首页 > 代码库 > DNS服务相关概念_学习笔记

DNS服务相关概念_学习笔记

DNS服务的相关概念:

    BIND:Berkeley Internet Name Domain    域名解析

    DNS:Domain Name Server

    主机名:FQDN(Full Qualified DomainName 完全限定域名)

    DNS:名称解析,Name Resloving 名称转换(背后有查询过程,数据库)

        FQDN<-->IP

    NSSwitch:域名解析的平台(这是一个平台,平台上提供多种域名解析的方法)

      方法:

         libnss_file.so

         libnss_dns.so

     /etc/hosts:

        IPADDR            FQDN                        Aliases

        127.0.0.1         www.baidu.com      baidu

    名称组织分配:

        IANA(政府)-->ICANN(民间、顶级域) 

        根域-->TLD(Top Level Domain:组织域(.com .org .net .cc)、国家域(.cn .tw .hk .iq .jp)、

                                                             反向域(IP-->FQDN) )

        DNS查询方法:

                1、递归查询            A-->B-->C|C-->B-->A

                2、迭代查询            A-->B、A--C|C-->A

                根域是不对外进行递归查询的。

        非权威答案:非FQDA直接上级返回的答案

        两段式:递归、迭代

        DNS:分布式查询

            上级只知道直接下级

            下级是无法知道上级的

        DNS服务器:

            接收本地客户端查询请求(递归)

            外部客户端请求:请求权威答案

                    肯定答案:TTL

                    否定答案:TTL

    注:全球有十三个根节点服务起,中国大陆是没有的;这十三个根节点的数据是相同的。

        DNS服务角色:

            主DNS服务器:数据修改

            辅DNS服务器:请求数据同步(数据拉取机制)

                注:主从DNS服务器结构中,如果主服务器宕机了,那么从服务器在确定了多次后一会自我kill

                serial number                    版本号

                refresh                                刷新周期

                retry                                     重试时间

                expire                                  过期时间

                nagactive anwser TTL       否定答案的缓存时间

            缓存DNS服务器

            转发DNS服务器:不缓存解析结果

            

    数据库中的每一个条目都称做一个资源记录(Resource Record,RR)

        格式:

            NAME                        TTL(可省略)            IN          RRT                    VALUE

            www.test.com.                                          IN           A                        1.1.1.1

            www.test1.com.                                        IN           A                        2.2.2.2


            1.1.1.1                                                        IN           PTR                    www.test.com.

        资源记录类型:

            SOA(Start of Authority):起始授权记录,用于表明一个区域内部主从服务器之间如何同步数据,

                                                        以及起始授权对象是谁。

                ZONE NAME        TTL        IN        SOA    FQDN    Administrator_MailBox    (

                                                                                serial number

                                                                                 refresh

                                                                                 retry

                                                                                 expire

                                                                                 na ttl    )

                    @                        600        IN        SOA    www.test.com.    www.test.com    (

                                                                                  20170402

                                                                                   1H

                                                                                    5M

                                                                                    1W

                                                                                     1D )

                    注:   时间单位:H(时)、M(分)、D(天)、W(周)、默认是秒

                                        邮箱格式:admin@test.com-->admin.test.com        @有特殊意义

                                            

            NS                 :Name Server(Zone Name-->FQDN)

                    test.com.                600        IN    NS    www.test1.com

                    www.test1.com       600        IN    A       1.1.1.1

                    test.com.                600        IN    NS    www.test2.com

                    www.test2.com       600        IN    A       1.1.1.2

                        注:成组出现,自己对外宣称自己的功能。

            MX                 :Mail eXchanger(Zone-->FQDN)

                    ZONE NAME            TTL        IN        MX            pri        VALUE

                    test.com                    600       IN        MX            10        mail.test.com.

                     mail.test.com.          600       IN        A                            2.2.2.2

                        注:优先级:0-99,数字越小,优先级越高

            A                    :address(解析IP地址)

            AAAA             :address(解析ipv6地址)

            PTR                 :pointer(反向解析出主机名称)

            CNAME          :Canonical Name(正式名称)FQDN-->FQDN(设置一个主机名的别名)

                    www.test2.com.     600    IN    CNAME        www.test.com.

