一、DNS服务简介
1、基本概念
(1) DNS( Domain Name System )域名系统,是一种组织成域层次结构的计算机和网络服务命名系统,是一个应用层协议,使用TCP与UDP的53端口,它所提供的服务是用来将主机名和域名转换为IP地址的工作。
(2) FQDN( Full Qualified Domain Name )完全限定域名,即每个域在全球网络都是唯一的;
2、域的分类:
(1)、根域:标识为(.)点,全球13组根域名服务器以英文字母A到M依序命名,域名格式为“字母.root-servers.net”。其中有11个是以任播技术在全球多个地点设立镜像站。比如中国大陆在北京有两台编号为L的镜像,编号为F、I、J的镜像各一台,共5台;香港有编号为D、J的镜像各2台,编号为A、F、I、L的镜像各一台,共8台;台湾则有编号为F、I、J各一台,共3台。
(2)、顶级域:又分为通用顶级域 ( .com .net .org .gov .edu 等),国家顶级域 ( .cn .us .jp 等),反向域 (基础建设顶级域).arpa,即从IP到FQDN的反向解析
3、DNS服务器的查询类型:
递归查询:客户端仅发出一次请求,让DNS服务器去查询返回结果;一般是客户机与服务器之间的查询;
迭代查询:要发出多次请求去分别查询不同的DNS服务器;一般是DNS服务器与DNS服务器之间的查询;
4、DNS名称的解析方式:
正向解析:将FQDN转化为IP
反向解析:将IP转化为FQDN
5、资源记录类型:
SOA:起始授权记录;一个区域解析库中有且仅能有一个SOA记录,必须位于解析库中的第一条记录
A:将一个主机名(全称域名FQDN)和一个IP地址关联起来,FQDN ---> IP
AAAA:将一个主机名解析成IPv6地址,FQDN ---> IPv6
PTR:将一个IP地址对应到主机名,IP ---> FQDN
CNAME:Canonical Name 别名记录
MX:Mail eXchanger,邮件交换器
NS:Name Server,专用于标明当前区域的DNS服务器
TXT:对域名进行标识和说明的一种方式,一般做验证记录时会使用此项,如:SPF(反垃圾邮件)记录,https验证等
示例:_dnsauth TXT 2012011200000051qgs69bwoh4h6nht4n1h0lr038x
6、资源记录定义格式
语法:name [TTL] IN rr_type value
注意:
(1) TTL可从全局继承
(2) @可用于引用当前区域的名字
(3) 同一个名字可以通过多条记录定义多个不同的值;此时DNS服务器会以轮询方式响应
(4) 同一个值也可能有多个不同的定义名字;通过多个不同的名字指向同一个值进行定义;此仅表示通过多个不同的名字可以找到同一个主机
SOA记录:
name: 当前区域的名字,例如“magedu.com.”
value: 有多部分组成
(1) 当前区域的主DNS服务器的FQDN,也可以使用当前区域的名字;
(2) 当前区域管理员的邮箱地址;但地址中不能使用@符号,一般用.替换;例如:admin.abc.com
(3) 主从服务区域传输相关定义以及否定的答案的统一的TTL;例如:
abc.com. 86400 IN SOA ns.abc.com. admin.abc.com. (
2015042201 ;序列号
2H ;刷新时间
10M ;重试时间
1W ;过期时间
1D ;否定答案的TTL值
)
NS记录:
name: 当前区域的名字
value: 当前区域的某DNS服务器的名字,例如 ns.abc.com.
注意:
(1) 一个区域可以有多个NS记录;例如:
abc.com. IN NS ns1.abc.com
abc.com. IN NS ns2.abc.com
(2) 相邻的两个资源记录的name相同时,后续的可省略
(3) 对NS记录而言,任何一个ns记录后面的服务器名字,都应该在后续有一个A记录
MS记录:
name: 当前区域的名字
value: 当前区域的某邮件服务器(smtp服务器)的主机名
一个区域内,MX记录可有多个;但每个记录的value之前应该有一个数字(0- 99),表示此服务器的优先级;数字越小优先级越高;例如:
abc.com. IN MX 10 mx1.abc.com.
IN MX 20 mx2.abc.com.
