DNS之主服务器正向区域部署流程

正向区域：将域名解析为IP

搭建步骤

1）定义区域
2）编写区域解析库文件
3）添加记录

环境介绍

[root@dns ~]# cat /etc/centos-release
CentOS release 6.6 (Final)
[root@dns ~]# hostname -i
192.168.30.149

安装部署

[root@dns ~]# yum install -y bind bind-libs bind-utils
[root@dns ~]# cp /etc/named.conf{,.bak}
[root@dns ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; # 或【listen-on port 53 { 192.168.30.149; 127.0.0.1; };】
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; }; # 或【allow-query { any; };】
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
zone "liming.com" IN { # zone定义段亦可放置于【/etc/named.rfc1912.zones】中
type master;
file "liming.com.zone";
};
[root@dns ~]# /etc/init.d/named start
[root@dns ~]# ss -lntup4|grep named
略

[root@dns ~]# cp /var/named/named.localhost /var/named/liming.com.zone
[root@dns ~]# vim /var/named/liming.com.zone

[root@dns ~]# named-checkzone "liming.com" /var/named/liming.com.zone
[root@dns ~]# ps -ef|grep named # named的运行用户是named
略
[root@dns ~]# ll /etc/named.conf
略
[root@dns ~]# ll /var/named/named.* /var/named/liming.com.zone
略
[root@dns ~]# chown .named /var/named/liming.com.zone # 注意权限与属主属组
略
[root@dns ~]# /etc/init.d/named reload # 解析库不会立即生效，需要reload重读解析库，或者执行【/usr/sbin/rndc reload】
[root@dns ~]# rndc status # 查看状态
version: 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5
CPUs found: 1
worker threads: 1
number of zones: 19
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

验证DNS

1、host验证
[root@dns ~]# cat /etc/resolv.conf
nameserver 192.168.30.149
[root@dns ~]# host ns1.liming.com
ns1.liming.com has address 192.168.30.149
[root@dns ~]# host mx1.liming.com
mx1.liming.com has address 192.168.30.156
[root@dns ~]# host www.liming.com
www.liming.com has address 192.168.30.158
[root@dns ~]# host bbs.liming.com
bbs.liming.com is an alias for www.liming.com.
www.liming.com has address 192.168.30.158

2、dig验证
[root@dns ~]# dig -t NS liming.com|grep ";; ANSWER SECTION:" -A 2
;; ANSWER SECTION:
liming.com. 86400 IN NS ns1.liming.com.
liming.com. 86400 IN NS ns2.liming.com.
[root@dns ~]# dig -t MX liming.com|grep ";; ANSWER SECTION:" -A 2
;; ANSWER SECTION:
liming.com. 86400 IN MX 20 mx2.liming.com.
liming.com. 86400 IN MX 10 mx1.liming.com.
[root@dns ~]# dig -t A www.liming.com|grep ";; ANSWER SECTION:" -A 1
;; ANSWER SECTION:
www.liming.com. 86400 IN A 192.168.30.158
[root@dns ~]# dig -t CNAME bbs.liming.com|grep ";; ANSWER SECTION:" -A 1
;; ANSWER SECTION:
bbs.liming.com. 86400 IN CNAME www.liming.com.

轮询调度

[root@dns ~]# vim /var/named/liming.com.zone

[root@dns ~]# /etc/init.d/named reload
[root@dns ~]# host www.liming.com
www.liming.com has address 192.168.30.200 # 此IP是真正返回的，其为位参考，以实现轮询
www.liming.com has address 192.168.30.158
www.liming.com has address 192.168.30.170
[root@dns ~]# dig -t A www.liming.com|grep ";; ANSWER SECTION:" -A 3
;; ANSWER SECTION:
www.liming.com. 86400 IN A 192.168.30.170
www.liming.com. 86400 IN A 192.168.30.200
www.liming.com. 86400 IN A 192.168.30.158
DNS轮询调度存在的问题：
1）解析结果会被缓存，导致负载不均
2）无法对主机做健康检查

泛域名解析

[root@dns ~]# dig -t A hello.liming.com|grep ";; ANSWER SECTION:"|wc -l
0
[root@dns ~]# tail -1 /var/named/liming.com.zone
* IN A 192.168.30.149
[root@dns ~]# rndc reload
[root@dns ~]# dig -t A hello.liming.com|grep ";; ANSWER SECTION:"|wc -l
1
[root@dns ~]# dig -t A hello.liming.com|grep ";; ANSWER SECTION:" -A 1
;; ANSWER SECTION:
hello.liming.com. 86400 IN A 192.168.30.149
说明：
1）泛域名解析：利用【*】来做次级域名，以实现所有的次级域名均指向同一IP地址
2）可以让域名支持无限的子域名，这也是泛域名解析最大的用途
3）防止用户错误输入导致的网站不能访问的问题
4）可以让直接输入网址登陆网站的用户输入简洁的网址即可访问网站
5）泛域名在实际使用中作用是非常广泛的，比如实现无限二级域名功能，提供免费的URL转发，在IDC部门实现自动分配免费网址，在大型企业中实现网址分类管理等等，都发挥了巨大的作用

巴特西