一、基本理论

DNS系统的作用是把域名和IP对应起来。

正向解析:根据域名(主机名)查找对应的IP地址。

反向解析:根据IP地址查询对应的域名(主机名)。

 查询

递归查询:本地客户机向DNS服务器解析域名的方式,本地客户端查询常采用递归查询。

迭代查询:本地DNS服务器向外部DNS服务器(根域、顶级域)解析域名的方式。

 DNS服务器的类型

DNS转发服务器:不处理DNS请求,把请求转发出去。

缓存域名服务器:也称唯高速缓存服务器。通过向其它域名服务器查询获得域名与IP地址的对应记录,将域名查询结果缓存到本地,提高重复查询时的速度。

 主域名服务器:特定DNS区域的官方服务器,具有唯一性。负责维护该区域内的所有域名与IP的映射记录。

 从域名服务器:也称辅助域名服务器。其维护的域名与IP地址的映射记录来源于主域名服务器。


二、bind软件安装

其中各软件包的作用如下:

bind: 提供域名服务的主要程序及相关文件。

bind-libs:库文件

bind-utils:提供对DNS服务器测试的工具程序(如nslookupdig等)。

bind-chroot:为bind提供一个伪装的根目录以增强安全性。如果安装该软件,默认目录/var/named/chroot下有etc和var目录,配置文件在/var/named/chroot/etc/named.conf,区域文件/var/named/chroot/var/named中

安装命令:yum install bind -y

查看bind的相关文件命令:rpm -ql bind


三、DNS服务器配置

1、配置文件/etc/named.conf

 cat /etc/named.conf

options{

directory "/var/named";  //区域文件存放目录

};

全局配置中还有如下选项:

forwarders { 202.106.0.20; };       //将本域名服务器不能解析的条目转发给其它DNS服务器的IP地址

zone "." IN {

type hint;    //区域类型。hint为根区域;master为主区域; slave为辅助区域

file "named.ca";    //该区域对应的区域数据配置文件名

};


zone "localhost" IN {

type master;

file "localhost.zone";

};


zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.localhost";

};


zone "fish.com" IN {

type master;

file "fish.com.zone";

};


zone "50.168.192.in-addr.arpa" IN {

type master;

file "50.168.192.zone";

};


2、添加区域文件

a、根区域

dig -t NS . > /var/named/named.ca

[root@oracle named]# cat  named.ca

; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420

;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;.INNS


;; ANSWER SECTION:

.518400INNSM.ROOT-SERVERS.NET.

.518400INNSA.ROOT-SERVERS.NET.

.518400INNSB.ROOT-SERVERS.NET.

.518400INNSC.ROOT-SERVERS.NET.

.518400INNSD.ROOT-SERVERS.NET.

.518400INNSE.ROOT-SERVERS.NET.

.518400INNSF.ROOT-SERVERS.NET.

.518400INNSG.ROOT-SERVERS.NET.

.518400INNSH.ROOT-SERVERS.NET.

.518400INNSI.ROOT-SERVERS.NET.

.518400INNSJ.ROOT-SERVERS.NET.

.518400INNSK.ROOT-SERVERS.NET.

.518400INNSL.ROOT-SERVERS.NET.


;; ADDITIONAL SECTION:

A.ROOT-SERVERS.NET.3600000INA198.41.0.4

A.ROOT-SERVERS.NET.3600000INAAAA2001:503:ba3e::2:30

B.ROOT-SERVERS.NET.3600000INA192.228.79.201

C.ROOT-SERVERS.NET.3600000INA192.33.4.12

D.ROOT-SERVERS.NET.3600000INA128.8.10.90

E.ROOT-SERVERS.NET.3600000INA192.203.230.10

F.ROOT-SERVERS.NET.3600000INA192.5.5.241

F.ROOT-SERVERS.NET.3600000INAAAA2001:500:2f::f

G.ROOT-SERVERS.NET.3600000INA192.112.36.4

H.ROOT-SERVERS.NET.3600000INA128.63.2.53

H.ROOT-SERVERS.NET.3600000INAAAA2001:500:1::803f:235

I.ROOT-SERVERS.NET.3600000INA192.36.148.17

J.ROOT-SERVERS.NET.3600000INA192.58.128.30

J.ROOT-SERVERS.NET.3600000INAAAA2001:503:c27::2:30

K.ROOT-SERVERS.NET.3600000INA193.0.14.129

K.ROOT-SERVERS.NET.3600000INAAAA2001:7fd::1

L.ROOT-SERVERS.NET.3600000INA199.7.83.42

M.ROOT-SERVERS.NET.3600000INA202.12.27.33

M.ROOT-SERVERS.NET.3600000INAAAA2001:dc3::35


;; Query time: 147 msec

;; SERVER: 198.41.0.4#53(198.41.0.4)

