@[TOC](第二十一章 DNS服务和BIND)
实验一:DNS正向主服务器
实验目的
搭建DNS正主服务器。
前提准备
linux系统,可上网。
关闭SElinux vim /etc/sysconfig/selinux
SELINUX=disabled
关闭防火墙 systemctl stop firewalld 临时关闭 systemctl disable firewalld 禁止开机启动
使用/misc/cd,本机是centos7对应/misc/cd。 yum install autofs -y systemctl start autofs systemctl enable autofs
安装epel源 yum -y install epel-release
或者自建yum源 mkdir /etc/yum.repos.d/yum/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/yum/
vim /etc/yum.repos.d/base.repo [base] name=base baseurl=file:///misc/cd gpgcheck=0
[epel] name=EPEL #baseurl=mirrors.sohu.com/fedora-epel… baseurl=mirrors.aliyun.com/epel/7/x86_… gpgcheck=0 enabled=1
yum repolist 确认epel源可用
实验步骤
服务端地址:192.168.36.7
客户端地址:192.168.36.6
注意:实验时请改为自己的地址
1 服务端安装bind
~]# yum install bind -y
~]# systemctl start named
~]# systemctl enable named
2 修改bind 配置⽂件
~]# vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; }; //注释掉以后此次代表localhost
// allow-query { localhost; }; //注释掉以后此次代表any
~]# vim /etc/named.rfc1912.zones #加上这段
#定义区域
zone "magedu.com" {
#定义类型
type master;
#网络地址
file "magedu.com.zone";
};
3 DNS区域数据库⽂件
~]# cp -p /var/named/named.localhost /var/named/magedu.com.zone
如果没有-p,需要改权限。chgrp named magedu.com.zone
~]# vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA master admin.magedu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.37.7
ftp A 192.168.37.7
db A 192.168.37.8
www CNAME websrv
websrv A 192.168.37.5
websrv A 192.168.37.6
#开头书写错误:如写成‘sdfsasf.magedu.com’但是还可以访问
* A 2.2.2.2
#以server【名字可以改】开头1到100的网站、ip也是1-100、如server66.magedu.com 返回的ip是10.0.0.66
$GENERATE 1-100 server$ A 10.0.0.$
4 检查配置文件语法、并重启
#主配置文件语法检查
~]# named-checkconf
#解析库文件语法检查
~]# named-checkzone magedu.com /var/named/magedu.com.zone
zone magedu.com/IN: loaded serial 0
OK
#第一次启动服务
~]# systemctl start named
#不是第一次启动服务
~]# rndc reload
server reload successful #服务器重新加载成功
5 另⼀台虚拟机做,客户端
DNS地址改为/var/named/magedu.com.zone中websrv1的地址
6 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.37.6
#GATEWAY=192.168.37.2
DNS1=192.168.37.7
PREFIX=24
6 ~]# /etc/init.d/NetworkManager stop
6 ~]# /etc/init.d/network restart
6 ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain
nameserver 192.168.37.7
6 ~]# host master.magedu.com
master.magedu.com has address 192.168.37.7
6 ~]# dig www.magedu.com @192.168.37.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.37.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21890
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN CNAME websrv.magedu.com.
websrv.magedu.com. 86400 IN A 192.168.37.5
websrv.magedu.com. 86400 IN A 192.168.37.6
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS master.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.37.7
;; Query time: 1 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Mon Apr 25 16:19:41 2022
;; MSG SIZE rcvd: 122
实验二:DNS反向主服务器
1 DNS区域数据库⽂件【反向代理】
~ ]# vim /etc/named.rfc1912.zones
zone "37.168.192.in-addr.arpa" IN {
type master;
file "192.168.37.zone";
};
~ ]#cp -p /var/named/named.localhost /var/named/192.168.37.zone
#反向要和正向互相匹配
~ ]#vim /var/named/192.168.37.zone
vim /var/named/192.168.37.zone
$TTL 1D
@ IN SOA master admin.magedu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.37.7
7 PTR ftp.magedu.com.
8 PTR db.magedu.com.
6 PTR websrv.magedu.com.
~]# rndc reload
2 客户端测试
6 ~]# dig -t ptr 6.37.168.192.in-addr.arpa @192.168.37.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -t ptr 6.37.168.192.in-addr.arpa @192.168.37.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33943
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;6.37.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
6.37.168.192.in-addr.arpa. 86400 IN PTR websrv.magedu.com.
;; AUTHORITY SECTION:
37.168.192.in-addr.arpa. 86400 IN NS master.37.168.192.in-addr.arpa.
