系統(tǒng)架構(gòu)師-DNS學(xué)習(xí)筆記

DNS學(xué)習(xí)筆記

1.DNS概述

DNS（Domain Name System）
分布式數(shù)據(jù)庫(kù)，域名空間
DNS服務(wù)運(yùn)行在UDP協(xié)議之上忽冻，使用端口號(hào)53惦银。

2.DNS解析過(guò)程

本地緩存
DNS服務(wù)器緩存
DNS服務(wù)器數(shù)據(jù)庫(kù)
根域DNS服務(wù)器望蜡，頂級(jí)-》二級(jí)域 -》三級(jí)域
解析結(jié)果返回或返回錯(cuò)誤信息

3.DNS的分類(lèi)

主DNS服務(wù)器
從DNS服務(wù)器
緩存服務(wù)器
轉(zhuǎn)發(fā)器

4.DNS的記錄類(lèi)型

SOA - 自己dns說(shuō)明文本
NS - 域的授權(quán)名稱(chēng)服務(wù)器
MX - 域的郵件交換器绒窑，優(yōu)先級(jí)值棕孙，越小越高
A - IPV4主機(jī)地址
AAAA - IPV6主機(jī)地址
PTR - 解析IP的指針，反向記錄
CNAME - 權(quán)威名稱(chēng)些膨，定義別名記錄

5.DNS命名規(guī)范

字母蟀俊、數(shù)字、下劃線(xiàn)订雾、最多63字節(jié)長(zhǎng)度
如果命名不規(guī)范肢预，在master-view文件上配置check-names ignore

6.DIG，NSLOOKUP洼哎，HOST

[root@linux-node1 ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 14.215.177.38
www.a.shifen.com has address 14.215.177.37
[root@linux-node1 ~]# nslookup www.baidu.com
Server:     192.168.88.2
Address:    192.168.88.2#53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 14.215.177.38
Name:   www.a.shifen.com
Address: 14.215.177.37

[root@linux-node1 ~]# dig www.baidu.com

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50183
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0005 , udp: 4096
;; QUESTION SECTION:
;www.baidu.com.         IN  A

;; ANSWER SECTION:
www.baidu.com.      5   IN  CNAME   www.a.shifen.com.
www.a.shifen.com.   5   IN  A   14.215.177.38
www.a.shifen.com.   5   IN  A   14.215.177.37

;; Query time: 2481 msec
;; SERVER: 192.168.88.2#53(192.168.88.2)
;; WHEN: Thu Aug 17 11:42:28 CST 2017
;; MSG SIZE  rcvd: 101

7. 部署B(yǎng)IND9

Bind是一款開(kāi)源DNS服務(wù)器軟件烫映，Berkeley Internet Name Domain

安裝軟件

yum install -y  bind-utils bind bind-devel bind-chroot

vim /etc/named.conf

options {
    listen-on port 53 { any; };
    directory   "/var/named/chroot/etc/";
    allow-query { any; };
    dump-file   "/var/named/chroot/var/log/binddump.db";
    Statistics-file "/var/named/chroot/var/log/named_stats";
    zone-statistics yes;
    memstatistics-file  "log/mem_stats";
    empty-zones-enable  no;
    forwarders {202.106.196.115;8.8.8.8; };
};

key "rndc-key" {
    algorithm hmac-md5;
    secret "Eqw4hClGExUWeDkKBX/pBg==";
};

controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys {"rndc-key";};
};

logging {
    channel warning {
    file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
    severity warning;
    print-category yes;
    print-severity yes;
    print-time yes;
    };

    channel general_dns {
        file "/var/named/chroot/var/log/dns_log";
        severity info;
        print-category yes;
        print-severity yes;
        print-time yes;
    };
    category default {
        warning;
    };
    category queries {
        general_dns;
    };
};

include "/var/named/chroot/etc/view.conf";

vim /etc/rndc.key

key "rndc-key" {
    algorithm hmac-md5;
    secret "Eqw4hClGExUWeDkKBX/pBg==";
};

vim /etc/rndc.conf

key "rndc-key" {
    algorithm hmac-md5;
    secret "Eqw4hClGExUWeDkKBX/pBg==";
};

options {
    default-key "rndc-key";
    default-server 127.0.0.1;
    default-port 953;
};

vim /var/named/chroot/etc/view.conf

view "View" {
    zone "fbo.com" {
    type    master;
    file    "fbo.com.zone";
    allow-transfer  {
        192.168.57.200;
    };
    notify yes;
    also-notify {
        192.168.57.200;
    };
    };
};

vim /var/named/chroot/etc/fbo.com.zone

$ORIGIN .
$TTL    3600    ;   1   hour
fbo.com IN SOA op.fbo.com.  dns.fbo.com.    (
        2000    ;   serial
        900 ;   refresh (15 minutes)
        600 ;   retry   (10 minutes)
        86400   ;   expire  (1 day)
        3600    ;   minimum (1  hour)
        )
        NS  op.fbo.com.
$ORIGIN fbo.com.
shanks  A   1.2.3.4
op  A 1.2.3.4