                        注:别名www.test2.com的正式名称是www.test.com

            TXT

            CHAOS

            SRV

   

    域:    Domain

    区域:Zone

        注:在DNS中domain是一个逻辑的概念,Zone是一个物理概念


    实验环境:

        创建test.com.    192.168.0.0/24 DNS服务器

        首先需要现在上级授权DNS服务器上有记录:

            test.com.            IN        NS            ma.test.com.

            ma.test.com.      IN        NS            192.168.0.1

        在自己的DNS服务器上解析出网络中:

        www        192.168.0.2

        mail         192.168.0.3

            建立两个区域文件:

                正向区域文件:

                    test.com.    IN    SOA    ma.test.com.    ma.test.com.    (

                                                    20170402

                                                    1H

                                                     5M

                                                     1D

                                                      1W )

                www                        600     IN    A        192.168.0.2

                www.baidu.com.    600    IN    A         192.168.0.2

                mail                          600    IN    MX      192.168.0.3


                反向区域文件:

                    0.168.192.in-addr.arpa.    IN    SOA    ma.test.com.    ma.test.com.    (

                                                                            20170402

                                                                            1H

                                                                             5M

                                                                             1D

                                                                              1W )

                  2                                                 600    IN    PTR        www.test.com.

                  2.0.168.192.in-addr.arpa.        600    IN    PTR        www.test.com.

    

    区域传送的类型:

        完全区域传送:axfr

        增量区域传送:ixfr

    区域类型:

            主区域:Master

            从区域:Slave

            提示区域:Hint        定义根在哪里

            转发区域:Forward


BIND的安装配置:

    规划:

            test.com.        172.16.100.0/24

            ns1                  172.16.100.1

            www             172.16.100.1/172.16.100.2

            mail              172.16.100.3

            ftp                 www

    DNS:BIND(Berkeley Internet Name Domain)

            ISC(Internet Systems Consortium:互联网系统协会):www.isc.org

        1、安装bind

                /etc/named.conf            bind的主配置文件

                        BIND进程的工作属性

                        区域的定义

                /etc/rndc.key                (rndc:Remote Name Domain Controller)秘钥文件,

                                                                                                    配置信息:/etc/rndc.conf 

                /var/named/

                          区域数据文件,文件需要自己创建

                /etc/init.d/rc.d/named

                            {start|stop|restart|reload|status}

                            服务启动脚本

                二进制程序名称:named

                bind-chroot:模拟出来一个虚根

                caching-nameserver:可以是DNS服务器立刻成为一个缓存服务器

                bind-devel:是用来给开发人员进行二次开发的

               

                dig(Domain ):dig -t NS . @c.root-servers.net.  使用dig命令直接显示根节点服务器列表

                DNS服务监听的端口和协议:

                    53/tcp     传输数据

                    53/udp    查询使用

                    953/tcp    rndc远程控制工具

          2、配置文件:

                    options  {

                            directory   "/var/named";            #数据文件目录

                            }

                    根区域:

                        zone "ZONE NAME" IN {

                            type {master|slave|hint|forward};

                            } ;

                    主区域:

                            file:"区域数据文件";

                    从区域:

                            file:"区域数据文件";

                            master    {  master1_ip;  master2_ip;  };

                            

                        zone "." IN  {

                            type hint;

                            file "named.ca";

                        };

                        zone "localhost" IN {

                            type master;

                            file "named.localhost";

                        };

                        zone "0.0.127.in-addr.arpa" IN {

                              type master;

                               file "named.loopback";

                        };

                        配置完成检查配置命令:

                            named-checkconf         检查配置文件是否有错误

                            named-checkzone "." /var/named/named.ca

                            named-checkzone "localhost" /var/named/named.localhost

                            named-checkzone "0.0.127.ip-addr.arpa" /var/named/named.loopback

                        启动服务:service named start         日志:/var/log/message

                    dig的使用用法:    dig -t RT    NAME    @DNS_IP

                    host的用法同dig,只不过dig没法使用@命令

                        host -t  RT    NAME    

                    nslookup:交互式

                            server  192.168.100.1    明确指定使用192.168.100.1的DNS服务器,切换DNS服务器

                            set q=a                              查询A记录

                            www.test.com.

