OpenEuler-DNS管理

DNS工作原理

​ DNS（Domain Name System）域名解析系统（分布式系统）

​ ——用一堆字母来转换原有IP地址

• DNS是应用层协议，使用的是TCP和UDP的53号端口，采用的是C/S架构
• TCP 53：主从
• UDP 53：域名解析
• 功能：域名解析 将域名解析为对应的IP地址——>正向解析 ------> A记录

​ 将IP地址转换成对应的域名——>反向解析 -------> PTR记录

www.baidu.com.

• DNS分层结构（最多支持127级子域）

.	根域
com	一级域名/顶级域名（有特定含义）
baidu	二级域名（自定义的域名）
www	三级域名...

• 顶级域名/一级域名含义

域名	含义
.com	商业机构
.edu	教育
.cn	国家域
.gov	政府网站
.net	互联网公司
.io	存储

图源自：https://zhuanlan.zhihu.com/p/698510659

• 两种查询方式
  • 递归查询——>客户端与用户之间（用户被隔离外，发起请求后等待结果即可）
  • 迭代查询——>DNS服务器间（一层一层查询）

DNS正向解析

server1     192.168.40.144      server1
server2     192.168.40.145      DNS Server
server3     192.168.40.146      WEB

Server2（DNS Server）

• 注：DNSServer的DNS应该为自己

1.关闭系统防火墙以及SeLinux。

systemctl status firewalld  //查看防火墙状态
systemctl stop firewalld   //关闭防火墙
systemctl disable firewalld    //设置的开机不自启
getenforce    //查看状态(不是disble就去文件修改)
​
注：完成后重启虚拟机

2.安装DNS服务

yum install -y bind //安装bind
​
rpm -q  bind    //查看安装的软件包
rpm -qi bind-9...     //查看软件包具体信息
rpm -ql bind-9...     //查看软件包生成目录

3.备份配置文件

cp -p /etc/named.conf /etc/named.conf.bak
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak

4.修改主配置文件

vim /etc/named.conf
​
options {listen-on port 53 { 127.0.0.1; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";secroots-file   "/var/named/data/named.secroots";recursing-file  "/var/named/data/named.recursing";allow-query     { localhost; };

修改为

options {listen-on port 53 { 127.0.0.1;any; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";secroots-file   "/var/named/data/named.secroots";recursing-file  "/var/named/data/named.recursing";allow-query     { localhost;any; };

5.配置对应域名的zone文件

vim /etc/named.rfc1912.zones
​
新增一块区域zone "tech.com" IN {type master;file "tech.com.zone";allow-update { none; };};

6.配置tech.com.zone文件 正向解析

[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# cp -p named.localhost tech.com.zone
[root@localhost named]# vim tech.com.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      @A       127.0.0.1AAAA    ::1
www     A       192.168.40.146   //新增正向解析

7.检查配置文件内容

[root@localhost named]# named-checkconf /etc/named.conf
[root@localhost named]# named-checkconf /etc/named.rfc1912.zones
[root@localhost named]# named-checkzone tech.com tech.com.zone
zone tech.com/IN: loaded serial 0
OK

8.重启服务

[root@localhost ~]# systemctl restart named
[root@localhost ~]# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.

9.使用nslookup命令检查实现效果

[root@localhost ~]# nslookup www.tech.com
Server:         192.168.40.145
Address:        192.168.40.145#53
​
Name:   www.tech.com
Address: 192.168.40.146

Server3（WEB）

1.关闭系统防火墙以及SeLinux。

systemctl status firewalld  //查看防火墙状态
systemctl stop firewalld   //关闭防火墙
systemctl disable firewalld    //设置的开机不自启
getenforce    //查看状态(不是disble就去文件修改)
​
注：完成后重启虚拟机

2.安装web服务

[root@localhost ~]# yum install httpd -y     //安装
[root@localhost ~]# systemctl start httpd     //开启服务
[root@localhost ~]# systemctl enable httpd    //设置开机自启

