DNS介绍

• DNS是一个域名系统，在互联网环境中为域名和IP地址相互映射的一个分布式数据库 ， 能够使用户更方便的访问互联网，而不用去记住能够被机器直接读取的IP数串。类似于生活中的114服务，可以通过人名找到电话号码，也可以通过电话号码找到人名（生活中没有那么准确的原因是人名有重名，而域名是全世界唯一的）。
• ONS协议运行在UDP协议之上，使用端口号53
• 应用场景：需要域名解析的地方

DNS查询

DNS服务器部署

DNS安装

yum -y install bind bind-chroot

• bind DNS主程序包
• bind-chroot DNS安全包，改变默认DNS根目录，将DNS运行在监牢模式

DNS启动

• 方法一：不使用chroot模式启动DNS

开启开机启动
systemctl enable named
# Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.启动DNS服务
systemctl start named

• 方法二：使用chroot模式DNS

将对应的文件移动到chroot根目录
主配文件
cp -p /etc/named.conf /var/named/chroot/etc/
chgrp named /var/named/chroot/etc/named.conf
named-checkconf /var/named/chroot/etc/named.conf区域数据库文件
cp /var/named/named.localhost /var/named/chroot/var/named/ayitula.com.zone
chgrp named /var/named/chroot/var/named/ayitula.com.zone
cp -p /var/named/named.*/var/named/chroot/var/named/启动DNS服务
开机启动
systemctl enable named-chroot.service
# Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.启动服务
systemctl start named-chroot

DNS配置文件详解

1. 默认情况下，如果不安装named-chroot这个包，配置文件的路径如下：
2. 配置文件：/etc/named.conf
3. 区域数据库文件：/var/named/

1. 由于我们安装了named-chroot这个用于改变默认DNS配置文件的路径的包，所以相对应的配置文件的路径也发生了变化。变化如下 ：
2. 配置文件：/var/named/chroot/etc/named.conf
3. 区域数据库文件：/var/named/chroot/var/named/

域名解析

正向解析

案例：对yudan.com域名做解析，解析要求如下：www解析为A记录IP地址为192.168.10.88，news做别名解析CNAME解析为www

• 修改主配文件 /var/named/chroot/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 192.168.10.110; };//listen-on-v6 port 53 { ::1; };directory 	"/var/named";//dump-file 	"/var/named/data/cache_dump.db";//statistics-file "/var/named/data/named_stats.txt";//memstatistics-file "/var/named/data/named_mem_stats.txt";//recursing-file  "/var/named/data/named.recursing";//secroots-file   "/var/named/data/named.secroots";allow-query     { any; };recursion yes;//dnssec-enable yes;//dnssec-validation yes;/* Path to ISC DLV key *///bindkeys-file "/etc/named.root.key";//managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};zone "." IN {type hint;file "named.ca";
};zone "yudan.com" IN {// hint master slave forwardtype master;file "yudan.com.zone";
}

• 切换到/var/named/chroot/var/named/目录下

// 自己复制一个区域数据文件
cp named.localhost yudan.com.zone

•  修改yudan.com.zone配置文件

$TTL 1D
yudan.com.	IN SOA	ns1.yudan.com. rname.invalid. (0	; serial1D	; refresh1H	; retry1W	; expire3H )	; minimumNS	ns1.yudan.com.
;A
;PTR
;Mx
;CNAME
ns1	A	192.168.10.110
www	A	192.168.10.88
news	CNAME	www

// 检查主配文件
named-checkconf /var/named/chroot/etc/named.conf
// 检查区域数据文件
named-checkzone yudan.com /var/named/chroot/var/named/yudan.com.zone

域名解析命令

• host：host采用非交互式解析
• nslookup：nslookup可以采用交互或非交互式解析
• dig：dig显示详细的解析流程

// host命令
[root@Server named]# host www.yudan.com
www.yudan.com has address 192.168.10.88
[root@Server named]# host news.yudan.com
news.yudan.com is an alias for www.yudan.com.
www.yudan.com has address 192.168.10.88// nslookup命令
[root@Server named]# nslookup www.yudan.com
Server:		192.168.10.110
Address:	192.168.10.110#53Name:	www.yudan.com
Address: 192.168.10.88// dig命令
[root@Server named]# dig www.yudan.com; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> www.yudan.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23645
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yudan.com.			IN	A;; ANSWER SECTION:
www.yudan.com.		86400	IN	A	192.168.10.88;; AUTHORITY SECTION:
yudan.com.		86400	IN	NS	ns1.yudan.com.;; ADDITIONAL SECTION:
ns1.yudan.com.		86400	IN	A	192.168.10.110;; Query time: 0 msec
;; SERVER: 192.168.10.110#53(192.168.10.110)
;; WHEN: 日 4月 27 11:44:00 CST 2025
;; MSG SIZE  rcvd: 92

