DNS服务——服务端 和 客户端 配置
2024-08-27 05:52:26
前言
电脑经常会出现一些网络小毛病。有的时候,QQ能正常上网,但是网页却打不开。这种时候十有八九是DNS出问题了。
QQ在DNS不可用的时候,可以跳过DNS解析,直接访问对方IP
实验环境
rhel-server-6.4-x86_64-dvd(ED2000.COM).iso最小化安装
常用公网DNS服务器
8.8.8.8
222.222.222.222
202.99.168.8
202.99.160.68
配置DNS服务器
设置本地yum源
安装bind
域名系统 (Domain Name System, DNS)一种因特网的通讯协议名称,提供这种服务的软件有很多,比如(Berkeley Internet Name Domain, BIND)。
[root@ziqiang ~]# yum list | grep bind
PackageKit-device-rebind.x86_64 0.5.-.el6 vcd
bind.x86_64 :9.8.-0.17.rc1.el6 vcd
bind-chroot.x86_64 :9.8.-0.17.rc1.el6 vcd
bind-dyndb-ldap.x86_64 2.3-.el6 vcd
bind-libs.i686 :9.8.-0.17.rc1.el6 vcd
bind-libs.x86_64 :9.8.-0.17.rc1.el6 vcd
bind-utils.x86_64 :9.8.-0.17.rc1.el6 vcd
rpcbind.x86_64 0.2.-.el6 vcd
samba-winbind.x86_64 3.6.-.el6 vcd
samba-winbind-clients.i686 3.6.-.el6 vcd
samba-winbind-clients.x86_64 3.6.-.el6 vcd
samba4-winbind.x86_64 4.0.-.el6.rc4 vcd
samba4-winbind-clients.x86_64 4.0.-.el6.rc4 vcd
samba4-winbind-krb5-locator.x86_64 4.0.-.el6.rc4 vcd
ypbind.x86_64 :1.20.-.el6 vcd
[root@ziqiang ~]# yum -y install bind
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 :9.8.-0.17.rc1.el6 will be installed
--> Processing Dependency: bind-libs = :9.8.-0.17.rc1.el6 for package: :bind-9.8.-0.17.rc1.el6.x86_64
--> Processing Dependency: liblwres.so.()(64bit) for package: :bind-9.8.-0.17.rc1.el6.x86_64
--> Processing Dependency: libisccfg.so.()(64bit) for package: :bind-9.8.-0.17.rc1.el6.x86_64
--> Processing Dependency: libisccc.so.()(64bit) for package: :bind-9.8.-0.17.rc1.el6.x86_64
--> Processing Dependency: libisc.so.()(64bit) for package: :bind-9.8.-0.17.rc1.el6.x86_64
--> Processing Dependency: libdns.so.()(64bit) for package: :bind-9.8.-0.17.rc1.el6.x86_64
--> Processing Dependency: libbind9.so.()(64bit) for package: :bind-9.8.-0.17.rc1.el6.x86_64
--> Running transaction check
---> Package bind-libs.x86_64 :9.8.-0.17.rc1.el6 will be installed
--> Finished Dependency Resolution Dependencies Resolved ===================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================
Installing:
bind x86_64 :9.8.-0.17.rc1.el6 vcd 4.0 M
Installing for dependencies:
bind-libs x86_64 :9.8.-0.17.rc1.el6 vcd k Transaction Summary
===================================================================================================================================
Install Package(s) Total download size: 4.8 M
Installed size: 9.4 M
Downloading Packages:
-----------------------------------------------------------------------------------------------------------------------------------
Total MB/s | 4.8 MB :
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : :bind-libs-9.8.-0.17.rc1.el6.x86_64 /
Installing : :bind-9.8.-0.17.rc1.el6.x86_64 /
Verifying : :bind-9.8.-0.17.rc1.el6.x86_64 /
Verifying : :bind-libs-9.8.-0.17.rc1.el6.x86_64 / Installed:
bind.x86_64 :9.8.-0.17.rc1.el6 Dependency Installed:
bind-libs.x86_64 :9.8.-0.17.rc1.el6 Complete!
