当前位置：首页 > news >正文

黑龙江龙采做网站如何商务网站建设的基本流程图

news 2025/12/26 5:10:44

黑龙江龙采做网站如何,商务网站建设的基本流程图,百度网盟推广官方网站,百度知道入口本文基于Linux上CentOS 7版本配合bind#xff08;named#xff09;服务进行演示目录一.DNS域名服务器原理及作用等介绍 1.DNS简介#xff1a; 2.原理简单介绍 3.常见域名后缀 4.DNS域名服务器类型 5.DNS服务器的对应关系查询方式 6.具体解析过程二.bind#x…本文基于Linux上CentOS 7版本配合bindnamed服务进行演示目录一.DNS域名服务器原理及作用等介绍 1.DNS简介 2.原理简单介绍 3.常见域名后缀 4.DNS域名服务器类型 5.DNS服务器的对应关系查询方式 6.具体解析过程二.bindnamed服务配置文件介绍 1.主配置文件在/etc/named.conf 2.数据配置文件目录在/var/named 3.区域配置文件在/etc/named.rfc1912.zones 三.namedbind服务命令部分参数详解 1.named-checkconf /etc/named.conf 2.named-checkzone 域名 /var/named/.zone区域文件 3.测试域名是否可用 4.bind服务所含文件参数介绍四.使用bindnamed服务配置正向解析 1.下载bind服务并开启 2.制定配置计划 3.修改主配置文件/etc/named.conf 4.配置数据配置文件/var/named/ 5.检查主配置文件和数据配置文件格式并重启named服务启动没有报错再进行测试 6.进行测试五.使用bindnamed服务配置反向解析 1.修改主配置文件/etc/named.conf 2.修改数据配置文件 3.检查书写并重启服务 4.测试六.实现DNS主从服务器同步完全/增量区域传送 1.复制同步整个区域的文件叫完全区域传送 2.主从配置演示 3.增量区域传送简介七.实现批量域名解析正/反向解析 1.正向解析 2.反向解析一.DNS域名服务器原理及作用等介绍 1.DNS简介 DNS是互联网上的一项服务担任域名和IP地址相互映射的一个分布式数据库相较于IP域名更便于记忆能够使人更方便的访问互联网。但是计算机只能基于IP来识别对方而且要上网或通过网络传输数据也是基于IP地址完成。 2.原理简单介绍用户输入域名或IP地址服务器查找与域名或IP地址相匹配的IP地址或域名从而去打开我们想要访问的网站。域名解析主要分为正向解析和反向解析。正向解析就是将域名解析成IP地址反向解析就是将IP地址解析成域名通常用的最多的是正向域名解析 3.常见域名后缀 1.edu 教育机构域名后缀 2.pub 公共大众域名后缀 3.cn 中国国家顶级域名后缀 4.org 非盈利组织域名后缀 5.com 商业组织域名后缀 6.gov 政府部门域名后缀 7.net 网络服务商域名后缀 4.DNS域名服务器类型 1缓存服务器负责接收解析器发送过来的DNS解析请求通过依次查询根域名服务器、顶级域名服务器、二级域名服务器来获得DNS条目然后把相应结果发送给解析器根据DNS条目的TTL进行缓存多用于企业局域网内部、运营商等领域 2转发域名服务器接受解析器发送过来的DNS请求转发给指定的上级域名服务器获得DNS解析条目然后把响应结果发送给解析器不缓存仅仅是转发。 3权威域名服务器根域名服务器是最高层次也是最重要的域名服务器负责对.com.cn等顶级域名向下授权所有的根域名服务器都知道所有的顶级域名服务器的域名和IP地址从根本上保证了域名解析服务。一般情况下域名服务器并不直接把待查询的域名直接解析出结果返回给用户会引导本地域名服务器找一个服务器进行查询。顶级域名服务器管理在该顶级域名服务器成功注册的二级域名收到DNS查询时可以立即返回结果。二级域名服务器服务于具体域名解析 4权限域名服务器主要作用是负责管理“区”的域名服务器。权限不能查询结果返回时就会引导用户下一步该寻找哪一个域名服务器。 5本地域名服务器本地域名服务器对域名系统非常重要。用户发出DNS查询请求时这个查询请求报文就会先发送给本地域名服务器进行解析。 5.DNS服务器的对应关系查询方式 DNS采用分布式数据结构来存放数据信息。 1递归查询客户端向本地DNS服务器发出查询的过程一般是递归查询就是当本地DNS服务器没有缓存该DNS信息时他代替充当客户端进行继续一步一步查询。开启递归查询等同于将DNS服务器开放造成大量数据流量流入流出。禁用递归查询 options {listen-on port 53 { 192.168.2.135; };listen-on-v6 port 53 { ::1; };directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;memstatistics-file /var/named/data/named_mem_stats.txt;secroots-file /var/named/data/named.secroots;recursing-file /var/named/data/named.recursing;recursion no; #禁用递归查询 } 2迭代查询本地DNS服务器向根域名服务器的发送请求的过程一般是迭代查询也就是根域名服务器会引导本地DNS服务器到顶级域名二级域名这样一层一层的去访问最后返回解析成功结果或错误结果给本地DNS服务器再发给客户端。 6.具体解析过程 1客户端输出域名发出访问请求 2进行本地域名解析查询查询本地DNS缓存hosts文件等如果缓存有记录就返回结果。 3本地DNS服务器查询上一步没有结果返回时系统向本网络内配置了的本地DNS服务器发送DNS查询请求如果是本地DNS服务器的数据库有缓存则返回结果当然还要考虑一个是否开启转发模式。当本地DNS服务器开启未转发模式时他就只负责管理或用户指定了的DNS记录所以返回成功结果或域名不存在的错误信息。开启转发模式时他就会在自己解析失败后转发给根域名服务器进行迭代查询。 4根域名查询上述无结果时就由本地DNS服务器去向根域名服务器发送解析请求根域名返回器对应的顶级域名服务器地址本地DNS服务器转而向顶级、二级等域名服务器发出请求依次查询 5若是在上面步骤查询到了结果就返回结果给本地DNS服务器本地DNS进行缓存再发送给用户的操作系统 6用户的操作系统收到后进行本地缓存再返回给用户如浏览器界面等 7若都没有查询到结果则返回错误信息二.bindnamed服务配置文件介绍 1.