DNS介绍
- DNS是一个域名系统,在互联网环境中为域名和IP地址相互映射的一个分布式数据库 , 能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。类似于生活中的114服务,可以通过人名找到电话号码,也可以通过电话号码找到人名(生活中没有那么准确的原因是人名有重名,而域名是全世界唯一的)。
- ONS协议运行在UDP协议之上,使用端口号53
- 应用场景:需要域名解析的地方
DNS查询
DNS服务器部署
DNS安装
bash
yum -y install bind bind-chroot- bind DNS主程序包
- bind-chroot DNS安全包,改变默认DNS根目录,将DNS运行在监牢模式
DNS启动
- 方法一:不使用chroot模式启动DNS
bash
开启开机启动
systemctl enable named
# Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
启动DNS服务
systemctl start named- 方法二:使用chroot模式DNS
bash
将对应的文件移动到chroot根目录
主配文件
cp -p /etc/named.conf /var/named/chroot/etc/
chgrp named /var/named/chroot/etc/named.conf
named-checkconf /var/named/chroot/etc/named.conf
区域数据库文件
cp /var/named/named.localhost /var/named/chroot/var/named/ayitula.com.zone
chgrp named /var/named/chroot/var/named/ayitula.com.zone
cp -p /var/named/named.*/var/named/chroot/var/named/
启动DNS服务
开机启动
systemctl enable named-chroot.service
# Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.
启动服务
systemctl start named-chrootDNS配置文件详解
-
默认情况下,如果不安装named-chroot这个包,配置文件的路径如下:
-
配置文件:/etc/named.conf
-
区域数据库文件:/var/named/
-
由于我们安装了named-chroot这个用于改变默认DNS配置文件的路径的包,所以相对应的配置文件的路径也发生了变化。变化如下 :
-
配置文件:/var/named/chroot/etc/named.conf
-
区域数据库文件:/var/named/chroot/var/named/
域名解析
正向解析
案例:对yudan.com域名做解析,解析要求如下:www解析为A记录IP地址为192.168.10.88,news做别名解析CNAME解析为www
- 修改主配文件 /var/named/chroot/etc/named.conf
bash
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.10.110; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
//dump-file "/var/named/data/cache_dump.db";
//statistics-file "/var/named/data/named_stats.txt";
//memstatistics-file "/var/named/data/named_mem_stats.txt";
//recursing-file "/var/named/data/named.recursing";
//secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.root.key";
//managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
//logging {
// channel default_debug {
// file "data/named.run";
// severity dynamic;
// };
//};
zone "." IN {
type hint;
file "named.ca";
};
zone "yudan.com" IN {
// hint master slave forward
type master;
file "yudan.com.zone";
}- 切换到/var/named/chroot/var/named/目录下
bash
// 自己复制一个区域数据文件
cp named.localhost yudan.com.zone- 修改yudan.com.zone配置文件
bash
$TTL 1D
yudan.com. IN SOA ns1.yudan.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.yudan.com.
;A
;PTR
;Mx
;CNAME
ns1 A 192.168.10.110
www A 192.168.10.88
news CNAME www
bash
// 检查主配文件
named-checkconf /var/named/chroot/etc/named.conf
// 检查区域数据文件
named-checkzone yudan.com /var/named/chroot/var/named/yudan.com.zone域名解析命令
- host:host采用非交互式解析
- nslookup:nslookup可以采用交互或非交互式解析
- dig:dig显示详细的解析流程
bash
// host命令
[root@Server named]# host www.yudan.com
www.yudan.com has address 192.168.10.88
[root@Server named]# host news.yudan.com
news.yudan.com is an alias for www.yudan.com.
www.yudan.com has address 192.168.10.88
// nslookup命令
[root@Server named]# nslookup www.yudan.com
Server: 192.168.10.110
Address: 192.168.10.110#53
Name: www.yudan.com
Address: 192.168.10.88
// dig命令
[root@Server named]# dig www.yudan.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> www.yudan.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23645
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yudan.com. IN A
;; ANSWER SECTION:
www.yudan.com. 86400 IN A 192.168.10.88
;; AUTHORITY SECTION:
yudan.com. 86400 IN NS ns1.yudan.com.