注意:对MX记录而言,任何一个MX记录后面的服务器名字,都应该在后续有一个A记录
A记录:
name: 某主机的FQDN,例如:www.abc.com.
value: 主机名对应主机的IP地址,例如:
www.abc.com. IN A 1.1.1.1
db.abc.com IN A 2.2.2.2
*.abc.com IN A 1.1.1.2
$GENERATE 1-254 server$ IN A 1.1.2.$
CNAME记录:
name: 别名的FQDN
value: 真正名字的FQDN
例如:
www.abc.com. IN CNAME web.abc.com.
AAAA记录:
name: FQDN
value: IPv6
PTR记录:
name: IP,有特定格式,把IP地址反过来写,1.2.3.4,要写作4.3.2.1;而有特定后缀:in-addr.arpa.,所以完整写法为:4.3.2.1.in-addr.arpa.
value: FQDN
例如:
4.3.2.1.in-addr.arpa. IN PTR www.abc.com.
如1.2.3为网络地址,可简写成:4 IN PTR www.abc.com. 注意:网络地址及后缀可省略;主机地址依然需要反着写
二、DNS相关服务的配置实验
配置系统环境均为 CentOS7.6,且关闭了防火墙与SELINUX。
1、主DNS服务器的配置
配置基于 abc.com 的主DNS服务器
(1) 正向区域
1.安装DNS服务器软件 bind
[root@centos7 ~]# yum install -y bind
2.配置主配置文件 /etc/named.conf
options { // listen-on port 53 { 127.0.0.1; }; #注释掉此行,用//注释 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释掉此行,用//注释 ...以下省略
3.新建域文件
[root@centos7 named]# cd /var/named/ [root@centos7 named]# touch abc.com [root@centos7 named]# chown root:named abc.com [root@centos7 named]# chmod 640 abc.com [root@centos7 named]# ll total 16 -rw-r----- 1 root named 0 Nov 27 13:12 abc.com drwxrwx--- 2 named named 6 Oct 31 2018 data drwxrwx--- 2 named named 6 Oct 31 2018 dynamic -rw-r----- 1 root named 2281 May 22 2017 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback drwxrwx--- 2 named named 6 Oct 31 2018 slaves [root@centos7 named]# vim abc.com [root@centos7 named]# cat abc.com $TTL 1D @ IN SOA ns1.abc.com. admin.abc.com. ( 1 1D 15M 1W 3H ) NS ns1 ns1 A 192.168.214.17 www A 192.168.214.17 * A 192.168.214.17[root@centos7 named]# named-checkzone abc.com /var/named/abc.com #解析库语法检查 zone abc.com/IN: loaded serial 1 OK
4.在主配置文件/etc/named.conf 或专门用与域配置文件 /etc/named.rfc1912.zones 中配置定义的域
[root@centos7 named]# vim /etc/named.rfc1912.zones #添加如下内容 zone "abc.com" IN { type master; file "abc.com"; }; [root@centos7 named]# named-checkconf #主配置文件语法检查
5.启动DNS服务,在客户机上测试
[root@centos7 named]# systemctl start named [root@centos7-27 ~]# dig www.abc.com @192.168.214.17 #客户机上测试,可以看到已经解释成功了 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.abc.com @192.168.214.17 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5413 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.abc.com. IN A ;; ANSWER SECTION: www.abc.com. 86400 IN A 192.168.214.17 ;; AUTHORITY SECTION: abc.com. 86400 IN NS ns1.abc.com. ;; ADDITIONAL SECTION: ns1.abc.com. 86400 IN A 192.168.214.17 ;; Query time: 1 msec ;; SERVER: 192.168.214.17#53(192.168.214.17) ;; WHEN: Wed Nov 27 13:35:16 CST 2019 ;; MSG SIZE rcvd: 90 [root@centos7-27 ~]# host www.abc.com 192.168.214.17 #或用host命令 Using domain server: Name: 192.168.214.17 Address: 192.168.214.17#53 Aliases: www.abc.com has address 192.168.214.17
(2) 反向区域
1.前两步的安装与配置与正向区域一样
2.新建反向域文件
[root@centos7 named]# cd /var/named [root@centos7 named]# touch 192.168.214.abc.com [root@centos7 named]# chown :named 192.168.214.abc.com [root@centos7 named]# chmod 640 192.168.214.abc.com [root@centos7 named]# ll total 20 -rw-r----- 1 root named 0 Nov 27 13:41 192.168.214.abc.com -rw-r----- 1 root named 147 Nov 27 13:17 abc.com drwxrwx--- 2 named named 23 Nov 27 13:32 data drwxrwx--- 2 named named 60 Nov 27 13:33 dynamic -rw-r----- 1 root named 2281 May 22 2017 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback drwxrwx--- 2 named named 6 Oct 31 2018 slaves [root@centos7 named]# vim 192.168.214.abc.com $TLL 1D @ IN SOA ns1.abc.com. admin.abc.com. ( 1 1D 15M 1W 3H ) NS ns1 ns1 A 192.168.214.17 17 PTR www.abc.com. 7 PTR ns1.efg.com.