;; ADDITIONAL SECTION:
master.37.168.192.in-addr.arpa. 86400 IN A 192.168.37.7
;; Query time: 1 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Tue Apr 26 15:30:00 2022
;; MSG SIZE rcvd: 111
6 ~]# dig -x 192.168.37.7 @192.168.37.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -x 192.168.37.7 @192.168.37.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19307
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;7.37.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
7.37.168.192.in-addr.arpa. 86400 IN PTR ftp.magedu.com.
;; AUTHORITY SECTION:
37.168.192.in-addr.arpa. 86400 IN NS master.37.168.192.in-addr.arpa.
;; ADDITIONAL SECTION:
master.37.168.192.in-addr.arpa. 86400 IN A 192.168.37.7
;; Query time: 0 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Tue Apr 26 15:36:14 2022
;; MSG SIZE rcvd: 107
实验三:DNS主从复制
主服务器地址:192.168.36.7
从服务器地址:192.168.36.8 客户端地址:192.168.36.6
注意:实验时请改为自己的地址
从服务器
1 安装BIND设置开机启动
~]# yum install -y bind
~]# systemctl enable named
~]# vim /etc/named.conf #注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; }; //注释掉以后此次代表localhost
// allow-query { localhost; }; //注释掉以后此次代表any
~]# vim /etc/named.rfc1912.zones
#添加这一段
zone "magedu.com" IN {
type slave;
masters {192.168.37.7;};
file "slaves/magedu.com.zone.slave";
};
#目录下没东西
~]# ls /var/named/slaves/
#启动服务
~]# systemctl start named
#文件自动生成
~]# ls /var/named/slaves/
magedu.com.zone.slave
主服务器
~]# vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA master admin.magedu.com. (
序列号要加[比从节点大] ---> 1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master1 <--- DBS主节点
NS master2 <--- DBS从节点
master1 A 192.168.37.7 <--- DBS主服务器IP
master2 A 192.168.37.8 <--- DBS从服务器IP
ftp A 192.168.37.7
db A 192.168.37.8
www CNAME websrv
websrv A 192.168.37.5
websrv A 192.168.37.6
@ MX 10 mail <--- 邮件服务器
mail A 1.1.1.1
注意:后续要使得同步,主DNS的serial号要大于从DNS上的
~]# rndc reload
~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 474 Apr 26 16:33 magedu.com.zone.slave
2 安全加固
客户端
#能抓取magedu域的所有数据
6~]# dig -t axfr magedu.com @192.168.37.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -t axfr magedu.com @192.168.37.7
;; global options: +cmd
magedu.com. 86400 IN SOA master.magedu.com. admin.magedu.com. 1 86400 3600 604800 10800
magedu.com. 86400 IN NS master1.magedu.com.
magedu.com. 86400 IN NS master2.magedu.com.
db.magedu.com. 86400 IN A 192.168.37.8
ftp.magedu.com. 86400 IN A 192.168.37.7
master1.magedu.com. 86400 IN A 192.168.37.7
master2.magedu.com. 86400 IN A 192.168.37.8
websrv.magedu.com. 86400 IN A 192.168.37.5
websrv.magedu.com. 86400 IN A 192.168.37.6
www.magedu.com. 86400 IN CNAME websrv.magedu.com.
magedu.com. 86400 IN SOA master.magedu.com. admin.magedu.com. 1 86400 3600 604800 10800
;; Query time: 1 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Wed Apr 27 01:47:35 2022
;; XFR size: 11 records (messages 1, bytes 285
主服务器
~]# vim /etc/named.conf
#只允许从节点从这里抓数据
allow-transfer {192.168.37.8;};
~]# rndc reload
从服务器
vim /etc/named.conf
#不允许任何人传数据
allow-transfer {none;};
~]# rndc reload
客户端
测试#DNS指向两个服务器
6 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.37.6
#GATEWAY=192.168.37.2
DNS1=192.168.37.7
DNS2=192.168.37.8
PREFIX=24
6 ~]# /etc/init.d/network restart
6 ~]# dig master1.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> master1.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20474
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;master1.magedu.com. IN A
;; ANSWER SECTION:
master1.magedu.com. 86400 IN A 192.168.37.7
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS master1.magedu.com.
magedu.com. 86400 IN NS master2.magedu.com.
;; ADDITIONAL SECTION:
master2.magedu.com. 86400 IN A 192.168.37.8
;; Query time: 0 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Wed Apr 27 02:11:29 2022
;; MSG SIZE rcvd: 104
主服务器宕机
~]# systemctl stop named
客户端
6 ~]# dig master1.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> master1.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13175
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;master1.magedu.com. IN A
;; ANSWER SECTION:
master1.magedu.com. 86400 IN A 192.168.37.7
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS master1.magedu.com.
magedu.com. 86400 IN NS master2.magedu.com.