主配置文件在/etc/named.conf 主要用来定义bind服务程序的运行 // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrators Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 192.168.2.160; }; //需要监听的真实服务器ip如果所有地址都监听可以只写端口括号内可填anylisten-on-v6 port 53 { ::1; }; //定义数据文件目录directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt; //统计档案、文件memstatistics-file /var/named/data/named_mem_stats.txt; //分配统计目录recursing-file /var/named/data/named.recursing;secroots-file /var/named/data/named.secroots;allow-query { 192.168.2.0/24; }; //允许某个网段的用户查询 //允许那个网段的用户发起查询请求。可以填写any /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */recursion yes; //允许递归dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file /etc/named.root.key; managed-keys-directory /var/named/dynamic;pid-file /run/named/named.pid;session-keyfile /run/named/session.key; };logging { //指定日志记录分类和他们的目标位置channel default_debug {file data/named.run;severity dynamic;}; };zone . IN {type hint;file named.ca; }; //区域配置内容 include /etc/named.rfc1912.zones; //包含其他的配置文件 include /etc/named.root.key; 2.数据配置文件目录在/var/named 用来保存ip和域名的真实映射关系产生的数据配置文件 [rootsulibao ~]# ll /var/named/ total 16 drwxrwx--- 2 named named 23 Jan 14 14:36 data drwxrwx--- 2 named named 60 Jan 14 14:59 dynamic -rw-r----- 1 root named 2253 Aug 20 2021 named.ca -rw-r----- 1 root named 152 Aug 20 2021 named.empty -rw-r----- 1 root named 152 Aug 20 2021 named.localhost -rw-r----- 1 root named 168 Aug 20 2021 named.loopback drwxrwx--- 2 named named 6 Aug 20 2021 slaves3.区域配置文件在/etc/named.rfc1912.zones 保存的是域名和ip对应关系所在位置没有包含具体的域名和ip对应关系 // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and https://tools.ietf.org/html/rfc6303 // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // Note: empty-zones-enable yes; option is default. // If private ranges should be forwarded, add // disable-empty-zone .; into options //zone localhost.localdomain IN {type master;file named.localhost;allow-update { none; }; }; zone localhost IN {type master;file named.localhost;allow-update { none; }; };zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa IN {type master;file named.loopback;allow-update { none; }; };zone 1.0.0.127.in-addr.arpa IN {type master;file named.loopback;allow-update { none; }; }; zone 0.in-addr.arpa IN {type master;file named.empty;allow-update { none; }; };三.namedbind服务命令部分参数详解 1.named-checkconf /etc/named.conf 检查主配置文件是否书写正确不检查逻辑错误没有报错则为书写正确 [rootsulibao etc]# named-checkconf /etc/named.conf 2.named-checkzone 域名 /var/named/.zone区域文件检查数据配置文件是否书写正确 [rootsulibao etc]# named-checkzone 域名 /var/named/.zone区域文件 zone ssll.com/IN: loaded serial 0 OK3.