查看安装完毕后的DNS服务
[root@ziqiang ~]# chkconfig
auditd :off :off :on :on :on :on :off
crond :off :off :on :on :on :on :off
dhcpd :off :off :off :off :off :off :off
dhcpd6 :off :off :off :off :off :off :off
dhcrelay :off :off :off :off :off :off :off
ip6tables :off :off :on :on :on :on :off
iptables :off :off :on :on :on :on :off
named :off :off :off :off :off :off :off
netconsole :off :off :off :off :off :off :off
netfs :off :off :off :on :on :on :off
network :off :off :on :on :on :on :off
portreserve :off :off :on :on :on :on :off
postfix :off :off :on :on :on :on :off
rdisc :off :off :off :off :off :off :off
restorecond :off :off :off :off :off :off :off
rhnsd :off :off :on :on :on :on :off
rhsmcertd :off :off :off :on :on :on :off
rsyslog :off :off :on :on :on :on :off
saslauthd :off :off :off :off :off :off :off
sshd :off :off :on :on :on :on :off
udev-post :off :on :on :on :on :on :off
刚刚安装的服务叫named,显示是关闭状态,接下来开启该服务
[root@ziqiang ~]# chkconfig named on
[root@ziqiang ~]# chkconfig
auditd :off :off :on :on :on :on :off
crond :off :off :on :on :on :on :off
dhcpd :off :off :off :off :off :off :off
dhcpd6 :off :off :off :off :off :off :off
dhcrelay :off :off :off :off :off :off :off
ip6tables :off :off :on :on :on :on :off
iptables :off :off :on :on :on :on :off
named :off :off :on :on :on :on :off
netconsole :off :off :off :off :off :off :off
netfs :off :off :off :on :on :on :off
network :off :off :on :on :on :on :off
portreserve :off :off :on :on :on :on :off
postfix :off :off :on :on :on :on :off
rdisc :off :off :off :off :off :off :off
restorecond :off :off :off :off :off :off :off
rhnsd :off :off :on :on :on :on :off
rhsmcertd :off :off :off :on :on :on :off
rsyslog :off :off :on :on :on :on :off
saslauthd :off :off :off :off :off :off :off
sshd :off :off :on :on :on :on :off
udev-post :off :on :on :on :on :on :off
[root@ziqiang ~]# runlevel
N
查看配置文件
bind安装完毕后所有配置文件(包含可执行文件)
[root@ziqiang ~]# rpm -lq bind
/etc/NetworkManager/dispatcher.d/-named
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/portreserve/named
/etc/rc.d/init.d/named
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/usr/lib64/bind
/usr/sbin/arpaname
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/share/doc/bind-9.8.
/usr/share/doc/bind-9.8./CHANGES
/usr/share/doc/bind-9.8./COPYRIGHT
/usr/share/doc/bind-9.8./Copyright
/usr/share/doc/bind-9.8./README
/usr/share/doc/bind-9.8./arm
/usr/share/doc/bind-9.8./arm/Bv9ARM-book.xml
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch01.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch02.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch03.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch04.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch05.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch06.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch07.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch08.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch09.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.ch10.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.html
/usr/share/doc/bind-9.8./arm/Bv9ARM.pdf
/usr/share/doc/bind-9.8./arm/Makefile
/usr/share/doc/bind-9.8./arm/Makefile.in
/usr/share/doc/bind-9.8./arm/README-SGML
/usr/share/doc/bind-9.8./arm/dnssec.xml
/usr/share/doc/bind-9.8./arm/isc-logo.eps
/usr/share/doc/bind-9.8./arm/isc-logo.pdf
/usr/share/doc/bind-9.8./arm/latex-fixup.pl
/usr/share/doc/bind-9.8./arm/libdns.xml
/usr/share/doc/bind-9.8./arm/man.arpaname.html
/usr/share/doc/bind-9.8./arm/man.ddns-confgen.html
/usr/share/doc/bind-9.8./arm/man.dig.html
/usr/share/doc/bind-9.8./arm/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.8./arm/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.8./arm/man.dnssec-keygen.html
/usr/share/doc/bind-9.8./arm/man.dnssec-revoke.html
/usr/share/doc/bind-9.8./arm/man.dnssec-settime.html
/usr/share/doc/bind-9.8./arm/man.dnssec-signzone.html
/usr/share/doc/bind-9.8./arm/man.genrandom.html
/usr/share/doc/bind-9.8./arm/man.host.html
/usr/share/doc/bind-9.8./arm/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.8./arm/man.named-checkconf.html
/usr/share/doc/bind-9.8./arm/man.named-checkzone.html
/usr/share/doc/bind-9.8./arm/man.named-journalprint.html
/usr/share/doc/bind-9.8./arm/man.named.html
/usr/share/doc/bind-9.8./arm/man.nsec3hash.html
/usr/share/doc/bind-9.8./arm/man.nsupdate.html
/usr/share/doc/bind-9.8./arm/man.rndc-confgen.html
/usr/share/doc/bind-9.8./arm/man.rndc.conf.html
/usr/share/doc/bind-9.8./arm/man.rndc.html
/usr/share/doc/bind-9.8./arm/managed-keys.xml
/usr/share/doc/bind-9.8./arm/pkcs11.xml
/usr/share/doc/bind-9.8./draft
/usr/share/doc/bind-9.8./draft/draft-faltstrom-uri-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-6man-text-addr-representation-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-behave-address-format-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-behave-dns64-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-axfr-clarify-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-dns-tcp-requirements-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-dnssec-bis-updates-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-dnssec-registry-fixes-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-ecc-key-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-interop3597-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-rfc2671bis-edns0-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-rfc2672bis-dname-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-rfc3597-bis-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsext-tsig-md5-deprecated-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsop-bad-dns-res-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsop-dnssec-key-timing-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsop-dnssec-trust-history-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsop-inaddr-required-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsop-name-server-management-reqs-.txt