3.在域配置文件中,添加定义好的反向域
[root@centos7 named]# vim /etc/named.rfc1912.zones #添加以下内容 zone "214.168.192.in-addr.arpa" in { type master; file "192.168.214.abc.com"; }; [root@centos7 named]# named-checkconf #检查语法 [root@centos7 named]# rndc reload #重载配置文件 server reload successful
4.在客户机上测试
[root@centos7-27 ~]# dig -x 192.168.214.17 @192.168.214.17 #测试可以看到都解析成功了 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -x 192.168.214.17 @192.168.214.17 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43203 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;17.214.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 17.214.168.192.in-addr.arpa. 86400 IN PTR www.abc.com. ;; AUTHORITY SECTION: 214.168.192.in-addr.arpa. 86400 IN NS ns1.214.168.192.in-addr.arpa. ;; ADDITIONAL SECTION: ns1.214.168.192.in-addr.arpa. 86400 IN A 192.168.214.17 ;; Query time: 0 msec ;; SERVER: 192.168.214.17#53(192.168.214.17) ;; WHEN: Wed Nov 27 14:25:56 CST 2019 ;; MSG SIZE rcvd: 115 [root@centos7-27 ~]# host 192.168.214.7 192.168.214.17 Using domain server: Name: 192.168.214.17 Address: 192.168.214.17#53 Aliases: 7.214.168.192.in-addr.arpa domain name pointer ns1.efg.com.
2、主从DNS服务器的配置
此处用到两台主机,一台主机作为主DNS服务器(192.168.214.17),一台作为从DNS服务器(192.168.214.27),以 asdfg.com 域为例。
(1)、两台主机都安装BIND软件
[root@centos7-17 ~]# yum install -y bind [root@centos7-27 ~]# yum install -y bind
(2)、配置主DNS服务器配置文件 /etc/named.conf,并创建正向解析域文件 /var/named/asdfg.com
[root@centos7-17 ~]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; #注释此处 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此处 allow-transfer { 192.168.214.27;}; #添加此项 ...以下省略 [root@centos7-17 ~]# cd /var/named/ [root@centos7-17 ~]# touch asdfg.com [root@centos7-17 ~]# chown :named asdfg.com [root@centos7-17 ~]# chmod 640 asdfg.com [root@centos7-17 named]# vim asdfg.com [root@centos7-17 named]# cat asdfg.com $TTL 1D @ IN SOA ns1.asdfg.com. admin.asdfg.com. ( 1 1D 15M 1W 3H ) NS ns1 NS ns2 ns1 A 192.168.214.17 #主服务器 ns2 A 192.168.214.27 #从服务器 www A 192.168.214.15 wap A 192.168.213.16
(3)、在主服务器上域文件 /etc/named.rfc1912.zones 中添加"asdfg.com"域
[root@centos7-17 named]# vim /etc/named.rfc1912.zones zone "asdfg.com" IN { type master; file "asdfg.com"; }; ...以下省略
(4)、配置从DNS服务器的配置文件 /etc/named.conf,并在从服务器的域文件中添加域信息
[root@centos7-27 ~]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; #注释此处 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此处 allow-transfer {none;}; #添加此项 ...以下省略 [root@centos7-27 ~]# vim /etc/named.rfc1912.zones zone "asdfg.com" IN { type slave; masters {192.168.214.17;}; file "slaves/asdfg.com.slaves"; };...以下省略
(5)、先启动主服务器的DNS服务,再启动从DNS服务,进行测试
[root@centos7-17 ~]# systemctl start named [root@centos7-27 ~]# systemctl start named
[root@centos7-27 ~]# ll /var/named/slaves/ #从服务器启动后可以看到生成了域文件库 total 4 -rw-r--r-- 1 named named 338 Nov 27 15:15 asdfg.com.slaves #在客户端上测试,可以看到从服务器上成功同步了主服务器的域文件库 [root@centos7-37 ~]# host www.asdfg.com 192.168.214.17 #主服务解析 Using domain server: Name: 192.168.214.17 Address: 192.168.214.17#53 Aliases: www.asdfg.com has address 192.168.214.15 [root@centos7-37 ~]# host www.asdfg.com 192.168.214.27 #从服务器解析 Using domain server: Name: 192.168.214.27 Address: 192.168.214.27#53 Aliases: www.asdfg.com has address 192.168.214.15 [root@centos7-37 ~]# host wap.asdfg.com 192.168.214.27 Using domain server: Name: 192.168.214.27 Address: 192.168.214.27#53 Aliases: wap.asdfg.com has address 192.168.213.16