测试域名是否可用 1host 域名地址(服务器的地址) [rootsulibao ~]# host 域名 192.168.xx.xx Using domain server: Name: 192.168.xx.xx Address: 192.168.xx.xx#xx Aliases: www.ssll.com has address 192.168.xx.xx2nslookup 域名/IP地址或nslookup 域名主服务器IP 使用nslookup 域名进行测试时需要更改配置文件/etc/resolv.conf将原本的nameserver地址改为自己配置的主服务器的地址使用该服务器来进行解析不然就需要每次测试的时候再在后面指定主服务器IP [rootsulibao ~]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.xx.xx ~ ~ ~ ~ [rootsulibao ~]# nslookup dhcp.ssll.com Server: 192.168.xx Address: 192.168.xx.xx#53Name: dhcp.ssll.com Address: 192.168.xx.xx(3)dig 域名/IP地址或dig 域名主服务器的IP [rootsulibao ~]# dig www.ssll.com; DiG 9.11.26-RedHat-9.11.26-6.el8 www.ssll.com ;; global options: cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 17437 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 3d40fb765259182859905d8e63c2bf2121052d8929894483 (good) ;; QUESTION SECTION: ;www.ssll.com. IN A;; ANSWER SECTION: www.ssll.com. 86400 IN A 192.168.xx.xx;; AUTHORITY SECTION: ssll.com. 86400 IN NS dns.ssll.com.;; ADDITIONAL SECTION: dns.ssll.com. 86400 IN A 192.168.xx.xx;; Query time: 1 msec ;; SERVER: 192.168.xx.xx#53(192.168.xx.xx) ;; WHEN: Sat Jan 14 22:41:37 CST 2023 ;; MSG SIZE rcvd: 1194.bind服务所含文件参数介绍 [rootsulibao ~]# rpm -ql bind /etc/logrotate.d/named /etc/named /etc/named.conf //bind主配置文件 /etc/named.iscdlv.key /etc/named.rfc1912.zones //定义zone的文件区域配置文件 /etc/named.root.key /etc/rndc.conf /etc/rndc.key /etc/rwtab.d/named /etc/sysconfig/named /run/named /usr/bin/arpaname /usr/bin/named-rrchecker /usr/lib/python2.7/site-packages/isc /usr/lib/python2.7/site-packages/isc-2.0-py2.7.egg-info /usr/lib/python2.7/site-packages/isc/__init__.py /usr/lib/python2.7/site-packages/isc/__init__.pyc /usr/lib/python2.7/site-packages/isc/__init__.pyo /usr/lib/python2.7/site-packages/isc/checkds.py /usr/lib/python2.7/site-packages/isc/checkds.pyc /usr/lib/python2.7/site-packages/isc/checkds.pyo /usr/lib/python2.7/site-packages/isc/coverage.py /usr/lib/python2.7/site-packages/isc/coverage.pyc /usr/lib/python2.7/site-packages/isc/coverage.pyo /usr/lib/python2.7/site-packages/isc/dnskey.py /usr/lib/python2.7/site-packages/isc/dnskey.pyc /usr/lib/python2.7/site-packages/isc/dnskey.pyo /usr/lib/python2.7/site-packages/isc/eventlist.py /usr/lib/python2.7/site-packages/isc/eventlist.pyc /usr/lib/python2.7/site-packages/isc/eventlist.pyo /usr/lib/python2.7/site-packages/isc/keydict.py /usr/lib/python2.7/site-packages/isc/keydict.pyc /usr/lib/python2.7/site-packages/isc/keydict.pyo /usr/lib/python2.7/site-packages/isc/keyevent.py /usr/lib/python2.7/site-packages/isc/keyevent.pyc /usr/lib/python2.7/site-packages/isc/keyevent.pyo /usr/lib/python2.7/site-packages/isc/keymgr.py /usr/lib/python2.7/site-packages/isc/keymgr.pyc /usr/lib/python2.7/site-packages/isc/keymgr.pyo /usr/lib/python2.7/site-packages/isc/keyseries.py /usr/lib/python2.7/site-packages/isc/keyseries.pyc /usr/lib/python2.7/site-packages/isc/keyseries.pyo /usr/lib/python2.7/site-packages/isc/keyzone.py /usr/lib/python2.7/site-packages/isc/keyzone.pyc /usr/lib/python2.7/site-packages/isc/keyzone.pyo /usr/lib/python2.7/site-packages/isc/parsetab.py /usr/lib/python2.7/site-packages/isc/parsetab.pyc /usr/lib/python2.7/site-packages/isc/parsetab.pyo /usr/lib/python2.7/site-packages/isc/policy.py /usr/lib/python2.7/site-packages/isc/policy.pyc /usr/lib/python2.7/site-packages/isc/policy.pyo /usr/lib/python2.7/site-packages/isc/rndc.py /usr/lib/python2.7/site-packages/isc/rndc.pyc /usr/lib/python2.7/site-packages/isc/rndc.pyo /usr/lib/python2.7/site-packages/isc/utils.py /usr/lib/python2.7/site-packages/isc/utils.pyc /usr/lib/python2.7/site-packages/isc/utils.pyo /usr/lib/systemd/system/named-setup-rndc.service /usr/lib/systemd/system/named.service /usr/lib/tmpfiles.d/named.conf /usr/lib64/bind /usr/libexec/generate-rndc-key.sh /usr/sbin/ddns-confgen /usr/sbin/dnssec-checkds /usr/sbin/dnssec-coverage /usr/sbin/dnssec-dsfromkey /usr/sbin/dnssec-importkey /usr/sbin/dnssec-keyfromlabel /usr/sbin/dnssec-keygen /usr/sbin/dnssec-keymgr /usr/sbin/dnssec-revoke /usr/sbin/dnssec-settime /usr/sbin/dnssec-signzone /usr/sbin/dnssec-verify /usr/sbin/genrandom /usr/sbin/isc-hmac-fixup /usr/sbin/lwresd /usr/sbin/named /usr/sbin/named-checkconf //检测/etc/named.conf书写,使用named-checkconf检查 /usr/sbin/named-checkzone //检测zone和对应zone文件的语法named-checkzone 域名 zone文件 /usr/sbin/named-compilezone /usr/sbin/named-journalprint /usr/sbin/nsec3hash /usr/sbin/rndc //远程dns管理工具 /usr/sbin/rndc-confgen //生成rndc密钥 /usr/sbin/tsig-keygen /usr/share/doc/bind-9.11.4 /usr/share/doc/bind-9.11.4/Bv9ARM.ch01.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch02.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch03.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch04.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch05.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch06.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch07.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch08.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch09.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch10.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch11.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch12.html /usr/share/doc/bind-9.11.4/Bv9ARM.ch13.html /usr/share/doc/bind-9.11.4/Bv9ARM.html /usr/share/doc/bind-9.11.4/Bv9ARM.pdf /usr/share/doc/bind-9.11.4/CHANGES /usr/share/doc/bind-9.11.4/README /usr/share/doc/bind-9.11.4/isc-logo.pdf /usr/share/doc/bind-9.11.4/man.arpaname.html /usr/share/doc/bind-9.11.4/man.ddns-confgen.html /usr/share/doc/bind-9.11.4/man.delv.html /usr/share/doc/bind-9.11.4/man.dig.html /usr/share/doc/bind-9.11.4/man.dnssec-checkds.html /usr/share/doc/bind-9.11.4/man.dnssec-coverage.html /usr/share/doc/bind-9.11.4/man.dnssec-dsfromkey.html /usr/share/doc/bind-9.11.4/man.dnssec-importkey.html /usr/share/doc/bind-9.11.4/man.dnssec-keyfromlabel.html /usr/share/doc/bind-9.11.4/man.dnssec-keygen.html /usr/share/doc/bind-9.11.4/man.dnssec-keymgr.html /usr/share/doc/bind-9.11.4/man.dnssec-revoke.html /usr/share/doc/bind-9.11.4/man.dnssec-settime.html /usr/share/doc/bind-9.11.4/man.dnssec-signzone.html /usr/share/doc/bind-9.11.4/man.dnssec-verify.html /usr/share/doc/bind-9.11.4/man.dnstap-read.html /usr/share/doc/bind-9.11.4/man.genrandom.html /usr/share/doc/bind-9.11.4/man.host.html /usr/share/doc/bind-9.11.4/man.isc-hmac-fixup.html /usr/share/doc/bind-9.11.4/man.lwresd.html /usr/share/doc/bind-9.11.4/man.mdig.html /usr/share/doc/bind-9.11.4/man.named-checkconf.html /usr/share/doc/bind-9.11.4/man.named-checkzone.html /usr/share/doc/bind-9.11.4/man.named-journalprint.html /usr/share/doc/bind-9.11.4/man.named-nzd2nzf.html /usr/share/doc/bind-9.11.4/man.named-rrchecker.html /usr/share/doc/bind-9.11.4/man.named.conf.html /usr/share/doc/bind-9.11.4/man.named.html /usr/share/doc/bind-9.11.4/man.nsec3hash.html /usr/share/doc/bind-9.11.4/man.nslookup.html /usr/share/doc/bind-9.11.4/man.nsupdate.html /usr/share/doc/bind-9.11.4/man.pkcs11-destroy.html /usr/share/doc/bind-9.11.4/man.pkcs11-keygen.html /usr/share/doc/bind-9.11.4/man.pkcs11-list.html /usr/share/doc/bind-9.11.4/man.pkcs11-tokens.html /usr/share/doc/bind-9.11.4/man.rndc-confgen.html /usr/share/doc/bind-9.11.4/man.rndc.conf.html /usr/share/doc/bind-9.11.4/man.rndc.html /usr/share/doc/bind-9.11.4/named.conf.default /usr/share/doc/bind-9.11.4/notes.html /usr/share/doc/bind-9.11.4/notes.pdf /usr/share/doc/bind-9.11.4/sample /usr/share/doc/bind-9.11.4/sample/etc /usr/share/doc/bind-9.11.4/sample/etc/named.conf /usr/share/doc/bind-9.11.4/sample/etc/named.rfc1912.zones /usr/share/doc/bind-9.11.4/sample/var /usr/share/doc/bind-9.11.4/sample/var/named /usr/share/doc/bind-9.11.4/sample/var/named/data /usr/share/doc/bind-9.11.4/sample/var/named/my.external.zone.db /usr/share/doc/bind-9.11.4/sample/var/named/my.internal.zone.db /usr/share/doc/bind-9.11.4/sample/var/named/named.ca /usr/share/doc/bind-9.11.4/sample/var/named/named.empty /usr/share/doc/bind-9.11.4/sample/var/named/named.localhost /usr/share/doc/bind-9.11.4/sample/var/named/named.loopback /usr/share/doc/bind-9.11.4/sample/var/named/slaves /usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.ddns.internal.zone.db /usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.slave.internal.zone.db /usr/share/man/man1/arpaname.1.gz /usr/share/man/man1/named-rrchecker.1.gz /usr/share/man/man5/named.conf.5.gz /usr/share/man/man5/rndc.conf.5.gz /usr/share/man/man8/ddns-confgen.8.gz /usr/share/man/man8/dnssec-checkds.8.gz /usr/share/man/man8/dnssec-coverage.8.gz /usr/share/man/man8/dnssec-dsfromkey.8.gz /usr/share/man/man8/dnssec-importkey.8.gz /usr/share/man/man8/dnssec-keyfromlabel.8.gz /usr/share/man/man8/dnssec-keygen.8.gz /usr/share/man/man8/dnssec-keymgr.8.gz /usr/share/man/man8/dnssec-revoke.8.gz /usr/share/man/man8/dnssec-settime.8.gz /usr/share/man/man8/dnssec-signzone.8.gz /usr/share/man/man8/dnssec-verify.8.gz /usr/share/man/man8/genrandom.8.gz /usr/share/man/man8/isc-hmac-fixup.8.gz /usr/share/man/man8/lwresd.8.gz /usr/share/man/man8/named-checkconf.8.gz /usr/share/man/man8/named-checkzone.8.gz /usr/share/man/man8/named-compilezone.8.gz /usr/share/man/man8/named-journalprint.8.gz /usr/share/man/man8/named.8.gz /usr/share/man/man8/nsec3hash.8.gz /usr/share/man/man8/rndc-confgen.8.gz /usr/share/man/man8/rndc.8.gz /usr/share/man/man8/tsig-keygen.8.gz /var/log/named.log /var/named /var/named/data /var/named/dynamic /var/named/named.ca //根解析库 /var/named/named.empty /var/named/named.localhost //本地主机解析库 /var/named/named.loopback /var/named/slaves //从服务器文件夹配置主从服务器同步时可以用来存放从主服务器同步过来的文件四.使用bindnamed服务配置正向解析以ssll.com做演示当前虚拟机1192.168.2.160作为是主服务器。 1.下载bind服务并开启 [rootsulibao ~]# yum install -y bind [rootsulibao ~]# systemctl start named [rootsulibao ~]# systemctl enable named2.制定配置计划 www.xx.com——分配一个真实ip dns.xx.com——分配一个真实ip dhcp.xx.com——可以选择分配虚拟地址 nfs.xx.com——可以选择分配虚拟地址 ntp.xx.com——可以选择分配虚拟地址 3.修改主配置文件/etc/named.conf 1修改监听的服务器的地址为真实地址 [rootsulibao ~]# vim /etc/named.conf listen-on port 53 { 192.168.2.160; }; allow-query { 192.168.2.0/24; }; 2配置区域文件我们是手动创建区域文件所以需要并注释掉最后的其他配置文件 zone ssll.com IN { type master; //master指的是服务器主区域file ssll.zone; }; #include /etc/named.rfc1912.zones; #include /etc/named.root.key;4.配置数据配置文件/var/named/ 1在/var/named/下vim一个“.zone”结尾的区域文件 [rootsulibao ~]# vim /var/named/ssll.zone 2 目前里面内容为空格式有点不好把控可以使用cp命令去将本地数据配置文件拷贝到本文件 [rootsulibao ~]# cd /var/named/ [rootsulibao named]# ll total 20 drwxrwx--- 2 named named 23 Jan 14 14:28 data drwxrwx--- 2 named named 31 Jan 14 14:44 dynamic -rw-r----- 1 root named 2253 Apr 5 2018 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback drwxrwx--- 2 named named 6 Oct 4 15:06 slaves -rw-r--r-- 1 root root 879 Jan 14 14:32 ssll.zone [rootsulibao named]# cp -a named.localhost ssll.zone //-a可以将组合权限等一起复制 $TTL 1DIN SOA rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS A 127.0.0.1AAAA ::13 进行配置 $TTL 1DIN SOA dns.ssll.com. test.163.com ( 0 1D 1H 1W 3H ) IN NS dns.ssll.com.IN MX 10 mail.ssll.com. dns.ssll.com. IN A 192.168.2.160 mail.ssll.com. IN A 192.168.2.161 www.ssll.com. IN A 192.168.2.160 dnss IN CNAME dns #CNAME别名访问dns.ssll.com时允许将dns替换为dnss ftp IN A 192.168.xx.xx dhcp IN A 192.168.xx.xx ntp IN A 192.168.xx.xx $TTL 1D表示缓存时间为一天表示代替域名充当占位符区域文件 IN表示互联网 SOA表示开始权限记录 dns.ssll.com处写主域名服务器名称 NS表示记录域名记录由哪一台主机服务器去解析当前所定义的域主机 test.163.com处写区域文件管理员的邮件地址“”用“.”代替 MX表示邮件交换记录后面写数字和接收邮件的服务器主机名字10数字表示优先级范围0-50越小优先级越高括号内参数0 表示serial——更新序列号标记新旧程度 1D 表示refresh——刷新时间 1H 表示retry ——重试时间连接不上时多长时间重试一次 1W 表示expire——失效时间如果一直重连接不上多长时间后就不再连接 3H 表示minimum——无效解析记录的缓存时间 CNAME别名访问dns.ssll.com时允许将dns替换为dnss 5.