                            

                            Example For:

                                dig -t NS    test.com.    @192.168.100.1

                                dig -t A    www.test.com.

                                dig -t CNAME    ftp.test.com

                                dig -t MX    mail.test.com

                                dig -x IP            根据ip查询FQDN

                     named服务配置实例:

                        Example For:

                            设置配置文件:

                                /etc/named.conf     权限640    root:named

                                    内容:

                                         options  {

                                                 directory    "var/named";

                                            };

                                    zone "."  IN  {

                                            type master;

                                            file    "named.ca";

                                            };

                                    zone "localhost"    IN    {

                                            type    master;

                                            file    "named.localhost";

                                            };

                                    zone    "0.0.127.in-addr.arpa"    IN    {

                                            type    master;

                                            file    "named.loopback";

                                            };

                                    zone   "test.com."    IN    {

                                            type    master;

                                            file    "test.com.zone";

                                            allow-transfer    { 172.16.100.2;  };               #只允许这个主机进行区域传送

                                            };

                                    zone "100.168.192.in-addr.arpa"  IN    {

                                            type    master;

                                            file        "100.168.192.in-addr.arpa.zone;

                                            allow-transfer    { 172.16.100.2; };                #只允许这个主机进行区域传送

                                            };

                              创建正向数据文件"test.com.zone",修改文件权限为640 root:named

                                        touch /var/named/test.com.zone

                                        chmod 640 /var/named.com.zone

                                        chown root:named    /var/named.zone

                              编辑正向数据文件:

                                      $TTL 600

                                            @    IN    SOA    ns1.test.com.    admin.test.com.    (

                                                                        20170403

                                                                         1D

                                                                         5M

                                                                         1H

                                                                         1W    )

                                             @            IN    NS             ns1.test.com.

                                                             IN    MX            mail.test.com.

                                             ns1          IN    A               172.16.100.1

                                             mail        IN    A                172.16.100.3

                                             www       IN    A                172.16.100.1

                                             www       IN    A                172.16.100.2

                                              ftp          IN    CNAME      www.test.com.

                                   检查配置文件,检查zone文件,启动服务:

                                               named-checkconfig

                                                named-checkzone "test.com.zone" /var/named/test.com.zone

                                                service named start

                            编辑反向数据文件:

                                    $TTL 600

                                      @        IN    SOA    ns1.test.com.  admin.test.com. (

                                                                                20170404

                                                                                1H

                                                                                5M

                                                                                30M

                                                                                1W    )

                                        @                IN            NS                ns1.test.com.

                                        ns1             IN            A                   172.16.100.1

                                        1                 IN            PTR                ns1.test.com.

                                        3                 IN            PTR                mail.test.com.

                                        1                 IN            PTR                www.test.com.

                                        2                 IN            PTR                www.test.com.

                                        

        DNS主从复制及区域传送:

                

                配置文件:

                        options {

                            directory    "/var/named"                                    #定义数据文件位置

                            recursion yes|no                                                  #默认是允许为其他递归查询的

                            allow-recursion    { 172.16.100.0/24; };            #只允许为指定网段进行递归查询

                            allow-query    100.100.1.1;                                 #用来定义只允许某个人来查询的

                            allow-transfer    { 172.16.100.2; };                    #定义允许那个服务器区域传送zone信息

                            notify    yes;                                                          #通知从服务器来主服务器同步数据

                                };


                        验证方法:

                                dig +recurse    -t A www.baidu.com @172.16.100.1     #默认是允许递归查询的

                                dig +norecurse -t A www.baidu.com @172.16.100.1

                                dig +trace -t A www.baidu.com @172.16.100.1                #查看解析的过程

                                dig -t axfr  test.com    @172.16.100.1    #完全区域传送,会将区域test.com的解析全不传送到本机显示

                                           dig -t IXFR=20170403    test.com @172.16.100.1    #增量区域传送,会显示指定版本号后的增

                                                                                                                                                                    加记录数

                                                                                                                                

                        学习的暂时就这些吧,以后如果再有其他的在更新。。。。。。。



DNS服务相关概念_学习笔记