/usr/share/doc/bind-9.8./draft/draft-ietf-dnsop-respsize-.txt
/usr/share/doc/bind-9.8./draft/draft-kato-dnsop-local-zones-.txt
/usr/share/doc/bind-9.8./draft/draft-kerr-ixfr-only-.txt
/usr/share/doc/bind-9.8./draft/draft-mekking-dnsop-auto-cpsync-.txt
/usr/share/doc/bind-9.8./draft/draft-yao-dnsext-bname-.txt
/usr/share/doc/bind-9.8./draft/update
/usr/share/doc/bind-9.8./misc
/usr/share/doc/bind-9.8./misc/Makefile
/usr/share/doc/bind-9.8./misc/Makefile.in
/usr/share/doc/bind-9.8./misc/dnssec
/usr/share/doc/bind-9.8./misc/format-options.pl
/usr/share/doc/bind-9.8./misc/ipv6
/usr/share/doc/bind-9.8./misc/migration
/usr/share/doc/bind-9.8./misc/migration-4to9
/usr/share/doc/bind-9.8./misc/options
/usr/share/doc/bind-9.8./misc/rfc-compliance
/usr/share/doc/bind-9.8./misc/roadmap
/usr/share/doc/bind-9.8./misc/sdb
/usr/share/doc/bind-9.8./misc/sort-options.pl
/usr/share/doc/bind-9.8./named.conf.default
/usr/share/doc/bind-9.8./rfc
/usr/share/doc/bind-9.8./rfc/index.gz
/usr/share/doc/bind-9.8./rfc/rfc1032.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1033.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1034.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1035.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1101.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1122.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1123.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1183.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1348.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1535.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1536.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1537.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1591.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1611.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1612.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1706.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1712.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1750.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1876.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1886.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1912.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1982.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1995.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc1996.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2052.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2104.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2119.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2133.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2136.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2137.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2163.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2168.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2181.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2230.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2308.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2317.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2373.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2374.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2375.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2418.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2535.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2536.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2537.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2538.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2539.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2540.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2541.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2553.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2671.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2672.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2673.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2782.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2825.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2826.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2845.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2874.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2915.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2929.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2930.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc2931.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3007.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3008.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3071.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3090.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3110.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3123.