bind
bind基礎
查bind程序包
[root@qq ~]# yum list all name bind*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
ali-epel | 4.3 kB 00:00
ali-epel/primary_db | 5.9 MB 00:05
Installed Packages
bind-libs.x86_64 32:9.8.2-0.30.rc1.el6 @anaconda-CentOS-201410241409.x86_64/6.6
bind-utils.x86_64 32:9.8.2-0.30.rc1.el6 @anaconda-CentOS-201410241409.x86_64/6.6
Available Packages
bind.x86_64 32:9.8.2-0.30.rc1.el6 base
bind-chroot.x86_64 32:9.8.2-0.30.rc1.el6 base
bind-devel.i686 32:9.8.2-0.30.rc1.el6 base
bind-devel.x86_64 32:9.8.2-0.30.rc1.el6 base
bind-dyndb-ldap.x86_64 2.3-5.el6 base
bind-libs.i686 32:9.8.2-0.30.rc1.el6 base
bind-sdb.x86_64 32:9.8.2-0.30.rc1.el6 base
bind-to-tinydns.x86_64 0.4.3-15.20140818gitdf0ddc3.el6 ali-epel
需要安裝的程序包
- bind
- bind-libs
- bind-utils
庫文件:
[root@qq ~]# rpm -qi bind-libs
Name : bind-libs Relocations: (not relocatable)
Version : 9.8.2 Vendor: CentOS
Release : 0.30.rc1.el6 Build Date: Wed 15 Oct 2014 09:29:05 PM CST
Install Date: Thu 28 Jul 2016 12:40:46 AM CST Build Host: c6b8.bsys.dev.centos.org
Group : Applications/System Source RPM: bind-9.8.2-0.30.rc1.el6.src.rpm
Size : 2323984 License: ISC
Signature : RSA/SHA1, Sat 18 Oct 2014 04:00:50 AM CST, Key ID 0946fca2c105b9de
Packager : CentOS BuildSystem <http://bugs.centos.org>
URL : http://www.isc.org/products/BIND/
Summary : Libraries used by the BIND DNS packages
Description :
Contains libraries used by both the bind server package as well as the utils
packages.
utils
[root@qq ~]# rpm -qi bind-utils
Name : bind-utils Relocations: (not relocatable)
Version : 9.8.2 Vendor: CentOS
Release : 0.30.rc1.el6 Build Date: Wed 15 Oct 2014 09:29:05 PM CST
Install Date: Thu 28 Jul 2016 12:40:46 AM CST Build Host: c6b8.bsys.dev.centos.org
Group : Applications/System Source RPM: bind-9.8.2-0.30.rc1.el6.src.rpm
Size : 450944 License: ISC
Signature : RSA/SHA1, Sat 18 Oct 2014 04:02:07 AM CST, Key ID 0946fca2c105b9de
Packager : CentOS BuildSystem <http://bugs.centos.org>
URL : http://www.isc.org/products/BIND/
Summary : Utilities for querying DNS name servers
Description :
Bind-utils contains a collection of utilities for querying DNS (Domain
Name System) name servers to find out information about Internet
hosts. These tools will provide you with the IP addresses for given
host names, as well as other information about registered domains and
network addresses.
You should install bind-utils if you need to get information from DNS name
servers.
查看utils的文件
[root@qq ~]# rpm -ql bind-utils
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
不用裝這個
[root@qq ~]# yum info bind-chroot
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Available Packages
Name : bind-chroot
Arch : x86_64
Epoch : 32
Version : 9.8.2
Release : 0.30.rc1.el6
Size : 73 k
Repo : base
Summary : A chroot runtime environment for the ISC BIND DNS server,
: named(8)
URL : http://www.isc.org/products/BIND/
License : ISC
Description : This package contains a tree of files which can be used
: as a chroot(2) jail for the named(8) program from the
: BIND package. Based on the code from Jan "Yenya" Kasprzak
: <[email protected]>
安裝bind
[root@qq ~]# yum install bind -y
查看bind文件
[root@qq ~]# rpm -ql bind
全球十三個根節點服務器
[root@qq named]# cat /var/named/named.ca
; <<>> DiG 9.9.4-P2-RedHat-9.9.4-12.P2 <<>> +norec NS . @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26229
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 24
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
DNS記錄(rr)
[root@qq named]# pwd
/var/named
[root@qq named]#
[root@qq named]# cat
data/ named.ca named.localhost slaves/
dynamic/ named.empty named.loopback
[root@qq named]# cat named.localhost
$TTL 1D #定義了時間變量,所以記錄直接繼承TTL
@ IN SOA @ rname.invalid. ( #@表示當前區域的區域名;rname.invalid:管理員郵箱地址;
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
[root@qq named]#
[root@qq named]# cat named.loopback
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @ #前面空格沒寫,代表繼承了前一個@
A 127.0.0.1 #前面空格沒寫,代表繼承了前一個@
AAAA ::1
PTR localhost. #前面空格沒寫,代表繼承了前一個@
DNS服務啓動
[root@qq ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@qq ~]#
[root@qq ~]# ss -tunlp | grep :53
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",15505,512))
