簡述DNS原理蛉加,搭建主-輔服務(wù)器蚜枢,搭建智能DNS

一、DNS是什么

DNS(Domain Name Service的縮寫)的作用就是根據(jù)域名查出IP地址针饥。IP地址是由32位二進制數(shù)字組成祟偷,人們很難記住這些IP,相反打厘,大家愿意使用比較容易記憶的主機名字修肠。而電腦在處理IP數(shù)據(jù)報文時,是使用IP地址的户盯,因為它是固定長度嵌施。

DNS查詢的類型對于客戶端來說是遞歸查詢饲化,對于DNS服務(wù)器來說,絕大多數(shù)是迭代查詢的吗伤。DNS名稱解析中吃靠,從名稱到IP的查詢叫做正向解析,而從IP到名稱的查詢叫做反向解析足淆。如果DNS服務(wù)器至少解析了一個或一個以上的域叫做DNS主服務(wù)器或者DNS輔助服務(wù)器巢块,如果不負責任何解析叫做DNS緩存服務(wù)器。

現(xiàn)在互聯(lián)網(wǎng)規(guī)模很大巧号,DNS被設(shè)計成一個分布式的數(shù)據(jù)庫系統(tǒng)族奢,他分布的功能就是把一個大的數(shù)據(jù)庫切割成很多小的數(shù)據(jù)庫,來分別提供一部分數(shù)據(jù)的處理丹鸿。全球一共分布了13臺DNS根服務(wù)器越走,名字為A至M。

圖片.png

二靠欢、DNS的域名解析過程

圖片.png
用戶使用瀏覽器輸入網(wǎng)址時域名解析過程:
  1. 客戶訪問時廊敌,先查自己的hosts文件,有則返回
  2. 客戶hosts中沒有就去查自己的緩存门怪,有則返回
  3. 客戶緩存沒有就去找dns服務(wù)器
  4. dns服務(wù)器先找根服務(wù)器獲得頂級域服務(wù)器地址
  5. dns服務(wù)器在找頂級域服務(wù)器去獲得二級域服務(wù)器地址
  6. dns服務(wù)器從二級域服務(wù)器獲得最終的IP地址
  7. 客戶端從dns服務(wù)器中得到IP地址
DNS區(qū)域數(shù)據(jù)庫文件

資源記錄(Resource Record)的類型有以下幾個:

  • SOA:起始授權(quán)記錄骡澈,只能有一個,必須放在第一條
  • NS:域名服務(wù)記錄掷空,其中一個為主肋殴,可以有多個
  • A:IPv4地址記錄
  • AAAA:IPv6地址記錄
  • CNAME:別名記錄
  • PTR:反向解析記錄
  • MX:郵件交換器
相關(guān)測試工具及命令

  • dig命令
    用于測試DNS系統(tǒng),其不會查詢hosts文件拣帽,使用格式:
    dig [-t RR_TYPE] name [@SERVER] [query options]
    常用的查詢選項包括:
    +[no]trace:跟蹤解析過程疼电;
    +[no]recurse:進行遞歸解析嚼锄;
    其常用用法包括:
    反向解析測試:dig -x IP
    測試區(qū)域傳送:dig -t [axfr|ixfr] DOMAIN [@server]

  • host命令
    其用法類似于dig命令减拭,使用格式為:
    host [-t RR_TYPE] name SERVER_IP

  • nslookup命令
    nslookup命令有兩種使用模式,一種是命令模式区丑,另一個交互模式拧粪。
    其命令模式的使用格式為:nslookup [-options] [name] [server]
    而交互模式的使用格式為:
    nslookup>
    server IP:以指定的IP為DNS服務(wù)器進行查詢;
    set q=RR_TYPE:要查詢的資源記錄類型沧侥;
    name:要查詢的名稱可霎;

  • rndc命令
    rndc命令為named服務(wù)的控制命令,其常用的用法有以下:
    rndc status:顯示服務(wù)器狀態(tài)
    rndc reload:在不停止DNS服務(wù)器工作的情況下宴杀,重新加載配置文件和區(qū)域文件
    rndc flush:清理DNS緩存

bind中的安全相關(guān)的配置

  1. bind有四個內(nèi)置的acl

    • none:沒有一個主機癣朗;
    • any:任意主機;
    • local:本機旺罢;
    • localnet:本機所在的IP所屬的網(wǎng)絡(luò)旷余;

  2. 訪問控制指令:

    • allow-query {}; 允許查詢的主機绢记;白名單;
    • allow-transfer {}; 允許向哪些主機做區(qū)域傳送正卧;默認為向所有主機蠢熄;
    • allow-recursion {}; 允許哪些主機向當前DNS服務(wù)器發(fā)起遞歸查詢請求;
    • allow-update {}; DDNS炉旷,允許動態(tài)更新區(qū)域數(shù)據(jù)庫文件中內(nèi)容签孔;