检查主配置文件和数据配置文件格式并重启named服务启动没有报错再进行测试 [rootsulibao ~]# named-checkconf /etc/named.conf [rootsulibao ~]# named-checkzone ssll.com /var/named/ssll.zone zone ssll.com/IN: loaded serial 0 OK [rootsulibao ~]# systemctl restart httpd [rootsulibao ~]# systemctl restart named 6.进行测试 1Linux上测试另外开一台虚拟机使用hostdignslookup前文已经介绍、ping命令进行测试同时也可以试试像mail.ssll.comdns.ssll.com,dhcp.ssll.com 等域名看看是否能通 [rootsulibao ~]# nslookup www.ssll.com Server: 192.168.2.160 Address: 192.168.2.160#53 //这里出现在主配置文件设置的监听地址端口就可视为而成功了Name: www.ssll.com Address: 192.168.2.160[rootsulibao ~]# nslookup mail.ssll.com Server: 192.168.2.161 Address: 192.168.2.161#53Name: mail.ssll.com Address: 192.168.2.161[rootsulibao ~]# nslookup dns.ssll.com Server: 192.168.2.160 Address: 192.168.2.160#53Name: dns.ssll.com Address: 192.168.2.160[rootsulibao ~]# nslookup ftp.ssll.com Server: 192.168.xx.xx Address: 192.168.xx.xx#53Name: ftp.ssll.com Address: 192.168.xx.xx[rootsulibao ~]# nslookup ntp.ssll.com Server: 192.168.xx.xx Address: 192.168.xx.xx#53Name: ntp.ssll.com Address: 192.168.xx.xx[rootsulibao ~]# nslookup dhcp.ssll.com Server: 192.168.xx.xx Address: 192.168.xx.xx#53Name: dhcp.ssll.com Address: 192.168.xx.xx 如果此处测试不成功并且排除了配置文件的错误可以试试在网络设置里将你虚拟机的 VMnet8网卡的ipv4dns服务设置为手动并指定为你dns服务器的ip地址 2windows上ping域名为域名放行将ip 和域名的映射关系写入hosts文件。 windows powershell——管理员身份运行 Windows PowerShell 版权所有C Microsoft Corporation。保留所有权利。安装最新的 PowerShell了解新功能和改进https://aka.ms/PSWindowsPS C:\WINDOWS\system32 cd .\drivers\etc\ PS C:\WINDOWS\system32\drivers\etc ls目录: C:\WINDOWS\system32\drivers\etcMode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 2023/1/13 13:52 873 hosts -a---- 2022/5/7 13:22 3683 lmhosts.sam -a---- 2022/5/12 12:16 407 networks -a---- 2022/5/12 12:16 1358 protocol -a---- 2022/5/12 12:16 17635 servicesPS C:\WINDOWS\system32\drivers\etc notepad .\hosts PS C:\WINDOWS\system32\drivers\etc 也可以到浏览器中使用域名访问之前的文章中配置的内容五.使用bindnamed服务配置反向解析在第四节的基础上进行以ssll.com做演示当前虚拟机1作为是主服务器。 1.修改主配置文件/etc/named.conf 只需要在区域文件书写处新添加区域文件即可 [rootsulibao ~]# vim /etc/named.conf zone 2.168.192.in-addr.arpa IN { //倒着写你服务器ip所在网段最后一位0可以省略后缀需要加上.in-addr-arpatype master;file 2.168.192.zone; };2.修改数据配置文件在/var/named/目录下vim一个2.168.192.zone 文件 PRT表示反向解析 [rootsulibao ~]# vim /var/named/2.168.192.zone //基本格式和正向解析相同 $TTL 1DIN SOA dns.ssll.com. test.163.com (01D1H1W 3H )IN NS dns.ssll.com.//将域名与IP指向反过来书写这里的因为都属于是同一网段只需要写末尾一位 160 IN PTR dns.ssll.com 161 IN PTR mail.ssll.com 160 IN PTR www.ssll.com xx IN PTR ftp xx IN PTR dhcp xx IN PTR ntp 3.检查书写并重启服务 [rootsulibao ~]# named-checkconf /etc/named.conf [rootsulibao ~]# named-checkzone 2.168.192 /var/named/2.168.192.zone zone 2.168.192/IN: loaded serial 0 OK [rootsulibao ~]# systemctl restart named4.测试 nslookup 被解析的ip (主服务服务器ip) [rootlocalhost named]# nslookup 192.168.2.10 ** server cant find 10.2.168.192.in-addr.arpa: NXDOMAIN[rootlocalhost named]# nslookup 192.168.2.160 160.2.168.192.in-addr.arpa name dns.ssll.com.2.168.192.in-addr.arpa.六.实现DNS主从服务器同步完全/增量区域传送 1.