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3152.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3197.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3225.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3226.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3258.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3363.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3364.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3425.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3445.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3467.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3490.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3491.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3492.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3493.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3513.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3596.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3597.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3645.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3655.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3658.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3755.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3757.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3833.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3845.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc3901.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4025.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4033.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4034.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4035.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4074.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4159.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4193.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4255.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4294.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4339.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4343.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4367.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4398.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4408.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4431.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4470.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4471.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4472.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4509.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4634.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4635.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4641.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4648.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4697.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4701.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4892.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4955.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc4956.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5001.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5011.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5155.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5205.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5452.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5507.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5625.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5702.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc5933.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc6303.txt.gz
/usr/share/doc/bind-9.8./rfc/rfc952.txt.gz
/usr/share/doc/bind-9.8./rfc1912.txt
/usr/share/doc/bind-9.8./sample
/usr/share/doc/bind-9.8./sample/etc
/usr/share/doc/bind-9.8./sample/etc/named.conf
/usr/share/doc/bind-9.8./sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.8./sample/var
/usr/share/doc/bind-9.8./sample/var/named
/usr/share/doc/bind-9.8./sample/var/named/data
/usr/share/doc/bind-9.8./sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.8./sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.8./sample/var/named/named.ca
/usr/share/doc/bind-9.8./sample/var/named/named.empty
/usr/share/doc/bind-9.8./sample/var/named/named.localhost
/usr/share/doc/bind-9.8./sample/var/named/named.loopback
/usr/share/doc/bind-9.8./sample/var/named/slaves
/usr/share/doc/bind-9.8./sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.8./sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname..gz
/usr/share/man/man5/named.conf..gz
/usr/share/man/man5/rndc.conf..gz
/usr/share/man/man8/ddns-confgen..gz
/usr/share/man/man8/dnssec-dsfromkey..gz
/usr/share/man/man8/dnssec-keyfromlabel..gz
/usr/share/man/man8/dnssec-keygen..gz
/usr/share/man/man8/dnssec-revoke..gz
/usr/share/man/man8/dnssec-settime..gz
/usr/share/man/man8/dnssec-signzone..gz
/usr/share/man/man8/genrandom..gz
/usr/share/man/man8/isc-hmac-fixup..gz
/usr/share/man/man8/lwresd..gz
/usr/share/man/man8/named-checkconf..gz
/usr/share/man/man8/named-checkzone..gz
/usr/share/man/man8/named-compilezone..gz
/usr/share/man/man8/named-journalprint..gz
/usr/share/man/man8/named..gz
/usr/share/man/man8/nsec3hash..gz
/usr/share/man/man8/rndc-confgen..gz
/usr/share/man/man8/rndc..gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
/var/run/named
/etc/named.conf主配置文件设置DNS服务器的属性