啟動(dòng)服務(wù)

systemctl enable named
systemctl start named

檢查結(jié)果

[root@linux-node1 var]# dig @127.0.0.1 shanks.fbo.com

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> @127.0.0.1 shanks.fbo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23459
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;shanks.fbo.com.            IN  A

;; ANSWER SECTION:
shanks.fbo.com.     3600    IN  A   1.2.3.4

;; AUTHORITY SECTION:
fbo.com.        3600    IN  NS  op.fbo.com.

;; ADDITIONAL SECTION:
op.fbo.com.     3600    IN  A   1.2.3.4

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 17 15:05:18 CST 2017
;; MSG SIZE  rcvd: 92

8.部署從DNS服務(wù)器

安裝軟件

yum install -y  bind-utils bind bind-devel bind-chroot

vim /etc/named.conf

options {
    listen-on port 53 { any; };
    directory   "/var/named/chroot/etc/";
    allow-query { any; };
    dump-file   "/var/named/chroot/var/log/binddump.db";
    Statistics-file "/var/named/chroot/var/log/named_stats";
    zone-statistics yes;
    memstatistics-file  "log/mem_stats";
    empty-zones-enable  no;
    forwarders {202.106.196.115;8.8.8.8; };
};

key "rndc-key" {
    algorithm hmac-md5;
    secret "Eqw4hClGExUWeDkKBX/pBg==";
};

controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys {"rndc-key";};
};

logging {
    channel warning {
    file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
    severity warning;
    print-category yes;
    print-severity yes;
    print-time yes;
    };

    channel general_dns {
        file "/var/named/chroot/var/log/dns_log";
        severity info;
        print-category yes;
        print-severity yes;
        print-time yes;
    };
    category default {
        warning;
    };
    category queries {
        general_dns;
    };
};

include "/var/named/chroot/etc/view.conf";

vim /etc/rndc.key

key "rndc-key" {
    algorithm hmac-md5;
    secret "Eqw4hClGExUWeDkKBX/pBg==";
};

vim /etc/rndc.conf

key "rndc-key" {
    algorithm hmac-md5;
    secret "Eqw4hClGExUWeDkKBX/pBg==";
};

options {
    default-key "rndc-key";
    default-server 127.0.0.1;
    default-port 953;
};

vim /var/named/chroot/etc/view

view "SalveView" {
    zone "fbo.com" {
        type    slave;
        masters {192.168.57.100;};
        file    "slave.fbo.com.zone";
    };
};

修改master上的view.conf配置沼本，將slave節(jié)點(diǎn)ip加入，之后再fbo.com.zone將serial+1
在salve上修改目錄權(quán)限窑邦，并啟動(dòng)
在master上執(zhí)行rdnc reload

9.添加A擅威、CNAME、MX冈钦、PTR記錄

在zone文件末尾里添加A記錄(實(shí)現(xiàn)負(fù)載均衡)

a A x.x.x.x

[root@linux-node1 ~]# host a.fbo.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases: 
a.fbo.com has address 192.168.122.100

在zone文件末尾里添加CNAME

cname   CNAME   a.fbo.com.

[root@linux-node1 ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@linux-node1 ~]# host cname.fbo.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases: 

cname.fbo.com is an alias for a.fbo.com.
a.fbo.com has address 192.168.122.100

在zone文件末尾添加mx記錄,mx值越小優(yōu)先級(jí)越高

mx  mx 5    x.x.x.x
mx  mx 10   x.x.x.x

添加PTR記錄

# /var/named/chroot/etc/view.conf
zone    "168.192.in-addr.arpa"  {
    type master;
    file    "168.192.zone";
    allow-transfer  {
        10.6.0.254;
    };
    notify  yes;
    also-notify {
        10.6.0.254;
        };
};
# /var/named/chroot/etc/168.192.zone
$TTL    3600    ;   1   hour
                    IN  SOA op.fbo.com. dns.fbo.com.    (
                        2004    ;   serial
                        900     ;   refresh (15 minutes)
                        600     ;   retry   (10 minutes)
                        86400   ;   expire  (1  day)
                        3600    ;   minimum (1 hour)
                        )
                        NS  op.fbo.com.
102.122 IN  PTR a.fbo.com.

