Linux中DNS配置
很多平臺平臺提供雲解析功能,所謂的雲解析就是一個DNS伺服器,一般情況下,在域名的提供商購買一個域名之後,會指定一個NS記錄,例如,在域名的提供商購買一下域名miner-k.com.需要設定雲解析記錄。NS記錄的值指向雲解析提供的域名地址(ns1.alidns.com、ns2.alidns.com)
購買域名常見的有兩種場景:
- 在公司內部構建一個域環境,公司內部配置很多的主機
- 直接將域名設定為主機名。(只使用一臺伺服器)
基本知識
DNS:Domain name service 域名解析服務
FQDN:Full Qualified Domain Name,完全合格域名
TLD:Top level Domain 頂級域
組織域:.com、.org、.net、.cc
國家域:.cn、.tw、.hk、jp
反向域:IP —> FQDN
反向:IP —> FQDN
正向:FQDN —> IP
查詢方式:
查詢方式有兩種:遞迴、迭代
遞迴:客戶端向本地的DNS伺服器查詢,本地的DNS伺服器沒有記錄需要向其他的域名伺服器查詢,並將查詢到的結果返回該客戶端
迭代:以查詢www.qq.com.本地DNS伺服器查詢時,先向根(root)DNS伺服器查詢,根伺服器告知本地的DNS伺服器qq.com的NS、A記錄。本地的DNS伺服器向qq.com伺服器查詢www.qq.com對應的A記錄
DNS伺服器:
接受本地客戶端查詢(遞迴)
外部客戶端請求:請求權威答案
肯定答案:TTL
否定答案:TTL
外部客戶端請求:非權威答案
快取DNS伺服器:
注意:一個公司申請一個域名(qq.com),在com的DNS伺服器上指定了qq.com的主機指定到一個IP地址,在公司用構建一個DNS伺服器,可以分配不同的主機名給不同的伺服器。例如:www.baidu.com、ftp.baidu.com、yunpan.baidu.com、tv.baidu.com等。
資料庫中的每一條記錄稱為一個資源記錄(Resource Record,RR)
資源記錄的格式
| NAME(名稱) | TTL(可省略有全域性) | IN(internal網際網路) | RRT(Resource Record Type 資源記錄型別) | VALUE |
|---|---|---|---|---|
| 起始授權機構 | 預設設定為60分鐘 | 網際網路(IN) | SOA(start of authority設定主從伺服器的同步,其實授權的物件) | 所有者名稱、伺服器的DNS名稱、序列號、重新整理間隔、重試時間、過期時間、最小TTL |
| 主機名 | 記錄特定的TTL時間(如果存在),否則為區域TTL | 網際網路(IN) | A (IPv4)、AAAA(IPv4)、PTR(反向解析) | 所有者名稱、IP地址 |
| 名稱伺服器(Name Server) | 記錄特定的TTL時間(如果存在),否則為區域TTL | 網際網路(IN) | NS | 區域名稱(Zone Name)、名稱伺服器的名稱 |
| 郵件交換器 | 記錄特定的TTL時間(如果存在),否則為區域TTL | 網際網路(IN) | MX | 區域名稱(Zone Name)、郵件交換伺服器、DNS名稱的首選值(優先順序,0-99,資料越小,優先順序越高) |
| 別名 | 記錄特定的TTL時間(如果存在),否則為區域TTL | 網際網路(IN) | CNAME(Canonical Name) | 所有者名稱、主機的DNS名稱 |
資源記錄型別:
SOA(Start Of Authority):
ZONE NAME TTL IN SOA FQDN(主DNS的名稱) ADMINISTRATOR_MAILBOX (
serial number
refresh
retry
expire
na ttl )
serial number :序列號
refresh: 重新整理時間,間隔多長時間向主伺服器檢測一次
retry: 重試時間,當第一次檢查主伺服器失敗之後間隔重試的時間(一定要比refresh小)
expire: 過期時間,從伺服器連線不到主伺服器的時間
nagative answer TTL:否定答案的快取時間
時間單位:M(分鐘)、H(小時)、D(天)、W(周),預設單位是秒
郵箱格式:admin@miner.com -寫為-> admin.miner.com
miner.com. 600 IN SOA ns1.miner.com. admin.miner.com. (
2013040101
1H
5M
1W
1D )
NS(Name Server): ZONE NAME --> FQDN #miner.com的域名伺服器時ns1.miner.com
miner.com. 600 IN NS ns1.miner.com.
