DNS

网友投稿 213 2022-11-08

DNS

DNS 工作的原理

# 从根一级一级的查找,直到找到主机名的时候根域一级域名：Top Level Domain: tld com, edu, mil, gov, net, org, int,arpa 三类：组织域、国家域(.cn, .ca, .hk, .tw)、反向域二级域名：magedu.com 三级域名：study.magedu.com 最多可达到127级域名

DNS**查询类型**

递归查询：最终结果，负责到底迭代查询：最好结果，不负责到底

比如你反问 wwjd.com 或者 jd.com 一样都可以访问京东

DNS安装包

#服务端安装包

[root@c8~]# yum install bind bind-utils -y # bind-ulits 是依赖包 [root@c7-117-dns-server ~]# rpm -ql bind |head /etc/logrotate.d/named /etc/named /etc/named.conf /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/rndc.conf /etc/rndc.key /etc/rwtab.d/named /etc/sysconfig/named

#开启服务服务

[root@c8 ~]# systemctl start named [root@c8 ~]# ss -tnlu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 127.0.0.1:53 *:* udp UNCONN 0 0 ::1:53 :::* tcp LISTEN 0 10 127.0.0.1:53 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 128 127.0.0.1:953 *:* tcp LISTEN 0 100 127.0.0.1:25 *:* tcp LISTEN 0 10 ::1:53 :::* tcp LISTEN 0 128 :::22 :::* tcp LISTEN 0 128 ::1:953 :::* tcp LISTEN 0 100 ::1:25 :::* #监听端口 TCP53 UDP53

#自己用自己搭建的DNS服务器来上网

[root@c8 ~]# nmcli connection reload [root@c8 ~]# nmcli connection up eth0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) #这样子自己作为DNS服务器就可以解析外网了 [root@C8-38-DNS-Server~]#ping baidu.com PING baidu.com (39.156.69.79) 56(84) bytes of data. 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=128 time=41.7 ms 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=2 ttl=128 time=42.8 ms #用centos8做的实验。centos7 未成功

#客服端安装包

yum install bind-utils -y #客服端访问baidu请求 10.0.0.38的主机 [root@C8-88 ~]# ping baidu.com ping: baidu.com: Name or service not known #抓包发现有请求报文 [root@C8-38-DNS-Server~]#tcpdump -i eth0 udp port 53 -nn dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 20:03:59.571550 IP 10.0.0.88.49794 > 10.0.0.38.53: 26779+ A? baidu.com. (27) 20:03:59.571620 IP 10.0.0.88.49794 > 10.0.0.38.53: 53151+ AAAA? baidu.com. (27) 20:03:59.572033 IP 10.0.0.88.55531 > 10.0.0.38.53: 26779+ A? baidu.com. (27) #原因：只是为 127.0.0.1 服务的 [root@C8-38-DNS-Server~]#ss -tnlu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* udp UNCONN 0 0 [::1]:53 [::]:* tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:953 0.0.0.0:* tcp LISTEN 0 80 *:3306 *:* tcp LISTEN 0 10 [::1]:53 [::]:* tcp LISTEN 0 128 [::]:22 [::]:* tcp LISTEN 0 128 [::1]:953 [::]:* [root@C8-38-DNS-Server~]#

只给某个个特定的IP提供服务

#删除路由让其无法上网 [root@C8-88 ~]# ip route 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.88 metric 100 [root@C8-88 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 [root@C8-88 ~]# ping baidu.com connect: Network is unreachable #清空缓存 [root@C8-38-DNS-Server~]#rndc flush

