DNS解析库
- dns
- DNS的解析库以及域名的详解
- 解析库
- dns解析的端口
- dns域名的长度限制
- 流程
- 优先级
- 在现实环境中实现内网的dns解析
- 练习(Ubuntu内网实现DNS解析)
- 主服务器
- 备服务器
dns
域名系统,域名和ip地址互相映射的一个分布式的数据库,方便用户访问互联网
ip地址是所有设备和网站在互联网上的唯一地址。要通信一定是ip和ip之间通信。
dns解析:根据域名在互联网当中找到对应的ip地址,访问。
DNS的解析库以及域名的详解
www.baidu.com.cn.
-
.根域:服务器9台在美国 3台欧洲 1日本
(ipv6:根域服务器,中国, 美国) -
cn.:一级域,国家或者地区 jp. us. uk. kr. rs.
-
com.cn.:二级域,表示的组织机构,com 商业组织 edu 教育机构 org 非盈利机构 net 运营商 gov国家机构
-
baidu.com.cn.:三级域(子域),企业或者组织在互联网上的唯一标识
-
www:主机名,主机站点,www web mail 邮箱
解析库
- 以前 ----->vim /etc/hosts 本地做解析速度快但配置起来麻烦。
- 现在 ----->运营商完成。如,电信 移动 联通
电信的dns解析的地址:
- 江苏:218.2.135.1
- 北京:202.96.199.133
- 上海:202.96.199.132
- 天津:202.99.96.68
- 广东:202.96.128.143
- 深圳:202.96.134.133
- 湖南:202.103.0.68
移动的dns解析地址:114.114.114.114
谷歌通用的dns解析地址:8.8.8.8
dns解析的端口
dns域名的长度限制
每一级长度是63个字符,总长度不能超过253个字符
流程
优先级
/etc/hosts和dns解析服务的优先级
本地的优先级高,但文件只能对当前主机生效
在现实环境中实现内网的dns解析
- 正向解析:通过域名可与获取ip地址
- 反向解析:通过ip获取对应的域名
- 主从解析:两台服务器互为主备做dns解析
练习(Ubuntu内网实现DNS解析)
- 主服务器:192.168.246.7
- 备服务器:192.168.246.8
主服务器
#
# 主服务器
root@du:~# apt -y install bind9 #安装dns服务
root@du:~# cd /etc/bind
root@du:/etc/bind# ls
bind.keys db.127 db.empty named.conf named.conf.local rndc.key
db.0 db.255 db.local named.conf.default-zones named.conf.options zones.rfc1918
root@du:/etc/bind# vim named.conf #bind的主配置文件,引入其他的配置文件和区域定义(无需更改)
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.localinclude "/etc/bind/named.conf.options";
#bind的主要配置和选项参数都记录在这个文件
include "/etc/bind/named.conf.local";
#默认本地的区域文件配置(对应的解析服务的配置)
include "/etc/bind/named.conf.default-zones";
#本地区域文件的详细配置,自定义配置都在这里完成
~
root@du:/etc/bind# vim named.conf.options
options {directory "/var/cache/bind";listen-on port 53 { 192.168.246.7; };#指定DNS服务器监听的端口为默认端口53,只监听IP地址为192.168.246.7的接口allow-query { 192.168.246.0/24; };#许来自192.168.246.0到192.168.246.255(即整个192.168.246.0/24子网)的客户端进行DNS查询// If there is a firewall between you and nameservers you want// to talk to, you may need to fix the firewall to allow multiple// ports to talk. See http://www.kb.cert.org/vuls/id/800113// If your ISP provided one or more IP addresses for stable// nameservers, you probably want to use them as forwarders.// Uncomment the following block, and insert the addresses replacing// the all-0's placeholder.// forwarders {// 0.0.0.0;// };//========================================================================// If BIND logs error messages about the root key being expired,// you will need to update your keys. See https://www.isc.org/bind-keys//========================================================================dnssec-validation auto;};
~
~
root@du:/etc/bind# vim named.conf.default-zone
#全部添加
zone "1024.com" { #正向解析type master; #指定为主服务器file "/etc/bind/1024.local";allow-transfer { 192.168.246.8; }; #允许IP地址为192.168.246.8的服务器进行区域传输
};zone "246.168.192.in-addr.arpa" { #反向解析,用于将IP地址反向解析为域名type master;file "/etc/bind/1024.local.zone";allow-transfer { 192.168.246.8; };
};
root@du:/etc/bind# vim /etc/resolv.conf #配置DNS解析器的文件
nameserver 192.168.246.7 #互为主从
nameserver 192.168.246.8
options edns0 trust-ad
search .
~
~
~
root@du:/etc/bind# cp -a db.local 1024.local #正向解析区域文件
root@du:/etc/bind# cp -a 1024.local 1024.local.zone #反向解析区域文件
root@du:/etc/bind# vim 1024.local
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA 1024.local. admin.1024.com. (2 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL
;
@ IN NS 1024.com.
@ IN A 192.168.246.100
www IN A 192.168.246.100
~
~
~
root@du:/etc/bind# vim 1024.local.zone
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA 1024.local. admin.1024.com. (2 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL
;
@ IN NS 1024.com.
@ IN A 192.168.246.100
100 IN PTR www.1024.com.
~
~
root@du:/etc/bind# systemctl restart bind9 #重启DNS服务器
备服务器
root@du2:~# apt -y install bind9
root@du2:~# cd /etc/bind
root@du2:/var/cache/bind# vim /etc/resolv.conf #与主配置相同
root@du2:/var/cache/bind# vim named.conf.default-zones
zone "1024.com" { #正向解析type slave;file "1024.local"; #需要删除路径masters { 192.168.246.7; }; #指定主服务器的IP地址为192.168.246.7
};zone "246.168.192.in-addr.arpa" { #反向解析type slave;file "1024.local.zone";masters { 192.168.246.7; };
};
root@du2:/etc/bind# vim named.conf.options
options {directory "/var/cache/bind";listen-on port 53 { any; };allow-query { any; };// If there is a firewall between you and nameservers you want// to talk to, you may need to fix the firewall to allow multiple// ports to talk. See http://www.kb.cert.org/vuls/id/800113// If your ISP provided one or more IP addresses for stable// nameservers, you probably want to use them as forwarders.// Uncomment the following block, and insert the addresses replacing// the all-0's placeholder.// forwarders {// 0.0.0.0;// };//========================================================================// If BIND logs error messages about the root key being expired,// you will need to update your keys. See https://www.isc.org/bind-keys//========================================================================dnssec-validation auto;};
~
~
root@du2:/etc/bind# systemctl restart bind9
root@du2:/etc/bind# nslookup www.1024.com #正向
Server: 192.168.246.7
Address: 192.168.246.7#53Name: www.1024.com
Address: 192.168.246.100root@du2:/etc/bind# nslookup 192.168.246.100 #反向
100.246.168.192.in-addr.arpa name = www.1024.com.root@du2:/etc/bind# cd /var/cache/bind #主从自动备份
root@du2:/var/cache/bind# ls
1024.local 1024.local.zone managed-keys.bind managed-keys.bind.jnl