miner.com. 600 IN NS ns2.miner.com.
ns1.miner.com. 600 IN A 1.1.1.2
ns2.miner.com. 600 IN A 1.1.1.5
MX(Mail eXchanger): ZONE NAME --> FQDN
ZONE NAME TTL IN MX pri VALUE
優先順序:0-99,數字越小級別越高
miner.com. 600 IN MX 10 mail.miner.com.
mail.miner.com. 600 IN A 1.1.1.3
A(address): FQDN-->IPv4
AAAA:FQDN-->IPv6
PTR(pointer):IP-->FQDN
CNAME(Canonical NAME): FQDN-->FQDN # www2.miner.com是www.miner.com的別名
www2.miner.com. IN CNAME www.miner.com.
泛域名解析:
*.miner-k.com. IN A 1.1.1.3
所有的以miner-k.com 中的地址指向1.1.1.3
TXT
CHAOS
SRV
socket套接字:IP+埠
域:Domain
區域:Zone
域是邏輯概念、區域是物理概念,區域分為正向區域和反向區域(都有配置檔案)。
部署環境
[root@miner_k ~]# cat /etc/redhat-release
CentOS release 6.9 (Final)
[root@miner_k ~]#
部署
BIND (Berkeley Internet Name Domain)
安裝
[root@cxy-65 ~]# yum -y install bind bind-utils bind-libs
[root@cxy-65 ~]# rpm -qa | grep bind
bind-9.8.2-0.62.rc1.el6_9.4.x86_64 #主要安裝包
bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64 #bind工具
rpcbind-0.2.0-13.el6_9.1.x86_64
bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64 #bind庫檔案配置檔案
[root@miner_k ~]# rpm -qc bind-9.8.2-0.62.rc1.el6_9.4.x86_64
/etc/logrotate.d/named
/etc/named.conf #主配置檔案
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf #Remote name domain controller 遠端域名伺服器控制器
/etc/rndc.key #金鑰檔案
/etc/sysconfig/named
/var/named/named.ca #13個根節點的IP地址
/var/named/named.empty
/var/named/named.localhost #本地主機名的正向解析
/var/named/named.loopback #本地主機名的反向解析
區域檔案配置的格式:
區域:
zone "ZONE NAME" IN {
type {master|slave|hint|forward};
};
主區域:
file "區域資料檔案"; #可以是相對路徑,也可以是絕對路徑
從區域:
file "區域資料檔案";
masters { master1_ip; };
修改主配置檔案/etc/named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
};
zone "." IN { #根區域的配置
type hint;
file "named.ca";
};
zone "localhost" IN { #localhost的區域配置
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN { #127.0.0.1的反向解析區域配置
type master;
file "named.loopback";
};
acl 配置
格式:
acl string { address_match_element; ... };例項:
acl internet {
192.168.3.0/24;
10.0.0.0/24;
172.16.8.2;
};
options {
directory "/var/named";
allow-query-cache { internet;};
};
opetions 中的配置
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named"; #區域配置檔案的位置
allow-recursion { 192.168.1.0/24; }; #設定允許遞迴的網段。
recursion no; #no,不允許所用的客戶端遞迴; yes,允許客戶遞迴
allow-query { any; }; #指定查詢的客戶端
allow-transfer { 122.112.217.171/32; }; #在指定的主機上設定允許區域傳送。
forward ( first | only ); #轉發,first首先轉發,only只轉發
forwarders { 192.168.12.1;}; #如果此DNS解析不了轉發到指定的IP地址的伺服器上。
};配置檔案的語法檢查
# 檢視配置檔案的許可權是否有640、屬組是否為named
[root@miner-k etc]# ll /etc/named.conf
-rw-r----- 1 root named 300 Aug 14 10:58 /etc/named.conf
# 檢查named.conf是否有語法問題
[root@miner-k ~]# named-checkconf
#檢查區域配置檔案是否有問題