根 ca

[root@c7-117-dns-server ~]# cat /var/named/named.ca ; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 518400 IN A 198.41.0.4 b.root-servers.net. 518400 IN A 199.9.14.201 c.root-servers.net. 518400 IN A 192.33.4.12 d.root-servers.net. 518400 IN A 199.7.91.13 e.root-servers.net. 518400 IN A 192.203.230.10 f.root-servers.net. 518400 IN A 192.5.5.241 g.root-servers.net. 518400 IN A 192.112.36.4 h.root-servers.net. 518400 IN A 198.97.190.53 i.root-servers.net. 518400 IN A 192.36.148.17 j.root-servers.net. 518400 IN A 192.58.128.30 k.root-servers.net. 518400 IN A 193.0.14.129 l.root-servers.net. 518400 IN A 199.7.83.42 m.root-servers.net. 518400 IN A 202.12.27.33 a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 518400 IN AAAA 2001:500:200::b c.root-servers.net. 518400 IN AAAA 2001:500:2::c d.root-servers.net. 518400 IN AAAA 2001:500:2d::d e.root-servers.net. 518400 IN AAAA 2001:500:a8::e f.root-servers.net. 518400 IN AAAA 2001:500:2f::f g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d h.root-servers.net. 518400 IN AAAA 2001:500:1::53 i.root-servers.net. 518400 IN AAAA 2001:7fe::53 j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 518400 IN AAAA 2001:7fd::1 l.root-servers.net. 518400 IN AAAA 2001:500:9f::42 m.root-servers.net. 518400 IN AAAA 2001:dc3::35 ;; Query time: 24 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Thu Apr 05 15:57:34 CEST 2018 ;; MSG SIZE rcvd: 811

各种资源记录

区域解析库：由众多RR组成：资源记录：Resource Record, RR 记录类型：A, AAAA, PTR, SOA, NS, CNAME, MX SOA：Start Of Authority，起始授权记录；一个区域解析库有且仅能有一个SOA记录，必须位于解析库的第一条记录 A：internet Address，作用，FQDN --> IP AAAA：FQDN --> IPv6 PTR：PoinTeR，IP --> FQDN NS：Name Server，专用于标明当前区域的DNS服务器 CNAME ： Canonical Name，别名记录 MX：Mail eXchanger，邮件交换器 TXT：对域名进行标识和说明的一种方式，一般做验证记录时会使用此项，如：SPF（反垃圾邮件）记录，https验证等，如下示例： _dnsauth TXT 2012011200000051qgs69bwoh4h6nht4n1h0lr038x

资源记录定义的格式

name [TTL] IN rr_type value

让配置文件调用数据库

[root@C8-38-DNS-Servernamed]#vim /etc/named.rfc1912.zones

[root@C8-38-DNS-Servernamed]#named-checkconf 检查

[root@C8-38-DNS-Servernamed]#rndc reload #重启服务 server reload successful

bind-utils 提供工具

[root@c7-117-dns-client ~]# host magedu.org -bash: host: command not found [root@c7-117-dns-client ~]# yum install bind-utils -y &>/dev/null [root@c7-117-dns-client ~]# host magedu.org magedu.org is an alias for websrv.magedu.org. websrv.magedu.org has address 10.0.0.88 websrv.magedu.org has address 10.0.0.78 [root@c7-117-dns-client ~]# dig magedu.org ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> magedu.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2854 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;magedu.org. IN A ;; ANSWER SECTION: magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 10.0.0.78 websrv.magedu.org. 86400 IN A 10.0.0.88 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS ns1.magedu.org. ;; ADDITIONAL SECTION: ns1.magedu.org. 86400 IN A 10.0.0.38 ;; Query time: 2 msec ;; SERVER: 10.0.0.38#53(10.0.0.38) ;; WHEN: Sun Jul 11 08:29:26 CST 2021 ;; MSG SIZE rcvd: 130

nslookup命令

host dig

泛域名

[root@C8-38-DNS-Servernamed]#rndc reload server reload successful

扩展

反向解析

#建立反向的区域记录： [root@C8-38-DNS-Server~]#grep -A 6 '0.0.10' /etc/named.rfc1912.zones zone "0.0.10.in-addr.arpa" IN { type master; file "10.0.0.zone"; }; [root@C8-38-DNS-Server~]#vim /var/named/10.0.0.zone