;; ADDITIONAL SECTION:
master2.magedu.com. 86400 IN A 192.168.37.8
;; Query time: 0 msec
;; SERVER: 192.168.37.8#53(192.168.37.8) <---此次是从服务器ip地址
;; WHEN: Wed Apr 27 02:13:36 2022
;; MSG SIZE rcvd: 104
到现在我们已经实现了、主从复制
实验四:internet架构的dns解析
前提准备
客户机:192.168.37.6
web服务器:192.168.37.67 mage域主服务器:192.168.37.47 mage域从服务器:192.168.37.57 com服务器:192.168.37.37 根服务器:192.168.37.27 dns服务器:192.168.37.17 缓存服务器:192.168.37.7
#安装http服务
67 ~]# yum install httpd -y
#启动http服务
67 ~]# systemctl start httpd
#设置开机启动
67 ~]# systemctl enable httpd
#查看是否有80端口
67 ~]# ss -ntl
#创建测试页面
67 ~]# echo welcome to www.magedu.com > /var/www/html/index.html
#测试
6 ~]# curl 192.168.37.67
welcome to www.magedu.com
搭建主从服务器
主
47 ~]# yum install bind -y
47 ~]# vim /etc/named.conf
注释此两行、添加从服务地址【允许同步】
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { 192.168.37.57; };
47 ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
47 ~]# cd /var/named/
#复制模板并保留权限
47 named]# cp -p /var/named/named.localhost /var/named/magedu.com.zone
47 named]# vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA ns1 admin (1 1h 10M 1D 1D)
NS ns1
NS ns2
ns1 A 192.168.37.47
ns2 A 192.168.37.57
www A 192.168.37.67
#启动服务
47 named]# systemctl start named
从
57 ~]# yum install bind -y
57 ~]# vim /etc/named.conf
注释此两行、添加【不允许任何人从我这里同步】
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { none; };
57 ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters {192.168.37.47;};
file "slaves/magedu.com.zone.slave";
};
57~]# systemctl start named
#同步文件自动生成
57 ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 474 May 1 01:22 magedu.com.zone.slave
47 named]# vim magedu.com.zone
版本号记得更改 2
test A 2.2.2.2 #添加一行
#重启服务
47 named]# systemctl restart named
#查看同步数据库时间变了没有(变了说明同步、没变失败)
57 ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 349 May 1 01:53 magedu.com.zone.slave
测试
#修改网卡配置文件、添加DNS
6 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=192.168.37.47
DNS2=192.168.37.57
#重启网络
6 ~]# /etc/init.d/network restart
6 ~]# curl www.magedu.com
welcome to www.magedu.com
6 ~]# dig www.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.37.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.37.47
ns2.magedu.com. 86400 IN A 192.168.37.57
;; Query time: 2 msec
;; SERVER: 192.168.37.47#53(192.168.37.47)
;; WHEN: Sun May 1 01:42:05 2022
;; MSG SIZE rcvd: 116
6 ~]# dig test.magedu.com @192.168.37.57
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> test.magedu.com @192.168.37.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27240
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;test.magedu.com. IN A
;; ANSWER SECTION:
test.magedu.com. 86400 IN A 2.2.2.2
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.37.47
ns2.magedu.com. 86400 IN A 192.168.37.57
;; Query time: 26 msec
;; SERVER: 192.168.37.57#53(192.168.37.57)
;; WHEN: Sun May 1 01:57:50 2022
;; MSG SIZE rcvd: 117
com
37 ~]# yun install bind -y
37 ~]# vim /etc/named.conf
注释两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
37 ~]# vim /etc/named.rfc1912.zones
#添加
zone "com" IN {
type master;
file "com.zone";
};
37 ~]# cp -p /var/named/named.localhost /var/named/com.zone
37 ~]# vim /var/named/com.zone
$TTL 1D
@ IN SOA ns1 admin (1 1h 10M 1D 1D)
NS ns1
magedu NS ns2 <---委派的子域是magedu
magedu NS ns3
ns1 A 192.168.37.37
ns2 A 192.168.37.47
ns3 A 192.168.37.57
注意:马哥是他子域分别委派给了ns2和ns3、ip地址分别是47和57
37 ~]# systemctl restart named
查看是否委派成功
6 ~]# dig www.magedu.com @192.168.37.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.37.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1983
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.37.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.com.
magedu.com. 86400 IN NS ns3.com.