反向解析

案例：对www.yudan.com做反向解析，其对应的lP地址为192.168.10.88

• 配置主配文件named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 192.168.10.110; };//listen-on-v6 port 53 { ::1; };directory 	"/var/named";//dump-file 	"/var/named/data/cache_dump.db";//statistics-file "/var/named/data/named_stats.txt";//memstatistics-file "/var/named/data/named_mem_stats.txt";//recursing-file  "/var/named/data/named.recursing";//secroots-file   "/var/named/data/named.secroots";allow-query     { any; };recursion yes;//dnssec-enable yes;//dnssec-validation yes;/* Path to ISC DLV key *///bindkeys-file "/etc/named.root.key";//managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};zone "." IN {type hint;file "named.ca";
};zone "yudan.com" IN {// hint master slave forwardtype master;file "yudan.com.zone";
};// 反向解析IP地址
zone "10.168.192.in-addr.arpa" IN {type master;file "192.168.10.arpa";
};

• 配置区域数据库文件192.168.10.arpa

$TTL 1D
10.168.192.in-addr.arpa.	IN SOA	ns1.yudan.com. rname.invalid. (0	; serial1D	; refresh1H	; retry1W	; expire3H )	; minimumNS	ns1.yudan.com.
88	PTR	www.yudan.com.

主从同步

DNS主从

• 主配置文件不会同步
• 同步的是区域数据库文件

更改slave节点的主配文件

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 192.168.10.120; };//listen-on-v6 port 53 { ::1; };directory 	"/var/named";//dump-file 	"/var/named/data/cache_dump.db";//statistics-file "/var/named/data/named_stats.txt";//memstatistics-file "/var/named/data/named_mem_stats.txt";//recursing-file  "/var/named/data/named.recursing";//secroots-file   "/var/named/data/named.secroots";allow-query     { any; };recursion yes;//dnssec-enable yes;//dnssec-validation yes;/* Path to ISC DLV key *///bindkeys-file "/etc/named.root.key";//managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};zone "." IN {type hint;file "named.ca";
};zone "yudan.com" IN {// hint master slave forwardtype slave;file "yudan.com.zone";masters { 192.168.10.110; };
};zone "10.168.192.in-addr.arpa" IN {type slave;file "192.168.10.arpa";masters { 192.168.10.110; };
};

 智能解析

在我们访问WEB的时候，发现有的网站打开的速度非常快，有的网站打开的非常慢，这是为什么呢？原因就是很多公司为了提升用户的体验，自己的网站使用了CDN内容加速服务，让你直接在你本地城市的服务器上拿数据并展示给你看。什么是CDN我们暂且理解为本地缓存服务器就好，那么你是怎么准确知道你本地的缓存服务器的呢！因为很多CDN公司的DNS使用了智能解析服务，根据你的源IP判断你属于哪个城市，让后再把本地的缓存服务器解析给你，你就会直接去找该服务器拿数据了。
 

在DNS中植入全世界的IP库以及IP对应的地域，当用户来请求解析时，DNS会根据其源IP来定位他属于哪个区域，然后去找这个区域的view视图查询对应的域名的区域数据库文件做解析。从而使得不同地域的用户解析不同。

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 192.168.10.110; };//listen-on-v6 port 53 { ::1; };directory     "/var/named";//dump-file     "/var/named/data/cache_dump.db";//statistics-file "/var/named/data/named_stats.txt";//memstatistics-file "/var/named/data/named_mem_stats.txt";//recursing-file  "/var/named/data/named.recursing";//secroots-file   "/var/named/data/named.secroots";allow-query     { any; };recursion yes;//dnssec-enable yes;//dnssec-validation yes;/* Path to ISC DLV key *///bindkeys-file "/etc/named.root.key";//managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";masterfile-format text;
};//logging {
//        channel default_debug {
//                file "data/named.run";
//                severity dynamic;
//        };
//};acl bj {192.168.10.110;
};acl sh {1.2.2.2;
};view beijing {match-clients { bj; };zone "." IN {type hint;file "named.ca";};zone "yudan.com" IN {// hint master slave forwardtype master;file "yudan.com.zone.bj";};
};  // 闭合 beijing viewview shanghai {match-clients { sh; };zone "." IN {type hint;file "named.ca";};zone "yudan.com" IN {// hint master slave forwardtype master;file "yudan.com.zone.sh";};
};  // 闭合 shanghai viewview other {match-clients { bj; };zone "." IN {type hint;file "named.ca";};zone "yudan.com" IN {// hint master slave forwardtype master;file "yudan.com.zone.ot";};
};  // 闭合 other view