3、子域委派的配置
此处用到两台主机,一台作为父域 (192.168.214.17),一台作为子域 (192.168.214.37),以 qwert.com 域为例,子域为 zxcvb.qwert.com
(1)、两台主机都安装BIND服务
[root@centos7-17 ~]# yum install -y bind [root@centos7-37 ~]# yum install -y bind
(2)、配置父域服务器的配置文件 /etc/named.conf,并创建正向解析域文件 /var/named/qwert.com,然后在域文件 /etc/named.rfc1912.zones中添加"qwert.com"域
[root@centos7-17 ~]# cd /var/named/ [root@centos7-17 named]# vim qwert.com [root@centos7-17 named]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; #注释此处 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此处 recursion yes; dnssec-enable yes; #此处将yes修改成no dnssec-validation yes; #此处将yes修改成no ...以下省略 [root@centos7-17 named]# cd /var/named/ [root@centos7-17 named]# touch qwert.com [root@centos7-17 named]# chown :named qwert.com [root@centos7-17 named]# chmod 644 qwert.com [root@centos7-17 named]# vim qwert.com $TTL 1D @ IN SOA ns1.qwert.com. admin.qwert.com. ( 1 1D 15M 1W 3H ) NS ns1 zxcfb NS ns3 #子域服务器标识 ns1 A 192.168.214.17 ns3 A 192.168.214.37 #子域服务器IP www A 192.168.214.5 [root@centos7-17 named]# vim /etc/named.rfc1912.zones zone "qwert.com" IN { type master; file "qwert.com"; };...以下省略
(3)、在子域服务器上主配置文件 /etc/named.conf ,并创建正向解析域文件 /var/named/zxcvb.qwert.com,然后在域文件 /etc/named.rfc1912.zones中添加"zxcvb.qwert.com"域
[root@centos7-37 ~]# vim /etc/named.conf options { // Listen-on port 53 { 127.0.0.1; }; #注释此处 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此处 [root@centos7-37 ~]# cd /var/named/ [root@centos7-37 named]# touch zxcvb.qwert.com [root@centos7-37 named]# chown :named zxcvb.qwert.com [root@centos7-37 named]# chmod 640 zxcvb.qwert.com [root@centos7-37 named]# vim zxcvb.qwert.com [root@centos7-37 named]# cat zxcvb.qwert.com $TTL 1D @ IN SOA ns1 admin ( 1 1D 15M 1W 3H ) NS ns1 ns1 A 192.168.214.37 web A 192.168.214.4 [root@centos7-37 named]# vim /etc/named.rfc1912.zones zone "zxcvb.qwert.com" IN { type master; file "zxcvb.qwert.com"; }; ...以下省略
(4)、启动父域与子域服务器的DNS服务,进行测试
[root@centos7-27 ~]# dig web.zxcvb.qwert.com @192.168.214.37 #客户端上测试,先直接通过子域解析,可以看到成功的 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> web.zxcvb.qwert.com @192.168.214.37 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17889 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.zxcvb.qwert.com. IN A ;; ANSWER SECTION: web.zxcvb.qwert.com. 86400 IN A 192.168.214.4 ;; AUTHORITY SECTION: zxcvb.qwert.com. 86400 IN NS ns1.zxcvb.qwert.com. ;; ADDITIONAL SECTION: ns1.zxcvb.qwert.com. 86400 IN A 192.168.214.37 ;; Query time: 1 msec ;; SERVER: 192.168.214.37#53(192.168.214.37) ;; WHEN: Wed Nov 27 16:37:08 CST 2019 ;; MSG SIZE rcvd: 98 [root@centos7-27 ~]# dig web.zxcvb.qwert.com @192.168.214.17 #再通过父域解析,可以看到也成功了 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> web.zxcvb.qwert.com @192.168.214.17 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17459 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.zxcvb.qwert.com. IN A ;; ANSWER SECTION: web.zxcvb.qwert.com. 86218 IN A 192.168.214.4 ;; AUTHORITY SECTION: zxcvb.qwert.com. 86218 IN NS ns1.zxcvb.qwert.com. ;; ADDITIONAL SECTION: ns1.zxcvb.qwert.com. 86218 IN A 192.168.214.37 ;; Query time: 1 msec ;; SERVER: 192.168.214.17#53(192.168.214.17) ;; WHEN: Wed Nov 27 16:37:12 CST 2019 ;; MSG SIZE rcvd: 98