三、搭建主輔DNS服務(wù)器

環(huán)境說明

DNS主服務(wù)器:192.168.10.10
DNS輔服務(wù)器:192.168.10.11
DNS子域主服務(wù)器:192.168.10.12

1.設(shè)置主DNS服務(wù)器

安裝軟件
[root@localhost ~]# yum -y install bind  #安裝bind
[root@localhost ~]# yum -y install bind-utils  #安裝bind工具包
[root@localhost ~]# systemctl start named  #啟動服務(wù)
[root@localhost ~]# netstat -tunlp  #查看狀態(tài)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1323/named          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      891/sshd            
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1323/named          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      994/master          
tcp6       0      0 ::1:53                  :::*                    LISTEN      1323/named          
tcp6       0      0 :::22                   :::*                    LISTEN      891/sshd            
tcp6       0      0 ::1:953                 :::*                    LISTEN      1323/named          
tcp6       0      0 ::1:25                  :::*                    LISTEN      994/master          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1323/named          
udp        0      0 127.0.0.1:323           0.0.0.0:*                           639/chronyd         
udp6       0      0 ::1:53                  :::*                                1323/named          
udp6       0      0 ::1:323                 :::*                                639/chronyd   
#其中53端口被監(jiān)聽窘行,953端口被rndc監(jiān)聽
配置環(huán)境
[root@localhost ~]# vim /etc/resolv.conf  #修改DNS配置文件
nameserver 192.168.10.10

[root@localhost ~]# vim /etc/named.conf 

listen-on port 53 { 192.168.10.10; }; #修改監(jiān)聽通信地址IP
allow-query     { any; };  #允許任何人連接饥追,設(shè)置成any
dnssec-enable no;
dnssec-validation no;
#關(guān)閉dnssec,設(shè)置為no
配置解析一個正向區(qū)域
[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN {
        type master;  #定義主類型
        file "test.com.zone";  #這是相對路徑,在/var/named下
};
建立區(qū)域數(shù)據(jù)文件
[root@localhost ~]# vim /var/named/test.com.zone
$TTL 3600
$ORIGIN test.com.  #補一個后綴
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053101
        1H
        10M
        3D
        1D )
        IN NS ns1  #前面有補后綴可以簡寫抽高,否則寫全稱最后要有點號
        IN MX 10 mx1
        IN MX 20 mx2
ns1 IN A 192.168.10.10
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
修改權(quán)限判耕,檢測語法
[root@localhost ~]# chgrp named /var/named/test.com.zone 
[root@localhost ~]# chmod o= /var/named/test.com.zone
#修改新鍵的區(qū)域數(shù)據(jù)文件權(quán)限
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2018053101
OK
#檢測語法
服務(wù)器重載配置文件和區(qū)域數(shù)據(jù)文件
[root@localhost named]# rndc status
number of zones: 101
[root@localhost named]# rndc reload
server reload successful
[root@localhost named]# rndc status
number of zones: 102
#查看狀態(tài)可以看到重載后數(shù)字加1
DNS主服務(wù)器正向解析測試
[root@localhost ~]# dig -t -A www.test.com
;; Warning, ignoring invalid type -A

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t -A www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18274
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 21:55:26 EDT 2018
;; MSG SIZE  rcvd: 91

[root@localhost named]# dig -t A web.test.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A web.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65204
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;web.test.com.          IN  A

;; ANSWER SECTION:
web.test.com.       3600    IN  CNAME   www.test.com.
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 21:11:25 EDT 2018
;; MSG SIZE  rcvd: 109

[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.23
bbs.test.com has address 192.168.10.24
[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.23
bbs.test.com has address 192.168.10.24
[root@localhost ~]# host -t A bbs.test.com
bbs.test.com has address 192.168.10.24
bbs.test.com has address 192.168.10.23
配置解析一個反向區(qū)域
[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "10.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.10.zone";
};
建立反向區(qū)域數(shù)據(jù)文件
[root@localhost ~]# vim /var/named/192.168.10.zone
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
        2018060101
        1H
        10M
        3D
        12H )
        IN NS ns1.test.com.   #反向解析此處不能簡寫
10 IN PTR ns1.test.com.
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.
修改反向區(qū)域文件權(quán)限,檢測語法
[root@localhost named]# chgrp named /var/named/192.168.10.zone 
[root@localhost named]# chmod o= /var/named/192.168.10.zone 
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone 10.168.192.in-addr.arpa /var/named/192.168.10.zone 
zone 10.168.192.in-addr.arpa/IN: loaded serial 2018060101
OK
重載配置文件和區(qū)域數(shù)據(jù)文件
[root@localhost named]# rndc status
number of zones: 102
[root@localhost named]# rndc reload
server reload successful
[root@localhost named]# rndc status
number of zones: 103
主服務(wù)器反向解析測試
[root@localhost named]# dig -x 192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.10.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.