3.修改dns指向文件

[root@localhost ~]# vi /etc/resolv.conf
nameserver 192.168.40.145

4.验证

[root@localhost ~]# nslookup www.tech.com
Server:         192.168.40.145
Address:        192.168.40.145#53
​
Name:   www.tech.com
Address: 192.168.40.146
​
[root@localhost ~]# dig www.tech.com
​
; <<>> DiG 9.16.37 <<>> www.tech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58602
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
​
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e75ecd162b673e7f01000000669b85a5ba9b96556e9cb26f (good)
;; QUESTION SECTION:
;www.tech.com.                  IN      A
​
;; ANSWER SECTION:
www.tech.com.           86400   IN      A       192.168.40.146
​
;; Query time: 0 msec
;; SERVER: 192.168.40.145#53(192.168.40.145)
;; WHEN: Sat Jul 20 17:38:45 CST 2024
;; MSG SIZE  rcvd: 85
​
[root@localhost ~]# echo "hello DNS" > /var/www/html/index.html
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# curl 192.168.40.146 
hello DNS
[root@localhost ~]# curl www.tech.com
hello DNS

Server1

除安装WEB服务外，步骤同Server3

1.修改dns指向文件

[root@localhost ~]# vi /etc/resolv.conf
nameserver 192.168.40.145

2.验证

[root@localhost ~]# nslookup www.tech.com
Server:         192.168.40.145
Address:        192.168.40.145#53
​
Name:   www.tech.com
Address: 192.168.40.146
​
[root@localhost ~]# dig www.tech.com   \\ 如果命令后面+trace可以跟踪
​
; <<>> DiG 9.16.37 <<>> www.tech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58602
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
​
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e75ecd162b673e7f01000000669b85a5ba9b96556e9cb26f (good)
;; QUESTION SECTION:
;www.tech.com.                  IN      A
​
;; ANSWER SECTION:
www.tech.com.           86400   IN      A       192.168.40.146
​
;; Query time: 0 msec
;; SERVER: 192.168.40.145#53(192.168.40.145)
;; WHEN: Sat Jul 20 17:38:45 CST 2024
;; MSG SIZE  rcvd: 85
​
[root@localhost ~]# curl 192.168.40.146 
hello DNS
[root@localhost ~]# curl www.tech.com
hello DNS

DNS反向解析

server1     192.168.40.144      server1
server2     192.168.40.145      DNS Server
server3     192.168.40.146      WEB

DNS（server2）

1.修改配置文件

#在rfc1912.zones文件中定义反向解析的zone区域   .arpa
​zone "40.168.192.in-addr.arpa" IN {    \\网段地址53         type master;54         file "192.168.40.zone";55         allow-update { none; };56 };

2.配置反向解析的详情文件

[root@localhost ~]# cd /var/named
[root@localhost named]# cp -p named.loopback 192.168.40.zone
​
[root@localhost named]# vi 192.168.40.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      @A       127.0.0.1AAAA    ::1PTR     localhost.
146     PTR     www.tech.com   \\新增IP对应域名的PTR

3.检查配置文件

[root@localhost ~]# named-checkconf /etc/named.rfc1912.zones
[root@localhost ~]# named-checkzone tech.com /var/named/192.168.40.zone 
zone tech.com/IN: loaded serial 0
OK

4.重启服务

[root@localhost ~]# systemctl restart named

WEB（server3）

1.使用nslookup验证

[root@localhost ~]#  nslookup 192.168.40.146
146.40.168.192.in-addr.arpa     name = www.tech.com.40.168.192.in-addr.arpa.

2.使用dig命令验证

[root@localhost ~]# dig -x 192.168.40.146
​
; <<>> DiG 9.16.37 <<>> -x 192.168.40.146
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65373
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
​
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c0c82a9052200b8c01000000669f1753878b25669ec6c2bb (good)
;; QUESTION SECTION:
;146.40.168.192.in-addr.arpa.   IN      PTR
​
;; ANSWER SECTION:
146.40.168.192.in-addr.arpa. 86400 IN   PTR     www.tech.com.40.168.192.in-addr.arpa.
​
;; Query time: 0 msec
;; SERVER: 192.168.40.145#53(192.168.40.145)
;; WHEN: Tue Jul 23 10:37:07 CST 2024
;; MSG SIZE  rcvd: 134