1.概念
DNS(Domain Name System,域名系统)是互联网中用于将域名(Domain Name)转换为IP地址(Internet Protocol Address)的核心系统。
正向解析是指将域名转换为对应的IP地址的过程
反向解析则是指将IP地址转换为其对应域名的过程
| 主机名 | IP地址 | 操作系统版本 | bind版本 |
|---|---|---|---|
| dns-node | 192.168.100.5 | CentOS 7.9 | 9.11.4 |
2.安装DNS
yum install -y bind bind-utils
3.修改配置文件
perl -0777 -pe 's|/\*.*?\*/||gs; s|//.*||g' /etc/named.conf | grep -v '^\s*$'
options {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { any; };recursion yes;dnssec-enable yes;dnssec-validation yes;bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};
logging {channel default_debug {file "data/named.run";severity dynamic;};
};
zone "." IN {type hint;file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
4.正向解析
perl -0777 -pe 's|/\*.*?\*/||gs; s|//.*||g' /etc/named.rfc1912.zones | grep -v '^\s*$'
zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};
zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};
zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "gsxp.com" IN {type master;file "gsxp.com.zone";allow-update { none; };
};
cat > /var/named/gsxp.com.zone << 'EOF'
$TTL 1D
@ IN SOA gsxp.com. xiep.sgcc.com.cn. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns.gsxp.com.
ns IN A 192.168.100.129
mail IN A 192.168.100.128
EOF
chown root:named gsxp.com.zone
5.反向解析
erl -0777 -pe 's|/\*.*?\*/||gs; s|//.*||g' /etc/named.rfc1912.zones | grep -v '^\s*$'
zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};
zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};
zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "gsxp.com" IN {type master;file "gsxp.com.zone";allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {type master;file "192.168.100.arpa";allow-update { none; };
};
cat > /var/named/192.168.100.arpa << 'EOF'
$TTL 1D
@ IN SOA gsxp.com. xiep.sgcc.com.cn. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS ns.gsxp.com.
ns A 192.168.100.129
129 PTR ns.gsxp.com.
128 PTR mail.gsxp.com.
EOF
chown root:named 192.168.100.arpa
6.启动服务
systemctl start named
systemctl enable named
systemctl status named
7.测试
测试(ns)正向解析
nslookup ns.gsxp.com
结果如下
Server: 192.168.100.129
Address: 192.168.100.129#53Name: ns.gsxp.com
Address: 192.168.100.129
测试(mail)正向解析
nslookup mail.gsxp.com
结果如下
Server: 192.168.100.129
Address: 192.168.100.129#53Name: mail.gsxp.com
Address: 192.168.100.128
测试(ns)反向解析
nslookup 192.168.100.129
结果如下
129.100.168.192.in-addr.arpa name = ns.gsxp.com.
测试(mail)反向解析
nslookup 192.168.100.128
结果如下
128.100.168.192.in-addr.arpa name = mail.gsxp.com.
)
:深入解析交互操作)