配置DNS視圖（智能DNS）- 分區(qū)訪問(wèn)

# master節(jié)點(diǎn)/var/name/chroot/etc/named.conf,在include上面添加
acl group1  {
    192.168.57.100;
};
acl group2 {
    192.168.57.200;
};
# 修改/var/named/chroot/etc/view.conf為
view "GROUP1"   {
    match-clients { group1; };
    zone    "viewfbo.com"   {
        type master;
        file "group1.viewfbo.com.zone";
    };
};
view "GROUP2"   {
    match-clients { group2; };
    zone    "viewfbo.com"   {
        type master;
        file "group2.viewfbo.com.zone";
    };
};
# master節(jié)點(diǎn)/var/named/chroot/etc/group1.viewfbo.com.zone
$ORIGIN .
$TTL    3600    ;   1   hour
viewfbo.com IN  SOA op.viewfbo.com. dns.viewfbo.com.    (
    2004    ;   serial
    900     ;   refresh (15 minutes)
    600     ;   retry   (10 minutes)
    86400   ;   expire  (1  day)
    3600    ;   minimum (1 hour)
    )
            NS  op.viewfbo.com.
$ORIGIN viewfbo.com.
op  A   192.168.122.1
view    A   192.168.122.1
# master節(jié)點(diǎn)/var/named/chroot/etc/group2.viewfbo.com.zone
$ORIGIN .
$TTL    3600    ;   1   hour
viewfbo.com IN  SOA op.viewfbo.com. dns.viewfbo.com.    (
    2004    ;   serial
    900     ;   refresh (15 minutes)
    600     ;   retry   (10 minutes)
    86400   ;   expire  (1  day)
    3600    ;   minimum (1 hour)
    )
            NS  op.viewfbo.com.
$ORIGIN viewfbo.com.
op  A   192.168.122.2
view    A   192.168.122.2
# 修改文件權(quán)限
chown named.named /var/named/chroot/etc/group*.zone
rndc reload
dig @192.168.57.100 view.viewfbo.com

高可用、高性能

壓測(cè)：queryperf
queryperf -d test.txt -s 8.8.8.8
配置管理自動(dòng)化：bind-dlz
https://github.com/shanks1127/dns