[root@miner-k ~]# named-checkzone "localhost" /var/named/named.localhost
zone localhost/IN: loaded serial 0
OK
[root@miner-k ~]# named-checkzone "0.0.127.in-addr.apra" /var/named/named.lo
named.localhost named.loopback
[root@miner-k ~]# named-checkzone "0.0.127.in-addr.apra" /var/named/named.loopback
zone 0.0.127.in-addr.apra/IN: loaded serial 0
OK
埠
53/tcp
53/tcp
953/tcp rndc
通常DNS是以UDP這個較快速的資料傳輸協議來查詢的,但是萬一沒有辦法查詢到完整的資訊時,會再次以TCP這個協議重新查詢。
例項
例項(場景一)
需求
在域名的供應商購買一個域名miner.com,本地部署一個DNS伺服器,分別指定不同的不同的主機www.miner.com、ftp.miner.com、www2.miner.com是www的別名。
com的DNS部署(為了解結構原理)
設定主配置檔案
[root@com ~]# vim /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
// 下面這部分是必須寫的
zone "com" IN {
type master;
file "com.zone";
};
檢視許可權:
配置檔案的許可權是640,屬組是named,
[root@com ~]# ll /etc/named.conf
-rw-r----- 1 root named 282 Aug 17 11:25 /etc/named.conf
設定區域配置檔案:
[root@com ~]# vim /var/named/com.zone
$TTL 600
@ IN SOA ns1.com. admin.miner.com (
20170817
1D
1H
1W
3H
)
IN NS ns1.com.
ns1 IN A 127.0.0.1
miner-k IN A *.*.217.247 #此處可以使用NS記錄,但是必須能就解析記錄名稱。此處的"*"是將真實IP地址遮擋了。
或者
miner-k IN NS ns2.alidns.com #如果是使用阿里的雲解析可以設定為ns2.alidns.com或者ns1.alidns.com
miner.com的DNS部署
公司內網DNS伺服器(正向)
主配置檔案
# 編輯主配置檔案
[root@miner ~]# vim /etc/named.conf
[root@miner ~]# cat /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.apra" IN {
type master;
file "named.loopback";
};
zone "miner-k.com" IN {
type master;
file "miner-k.com.zone";
};
#檢視主配置檔案的許可權
[root@miner ~]# ll /etc/named.conf
-rw-r----- 1 root named 294 Aug 14 15:45 /etc/named.conf
[root@miner ~]# named-checkconf
配置區域配置檔案
# 修改區域配置檔案
[root@miner ~]# vim /var/named/miner-k.com.zone
[root@miner ~]# cat /var/named/miner-k.com.zone
$TTL 600
miner-k.com. IN SOA ns1.miner-k.com. admin.miner-k.com (
20170814
1H
5M
1W
5D)
#miner-k.com.中的最後一個"."是不可省略的,此處的值可以使用"@" 代替
#ns1.miner-k.com 是miner.com域的DNS伺服器的名稱,此處必須是名稱
#admin.miner-k.com 是郵箱,本應該的有些地址為amdin@miner-k.com。但是在區域配置檔案中"@"有特殊的含義,故只能使用者"."代替。
IN NS ns1.miner-k.com. # 該記錄和上一條記錄相同故可以省略開頭,設定為空格。最後的ns1.miner-k.com可以省略為ns1
ns1 IN A 10.0.1.53
www IN A 10.0.1.57
ftp IN CNAME www
#設定許可權
[root@miner-k ~]# chmod 640 /var/named/miner-k.com.zone
[root@miner-k ~]# chown root:named /var/named/miner-k.com.zone
#檢查語法
[root@miner-k ~]# named-checkzone "miner-k.com" /var/named/miner-k.com.zone
zone miner-k.com/IN: loaded serial 20170814
OK反向區域配置
在主配置檔案中增加反向區域配置檔案的內容
[root@miner-k ~]# tail -5 /etc/named.conf
zone "49.78.117.in-addr.arpa" IN {
type master;
file "117.78.49.zone";
};
設定反向區域配置檔案
[root@miner-k ~]# cat /var/named/117.78.49.zone
$TTL 600
@ IN SOA ns1.miner-k.com. admin.miner-k.com (
20170817
1D
1H
1w
1M
)
