BIND的安装与使用
一、BIND是什么
BIND是互联网应用最为广泛的DNS软件。
二、BIND的安装与使用
以下内容转自 http://www.mamicode.com/info-detail-1546484.html
bind的安装
在Linux上面﹐提供DNS服务的套件是叫bind﹐但执行服务程序名称则是named。可以yum安装或者手动编译安装,注意,手动编译安装,相关的配置文件要手动填写,这里使用yum安装,安装完成后设置服务启动,并且设置开机启动
[root@localhost~]#service named status
rndc:neither/etc/rndc.conf nor/etc/rndc.key was found
named is stopped
[root@localhost~]#service named start
Generating/etc/rndc.key:[OK]
Starting named:[OK]
[root@localhost~]#chkconfig named on
[root@localhost~]#chkconfig--list named
named0:off1:off2:on3:on4:on5:on6:off
DNS默认监听TCP、UDP的53端口
我们知道,每台DNS服务器都知道根域的位置,安装完bind后,其根域的配置位于/var/namd/named.ca
[root@localhost~]#cat/var/named/named.
cat:/var/named/named.:No such file or directory
[root@localhost~]#cat/var/named/named.ca
;This file holds the information on root name servers needed to
;initialize cache of Internet domain name servers
;(e.g. referencethisfile in the"cache."
;configuration file of BIND domain name servers).
;
;This file is made available by InterNIC
;under anonymous FTP as
;file/domain/named.cache
;on serverFTP.INTERNIC.NET
;-OR-RS.INTERNIC.NET
;
;last update:December01,2015
;related version of root zone:2015120100
;
; formerly NS.INTERNIC.NET
;
.3600000NSA.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.3600000A198.41.0.4
A.ROOT-SERVERS.NET.3600000AAAA2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.3600000NSB.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.3600000A192.228.79.201
B.ROOT-SERVERS.NET.3600000AAAA2001:500:84::b
;
; FORMERLY C.PSI.NET
;
.3600000NSC.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.3600000A192.33.4.12
C.ROOT-SERVERS.NET.3600000AAAA2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.3600000NSD.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.3600000A199.7.91.13
D.ROOT-SERVERS.NET.3600000AAAA2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.3600000NSE.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.3600000A192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
.3600000NSF.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.3600000A192.5.5.241
F.ROOT-SERVERS.NET.3600000AAAA2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.3600000NSG.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.3600000A192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.3600000NSH.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.3600000A198.97.190.53
H.ROOT-SERVERS.NET.3600000AAAA2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
.3600000NSI.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.3600000A192.36.148.17
I.ROOT-SERVERS.NET.3600000AAAA2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.3600000NSJ.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.3600000A192.58.128.30
