1 dns
1.1 dns(域名解析服务)介绍
当访问 www.baidu.com
首先查询/etc/hosts,如果没有再去查询/etc/resolv.conf,还是没有就去查询域名服务器
- 关于客户端:
/etc/resolv.conf ##dns指向文件
nameserver 172.25.254.20
- 测试:
host www.baidu.com ##地址解析命令
dig www.baidu.com ##地址详细解析信息命令
A记录 ##ip地址叫做域名的Address 记录
SOA ##授权起始主机
dns顶级
. 13
次级
.com .net .edu .org …
baidu.com
- 关于服务端
bind ##安装包
named ##服务名称
/etc/named.conf ##主配置文件
/var/named ##数据目录
端口 ##53
- 关于报错信息:
1.no servers could be reached ##服务无法访问(服务开启?火墙?网络?端口?)
2.服务启动失败 ##配置文件写错 journalctl -xe查询错误
3.dig 查询状态
NOERROR ##表示查询成功
REFUSED ##服务拒绝访问
SERVFAIL ##查询记录失败,(dns服务器无法到达上级,拒绝缓存)
NXDOMAIN ##此域名A记录在dns中不存在
1.2 dns服务的安装与启用
dnf install bind.x86_64 -y
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
vim /etc/named.conf
11 listen-on port 53 { any; }; ##在本地所有网络接口上开启53端口
19 allow-query { any; }; ##允许查询A记录的客户端列表
34 dnssec-validation no; ##禁用dns检测使dns能够缓存外部信息到本纪
systemctl restart named
2 高速缓存dns
forwarders { 114.114.114.114; }; # 缓存该服务器的信息,到内部域名服务器中
3 dns的正向解析
vim /etc/named.rfc1912.zones
zone "westos.com" IN { ##维护的域名type master; ##当前服务器位主dnsfile "westos.com.zone"; ##域名A记录文件allow-update { none; }; ##允许更新主机列表
};
cd /var/named/
cp -p named.localhost westos.com.zone
$TTL 1D #TIME-TO-LIVE(dns地址保存时间长度)
@ IN SOA dns.westos.com. root.westos.com ( #SOA授权起始(Start of Authority)0 ; serial #域名版本序列号1D ; refresh #刷新时间(辅助dns)1H ; retry #重试时间(辅助dns)1W ; expire #过期时间(辅助dns,查询失败过期停止对辅
助域名的应答)3H ) ; minimum #A记录最短有效期NS dns.westos.com.
dns A 192.168.0.20
www CNAME westos.a.westos.com. ##规范域名
westos.a A 192.168.0.111 ##正向解析记录
westos.a A 192.168.0.112
westos.com. MX 1 192.168.0.20. ##邮件解析记录
systemctl restart named
dig www.westos.com #查询正向解析
dig -t mx westos.com #邮件解析记录查询
3.1 规范域名
3.2 邮件记录的正向解析
4 dns的反向解析
vim /etc/named.rfc1912.zones
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.ptr";
allow-update { none; };
};
cd /var/named/
cp -p named.loopback 192.168.0.ptr
vim 192.168.0.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.0.20
11 PTR www.westos.com.
12 PTR bbs.westos.com.
13 PTR news.westos.com.
systemctl restart named
- 测试:
dig -x 192.168.0.11
6.dns的双向解析
实验环境:
客户端2台
192.168.0网段
172.25.254网段 ##ifconfig ens160 172.25.254.30 netmask 255.255.255.0
服务端1台2个网段的ip
192.168.0.20
172.25.254.20 ##ifconfig ens160 172.25.254.20 netmask 255.255.255.0
在192.168.0网段的客户主机中
vim /etc/resolv.conf
nameserver 192.168.0.20
在172.25.254网段的客户主机中
vim /etc/resolv.conf
nameserver 172.25.254.20
配置方式:
cd /var/named/
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.20
www CNAME westos.a.westos.com.
westos.a A 172.25.254.111
westos.a A 172.25.254.112
westos.com. MX 1 172.25.254.20. #mail exchanger
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inters
vim /etc/named.rfc1912.inters
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
vim /etc/named.conf
#zone "." IN {
## type hint;
## file "named.ca";
##};
#
##include "/etc/named.rfc1912.zones";
##include "/etc/named.root.key";
view localnet {match-clients { 192.168.0.0/24; };zone "." IN {type hint;file "named.ca";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";
};
view internet {match-clients { any; };zone "." IN {type hint;file "named.ca";};include "/etc/named.rfc1912.inters";include "/etc/named.root.key";
};
systemctl restart named
测试:
分别在2个网段的主机中作同样域名的地址解析
得到的A记录不同
7.dns集群
主dns:
zone "westos.com" IN {type master;file "westos.com.zone";allow-update { none; };also-notify { 192.168.0.30; }; ##主动通知的辅助dns主机
};
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (2020031402 ; serial ##每次修改A记录文件需要1D ; refresh ##变更此参数的值1H ; retry1W ; expire3H ) ; minimumNS dns.westos.com.
dns A 192.168.0.20
www CNAME westos.a.westos.com.
westos.a A 192.168.0.210
westos.a A 192.168.0.211
westos.com. MX 1 192.168.0.20.
slave dns:
dnf install bind -y
firewall-cmd --add-service=dns
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;
vim /etc/named.rfc1912.zone
zone "westos.com" IN {type slave; ##dns状态位辅助dnsmasters { 192.168.0.20; }; ##主dnsfile "slaves/westos.com.zone"; ##同步数据文件
};
systemctl restart named
7.1 在辅助机上设置
7.2 在主机上设置
![[React] React-Redux 快速入门](https://img-blog.csdnimg.cn/e529e66a40cb4146ae843426ad386b0d.png)