IN NS ns1.miner-k.com. #此處的配置最後必須加".",否則會自動117.78.49.in-addr.apra
247 IN PTR ns1.miner-k.com.
247 IN PTR www.miner-k.com.設定區域配置檔案的許可權
[root@miner-k ~]# chmod 640 /var/named/117.78.49.zone
[root@miner-k ~]# chown root:named /var/named/117.78.49.zone
例項(場景二)
購買域名之後指向一個臺伺服器,這種配置比較簡單,直接在域名提供商的解析中設定一條A記錄即可。
主從複製
架構:
master IP:117.78.49.247
slave IP:122.112.217.171
主伺服器的配置:
[root@master ~]# cat /etc/named.conf
options {
directory "/var/named";
allow-query { any; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.apra" IN {
type master;
file "named.loopback";
};
zone "miner-k.com" IN {
type master;
file "miner-k.com.zone";
};
zone "49.78.117.in-addr.arpa" IN {
type master;
file "117.78.49.zone";
};
在區域配置檔案中指定從伺服器的IP地址
[root@master ~]# cat /var/named/miner-k.com.zone
$TTL 600
@ IN SOA ns1.miner-k.com. admin.miner.com (
20170819
1H
5M
1W
3H
)
IN NS ns1.miner-k.com.
ns1 IN A 127.0.0.1
@ IN NS ns2
ns2 IN A 122.112.217.171 # 從伺服器IP地址必須寫
www IN A 117.78.49.24
ftp IN A 117.78.49.24
pop IN A 117.78.49.24
從伺服器的配置:
從伺服器的配置和主伺服器的配置相似,只是部分需要修改,故在配置從伺服器時,只需要修改部分的配置即可。
從伺服器需要同步主伺服器的配置需要有完全區域傳送的許可權
[root@slave ~]# cat /etc/named.conf
options {
directory "/var/named";
allow-query { any; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.apra" IN {
type master;
file "named.loopback";
};
zone "miner-k.com" IN {
type slave; #設定引數是slave,表示為從伺服器
masters { 117.78.49.247; }; #設定主伺服器的IP地址
file "slaves/miner-k.com.zone"; #設定從伺服器的區域配置檔案的存放位置。切記需要檢視slaves目錄的許可權
};
zone "49.78.117.in-addr.arpa" IN {
type slave;
masters { 117.78.49.247; };
file "slaves/117.78.49.zone";
};
從伺服器區域配置檔案的目錄許可權
[root@slave ~]# ls -ld /var/named/slaves/
drwxrwx--- 2 named named 4096 Aug 17 22:20 /var/named/slaves/
檢視是否有完全區域傳送的許可權
[root@slave ~]# dig -t axfr miner-k.com @117.78.49.247
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t axfr miner-k.com @117.78.49.247
;; global options: +cmd
miner-k.com. 600 IN SOA ns1.miner-k.com. admin.miner.com.miner-k.com. 20170817 3600 300 604800 10800
miner-k.com. 600 IN NS ns1.miner-k.com.
ns1.miner-k.com. 600 IN A 127.0.0.1
www.miner-k.com. 600 IN A 117.78.49.24
miner-k.com. 600 IN SOA ns1.miner-k.com. admin.miner.com.miner-k.com. 20170817 3600 300 604800 10800
;; Query time: 31 msec
;; SERVER: 117.78.49.247#53(117.78.49.247)
;; WHEN: Thu Aug 17 15:12:09 2017
;; XFR size: 5 records (messages 1, bytes 171)
測試
修改主伺服器的區域配置檔案
[root@master ~]# cat /var/named/miner-k.com.zone
$TTL 600
@ IN SOA ns1.miner-k.com. admin.miner.com (
20170820 #修改序列號,在以前的基礎上加1
1H
5M
1W
3H
)
IN NS ns1.miner-k.com.