4、DNS的转发功能配置
此处需要三台主机,一台客户端服务器 (192.168.214.37),一台中间转发服务器 (192.168.214.27 只缓存服务器),一台主DNS服务器 (192.168.214.17 ,
172.16.236.138 可连外网)
转发分为全局转发与特定区域转发,设置稍有不同:
全局转发: 对非本机所负责解析区域的请求,全转发给指定的服务器
Options {
forward first|only; #first表示优先转发给DNS服务器,如果DNS不能返回结果,则自己去互联网上查找;only表示仅转发,不做其它操作
forwarders { ip;};
};
特定区域转发:仅转发对特定的区域的请求,比全局转发优先级高
zone "ZONE_NAME" IN {
type forward;
forward first|only;
forwarders { ip;};
};
以全局转发为例:
(1).主DNS服务器(192.168.214.17)上的配置
[root@centos7-17 ~]# yum install -y bind [root@centos7-17 ~]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; #注释此处 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此处 [root@centos7-17 ~]# systemctl start named #启动dns服务 [root@centos7-17 ~]# dig www.baidu.com @192.168.214.17 #此主机是可以连外网的 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.baidu.com @192.168.214.17 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17134 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 1200 IN CNAME www.a.shifen.com. www.a.shifen.com. 300 IN A 14.215.177.39 www.a.shifen.com. 300 IN A 14.215.177.38 ;; AUTHORITY SECTION: a.shifen.com. 1200 IN NS ns1.a.shifen.com. a.shifen.com. 1200 IN NS ns2.a.shifen.com. a.shifen.com. 1200 IN NS ns3.a.shifen.com. a.shifen.com. 1200 IN NS ns4.a.shifen.com. a.shifen.com. 1200 IN NS ns5.a.shifen.com. ;; ADDITIONAL SECTION: ns1.a.shifen.com. 1200 IN A 61.135.165.224 ns2.a.shifen.com. 1200 IN A 220.181.33.32 ns3.a.shifen.com. 1200 IN A 112.80.255.253 ns4.a.shifen.com. 1200 IN A 14.215.177.229 ns5.a.shifen.com. 1200 IN A 180.76.76.95 ;; Query time: 627 msec ;; SERVER: 192.168.214.17#53(192.168.214.17) ;; WHEN: Wed Nov 27 17:38:08 CST 2019 ;; MSG SIZE rcvd: 271 [root@centos7-17 ~]# nslookup abc.com 192.168.214.17 #也可解析本地域 Server: 192.168.214.17 Address: 192.168.214.17#53 Name: abc.com Address: 192.168.214.17
(2).中间转发服务器 (192.168.214.27) 的配置
#首先在客户机上直接通过中间转发服务器是解析不了的 [root@centos7-37 named]# host www.baidu.com 192.168.214.27 ;; connection timed out; no servers could be reached [root@centos7-37 named]# host www.abc.com 192.168.214.27 ;; connection timed out; no servers could be reached #下面对中间转发服务器进行设置 [root@centos7-27 ~]# yum install -y bind #安装bind服务 [root@centos7-27 ~]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; #注释此处 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; #注释此处 forward only; #添加此项 forwarders {192.168.214.17;}; #添加此项 recursion yes; dnssec-enable no; #此处将yes改为no dnssec-validation no; #此处将yes改为no ...以下省略
(3).在客户机上测试
#可以看到可以解析,说明转发成功了 [root@centos7-37 ~]# nslookup www.abc.com 192.168.214.27 Server: 192.168.214.27 Address: 192.168.214.27#53 Non-authoritative answer: Name: www.abc.com Address: 192.168.214.17 [root@centos7-37 ~]# nslookup www.baidu.com 192.168.214.27 Server: 192.168.214.27 Address: 192.168.214.27#53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 14.215.177.39 Name: www.a.shifen.com Address: 14.215.177.38