udp UNCONN 0 0 ::1:53 :::* users:(("named",15505,513))
tcp LISTEN 0 3 ::1:53 :::* users:(("named",15505,21))
tcp LISTEN 0 3 127.0.0.1:53 *:* users:(("named",15505,20))
tcp LISTEN 0 128 :::53835 :::* users:(("rpc.statd",1434,11))
[root@qq ~]#
把自己複製成.bak的文件
[root@qq ~]# cp -v /etc/named.conf{,.bak}
`/etc/named.conf' -> `/etc/named.conf.bak'
[root@qq ~]#
[root@qq ~]# ll /etc/named*
-rw-r----- 1 root named 1008 Jul 19 2010 /etc/named.conf
-rw-r----- 1 root root 1008 Aug 2 18:43 /etc/named.conf.bak
-rw-r--r-- 1 root named 2389 Oct 15 2014 /etc/named.iscdlv.key
-rw-r----- 1 root named 931 Jun 21 2007 /etc/named.rfc1912.zones
-rw-r--r-- 1 root named 487 Jul 19 2010 /etc/named.root.key
/etc/named:
total 0
開啓DNS全局監聽
[root@qq ~]# vim /etc/named.conf
options {
//listen-on port 53 { 10.201.106.129; 127.0.0.1; };
listen-on port 53 { 0.0.0.0; };
/* listen-on-v6 port 53 { ::1; }; */
[root@qq ~]# ss -tulnp | grep :53
udp UNCONN 0 0 10.201.106.129:53 *:* users:(("named",15862,513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",15862,512))
tcp LISTEN 0 3 10.201.106.129:53 *:* users:(("named",15862,21))
tcp LISTEN 0 3 127.0.0.1:53 *:* users:(("named",15862,20))
tcp LISTEN 0 128 :::53835 :::* users:(("rpc.statd",1434,11))
通過註釋配置文件將dnssec關閉
[root@qq ~]# vim /etc/named.conf
/*dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Path to ISC DLV key
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
*/
allow-query { any; }; #允許任何主機查詢,DNS服務內置的訪問控制列表;
DNS配置解讀(緩存服務器)
options {
//listen-on port 53 { 10.201.106.129; };
listen-on port 53 { 10.201.106.129; 127.0.0.1; }; #監聽地址端口
/* listen-on-v6 port 53 { ::1; }; */
directory "/var/named"; #工作目錄,解析庫目錄
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #內置訪問控制列表
recursion yes; #是否開啓遞歸解析
配置主DNS服務器(在緩存名稱服務器的基礎上加zone)
1、編輯區域配置文件,新增
[root@qq ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone"
};
2、創建一個全新的區域文件
[root@qq named]# pwd
/var/named
[root@qq named]# vim magedu.com.zone
3、配置新建的區域文件(magedu.com.zone)
[root@qq named]# vim /var/named/magedu.com.zone
$TTL 86400
$ORIGIN magedu.com. #加個宏,自動補上;
@ IN SOA ns1.magedu.com. admin.magedu.com (
2015042201 #序列號
1H #刷新時間
5M #重試時間
7D #過期時間
1D ) #否定回答的標準時間值
IN NS ns1.magedu.com. #可以使用相對名稱,如ns1,後面的.不能加;
IN NS ns2.magedu.com.
IN MX 10 mx1 #郵件交換器
IN MX 20 mx2
ns1 IN A 10.201.106.129
ns2 IN A 10.201.106.130
mx1 IN A 10.201.106.131
mx2 IN A 10.201.106.132
www IN A 10.201.106.129
ftp IN CNAME www #別名
4、檢查named配置文件語法
[root@qq named]# named-checkconf #沒有輸出表示正常;
5、檢查區域文件語法
[root@qq named]# named-checkzone "magedu.com" /var/named/magedu.com.zone #給的區域和區域文件進行檢查;
zone magedu.com/IN: loaded serial 2015042201
OK
[root@qq named]#
6.1、查看權限
[root@qq named]# ps aux | grep named
named 15961 0.0 3.6 165772 18112 ? Ssl 19:12 0:04 /usr/s
root 16191 0.0 0.7 143676 3720 pts/0 T 20:25 0:00 vim /v
root 16300 0.0 0.1 103252 836 pts/0 S+ 20:50 0:00 grep n
[root@qq named]#
[root@qq named]#
[root@qq named]#
[root@qq named]# ll /etc/named
total 0
[root@qq named]# ll /etc/named.conf
-rw-r----- 1 root named 1068 Aug 2 19:12 /etc/named.conf
[root@qq named]# pwd
/var/named
[root@qq named]#
[root@qq named]#
[root@qq named]# ll
total 32
drwxrwx--- 2 named named 4096 Aug 2 18:37 data
drwxrwx--- 2 named named 4096 Aug 2 19:13 dynamic
-rw-r--r-- 1 root root 441 Aug 2 20:44 magedu.com.zone
-rw-r----- 1 root named 2075 Apr 23 2014 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Oct 15 2014 slaves
[root@qq named]# id named
uid=25(named) gid=25(named) groups=25(named)
6.2 更改權限,將新建的zone文件權限改爲640,不允許其他用戶有任何權限,再將所有組改爲named,讓named用戶能夠讀取文件;
[root@qq named]# chmod 640 magedu.com.zone
[root@qq named]# ll
total 32
drwxrwx--- 2 named named 4096 Aug 2 18:37 data
drwxrwx--- 2 named named 4096 Aug 2 19:13 dynamic
-rw-r----- 1 root root 441 Aug 2 20:44 magedu.com.zone
-rw-r----- 1 root named 2075 Apr 23 2014 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Oct 15 2014 slaves
[root@qq named]# chown :named magedu.com.zone
[root@qq named]# ll
total 32
drwxrwx--- 2 named named 4096 Aug 2 18:37 data
drwxrwx--- 2 named named 4096 Aug 2 19:13 dynamic
-rw-r----- 1 root named 441 Aug 2 20:44 magedu.com.zone