J.ROOT-SERVERS.NET.3600000AAAA2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.3600000NSK.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.3600000A193.0.14.129
K.ROOT-SERVERS.NET.3600000AAAA2001:7fd::1
;
; OPERATED BY ICANN
;
.3600000NSL.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.3600000A199.7.83.42
L.ROOT-SERVERS.NET.3600000AAAA2001:500:3::42
;
; OPERATED BY WIDE
;
.3600000NSM.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.3600000A202.12.27.33
M.ROOT-SERVERS.NET.3600000AAAA2001:dc3::35
; End of file
由配置文件我们可以看到,有a-m 13台根服务器,还有其对应的IP地址,AAAA表示IPv6的地址。
查看bind的主配置文件:/etc/namd.conf,【注意这是C语言的格式,注释使用“//”,每行结束要有“;”,/* ”与“ */ ”之间则批注一整段文字。】,该文件只包括Bind的基本配置,并不包含任何DNS的区域数据。这个配置文件,可以分为几部分:
options{}:全局配置选项
logging{}:日志子系统配置
zone:定义了根域的文件位置
include "/etc/named.rfc1912.zones";包含了/etc/named.rfc1912.zones这个配置文件,一般吧要添加的域写在/etc/named.rfc1912.zones,方便管理
include "/etc/named.root.key";
[21:02root@centos6.8~]#cat/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port53{127.0.0.1; };/*DNS监听的本机IP地址和端口,默认是本机的环回地址*/
listen-on-v6 port53{::1; };
directory"/var/named";/*指定了named的资源记录( RR - Resource Record )档案目录所在位置“/var/named”﹔也就是说﹐它会到这个目录下面寻找DNS记录档案。*/
dump-file"/var/named/data/cache_dump.db";/*当执行rndc dumpdb时服务器dump文件的路径*/
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{ localhost; };/*允许查询RR表的机器,localhost表示是本机的所有IP地址*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone"."IN {//在这个文件中是用zone关键字来定义域区的,一个zone关键字定义一个域区,但是为表规范,通常我们在/etc//named.rfc1912.zones文件添加相应的域名记录
type hint;/*在这里type类型有三种,它们分别是master,slave和hint它们的含义分别是:
master:表示定义的是主域名服务器
slave :表示定义的是辅助域名服务器
hint:表示是互联网中根域名服务器
*/
file"named.ca";/*由于上面已经定义directory是/var/named目录,所以这里是相对路径表示,表示是/*var/namd/namd.ca*/
};
include"/etc/named.rfc1912.zones";
include"/etc/named.root.key";
搭建DNS服务器
正向解析步骤:
(1)按需修改named.conf,这里修改默认的监听IP,将默认127.0.0.1改成local本机所有IP地址,并且允许所有机器能查询,将allow-query的值改为any,表示允许所有机器IP查询
(2)建立需要添加的域名,这里在/etc/namd.rfc1912.zones文件添加相应的域名记录
(3)添加相应的资源记录表格,根据配置文件的定义,在/var/named目录下建立相应的RR
(4)修改RR的属主属组为named,同时修改相关权限,重启DNS服务即可生效
修改named.conf文件
[21:28root@centos6.8~]#cat!$
cat/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
//listen-on port 53 { 127.0.0.1; };修改的地方,注释掉该行
listen-on-v6 port53{::1; };
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{ any; };//修改的地方
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone"."IN {
type hint;
file"named.ca";
};
include"/etc/named.rfc1912.zones";
include"/etc/named.root.key";
添加测试域名nihao.com
[21:33root@centos6.8~]#cat!$
cat/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"localhost"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa"IN {
type master;
file"named.empty";
allow-update { none; };
};
zone"nihao.com"IN {
type master;
file"nihao.zone"
};
添加RR
[21:46root@centos6.8~]#cat!$
cat/var/named/nihao.zone
$TTL86400
@IN SOA dns.nihao.com. admin.nihao.com. (
2016092301
1H
30M
1W
1D )
@IN NS dns.nihao.com.