[root@C8-38-DNS-Server~]#named-checkzone 0.0.10.in-addr.arpa /var/named/10.0.0.zone zone 0.0.10.in-addr.arpa/IN: loaded serial 1 OK [root@C8-38-DNS-Server~]#rndc reload rndc: connect failed: 127.0.0.1#953: connection refused [root@C8-38-DNS-Server~]#vim /var/named/10.0.0.zone [root@C8-38-DNS-Server~]#vim /etc/named.rfc1912.zones [root@C8-38-DNS-Server~]#systemctl restart named [root@C8-38-DNS-Server~]#rndc reload server reload successful [root@C8-38-DNS-Server~]#rndc reload server reload successful #反向解析 [root@c7-117-dns-client ~]# dig -x 10.0.0.78 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> -x 10.0.0.78 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24294 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;78.0.0.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 78.0.0.10.in-addr.arpa. 86400 IN PTR websrv.magedu.com. ;; AUTHORITY SECTION: 0.0.10.in-addr.arpa. 86400 IN NS ns1.magedu.org. ;; ADDITIONAL SECTION: ns1.magedu.org. 86400 IN A 10.0.0.38 ;; Query time: 0 msec ;; SERVER: 10.0.0.38#53(10.0.0.38) ;; WHEN: Sun Jul 11 16:44:22 CST 2021 ;; MSG SIZE rcvd: 126 [root@c7-117-dns-client ~]# dig -x 10.0.0.88 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> -x 10.0.0.88 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34704 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;88.0.0.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 88.0.0.10.in-addr.arpa. 86400 IN PTR websrv2.magedu.com. ;; AUTHORITY SECTION: 0.0.10.in-addr.arpa. 86400 IN NS ns1.magedu.org. ;; ADDITIONAL SECTION: ns1.magedu.org. 86400 IN A 10.0.0.38 ;; Query time: 0 msec ;; SERVER: 10.0.0.38#53(10.0.0.38) ;; WHEN: Sun Jul 11 16:44:29 CST 2021 ;; MSG SIZE rcvd: 127

从DNS服务器

[root@C8-98-slave-DNS ~]# grep -A 6 'magedu.org' /etc/named.rfc1912.zones zone "magedu.org" IN { type slave; masters {10.0.0.38;}; file "slave/magedu.org.zone.slave"; }; #修改配置文件 [root@C8-98-slave-DNS ~]# grep -A 10 '^options' /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { localhost; }; [root@C8-98-slave-DNS ~]# rpm -q bind bind-9.11.26-4.el8_4.x86_64 [root@C8-98-slave-DNS ~]# rpm -q bind-utils bind-utils-9.11.26-4.el8_4.x86_64 [root@C8-98-slave-DNS ~]# systemctl disable --now firewalld [root@C8-98-slave-DNS ~]# systemctl enable --now named #客服端用从DNS服务器来测试 [root@c7-117-dns-client ~]# dig magedu.org @10.0.0.98 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> magedu.org @10.0.0.98 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6207 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;magedu.org. IN A ;; ANSWER SECTION: magedu.org. 86400 IN CNAME websrv.magedu.org. websrv.magedu.org. 86400 IN A 10.0.0.78 websrv.magedu.org. 86400 IN A 10.0.0.88 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS ns1.magedu.org. ;; ADDITIONAL SECTION: ns1.magedu.org. 86400 IN A 10.0.0.38 ;; Query time: 0 msec ;; SERVER: 10.0.0.98#53(10.0.0.98) ;; WHEN: Sun Jul 11 17:20:30 CST 2021 ;; MSG SIZE rcvd: 130

#从服务器自动获取数据库文件

[root@C8-98-slave-DNS named]# ls /var/named/slaves/ magedu.org.zone.slave [root@C8-89-slave-DNS named]# \rm /var/named/slaves/magedu.org.zone.slave [root@C8-98-slave-DNS named]# rndc reload server reload successful [root@C8-98-slave-DNS named]# ls /var/named/slaves/ [root@C8-98-slave-DNS named]# ls /var/named/slaves/ [root@C8-98-slave-DNS named]# systemctl restart named [root@C8-98-slave-DNS named]# ls /var/named/slaves/ magedu.org.zone.slave [root@C8-98-slave-DNS named]#