-rw-r----- 1 root named 2075 Apr 23 2014 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Oct 15 2014 slaves
7、 重啓服務查看工作狀態
[root@qq named]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@qq named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1 #多少顆CPU
worker threads: 1 #named工程線程
number of zones: 20 #多少個區域
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF #有沒有打開查詢日誌
recursive clients: 0/0/1000 #多少遞歸客戶端
tcp clients: 0/100 #多少個TCP客戶端
server is up and running #服務器狀態
8、測試,使用dig命令本地解析;
[root@qq named]# dig -t A www.magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52952
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 10.201.106.129
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Tue Aug 2 20:59:32 2016
;; MSG SIZE rcvd: 116
9、 測試修改解析庫,增加一個同個主機名,不同IP的A記錄
www IN A 10.201.106.129
www IN A 10.201.106.110
重新加載文件
[root@qq named]# service named reload #通知服務重讀解析庫
Reloading named: [ OK ]
[root@qq named]#
或者nmaed自帶的reload
[root@qq named]# rndc reload
server reload successful
查看解析結果,已經有兩條A記錄
[root@qq named]# dig -t A www.magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5730
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 10.201.106.129
www.magedu.com. 86400 IN A 10.201.106.110
;; AUTHORITY SECTION: #權威
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION: #NS記錄的每一個記錄直接返回,
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
;; Query time: 0 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Tue Aug 2 21:04:38 2016
;; MSG SIZE rcvd: 132
如果dig命令不指定具體的解析的服務器,默認是/etc/resolv.conf配置文件裏的nameserver進行解析;
[root@qq named]# vim /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.201.106.2
查詢NS記錄
[root@qq named]# dig -t NS magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t NS magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56450
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;magedu.com. IN NS
;; ANSWER SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
查詢MX記錄
[root@qq named]# dig -t MX magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t MX magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25272
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;magedu.com. IN MX
;; ANSWER SECTION:
magedu.com. 86400 IN MX 10 mx1.magedu.com.
magedu.com. 86400 IN MX 20 mx2.magedu.com.
SOA查詢
[root@qq named]# dig -t SOA magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t SOA magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16640
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 #aa代表權威認證,
;; QUESTION SECTION:
;magedu.com. IN SOA
;; ANSWER SECTION:
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
使用虛擬機訪問外網DNS解析百度網址,沒有權威aa標記
[root@qq named]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.201.106.2
[root@qq named]#
[root@qq named]#
[root@qq named]# dig -t A www.baidu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28366
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: #問題
;www.baidu.com. IN A
;; ANSWER SECTION: #答案
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 14.215.177.37
www.a.shifen.com. 5 IN A 14.215.177.38
;; Query time: 6 msec
;; SERVER: 10.201.106.2#53(10.201.106.2)
;; WHEN: Tue Aug 2 21:24:28 2016
;; MSG SIZE rcvd: 90
跟蹤遞歸解析過程
[root@qq named]# dig -t A +trace www.baidu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A +trace www.baidu.com
;; global options: +cmd
. 5 IN NS k.root-servers.net.
. 5 IN NS l.root-servers.net.
. 5 IN NS m.root-servers.net.
. 5 IN NS a.root-servers.net.
. 5 IN NS b.root-servers.net.
. 5 IN NS c.root-servers.net.
. 5 IN NS d.root-servers.net.
. 5 IN NS e.root-servers.net.
. 5 IN NS f.root-servers.net.
. 5 IN NS g.root-servers.net.
. 5 IN NS h.root-servers.net.
. 5 IN NS i.root-servers.net.
. 5 IN NS j.root-servers.net.
;; Received 504 bytes from 10.201.106.2#53(10.201.106.2) in 90 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 491 bytes from 193.0.14.129#53(193.0.14.129) in 24754 ms
baidu.com. 172800 IN NS dns.baidu.com.
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
;; Received 201 bytes from 192.33.14.30#53(192.33.14.30) in 289 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
;; Received 228 bytes from 202.108.22.220#53(202.108.22.220) in 80 ms