dns.nihao.com.IN A172.18.16.137
@IN MX mail
mailIN A1.1.1.2
wwwIN A119.75.218.70
重启DNS服务后测试成功
[21:48root@centos6.8~]#service named restart
Stopping named:[OK]
Starting named:[OK]
[root@localhost~]#dig www.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:33430
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;www.nihao.com.INA
;; ANSWER SECTION:
www.nihao.com.86400INA119.75.218.70
;; AUTHORITY SECTION:
nihao.com.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:3msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Fri Sep2322:37:462016
;; MSG SIZErcvd:81
[root@localhost~]#dig mail.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>mail.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:45751
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;mail.nihao.com.INA
;; ANSWER SECTION:
mail.nihao.com.86400INA1.1.1.2
;; AUTHORITY SECTION:
nihao.com.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:1msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Fri Sep2322:37:542016
;; MSG SIZErcvd:82
反向解析步骤:注意:由于正向解析和反向解析用的是不同的数据库,所以必须要新建一个zone和对应的RR资源记录
(1)按需修改named.conf,与正向保持一致即可
(2)建立需要添加的域名,这里在/etc/namd.rfc1912.zones文件添加相应的域名记录
【注意:改域名的名字不能顺便起,要按相应的IP或IP段反写,并加上.in-addr.arpa,否则反向解析会不成功】
(3)添加相应的资源记录表格,根据配置文件的定义,在/var/named目录下建立相应的RR
【注意:SOA记录与正向保持一致即可,另外不需要添加A记录,但是需要要有NS记录,同时VALUE值要写上全称,否则会加上默认的@GENERATE:第二步取的反向域名的名字】
(4)修改RR的属主属组为named,同时修改相关权限,重启DNS服务即可生效
在最后添加反向解析域名:
[11:03root@centos6.8/var/named]#cat/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"localhost"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa"IN {
type master;
file"named.empty";
allow-update { none; };
};
zone"nihao.com"IN {
type master;
file"nihao.zone";
};
zone"16.18.172.in-addr.arpa"IN {
type master;
file"172.18.16.zone";
};
新建反向解析的RR:
[11:11root@centos6.8/var/named]#cat172.18.16.zone
$TTL86400
@IN SOA dns.nihao.com. admin.nihao.com. (
2016092301
1H
30M
1W
1D )
@IN NS dns.nihao.com.//NS记录是必须的
@INMX10mail.nihao.com.//要写上全程,否则会自动补上方向域名:16.18.172.in-addr.arpa.
111IN PTRwww.nihao.com.
222IN PTR mail.nihao.com.
重启服务测试,正常:
[root@localhost~]#dig-x172.18.16.111@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>-x172.18.16.111@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:60893
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;111.16.18.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
111.16.18.172.in-addr.arpa.86400INPTRwww.16.18.172.in-addr.arpa.
;; AUTHORITY SECTION:
16.18.172.in-addr.arpa.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:2msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2410:52:482016
;; MSG SIZErcvd:105
[root@localhost~]#dig-x172.18.16.222@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>-x172.18.16.222@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:48589
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;222.16.18.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
222.16.18.172.in-addr.arpa.86400INPTRmail.nihao.com.
;; AUTHORITY SECTION:
16.18.172.in-addr.arpa.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:2msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2411:03:092016
;; MSG SIZErcvd:106
3、搭建主从DNS服务器
所谓的主从,并不是指主DNS服务器解析不出来进而到从DNS服务器请求解析,而是当主DNS服务器down机了,才会到从DNS服务器请求解析,因为所有的DNS数据库在所有的DNS服务器都是相同的,一台DNS服务器解析不出来,其他的DNS服务也解析不出来
有几点需要注意:
主服务器的区域解析库文件中必须有一条NS记录指向从服务器
从服务器只需要定义区域,而无须提供解析库文件;解析库文件应该放置于/var/named/slaves/目录中
因此主从DNS服务器的部署很简单(这里仅演示正向查询,反向查询再添加一个反向zone记录即可):
(1)主DNS的RR记录添加一天指向从DNS的NS记录
(2)从DNS添加相同zone,并且把RR记录放置在/var/named/slaves/目录中即可
定义从区域的方法:
zone "ZONE_NAME" IN {
type slave;
masters { MASTER_IP; };
file "slaves/ZONE_NAME.zone";
};
(3)修改相关的属组属主和权限,重启named服务即可
主DNS添加NS指向从DNS
[11:31root@centos6.8/var/named]#cat!$
cat nihao.zone
$TTL86400
@IN SOA dns.nihao.com. admin.nihao.com. (
2016092301
1H
30M
1W
1D )
@IN NS dns.nihao.com.