其他軟件

DNSMASQ
HTTPDNS

最后編輯于：2017.12.10 02:44:04

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者

人面猴
序言：七十年代末李请，一起剝皮案震驚了整個(gè)濱河市瞧筛，隨后出現(xiàn)的幾起案子，更是在濱河造成了極大的恐慌导盅，老刑警劉巖较幌，帶你破解...
沈念sama閱讀 212,185評(píng)論 6贊 493
死咒
序言：濱河連續(xù)發(fā)生了三起死亡事件，死亡現(xiàn)場(chǎng)離奇詭異白翻，居然都是意外死亡乍炉，警方通過(guò)查閱死者的電腦和手機(jī)，發(fā)現(xiàn)死者居然都...
沈念sama閱讀 90,445評(píng)論 3贊 385
救了他兩次的神仙讓他今天三更去死
文/潘曉璐我一進(jìn)店門(mén)滤馍，熙熙樓的掌柜王于貴愁眉苦臉地迎上來(lái)岛琼，“玉大人，你說(shuō)我怎么就攤上這事巢株』比穑” “怎么了？”我有些...
開(kāi)封第一講書(shū)人閱讀 157,684評(píng)論 0贊 348
道士緝兇錄：失蹤的賣(mài)姜人
文/不壞的土叔我叫張陵阁苞，是天一觀的道長(zhǎng)困檩。經(jīng)常有香客問(wèn)我，道長(zhǎng)那槽，這世上最難降的妖魔是什么悼沿？我笑而不...
開(kāi)封第一講書(shū)人閱讀 56,564評(píng)論 1贊 284
?港島之戀（遺憾婚禮）
正文為了忘掉前任，我火速辦了婚禮骚灸，結(jié)果婚禮上糟趾，老公的妹妹穿的比我還像新娘。我一直安慰自己逢唤，他們只是感情好拉讯，可當(dāng)我...
茶點(diǎn)故事閱讀 65,681評(píng)論 6贊 386
惡毒庶女頂嫁案：這布局不是一般人想出來(lái)的
文/花漫我一把揭開(kāi)白布。她就那樣靜靜地躺著鳖藕，像睡著了一般魔慷。火紅的嫁衣襯著肌膚如雪。梳的紋絲不亂的頭發(fā)上著恩，一...
開(kāi)封第一講書(shū)人閱讀 49,874評(píng)論 1贊 290
城市分裂傳說(shuō)
那天院尔，我揣著相機(jī)與錄音蜻展，去河邊找鬼。笑死邀摆，一個(gè)胖子當(dāng)著我的面吹牛纵顾，可吹牛的內(nèi)容都是我干的。我是一名探鬼主播栋盹，決...
沈念sama閱讀 39,025評(píng)論 3贊 408
雙鴛鴦連環(huán)套：你想象不到人心有多黑
文/蒼蘭香墨我猛地睜開(kāi)眼施逾，長(zhǎng)吁一口氣：“原來(lái)是場(chǎng)噩夢(mèng)啊……” “哼！你這毒婦竟也來(lái)了例获？” 一聲冷哼從身側(cè)響起汉额，我...
開(kāi)封第一講書(shū)人閱讀 37,761評(píng)論 0贊 268
萬(wàn)榮殺人案實(shí)錄
序言：老撾萬(wàn)榮一對(duì)情侶失蹤，失蹤者是張志新（化名）和其女友劉穎榨汤，沒(méi)想到半個(gè)月后蠕搜，有當(dāng)?shù)厝嗽跇?shù)林里發(fā)現(xiàn)了一具尸體，經(jīng)...
沈念sama閱讀 44,217評(píng)論 1贊 303
?護(hù)林員之死
正文獨(dú)居荒郊野嶺守林人離奇死亡收壕，尸身上長(zhǎng)有42處帶血的膿包…… 初始之章·張勛以下內(nèi)容為張勛視角年9月15日...
茶點(diǎn)故事閱讀 36,545評(píng)論 2贊 327
?白月光啟示錄
正文我和宋清朗相戀三年妓灌，在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了。大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片蜜宪。...
茶點(diǎn)故事閱讀 38,694評(píng)論 1贊 341
活死人
序言：一個(gè)原本活蹦亂跳的男人離奇死亡虫埂，死狀恐怖，靈堂內(nèi)的尸體忽然破棺而出端壳，到底是詐尸還是另有隱情告丢，我是刑警寧澤，帶...
沈念sama閱讀 34,351評(píng)論 4贊 332
?日本核電站爆炸內(nèi)幕
正文年R本政府宣布损谦，位于F島的核電站岖免，受9級(jí)特大地震影響，放射性物質(zhì)發(fā)生泄漏照捡。R本人自食惡果不足惜颅湘，卻給世界環(huán)境...
茶點(diǎn)故事閱讀 39,988評(píng)論 3贊 315
男人毒藥：我在死后第九天來(lái)索命
文/蒙蒙一、第九天我趴在偏房一處隱蔽的房頂上張望栗精。院中可真熱鬧闯参，春花似錦、人聲如沸悲立。這莊子的主人今日做“春日...
開(kāi)封第一講書(shū)人閱讀 30,778評(píng)論 0贊 21
一樁弒父案，背后竟有這般陰謀
文/蒼蘭香墨我抬頭看了看天上的太陽(yáng)薪夕。三九已至脚草，卻和暖如春，著一層夾襖步出監(jiān)牢的瞬間原献，已是汗流浹背馏慨。一陣腳步聲響...
開(kāi)封第一講書(shū)人閱讀 32,007評(píng)論 1贊 266
情欲美人皮
我被黑心中介騙來(lái)泰國(guó)打工埂淮，沒(méi)想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留，地道東北人写隶。一個(gè)月前我還...
沈念sama閱讀 46,427評(píng)論 2贊 360
代替公主和親
正文我出身青樓倔撞，卻偏偏與公主長(zhǎng)得像，于是被迫代替她去往敵國(guó)和親慕趴。傳聞我的和親對(duì)象是個(gè)殘疾皇子痪蝇，可洞房花燭夜當(dāng)晚...
茶點(diǎn)故事閱讀 43,580評(píng)論 2贊 349