;; ADDITIONAL SECTION:
ns2.com. 86400 IN A 192.168.37.47
ns3.com. 86400 IN A 192.168.37.57
;; Query time: 3 msec
;; SERVER: 192.168.37.37#53(192.168.37.37)
;; WHEN: Sun May 1 02:13:25 2022
;; MSG SIZE rcvd: 116
根
27 ~]# yun install bind -y
27 ~]# vim /etc/named.conf
#注释两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#添加
zone "." IN {
type master;
file "root.zone";
};
#复制模板文件、并保留属性
27 ~]# cp -p /var/named/named.localhost /var/named/root.zone
27 ~]# vim /var/named/root.zone
$TTL 1D
@ IN SOA ns1 admin (1 1h 10M 1D 1D)
NS ns1
com NS ns2
ns1 A 192.168.37.27
ns2 A 192.168.37.37
#重启服务
27 ~]# systemctl restart named
测试
6 ~]# dig www.magedu.com @192.168.37.27
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.37.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47731
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.37.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.com.
magedu.com. 86400 IN NS ns3.com.
;; ADDITIONAL SECTION:
ns3.com. 86400 IN A 192.168.37.57
ns2.com. 86400 IN A 192.168.37.47
;; Query time: 24 msec
;; SERVER: 192.168.37.27#53(192.168.37.27)
;; WHEN: Sun May 1 02:26:30 2022
;; MSG SIZE rcvd: 116
DNS
17 ~]# yun install bind -y
17 ~]# vim /etc/named.conf
#注释两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#修改下面两项改为no、如果不修改重启服务6是查不到的
dnssec-enable no;
dnssec-valindation no;
17 ~]# vim /var/named/named.ca
#保留这两行就可以了
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 192.168.37.27
17 ~]# systemctl restart named
测试
6 ~]# dig www.magedu.com @192.168.37.17
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.37.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43985
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.37.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.37.47
ns2.magedu.com. 86400 IN A 192.168.37.57
;; Query time: 32 msec
;; SERVER: 192.168.37.17#53(192.168.37.17)
;; WHEN: Sun May 1 02:52:02 2022
;; MSG SIZE rcvd: 116
缓存服务器
7 ~]# yum install bind -y
7 ~]# vim /etc/named.conf
#注释两行、添加两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
forward only;
forwarders { 192.168.37.17; };
#修改为no
dnssec-enable no;
dnssec-validation no;
#重启服务
7 ~]# systemctl restart named
#修改网络配置文件DNS
6 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=192.168.37.7
#重启网络
6 ~]# /etc/init.d/network restart
6 ~]# curl www.magedu.com
welcome to www.magedu.com
6 ~]# dig www.magedu.com @192.168.37.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.37.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46488
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 85900 IN A 192.168.37.67
;; AUTHORITY SECTION:
magedu.com. 85900 IN NS ns1.magedu.com.
magedu.com. 85900 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 85900 IN A 192.168.37.47
ns2.magedu.com. 85900 IN A 192.168.37.57
;; Query time: 2 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Sun May 1 03:00:22 2022
;; MSG SIZE rcvd: 116
实验结束
DNS排错
- #dig A example.com ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> A example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30523 ... SERVFAIL:The nameserver encountered a problem while processing the query. • 可使用dig +trace排错,可能是网络和防火墙导致
- NXDOMAIN:The queried name does not exist in the zone. • 可能是CNAME对应的A记录不存在导致
- REFUSED:The nameserver refused the client's DNS request due to policy restrictions. • 可能是DNS策略导致
- NOERROR不代表没有问题,也可以是过时的记录
- 查看是否为权威记录,flags:aa标记判断
- 被删除的记录仍能返回结果,可能是因为*记录存在
- 如:*.example.com. IN A 172.25.254.254
- 注意“.”的使用
- 避免CNAME指向CNAME记录,可能产生回环 • test.example.com. IN CNAME lab.example.com. • lab.example.com. IN CNAME test.example.com.
- 正确配置PTR记录,许多服务依赖PTR,如sshd,MTA
- 正确配置轮询round-robin记录
rndc命令
rndc COMMAND
| COMMAND | 意义 |
| reload | 重载主配置文件和区域解析库文件 |
| reload zonename | 重载区域解析库文件 |
| retransfer zonename | 手动启动区域传送,而不管序列号是否增加 |
| notify zonename | 重新对区域传送发通知 |
| reconfig | 重载主配置文件 |
| querylog | 开启或关闭查询日志文件/var/log/message |
| trace | 递增debug一个级别 |
| trace LEVEL | 指定使用的级别 |
| notrace | 将调试级别设置为 0 |
| flush | 清空DNS服务器的所有缓存记录 |
访问控制的指令:
allow-query {}: 允许查询的主机;白名单
allow-transfer {}:允许区域传送的主机;白名单
allow-recursion {}: 允许递归的主机,建议全局使用
allow-update {}: 允许更新区域数据库中的内容