ns1 IN A 127.0.0.1
@ IN NS ns2
ns2 IN A 122.112.217.171
www IN A 117.78.49.24
ftp IN A 117.78.49.24
pop IN A 117.78.49.24
hello IN A 117.78.49.20 #增加一條記錄
主伺服器上檢視日誌
[root@master ~]# service named reload
Reloading named: [ OK ]
[root@master ~]# tailf /var/log/messages
Aug 17 22:45:12 ecs-8c70 named[13161]: reloading configuration succeeded
Aug 17 22:45:12 ecs-8c70 named[13161]: reloading zones succeeded
Aug 17 22:45:12 ecs-8c70 named[13161]: zone miner-k.com/IN: loaded serial 20170820
Aug 17 22:45:12 ecs-8c70 named[13161]: zone miner-k.com/IN: sending notifies (serial 20170820)
Aug 17 22:45:12 ecs-8c70 named[13161]: client 122.112.217.171#55585: transfer of 'miner-k.com/IN': AXFR-style IXFR started
Aug 17 22:45:12 ecs-8c70 named[13161]: client 122.112.217.171#55585: transfer of 'miner-k.com/IN': AXFR-style IXFR ended
rndc 配置
生成RNDC的配置檔案
[root@ecs-8c70 ~]# rndc-confgen > /etc/rndc.conf
[root@ecs-8c70 ~]# cat /etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "5bNswdCUaehpdZiWoBtYzg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "5bNswdCUaehpdZiWoBtYzg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
將上面註釋的部分複製到named.conf的配置檔案中
[root@ecs-8c70 ~]# tail /etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "5bNswdCUaehpdZiWoBtYzg==";
};
controls {
inet 127.0.0.1 port 953 #設定監聽的地址
allow { 127.0.0.1; } keys { "rndc-key"; }; #允許控制named服務的地址
};
重新啟動named服務
[root@ecs-8c70 ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
使用rndc命令測試
格式:
[root@ecs-8c70 ~]# rndc -h
Usage: rndc [-b address] [-c config] [-s server] [-p port]
[-k key-file ] [-y key] [-V] command檢視伺服器的狀態
[root@ecs-8c70 ~]# rndc -c /etc/rndc.conf status
version: 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
手動傳送通知
[root@ecs-8c70 ~]# rndc -c /etc/rndc.conf notify "miner-k.com"
zone notify queued
[root@ecs-8c70 ~]# tail /var/log/messages
Aug 17 23:20:15 ecs-8c70 named[21620]: zone miner-k.com/IN: sending notifies (serial 20170820)清空快取
[root@ecs-8c70 ~]# rndc -c /etc/rndc.conf flush停止named服務
[root@ecs-8c70 ~]# rndc -c /etc/rndc.conf stop子域轉發
父域:miner-k.com 122.112.217.171
子域:market.miner-k.com 117.78.49.247
父域配置:
設定主配置檔案
[root@centos6-8 ~]# cat /etc/named.conf
options {
directory "/var/named";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "miner-k.com" IN {
type master;
file "miner-k.com.zone";
};
設定區域配置檔案
[root@centos6-8 ~]# cat /var/named/miner-k.com.zone
$TTL 600
@ IN SOA ns1.miner-k.com. admin.miner-k.com (
20170820
1D
1H
1w
1H
)
IN NS ns1
ns1 IN A 122.112.217.171
www IN A 122.112.217.171
market IN NS ns2
ns2 IN A 122.112.217.171
檢視區域配置檔案的許可權
[root@centos6-8 ~]# ls -ld /var/named/miner-k.com.zone
-rw-r-----. 1 root named 204 Aug 20 19:51 /var/named/miner-k.com.zone啟動服務
[root@cxy-65 ~]# service named restart
Stopping named: [ OK ]
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]子域DNS配置
設定配置檔案
[root@cxy-65 ~]# cat /etc/named.conf
[root@cxy-65 ~]# cat /etc/named.conf
options {
directory "/var/named";
allow-query-cache { any;}; #必須設定該引數否則無法轉發
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "market.miner-k.com" IN {
type master;
file "market.miner-k.com.zone";
};
zone "miner-k.com" IN { #在指定的區域做轉發
type forward;
forward first;
forwarders { 122.112.217.171; };
};
[root@cxy-65 ~]# cat /var/named/market.miner-k.com.zone
$TTL 600
@ IN SOA ns1 rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1
A 127.0.0.1
ns1 A 117.78.49.247
www A 117.78.49.247
設定許可權,重新啟動服務
[root@cxy-65 ~]# chown root:named /var/named/market.miner-k.com.zone
[root@cxy-65 ~]# chmod 640 /var/named/market.miner-k.com.zone
[root@cxy-65 ~]# service named restart
Stopping named: [ OK ]
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
常見錯誤
日誌中的錯誤提示:query (cache) ‘www.miner-k.com/A/IN’ denied
解決方法:
在named.conf中加入`allow-query-cache { any;};`
日誌中的錯誤提示:network unreachable resolving ‘www.baidu.com/A/IN’:2001:5023:c27::2:30#53
解決方法:
在named.conf中設定`recursion no;`
客戶端工具
dig (domain information groper)
查詢對應的區域的NS記錄(-t NS)
[root@miner_k named]# dig -t NS .