@IN NS dns1.nihao.com.
dnsIN A172.18.16.137
dns1IN A172.18.16.113
wwwIN A172.18.16.111
@IN MX10mail
mailIN A172.18.16.222
设置从DNS的zone
[11:38root@localhost.localdomain~]#cat/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"localhost"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa"IN {
type master;
file"named.empty";
allow-update { none; };
};
zone"nihao.com"IN {
type slave;
file"slaves/nihao.com.zone";
masters {172.18.16.137; };
};
[11:37root@localhost.localdomain~]#service named restart
Stopping named:.[OK]
Starting named:[OK]
[11:38root@localhost.localdomain~]#ll/var/named/slaves/
total4
-rw-r--r--.1named named379Sep2411:38nihao.com.zone#已经自动同步RR记录
测试:主机down机(停掉DNS服务),从DNS正常工作
[11:40root@centos6.8/var/named]#service named stop
Stopping named:.[OK]
[11:41root@centos6.8/var/named]#dig www.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.137
;; global options:+cmd
;; connection timed out; no servers could be reached
[11:41root@centos6.8/var/named]#dig www.nihao.com@172.18.16.113
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.113
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:57600
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;www.nihao.com.INA
;; ANSWER SECTION:
www.nihao.com.86400INA172.18.16.111
;; AUTHORITY SECTION:
nihao.com.86400INNSdns.nihao.com.
;; ADDITIONAL SECTION:
dns.nihao.com.86400INA172.18.16.137
;; Query time:9msec
;; SERVER:172.18.16.113#53(172.18.16.113)
;; WHEN:Sat Sep2411:42:512016
;; MSG SIZErcvd:81
4、实现DNS子域
子域授权的实现:假我们一家公司获得了某一个域的使用权、而我们想在这个域下分出几个子域来分别分给一些部门使用、这样也方便管理、举个例子:nihao.com下有两个子域、分别是tech.nihao.com、fin.nihao.com、而他们两个下面也他别有自己的www和mail等主机、而每一个域内最主要的一台主机就是dns主机、所谓子域授权就是在父域的配置文件中添加如下项:
实现DNS子域步骤:
(1)要授权给谁要明确说明、也就是授权的子区域名称:在父域RR中添加一条NS指向子域的DNS
(2)按照前面的步骤配置子域的DNS服务器即可
就是这么简单,下面来实验演示:
在父域RR中添加一条NS指向子域的DNS
[13:38root@centos6.8/var/named]#cat/var/named/nihao.zone
$TTL86400
@IN SOA dns.nihao.com. admin.nihao.com. (
2016092301
1H
30M
1W
1D )
@IN NS dns.nihao.com.
dnsIN A172.18.16.137
wwwIN A172.18.16.111
@IN MX10mail
mailIN A172.18.16.222
techIN NS dns.tech
dns.techIN A172.18.16.113
在子域DNS服务器建立zone和RR
[13:38root@localhost.localdomain~]#cat/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"localhost"IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa"IN {
type master;
file"named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa"IN {
type master;
file"named.empty";
allow-update { none; };
};
zone"tech.nihao.com"IN {
type master;
file"tech.nihao.com.zone";
};
[13:45root@localhost.localdomain~]#cat/var/named/tech.nihao.com.zone
$TTL1D
@IN SOA dns.tech.nihao.com. admin.nihao.com. (
2016092401
1H
30M
1W
1D
)
@IN NS dns
dnsIN A172.18.16.113
wwwIN A1.1.1.1
@IN MX10mail
mailIN A2.2.2.2
测试解析子域机器成功
[13:37root@localhost.localdomain~]#dig www.tech.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.tech.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:44573
;; flags:qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:0
;; QUESTION SECTION:
;www.tech.nihao.com.INA
;; ANSWER SECTION:
www.tech.nihao.com.86400INA1.1.1.1
;; AUTHORITY SECTION:
tech.nihao.com.86400INNSdns.tech.nihao.com.
