服务器就好,那么你是怎么准确知道你本地的缓存服务器的呢!因为很多CDN公司的DNS使用了智能解析服务,根据你的源IP判断你属于哪个城市,让后再把本地的缓存服务器解析给你,你就会直接去找该服务器拿数据了。

在DNS中植入全世界的IP库以及IP对应的地域,当用户来请求解析时,DNS会根据其源IP来定位他属于哪个区域,然后去找这个区域的view视图查询对应的域名的区域数据库文件做解析。从而使得不同地域的用户解析不同。

bash 复制代码 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { 192.168.10.110; };
    //listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    //dump-file     "/var/named/data/cache_dump.db";
    //statistics-file "/var/named/data/named_stats.txt";
    //memstatistics-file "/var/named/data/named_mem_stats.txt";
    //recursing-file  "/var/named/data/named.recursing";
    //secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };

    recursion yes;

    //dnssec-enable yes;
    //dnssec-validation yes;

    /* Path to ISC DLV key */
    //bindkeys-file "/etc/named.root.key";

    //managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
    masterfile-format text;
};

//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};

acl bj {
    192.168.10.110;
};

acl sh {
    1.2.2.2;
};

view beijing {
    match-clients { bj; };

    zone "." IN {
        type hint;
        file "named.ca";
    };

    zone "yudan.com" IN {
        // hint master slave forward
        type master;
        file "yudan.com.zone.bj";
    };
};  // 闭合 beijing view

view shanghai {
    match-clients { sh; };

    zone "." IN {
        type hint;
        file "named.ca";
    };

    zone "yudan.com" IN {
        // hint master slave forward
        type master;
        file "yudan.com.zone.sh";
    };
};  // 闭合 shanghai view

view other {
    match-clients { bj; };

    zone "." IN {
        type hint;
        file "named.ca";
    };

    zone "yudan.com" IN {
        // hint master slave forward
        type master;
        file "yudan.com.zone.ot";
    };
};  // 闭合 other view
相关推荐
泽虞12 分钟前
《LINUX系统编程》笔记p3
linux·运维·服务器·c语言·笔记·面试
武汉誉天25 分钟前
学云计算还是网络,选哪个好?
网络·云计算
苹果醋32 小时前
Java并发编程-Java内存模型(JMM)
java·运维·spring boot·mysql·nginx
dingcb1682 小时前
4090服务器无法sudo apt update 问题解决
运维·服务器
头发那是一根不剩了2 小时前
服务器硬盘进行分区和挂载
linux·运维·服务器
Johny_Zhao2 小时前
Linux防止rm误操作防护方案
linux·网络·人工智能·网络安全·信息安全·云计算·yum源·系统运维
心一信息3 小时前
如何通过华为无线控制器添加一个名为yunwei的无线网络
运维·网络·华为
TDengine (老段)3 小时前
TDengine IDMP 运维指南(4. 使用 Docker 部署)
运维·数据库·物联网·docker·时序数据库·tdengine·涛思数据
三婶儿3 小时前
在没有客户端的客户环境下,如何用 Python 一键执行 MySQL 与达梦数据库 SQL
运维·后端·python
xcs194053 小时前
AI 自动化编程 trae 体验2 帮我分析一个项目
运维·自动化
热门推荐
01UV安装并设置国内源02【踩坑笔记】50系显卡适配的 PyTorch 安装03KGG转MP3工具|非KGM文件|解密音频04Qwen3-Coder 快速上手教程 | Qwen Code + Claude Code05蜘蛛磁力 搜索引擎大全,如何使用蜘蛛磁力查找磁力链接06Claude Code VSCode集成开发指南:AI编程助手完整配置07DeepSeek更新!速览DeepSeek V3.1新特性08NVIDIA显卡驱动、CUDA、cuDNN 和 TensorRT 版本匹配指南09【2025.08.06最新版】Android Studio下载、安装及配置记录(自动下载sdk)102025最新国内服务器可用docker源仓库地址大全(2025年8月更新)