#实现从服务器自动同步不仅要刷新时间还要添加NS 和A记录

问题：做一个DNS从服务器都不需要主服务器的同意，太危险，如何解决？？？？？

# 10.0.0.68 和DNS服务器没有任何关系却轻松抓取区域数据 [root@C8-68-DNS ~]# yum install bind-utils -y &>/dev/null [root@C8-68-DNS ~]# dig -t axfr magedu.org @10.0.0.38 ; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> -t axfr magedu.org @10.0.0.38 ;; global options: +cmd magedu.org. 86400 IN SOA ns1.magedu.org. admin.magedu.org. 20210711 86400 3600 604800 10800 magedu.org. 86400 IN A 10.0.0.88 magedu.org. 86400 IN MX 10 mailsrv.magedu.org. magedu.org. 86400 IN MX 20 mailsrv2.magedu.org. magedu.org. 86400 IN NS ns1.magedu.org. magedu.org. 86400 IN NS ns2.magedu.org. *.magedu.org. 86400 IN A 10.0.0.78 mailsrv.magedu.org. 86400 IN A 10.0.0.78 mailsrv2.magedu.org. 86400 IN A 10.0.0.88 ns1.magedu.org. 86400 IN A 10.0.0.38 ns2.magedu.org. 86400 IN A 10.0.0.98 websrv.magedu.org. 86400 IN A 10.0.0.78 websrv.magedu.org. 86400 IN A 10.0.0.88 magedu.org. 86400 IN CNAME websrv.magedu.org. magedu.org. 86400 IN SOA ns1.magedu.org. admin.magedu.org. 20210711 86400 3600 604800 10800 ;; Query time: 0 msec ;; SERVER: 10.0.0.38#53(10.0.0.38) ;; WHEN: Sun Jul 11 09:11:35 CST 2021 ;; XFR size: 15 records (messages 1, bytes 385) [root@C8-68-DNS ~]#

从服务器不许任何机器来同步数据

子域授权

[root@C8-128-DNS-Son ~]# yum install bind -y ;systemctl enable --now named [root@C8-128-DNS-Son ~]# systemctl disable --now firewalld [root@C8-128-DNS-Son ~]# grep -A 10 '^option' /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { localhost; }; allow-transfer { none; }; [root@C8-128-DNS-Son ~]# rsync -az 10.0.0.38:/var/named/magedu.org.zone /var/named/sh.magedu.org.zone root@10.0.0.38's password: #编辑配置文件 [root@C8-128-DNS-Son ~]# vim /var/named/sh.magedu.org.zone $TTL 1D @ IN SOA ns1 admin.magedu.org. ( 20210711 1D 1H 1W 3H ) NS ns1 ns1 A 10.0.0.128 CNAME websrv websrv A 10.0.0.128 #定义区域 [root@C8-128-DNS-Son ~]# grep -A 6 'sh.magedu.org' /etc/named.rfc1912.zones zone "sh.magedu.org" IN { type master; file "sh.magedu.org.zone"; }; #修改权限属组改为named 因为用rsync 传递丢失了属性，属组丢失了 [root@C8-128-DNS-Son ~]# ll /var/named/sh.magedu.org.zone -rw-r-----. 1 root named 169 Jul 11 10:29 /var/named/sh.magedu.org.zone

#将10.0.0.128主机的IP写入到父域的记录里

DNS 转发

全局转发：

#转发服务器的配置

yum install bind -y systemctl disable --now firewalld systemctl enable --now named

[root@C8-38-DNS-Servernamed]#rndc stop DNS服务器关闭服务 [root@C8-68-DNS ~]# rndc flush #转发服务器清空缓存 root@c7-117-dns-client ~]# dig magedu.org @10.0.0.68 #客服端无法用转发服务器来解析

firest ：若DNS找不到就到互联网找，找到的结果反馈给客服

only：若DNS 服务器找不到就直接找不到，不到互联网上找

智能DNS

标签：工具

暂时没有评论，来抢沙发吧~

DNS

linux cpu占用率如何看

宝塔数据库如何清理缓存

oracle怎么创建存储过程

推荐文章

api接口有哪几种分类及功能

什么是API接口?API接口简单介绍

短信API接口概述，短信API接口的优势

7款快递物流的物流查询API工具，物流快递查询API接口怎么对接？

企业四要素: 了解企业经营成功的关键

什么是语音验证码?,语音验证码平台有哪些

全国工商查询系统怎么查企业名录

哪些平台提供实名认证的接口？

PHP如何调用API接口?

如何使用百度天气预报API接口?

最近发表

热评文章

数据接口api（数据接口API开发平台）

数据开放接口api（数据服务api开发）

Python爬虫教程：爬取酷狗音乐（python爬取

hbuilder怎么更改字体大小和颜色

直播平台api接口 - 构建卓越的直播平台

实时股票数据api接口（股票实时行情api接口）