;; Query time:241msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2413:38:182016
;; MSG SIZErcvd:70
[13:38root@localhost.localdomain~]#dig mail.tech.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>mail.tech.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:6140
;; flags:qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:0
;; QUESTION SECTION:
;mail.tech.nihao.com.INA
;; ANSWER SECTION:
mail.tech.nihao.com.86400INA2.2.2.2
;; AUTHORITY SECTION:
tech.nihao.com.86400INNSdns.tech.nihao.com.
;; Query time:4msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2413:38:282016
;; MSG SIZErcvd:71
5、实现DNS视图view
Bind 9开始,bind支持视图功能。什么是视图呢?就是以某种特殊的方式根据用户来源的不同而返回不同的查询结果。比如同样是访问www.baidu.com,DNS返送给电信用户和联通用户的IP地址是不一样的,这样既可以达到分流效果,也提高了用户的访问速度,在CDN中应用较广泛。
需要注意的是:
(1)、如果使用了视图的功能,那么配置文件中的所有zone区域都要必须写在视图里面,如,配置文件里默认要配置的三个区域,根、127.0.0.1、1.0.0.127.in-addr.arpa都要写入视图。
(2)、在acl中定义IP地址,IP地址的写法可以是单个IP地址也可以是一个IP地址段加掩码,如:192.168.0.0/24。
(3)、视图是根据配置文件从上往下匹配的,所以希望优先访问的资源记录文件,区域应该尽量写前面。
(4)、如果定义的若干个视图的IP地址不全的话,那么可以在最后定义一个默认视图,match-clients选项中的IP地址写上any,代表如果此次访问的IP地址上面没有一个能匹配到,则在此处归类。
因此,实现DNS试图view步骤:
(1):修改配置文件named.conf,,定义相应的acl和view
(2):创建每个view的zone对于的RR文件
(3):重启DNS服务后测试
下面来进行模拟实验:
规划:172.18.16.137的这个用户访问www.nihao.com的IP地址是1.1.1.1
172.18.16.113的这个用户访问www.nihao.com的IP地址是2.2.2.2(我的机器少只能模拟两个主机,这里写上网段也可以)
说明,这里仅实验最简单的view,只实现正向查询,并没有包括根和反向查询,想添加直接写上相应的内容即可
编辑named.conf文件,创建相应的acl和view:
[15:56root@centos6.8/var/named]#cat/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl Anet {
172.18.16.137;
};
acl Bnet {
172.18.16.113;
};
options {
listen-on port53{ any; };
listen-on-v6 port53{::1; };
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{ any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
view Anet {
match-clients { Anet; };
zone"nihao.com"IN {
type master;
file"Anet.nihao.com.zone";
};
};
view Bnet {
match-clients { Bnet;};
zone"nihao.com"IN {
type master;
file"Bnet.nihao.com.zone";
};
};
view Default {
match-clients {any;};
zone"nihao.com"IN {
type master;
file"Bnet.nihao.com.zone";
};
};
创建每个view的zone对于的RR文件
[15:59root@centos6.8/var/named]#cat/var/named/Anet.nihao.com.zone
$TTL86400
@IN SOA ns.nihao.com. admin.nihao.com. (
2016092401
30M
10M
1W
1D
)
@IN NS ns
nsIN A172.18.16.137
wwwIN A1.1.1.1
[15:59root@centos6.8/var/named]#cat/var/named/Bnet.nihao.com.zone
$TTL86400
@IN SOA ns.nihao.com. admin.nihao.com. (
2016092401
30M
10M
1W
1D
)
@IN NS ns
nsIN A172.18.16.137
wwwIN A2.2.2.2
测试,同样是访问www.nihao.com,,但是DNS返回的IP不一样,实现了所谓的智能DNS效果
[15:59root@centos6.8/var/named]#ifconfig
eth0Link encap:EthernetHWaddr00:0C:29:7D:87:20
inet addr:172.18.16.137Bcast:172.18.16.255Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe7d:8720/64Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:481348errors:0dropped:0overruns:0frame:0
TX packets:18543errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:1000
RX bytes:44699057(42.6MiB)TX bytes:2262423(2.1MiB)
loLink encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
inet6 addr:::1/128Scope:Host
UP LOOPBACK RUNNINGMTU:65536Metric:1
RX packets:325errors:0dropped:0overruns:0frame:0
TX packets:325errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:0
RX bytes:32316(31.5KiB)TX bytes:32316(31.5KiB)
[16:00root@centos6.8/var/named]#digwww.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:46531
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;www.nihao.com.INA
;; ANSWER SECTION:
www.nihao.com.86400INA1.1.1.1
;; AUTHORITY SECTION:
nihao.com.86400INNSns.nihao.com.