;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600   IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Thu May 31 22:26:03 EDT 2018
;; MSG SIZE  rcvd: 129

2.設(shè)置輔DNS服務(wù)器

[root@localhost ~]# yum -y install bind bind-utils
[root@localhost ~]# systemctl start named.service

[root@localhost ~]# vim /etc/resolv.conf 
nameserver 192.168.10.11

[root@localhost ~]# vim /etc/named.conf 
listen-on port 53 { 192.168.10.11; };
allow-query     { any; };
dnssec-enable no;
dnssec-validation no;

配置11輔服務(wù)器的正向區(qū)域

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN {    #正向區(qū)域
        type slave;
        file "slaves/test.com.zone";  #區(qū)域數(shù)據(jù)文件位置
        masters { 192.168.10.10; };  #定義正向區(qū)域主服務(wù)器IP
};
[root@localhost ~]# named-checkconf
來到10主服務(wù)器上去配置文件
[root@localhost ~]# vim /var/named/test.com.zone 
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053102  #每次修改文件時手動加1翘骂,從服務(wù)器才會更新
        1H
        10M
        3D
        1D )
        IN NS ns1
        IN NS ns2  #增加A記錄指向11輔服務(wù)器
        IN MX 10 mx1
        IN MX 20 mx2
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11  #輔服務(wù)器IP
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24

[root@localhost ~]# named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2018053102
OK
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# rndc status
server is up and running
#檢測語法壁熄,檢測狀態(tài)都正常
來到11輔服務(wù)器
[root@localhost ~]# rndc reload
server reload successful
[root@localhost slaves]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 533 May 31 23:17 test.com.zone
#正向區(qū)域數(shù)據(jù)文件已經(jīng)同步過來
測試用11輔服務(wù)器解析網(wǎng)址
[root@localhost slaves]# dig -t A www.test.com @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45851
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns2.test.com.
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11

;; Query time: 0 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Thu May 31 23:20:16 EDT 2018
;; MSG SIZE  rcvd: 125
進一步對主輔服務(wù)器進行測試,來到10主服務(wù)器
[root@localhost ~]# vim /var/named/test.com.zone 
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053103  #序列號加1
        1H
        10M
        3D
        1D )
        IN NS ns1
        IN NS ns2
        IN MX 10 mx1
        IN MX 20 mx2
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
pop3 IN A 192.168.10.25  #增加一條A記錄

[root@localhost ~]# rndc reload
server reload successful
#重載配置
來到11輔服務(wù)器
[root@localhost ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-05-31 22:38:36 EDT; 54min ago
  Process: 1090 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 1087 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 1093 (named)
   CGroup: /system.slice/named.service
           └─1093 /usr/sbin/named -u named -c /etc/named.conf

May 31 23:17:11 localhost.localdomain named[1093]: zone test.com/IN: transferred serial 2018053102
May 31 23:17:11 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: Transfer completed.../sec)
May 31 23:17:11 localhost.localdomain named[1093]: zone test.com/IN: sending notifies (serial 2018053102)
May 31 23:30:31 localhost.localdomain named[1093]: client 192.168.10.10#2372: received notify for zone 'test.com'
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: refresh: unexpected rcode (REFUSED) from master 1....0#0)
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: Transfer started.
May 31 23:30:31 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: connected using 19...46792
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: transferred serial 2018053103
May 31 23:30:31 localhost.localdomain named[1093]: transfer of 'test.com/IN' from 192.168.10.10#53: Transfer completed.../sec)
May 31 23:30:31 localhost.localdomain named[1093]: zone test.com/IN: sending notifies (serial 2018053103)
Hint: Some lines were ellipsized, use -l to show in full.
#輔服務(wù)器不需要reload,此時看到自動更新到新序列號碳竟,文件也傳輸過來了

[root@localhost ~]# dig -t A pop3.test.com @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A pop3.test.com @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24355
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pop3.test.com.         IN  A

;; ANSWER SECTION:
pop3.test.com.      3600    IN  A   192.168.10.25

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.
test.com.       3600    IN  NS  ns2.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11

;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Thu May 31 23:54:58 EDT 2018
;; MSG SIZE  rcvd: 126

配置11輔服務(wù)器反向區(qū)域

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "10.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/192.168.10.zone";
        masters { 192.168.10.10; };
};

[root@localhost ~]# named-checkconf
配置10主服務(wù)器反向區(qū)域的數(shù)據(jù)文件
[root@localhost ~]# vim /var/named/192.168.10.zone 
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
        2018060102
        1H
        10M
        3D
        12H )
        IN NS ns1.test.com.
        IN NS ns2.test.com.  #增加PTR記錄指向11輔服務(wù)器
10 IN PTR ns1.test.com.
11 IN PTR ns2.test.com.  #11輔服務(wù)器名稱
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.