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t NS .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32144
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 262805 IN NS c.root-servers.net.
. 262805 IN NS a.root-servers.net.
. 262805 IN NS e.root-servers.net.
. 262805 IN NS g.root-servers.net.
. 262805 IN NS b.root-servers.net.
. 262805 IN NS f.root-servers.net.
. 262805 IN NS j.root-servers.net.
. 262805 IN NS k.root-servers.net.
. 262805 IN NS h.root-servers.net.
. 262805 IN NS d.root-servers.net.
. 262805 IN NS l.root-servers.net.
. 262805 IN NS i.root-servers.net.
. 262805 IN NS m.root-servers.net.
;; Query time: 30 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Mon Aug 14 10:09:04 2017
;; MSG SIZE rcvd: 228查詢對應域名的A記錄(-t A)
[root@centos7-2 ~]# dig -t NS miner.com @117.78.49.247
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t NS miner.com @117.78.49.247
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@centos7-2 ~]# dig -t A www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t A www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35965
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 721 IN CNAME www.a.shifen.com.
www.a.shifen.com. 232 IN A 61.135.169.121
www.a.shifen.com. 232 IN A 61.135.169.125
;; Query time: 8 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Mon Aug 14 15:17:15 CST 2017
;; MSG SIZE rcvd: 101
指定對應的域伺服器(@)
[root@centos7-2 ~]# dig -t A www.baidu.com @dns.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t A www.baidu.com @dns.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62864
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 6
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
;; AUTHORITY SECTION:
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
;; ADDITIONAL SECTION:
ns1.a.shifen.com. 1200 IN A 61.135.165.224
ns2.a.shifen.com. 1200 IN A 180.149.133.241
ns3.a.shifen.com. 1200 IN A 61.135.162.215
ns4.a.shifen.com. 1200 IN A 115.239.210.176
ns5.a.shifen.com. 1200 IN A 119.75.222.17
;; Query time: 24 msec
;; SERVER: 202.108.22.220#53(202.108.22.220)
;; WHEN: Mon Aug 14 15:18:11 CST 2017
;; MSG SIZE rcvd: 239
反向查詢(-x)
[root@centos7-2 ~]# dig -x 119.75.222.17
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -x 119.75.222.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14843
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;17.222.75.119.in-addr.arpa. IN PTR
;; Query time: 168 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Mon Aug 14 15:22:19 CST 2017
;; MSG SIZE rcvd: 44
不做遞迴查詢(+norecurse)
[root@com ~]# dig +norecurse -t A www.sohu.com @117.78.49.247
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> +norecurse -t A www.sohu.com @117.78.49.247
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38949
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11
;; QUESTION SECTION:
;www.sohu.com. IN A
;; AUTHORITY SECTION:
com. 172678 IN NS j.gtld-servers.net.
com. 172678 IN NS f.gtld-servers.net.
....
;; ADDITIONAL SECTION:
a.gtld-servers.net. 172678 IN A 192.5.6.30
a.gtld-servers.net. 172678 IN AAAA 2001:503:a83e::2:30
....
;; Query time: 29 msec
;; SERVER: 117.78.49.247#53(117.78.49.247)
;; WHEN: Thu Aug 17 14:47:30 2017
;; MSG SIZE rcvd: 490
追蹤DNS解析的路徑(+trace)
[root@com ~]# dig +trace -t A www.baidu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> +trace -t A www.baidu.com
;; global options: +cmd
. 505169 IN NS b.root-servers.net.