复制同步整个区域的文件叫完全区域传送除开上文用到的虚拟机1重新开一台虚拟机2(192.168.2.170)虚拟机1作为主服务器虚拟机2作为从服务器。保证网卡连接可用selinux和防火墙关闭下载并启动bind服务。 2.主从配置演示 1配置主服务器虚拟机1的主配置文件/etc/named.conf [rootsulibao ~]# vim /etc/named.conf allow-query { 192.168.2.0/24; }; //找到这一行在下面添加一行 allow-transfer { 192.168.2.0/24; }; //网段相同属于区域传送内容保存退出可以检查一下书写 2配置从服务器虚拟机2的主配置文件/etc/named.conf 将监听处改为自己的本机IP listen-on port 53 { 192.168.2.170; };写区域文件将类型指定为slave从服务器类型再指定从哪台服务器同步写上服务器ip地址将同步的区域文件放在/var/named下的slavles文件夹中 zone ssll.com IN {type slave; //slave指的是从服务器区域也叫辅助区域masters { 192.168.2.160; }; #指定同步的主机file slaves/ssll.zone; //名称指定是主服务器的.zone文件会自动在/var/named/slaves下生成 }; [rootsulibao ~]# cd /var/named/slaves/ [rootsulibao slaves]# ll total 4 -rw-r--r-- 1 named named 500 Jan 14 20:04 ssll.zone3检查书写并重启服务 [rootsulibao ~]# named-checkconf /etc/named.conf [rootsulibao ~]# systemctl restart named4测试这里只能解析你主服务器上配置了的域名,主服务器上配置了反向解析从服务器同步过来也可以解析配置了的ip [rootSLB slaves]# tail -1 /etc/resolv.conf nameserver 192.168.2.170 [rootSLB slaves]# nslookup www.ssll.com Server: 192.168.2.170 Address: 192.168.2.170#53Name: www.ssll.com Address: 192.168.2.160[rootSLB slaves]# nslookup mail.ssll.com Server: 192.168.2.170 Address: 192.168.2.170#53Name: mail.ssll.com Address: 192.168.2.1613.增量区域传送简介只复制同步区域的变化的文件叫增量区域传送配置主从dns服务器时如果更改了主服务器配置文件的新旧程度值需要在主服务器的数据配置文件中作修改才能在从服务器同步文件时间。主配置文件的/var/named/下的ssll.zone文件注意修改了0从服务器对文件作比较后只同步更新的时间不同步更旧的时间即序号比原序号大才能同步。七.实现批量域名解析正/反向解析基于前文已经配置了正反向解析的前提下再进行配置批量解析 1.正向解析 1在你前面配置正向解析的区域文件中进行更改内容 /var/named/ssll.zone [rootsulibao ~]# vim /var/named/ssll.zone 在最后一行加上这行以批量解析10-15为例你也可以写成你配置的各个域名对应的地址范围 $GENERATE 10-15 $.ssll.com. IN A 192.168.2.$这个$符就表示替换你前面写的值后面的$同理2检查书写后重启服务 [rootsulibao ~]# named-checkzone ssll.com /var/named/ssll.zone zone ssll.com/IN: loaded serial 0 OK [rootsulibao ~]# systemctl restart named3测试 [rootsulibao ~]# nslookup www.ssll.com Server: 192.168.xx.xx Address: 192.168.xx.xx#53Name: www.ssll.com Address: 192.168.xx.xx[rootsulibao ~]# nslookup 10.ssll.com Server: 192.168.xx Address: 192.168.xx.xx#53Name: 10.ssll.com Address: 192.168.2.10[rootsulibao ~]# nslookup 13.ssll.com Server: 192.168.2.xx Address: 192.168.2.xx#53Name: 13.ssll.com Address: 192.168.2.132.反向解析 1在你前面配置反向解析的区域文件中进行更改内容 /var/named/2.168.192.zone [rootsulibao ~]# vim /var/named/2.168.192.zone 在最后一行加上这行以批量解析10-15为例你也写成你配置的各个域名对应的地址范围 $GENERATE 10-15 $ IN PTR $.ssll.com2检查书写后重启服务 [rootsulibao ~]# named-checkzone 2.168.192 /var/named/2.168.192.zone zone 2.168.192/IN: loaded serial 0 OK [rootsulibao ~]# systemctl restart named3测试 [rootsulibao ~]# nslookup 192.168.xx.xx xx.2.168.192.in-addr.arpa name dns.ssll.com.[rootsulibao ~]# nslookup 192.168.2.10 10.2.168.192.in-addr.arpa name 10.ssll.com.2.168.192.in-addr.arpa.[rootsulibao ~]# nslookup 192.168.2.15 15.2.168.192.in-addr.arpa name 15.ssll.com.2.168.192.in-addr.arpa.

查看全文

http://www.dnsts.com.cn/news/230725.html