/etc/named.rfc1912.zones区域定义
/var/named/区域文件所在的目录
查看Internet上根DNS服务器
[root@ziqiang data]# cat /var/named/named.ca
; <<>> DiG 9.5.0b2 <<>> +bufsize= +norec NS . @a.root-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;. IN NS ;; ANSWER SECTION:
. IN NS M.ROOT-SERVERS.NET.
. IN NS A.ROOT-SERVERS.NET.
. IN NS B.ROOT-SERVERS.NET.
. IN NS C.ROOT-SERVERS.NET.
. IN NS D.ROOT-SERVERS.NET.
. IN NS E.ROOT-SERVERS.NET.
. IN NS F.ROOT-SERVERS.NET.
. IN NS G.ROOT-SERVERS.NET.
. IN NS H.ROOT-SERVERS.NET.
. IN NS I.ROOT-SERVERS.NET.
. IN NS J.ROOT-SERVERS.NET.
. IN NS K.ROOT-SERVERS.NET.
. IN NS L.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. IN A 198.41.0.4
A.ROOT-SERVERS.NET. IN AAAA ::ba3e:::
B.ROOT-SERVERS.NET. IN A 192.228.79.201
C.ROOT-SERVERS.NET. IN A 192.33.4.12
D.ROOT-SERVERS.NET. IN A 128.8.10.90
E.ROOT-SERVERS.NET. IN A 192.203.230.10
F.ROOT-SERVERS.NET. IN A 192.5.5.241
F.ROOT-SERVERS.NET. IN AAAA ::2f::f
G.ROOT-SERVERS.NET. IN A 192.112.36.4
H.ROOT-SERVERS.NET. IN A 128.63.2.53
H.ROOT-SERVERS.NET. IN AAAA ::::803f:
I.ROOT-SERVERS.NET. IN A 192.36.148.17
J.ROOT-SERVERS.NET. IN A 192.58.128.30
J.ROOT-SERVERS.NET. IN AAAA ::c27:::
K.ROOT-SERVERS.NET. IN A 193.0.14.129
K.ROOT-SERVERS.NET. IN AAAA :7fd::
L.ROOT-SERVERS.NET. IN A 199.7.83.42
M.ROOT-SERVERS.NET. IN A 202.12.27.33
M.ROOT-SERVERS.NET. IN AAAA :dc3:: ;; Query time: msec
;; SERVER: 198.41.0.4#(198.41.0.4)
;; WHEN: Mon Feb ::
;; MSG SIZE rcvd:
修改主配置文件
named.conf原始配置文件内容如下
[root@ziqiang named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// options {
listen-on port { 127.0.0.1; };
listen-on-v6 port { ::; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes; dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto; /* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic";
}; logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
}; zone "." IN {
type hint;
file "named.ca";
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
修改后named.conf原始配置文件内容如下
[root@ziqiang named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// options {
listen-on port { any; };
listen-on-v6 port { ::; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.80.0/;192.168.90.0/;};
recursion yes; dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no; /* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic";
}; logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
}; zone "." IN {
type hint;
file "named.ca";
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
关键字段解析
listen-on port 53 { any; };
假如DNS服务器有多块网卡,每个网卡有不同IP,我们可以只填一个IP,这样就只有一块网卡在53号端口监听DNS请求。也可以填多个IP,这样就有多块网卡在53号端口监听DNS请求。如果填any,是所有网卡都监听53号端口的DNS请求
allow-query { 192.168.80.0/24;192.168.90.0/24 };
允许哪些网段计算机向我发起域名解析。默认值是localhost,即只允许自己找自己解析。
recursion yes;
DNS服务器是否允许递归查询。所谓递归查询,其过程是:如果当前DNS无法解析该域名,则向Root DNS请求,根据Root DNS返回记录在向其他层级的DNS查询。
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
是否允许安全DNS查询,全部改成no。因为目前Internet上的DNS服务器不支持安全的DNS查询。
重启DNS服务
[root@ziqiang named]# service named restart
Stopping named: [ OK ]
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
再重启过程中会生成远程配置管理DNS所需要的密钥/etc/rndc.key
重启完毕后,查询DNS进程
[root@ziqiang named]# ps -eeaf | grep named
named : ? :: /usr/sbin/named -u named
root : pts/ :: grep named
查看named服务侦听的53端口
[root@ziqiang named]# netstat -an | grep
tcp 192.168.40.120: 0.0.0.0:* LISTEN
tcp 127.0.0.1: 0.0.0.0:* LISTEN
tcp 127.0.0.1: 0.0.0.0:* LISTEN
tcp ::: :::* LISTEN
tcp ::: :::* LISTEN
udp 192.168.40.120: 0.0.0.0:*
udp 127.0.0.1: 0.0.0.0:*
udp ::: :::*
unix [ ] STREAM CONNECTED
查看日志
[root@ziqiang named]# cat /var/named/data/named.run
zone .in-addr.arpa/IN: loaded serial
zone 1.0.0.127.in-addr.arpa/IN: loaded serial
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial
zone localhost.localdomain/IN: loaded serial
zone localhost/IN: loaded serial
managed-keys-zone ./IN: loaded serial
running
managed-keys-zone ./IN: Initializing automatic trust anchor management for zone '.'; DNSKEY ID is now trusted, waiving the normal -day waiting period
配置DNS客户端
Windows
填写上面DNS服务器的IP
然后在命令行下ping www.baidu.com
如果不能ping通,关闭服务器端防火墙。service iptables stop
但实际场景中,防火墙不能轻易关闭。下面单独为TCP和UDP开放53端口
[root@ziqiang ~]# iptables -I INPUT -p tcp --dport -j ACCEPT
[root@ziqiang ~]# iptables -I INPUT -p udp --dport -j ACCEPT
[root@ziqiang ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
保存防火墙配置,防止重启后新配置的防火墙规则消失
[root@ziqiang ~]# /sbin/service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
最新文章
- winform对话框控件、打印控件
- 1. AE二次开发——地图的基本操作(加载地图文档,加载shape,加载mdb,地图的保存,缩放,漫游)
- WPF仿Word头部格式,涉及DEV RibbonControl,NarvbarControl,ContentPresenter,Navigation
- 海康威视 NET_DVR_FindNextFile 的错误
- UITextField-secureTextEntry
- 【leetcode❤python】 290. Word Pattern
- Visual Studio Professional 2015 (x86 and x64) - DVD (Chinese-Simplified)
- android性能小贴士 翻译
- Cocos2d-x FlappyBird
- 复习C语言
- Codeforces Round #332 (Div. 2) B. Spongebob and Joke 水题
- Indesign多媒体富交互插件【MagBuilder】与iOS app 【MagViewer】介绍
- socket pro
- IdeasToComeTrue
- git常见操作和常见错误
- [Hive_9] Hive 的排序
- Mac 下编译安装 php-5.6
- 移动端(处理边距样式)reset.css
- 从零开始学 Web 之 移动Web(五)touch事件的缺陷,移动端常用插件
- IOP知识点(2)
热门文章
- ubuntu 18.04使用sysbench测试MySQL性能
- JS的正则表达式限定开始和结尾等测试
- 【linux基础-err】 tar命令-stdin: not in gzip format
- 【warning】set the environment variable MXNET_CUDNN_AUTOTUNE_DEFAULT to 0 to disable
- 【Leetcode_easy】908. Smallest Range I
- 如何解决mac brew遇到无法下载的依赖?
- robot:循环遍历数据库查询结果是否满足要求
- 有关_meta内容(持续更新)
- 6、2、2 存到redis 中的验证码
- Quartz.Net—IJob特性