. 505169 IN NS m.root-servers.net.
......
;; Received 228 bytes from 114.114.114.114#53(114.114.114.114) in 5115 ms
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
......
;; Received 491 bytes from 192.112.36.4#53(192.112.36.4) in 454 ms
baidu.com. 172800 IN NS dns.baidu.com.
baidu.com. 172800 IN NS ns2.baidu.com.
.......
;; Received 201 bytes from 192.43.172.30#53(192.43.172.30) in 15459 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
.......
;; Received 228 bytes from 220.181.37.10#53(220.181.37.10) in 27 ms
完全區域傳送(-t axfr)
得到指定域中的所有資料
[root@com ~]# dig -t axfr miner-k.com @117.78.49.247
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t axfr miner-k.com @117.78.49.247
;; global options: +cmd
miner-k.com. 600 IN SOA ns1.miner-k.com. admin.miner.com.miner-k.com. 20170817 3600 300 604800 10800
miner-k.com. 600 IN NS ns1.miner-k.com.
ns1.miner-k.com. 600 IN A 127.0.0.1
www.miner-k.com. 600 IN A 117.78.49.24
miner-k.com. 600 IN SOA ns1.miner-k.com. admin.miner.com.miner-k.com. 20170817 3600 300 604800 10800
;; Query time: 31 msec
;; SERVER: 117.78.49.247#53(117.78.49.247)
;; WHEN: Thu Aug 17 15:12:09 2017
;; XFR size: 5 records (messages 1, bytes 171)
增量區域傳送(-t ixfr)
[root@com ~]# dig -t ixfr=20170818 miner-k.com @117.78.49.247
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t ixfr=20170818 miner-k.com @117.78.49.247
;; global options: +cmd
miner-k.com. 600 IN SOA ns1.miner-k.com. admin.miner.com.miner-k.com. 20170819 3600 300 604800 10800
miner-k.com. 600 IN NS ns1.miner-k.com.
ftp.miner-k.com. 600 IN A 117.78.49.24
ns1.miner-k.com. 600 IN A 127.0.0.1
pop.miner-k.com. 600 IN A 117.78.49.24
www.miner-k.com. 600 IN A 117.78.49.24
miner-k.com. 600 IN SOA ns1.miner-k.com. admin.miner.com.miner-k.com. 20170819 3600 300 604800 10800
;; Query time: 31 msec
;; SERVER: 117.78.49.247#53(117.78.49.247)
;; WHEN: Thu Aug 17 15:20:40 2017
;; XFR size: 7 records (messages 1, bytes 211)
host命令
[root@centos7-2 ~]# host -t NS baidu.com
baidu.com name server ns2.baidu.com.
baidu.com name server ns7.baidu.com.
baidu.com name server ns3.baidu.com.
baidu.com name server dns.baidu.com.
baidu.com name server ns4.baidu.com.nslookup
[root@centos7-2 ~]# nslookup
> server 114.114.115.115 #設定DNS地址
Default server: 114.114.115.115
Address: 114.114.115.115#53
> set q=A #設定A記錄
> www.baidu.com #查詢www.baidu.com的A記錄
Server: 114.114.115.115
Address: 114.114.115.115#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 61.135.169.125
Name: www.a.shifen.com
Address: 61.135.169.121
反向解析查詢
[root@centos6-8 ~]# nslookup
> server 10.0.1.53
Default server: 10.0.1.53
Address: 10.0.1.53#53
> set q=PTR
> 10.0.1.57
Server: 10.0.1.53
Address: 10.0.1.53#53
57.1.0.10.in-addr.arpa name = www.miner.com.
queryperf DNS壓力測試
使用bind包中自帶的工具,安裝queryperf
[root@miner-k ~]#wget https://www.isc.org/downloads/file/bind-9-10-6
[root@miner-k ~]#tar -xvf bind-9-10-6
[root@miner-k ~]#cd bind-9.10.6/
[root@miner-k bind-9.10.6]# cd contrib/
[root@miner-k contrib]# cd queryperf/
[root@miner-k queryperf]# ./configure
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
..........