;; WHEN: Mon Feb 18 13:29:18 2008

;; MSG SIZE  rcvd: 615


b、本地正向区域文件localhost.zone

[root@oracle named]# cat localhost.zone 

$TTL 86400


@INSOAlocalhost.fish.localhost.(

20140712    //更新序列号

1H    //更新时间,跟主服务器同步数据间隔时间

30M    //重试延时,如果出现链接失败,每隔30分钟再次尝试连接

1W    //失效时间

7H)     //无效地址解析记录的默认缓存时间

INNSlocalhost.

localhost.INA127.0.0.1

区域反向文件named.localhost

[root@oracle named]# cat named.localhost 

$TTL 86400


@INSOAlocalhost.fish.localhost.(

20140712

1H

30M

1W

7H)

INNSlocalhost.

127.0.0.1INPTRlocalhost.

区域文件fish.com.zone

[root@oracle named]# cat fish.com.zone 

$TTL 86400

$ORIGIN fish.com.

@INSOAdns.fish.com.admin (

2014071201

5H

30M

1W

1D)

INNSdns

INMX 10mail

dnsINA192.168.50.146

mailINA192.168.50.200

wwwINA192.168.50.201

ftpINA192.168.50.202

pop INA192.168.50.203

c、本地区域反向文件50.168.192.zone

[root@oracle named]# cat 50.168.192.zone 

$TTL 86400

$ORIGIN 50.168.192.in-addr.arpa.

@INSOAdnsadmin (

2014071201

5H

30M

1W

1D)

INNSdns.fish.com.

146INPTRdns.fish.com.

200INPTRmail.fish.com.

201INPTRwww.fish.com.

202INPTRftp.fish.com.

203INPTRpop.fish.com.

d、语法错误检查

检查named配置文件和区域文件语法错误:service named configtest

检查/etc/named.conf语法错误:named-checkconf /etc/named.conf

检查区域文件语法:named-checkzone "fish.com" /var/named/fish.com.zone


四、启动bind服务及测试

a、启动bind服务

/etc/init.d/named start

查看端口号:53,启动成功

[root@oracle named]# netstat -tunlp | grep "53\>"

tcp        0      0 192.168.50.146:53           0.0.0.0:*                   LISTEN      11161/named         

tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      11161/named         

udp        0      0 192.168.50.146:53           0.0.0.0:*                               11161/named         

udp        0      0 127.0.0.1:53                0.0.0.0:*                               11161/named 

b、测试DNS

1、[root@oracle named]# dig -t A www.fish.com


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t A www.fish.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47562

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; QUESTION SECTION:

;www.fish.com.INA


;; ANSWER SECTION:

www.fish.com.86400INA192.168.50.201


;; AUTHORITY SECTION:

fish.com.86400INNSdns.fish.com.


;; ADDITIONAL SECTION:

dns.fish.com.86400INA192.168.50.146


;; Query time: 1869 msec

;; SERVER: 192.168.50.146#53(192.168.50.146)

;; WHEN: Sun Jul 13 00:24:28 2014

;; MSG SIZE  rcvd: 80


2、

[root@oracle named]# dig -t A www.fish.com


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t A www.fish.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47562

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; QUESTION SECTION:

;www.fish.com.INA


;; ANSWER SECTION:

www.fish.com.86400INA192.168.50.201


;; AUTHORITY SECTION:

fish.com.86400INNSdns.fish.com.


;; ADDITIONAL SECTION:

dns.fish.com.86400INA192.168.50.146


;; Query time: 1869 msec

;; SERVER: 192.168.50.146#53(192.168.50.146)

;; WHEN: Sun Jul 13 00:24:28 2014

;; MSG SIZE  rcvd: 80


3、

[root@oracle named]# dig -x 192.168.50.202


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -x 192.168.50.202

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18983

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; QUESTION SECTION:

;202.50.168.192.in-addr.arpa.INPTR


;; ANSWER SECTION:

202.50.168.192.in-addr.arpa. 86400 INPTRftp.fish.com.


;; AUTHORITY SECTION:

50.168.192.in-addr.arpa. 86400INNSdns.fish.com.


;; ADDITIONAL SECTION:

dns.fish.com.86400INA192.168.50.146


;; Query time: 0 msec

;; SERVER: 192.168.50.146#53(192.168.50.146)

;; WHEN: Sun Jul 13 00:26:37 2014

;; MSG SIZE  rcvd: 105


本文参考如下文章:

http://edu.51cto.com/lesson/id-13761.html

http://blog.chinaunix.net/uid-26777939-id-3140698.html