;; ADDITIONAL SECTION:
ns1.yudan.com. 86400 IN A 192.168.10.110
;; Query time: 0 msec
;; SERVER: 192.168.10.110#53(192.168.10.110)
;; WHEN: 日 4月 27 11:44:00 CST 2025
;; MSG SIZE rcvd: 92反向解析
案例:对www.yudan.com做反向解析,其对应的lP地址为192.168.10.88
- 配置主配文件named.conf
bash
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.10.110; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
//dump-file "/var/named/data/cache_dump.db";
//statistics-file "/var/named/data/named_stats.txt";
//memstatistics-file "/var/named/data/named_mem_stats.txt";
//recursing-file "/var/named/data/named.recursing";
//secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.root.key";
//managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
//logging {
// channel default_debug {
// file "data/named.run";
// severity dynamic;
// };
//};
zone "." IN {
type hint;
file "named.ca";
};
zone "yudan.com" IN {
// hint master slave forward
type master;
file "yudan.com.zone";
};
// 反向解析IP地址
zone "10.168.192.in-addr.arpa" IN {
type master;
file "192.168.10.arpa";
};- 配置区域数据库文件192.168.10.arpa
bash
$TTL 1D
10.168.192.in-addr.arpa. IN SOA ns1.yudan.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.yudan.com.
88 PTR www.yudan.com.主从同步
DNS主从
- 主配置文件不会同步
- 同步的是区域数据库文件
更改slave节点的主配文件
bash
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.10.120; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
//dump-file "/var/named/data/cache_dump.db";
//statistics-file "/var/named/data/named_stats.txt";
//memstatistics-file "/var/named/data/named_mem_stats.txt";
//recursing-file "/var/named/data/named.recursing";
//secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.root.key";
//managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
//logging {
// channel default_debug {
// file "data/named.run";
// severity dynamic;
// };
//};
zone "." IN {
type hint;
file "named.ca";
};
zone "yudan.com" IN {
// hint master slave forward
type slave;
file "yudan.com.zone";
masters { 192.168.10.110; };
};
zone "10.168.192.in-addr.arpa" IN {
type slave;
file "192.168.10.arpa";
masters { 192.168.10.110; };
};智能解析
在我们访问WEB的时候,发现有的网站打开的速度非常快,有的网站打开的非常慢,这是为什么呢?原因就是很多公司为了提升用户的体验,自己的网站使用了CDN内容加速服务,让你直接在你本地城市的服务器上拿数据并展示给你看。什么是CDN我们暂且理解为本地缓存服务器就好,那么你是怎么准确知道你本地的缓存服务器的呢!因为很多CDN公司的DNS使用了智能解析服务,根据你的源IP判断你属于哪个城市,让后再把本地的缓存服务器解析给你,你就会直接去找该服务器拿数据了。
在DNS中植入全世界的IP库以及IP对应的地域,当用户来请求解析时,DNS会根据其源IP来定位他属于哪个区域,然后去找这个区域的view视图查询对应的域名的区域数据库文件做解析。从而使得不同地域的用户解析不同。
bash
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.10.110; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
//dump-file "/var/named/data/cache_dump.db";
//statistics-file "/var/named/data/named_stats.txt";
//memstatistics-file "/var/named/data/named_mem_stats.txt";
//recursing-file "/var/named/data/named.recursing";
//secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.root.key";
//managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
masterfile-format text;
};
//logging {
// channel default_debug {
// file "data/named.run";
// severity dynamic;
// };
//};
acl bj {
192.168.10.110;
};
acl sh {
1.2.2.2;
};
view beijing {
match-clients { bj; };
zone "." IN {
type hint;
file "named.ca";
};
zone "yudan.com" IN {
// hint master slave forward
type master;
file "yudan.com.zone.bj";
};
}; // 闭合 beijing view
view shanghai {
match-clients { sh; };
zone "." IN {
type hint;
file "named.ca";
};
zone "yudan.com" IN {
// hint master slave forward
type master;
file "yudan.com.zone.sh";
};
}; // 闭合 shanghai view
view other {
match-clients { bj; };
zone "." IN {
type hint;
file "named.ca";
};
zone "yudan.com" IN {
// hint master slave forward
type master;
file "yudan.com.zone.ot";
};
}; // 闭合 other view