;; ADDITIONAL SECTION:
ns.nihao.com.86400INA172.18.16.137
;; Query time:2msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2416:01:032016
;; MSG SIZErcvd:80
[15:56root@localhost.localdomain~]#ifconfig
eth0Link encap:EthernetHWaddr00:0C:29:90:2E:03
inet addr:172.18.16.113Bcast:172.18.16.255Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe90:2e03/64Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:60372errors:0dropped:0overruns:0frame:0
TX packets:10143errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:1000
RX bytes:16734660(15.9MiB)TX bytes:1024521(1000.5KiB)
loLink encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
inet6 addr:::1/128Scope:Host
UP LOOPBACK RUNNINGMTU:65536Metric:1
RX packets:99errors:0dropped:0overruns:0frame:0
TX packets:99errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:0
RX bytes:11851(11.5KiB)TX bytes:11851(11.5KiB)
[15:56root@localhost.localdomain~]#dig www.nihao.com@172.18.16.137
;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6<<>>www.nihao.com@172.18.16.137
;; global options:+cmd
;; Got answer:
;;->>HEADER<<-opcode:QUERY, status:NOERROR, id:63334
;; flags:qr aa rd ra; QUERY:1, ANSWER:1, AUTHORITY:1, ADDITIONAL:1
;; QUESTION SECTION:
;www.nihao.com.INA
;; ANSWER SECTION:
www.nihao.com.86400INA2.2.2.2
;; AUTHORITY SECTION:
nihao.com.86400INNSns.nihao.com.
;; ADDITIONAL SECTION:
ns.nihao.com.86400INA172.18.16.137
;; Query time:3msec
;; SERVER:172.18.16.137#53(172.18.16.137)
;; WHEN:Sat Sep2415:56:532016
;; MSG SIZErcvd:80
三、动态更新域名
可以使用nsupdate命令动态更新域名。
a)使用格式(http://www.xiaobo.li/?p=254)
> server 192.168.0.1 53
local address [ port ]
发送nsupdate请求时,使用的本地地址和端口.
zone zonename
指定需要更新的区名.
class classname
指定默认类别.默认的类别是IN.
key name secret
指定所有更新使用的密钥.
prereq nxdomain domain-name
要求domain-name中不存在任何资源记录.
prereq yxdomain domain-name
要求domain-name存在,并且至少包含有一条记录.
prereq nxrrset domain-name [class ] type
要求domain-name中没有指定类别的资源记录.
prereq yxrrset domain-name [class ] type
要求存在一条指定的资源记录.类别和domain-name必须存在.
update delete domain-name [ ttl] [ class ] [ type [ data... ] ]
删除domain-name的资源记录.如果指定了type和data,仅删除匹配的记录.
update add domain-name ttl [class ] type data…
添加一条资源记录.
show
显示自send命令后,所有的要求信息和更新请求.
send
将要求信息和更新请求发送到DNS服务器.等同于输入一个空行.
b)遇到的问题
在使用nsupdate的过程中,在输入正确命令的情况下仍返回REFUSE的错误,日志给的提示是,jnl文件不能创建,在查找了一些资料后,发现是BIND数据目录(BIND存放zone文件的目录)没有设置好权限,在敲入chmod命令给目录设置更高权限后,问题得到解决。