[root@miner-k queryperf]# make
gcc -DHAVE_CONFIG_H -c queryperf.c
gcc -DHAVE_CONFIG_H queryperf.o -lnsl -lresolv -lm -o queryperf
[root@miner-k queryperf]# mv queryperf /bin/
測試DNS的解析情況
[root@miner-k ~]# vim querytxt
baidu.com A
www.baidu.com A
baidu.com NS
baidu.com A
baidu.com A
baidu.com A
baidu.com A
baidu.com A
baidu.com A
baidu.com A
.......
[root@miner-k ~]# queryperf -d querytxt -s 114.114.114.114
DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $
[Status] Processing input data
[Status] Sending queries (beginning with 114.114.114.114)
[Status] Testing complete
Statistics:
Parse input file: once
Ended due to: reaching end of file
Queries sent: 540 queries
Queries completed: 540 queries
Queries lost: 0 queries
Queries delayed(?): 0 queries
RTT max: 0.029657 sec
RTT min: 0.027262 sec
RTT average: 0.027699 sec
RTT std deviation: 0.000401 sec
RTT out of range: 0 queries
Percentage completed: 100.00%
Percentage lost: 0.00%
Started at: Sat Oct 14 20:49:22 2017
Finished at: Sat Oct 14 20:49:22 2017
Ran for: 0.751673 seconds
Queries per second: 718.397495 qps
在bind啟動時,會將檔案中的資料全部讀入記憶體中,故查詢指定的DNS記錄時,查詢速率比較快。
常見錯誤
提示:no servers could be reached
[root@cxy-65 ~]# dig -t NS market.miner-k.com @117.78.36.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t NS market.miner-k.com @117.78.36.1
;; global options: +cmd
;; connection timed out; no servers could be reached原因:沒有找到對應的伺服器,
解決方法:1.檢視named的狀態是否開啟
2.檢查53埠是否開放
3.關閉防火牆之類的限制
相關文章
- 配置linux DNSLinuxDNS
- linux 修改 dns 配置LinuxDNS
- Redhat linux DNS配置指南RedhatLinuxDNS
- Linux 中檢視 DNS 與 配置LinuxDNS
- linux bind dns簡單配置LinuxDNS
- Linux---DNS域名解析如何配置LinuxDNS
- Linux網路配置方法(DNS,IP,GW)LinuxDNS
- solaris DNS 配置DNS
- scan-dns配置DNS
- 配置dns和apacheDNSApache
- CENTOS下配置DNSCentOSDNS
- RHEL 5 DNS 配置DNS
- DNS配置全文(轉)DNS
- solaris的dns配置DNS
- Linux DNS 伺服器安裝、配置和維護LinuxDNS伺服器
- Linux之CentOS--配置域主DNS伺服器LinuxCentOSDNS伺服器
- Linux7.0下簡單DNS服務配置實驗LinuxDNS
- 配置Ubuntu DNS伺服器UbuntuDNS伺服器
- consul dns 轉發配置DNS
- redhat 5 dns配置示例一RedhatDNS
- dns配置高階篇(轉)DNS
- Linux網路中的DNS域名正向解析實操LinuxDNS
- DNS 配置單純為轉發的DNS伺服器DNS伺服器
- Linux系統下如何配置DNS?這些你肯定不知道!LinuxDNS
- Linux中如何配置IPLinux
- ubuntu 配置靜態IP 和 DNSUbuntuDNS
- [參考]如何用dnsmasq配置DNS?DNS
- RAC 11.2.0.3 SACN與DNS配置DNS
- 我的dns配置過程(轉)DNS
- Redhat9上配置DNS(轉)RedhatDNS
- Linux中設定內部保留IP與DNS IP薦LinuxDNS
- 電腦dns配置錯誤無法上網怎麼辦 dns配置錯誤不能上網DNS
- PowerDNS 配置 DNS 名稱伺服器DNS伺服器
- DNS域名解析服務及其配置DNS
- 使用 Dnsmasq 自建 DNS 的基本配置方法DNS
- SuSE上配置DNS客戶端方法DNS客戶端
- redhat7.2 DNS配置筆記(轉)RedhatDNS筆記
- dns異常怎麼修復 dns配置異常怎麼處理DNS