[root@localhost ~]# named-checkzone 10.168.192.in-addr.arpa /var/named/192.168.10.zone
zone 10.168.192.in-addr.arpa/IN: loaded serial 2018060102
OK
[root@localhost ~]# rndc reload
server reload successful
#檢測語法草丧,重載配置
來到11輔服務(wù)器
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# ll /var/named/slaves/
total 8
-rw-r--r-- 1 named named 600 Jun  1 02:23 192.168.10.zone
-rw-r--r-- 1 named named 574 Jun  1 02:10 test.com.zone
#反向區(qū)域的數(shù)據(jù)文件也已經(jīng)同步過來
測試在11輔服務(wù)器反向解析IP
[root@localhost ~]# dig -x 192.168.10.10 @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.10 @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.10.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.

;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600   IN  NS  ns2.test.com.
10.168.192.in-addr.arpa. 3600   IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11

;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:25:17 EDT 2018
;; MSG SIZE  rcvd: 163
進一步主輔同步測試,在10主中添加一條PTR
[root@localhost ~]# vim /var/named/192.168.10.zone 
$TTL 3600
$ORIGIN 10.168.192.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
        2018060103  #序列號加1
        1H
        10M
        3D
        12H )
        IN NS ns1.test.com.
        IN NS ns2.test.com.
10 IN PTR ns1.test.com.
11 IN PTR ns2.test.com.
21 IN PTR mx1.test.com.
22 IN PTR mx2.test.com.
23 IN PTR bbs.test.com.
24 IN PTR bbs.test.com.
10 IN PTR www.test.com.
25 IN PTR pop3.test.com.  #增加一條RTR數(shù)據(jù)

[root@localhost ~]# rndc reload
server reload successful
在11輔服務(wù)器測試
[root@localhost ~]# dig -x 192.168.10.25 @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.10.25 @192.168.10.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35322
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;25.10.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
25.10.168.192.in-addr.arpa. 3600 IN PTR pop3.test.com.

;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 3600   IN  NS  ns1.test.com.
10.168.192.in-addr.arpa. 3600   IN  NS  ns2.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11

;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:36:48 EDT 2018
;; MSG SIZE  rcvd: 150
手動測試區(qū)域傳送功能
[root@localhost ~]# dig -t axfr test.com @192.168.10.11

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr test.com @192.168.10.11
;; global options: +cmd
test.com.       3600    IN  SOA ns1.test.com. dnsadmin.test.com. 2018053103 3600 600 259200 86400
test.com.       3600    IN  MX  10 mx1.test.com.
test.com.       3600    IN  MX  20 mx2.test.com.
test.com.       3600    IN  NS  ns1.test.com.
test.com.       3600    IN  NS  ns2.test.com.
bbs.test.com.       3600    IN  A   192.168.10.23
bbs.test.com.       3600    IN  A   192.168.10.24
MX1.test.com.       3600    IN  A   192.168.10.21
MX2.test.com.       3600    IN  A   192.168.10.22
ns1.test.com.       3600    IN  A   192.168.10.10
ns2.test.com.       3600    IN  A   192.168.10.11
pop3.test.com.      3600    IN  A   192.168.10.25
web.test.com.       3600    IN  CNAME   www.test.com.
www.test.com.       3600    IN  A   192.168.10.10
test.com.       3600    IN  SOA ns1.test.com. dnsadmin.test.com. 2018053103 3600 600 259200 86400
;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Fri Jun 01 02:40:11 EDT 2018
;; XFR size: 15 records (messages 1, bytes 350)

[root@localhost ~]# dig -t axfr 10.168.192.in-addr.arpa @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr 10.168.192.in-addr.arpa @192.168.10.10
;; global options: +cmd
10.168.192.in-addr.arpa. 3600   IN  SOA ns1.test.com. nsadmin.test.com. 2018060103 3600 600 259200 43200
10.168.192.in-addr.arpa. 3600   IN  NS  ns1.test.com.
10.168.192.in-addr.arpa. 3600   IN  NS  ns2.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR ns1.test.com.
10.10.168.192.in-addr.arpa. 3600 IN PTR www.test.com.
11.10.168.192.in-addr.arpa. 3600 IN PTR ns2.test.com.
21.10.168.192.in-addr.arpa. 3600 IN PTR mx1.test.com.
22.10.168.192.in-addr.arpa. 3600 IN PTR mx2.test.com.
23.10.168.192.in-addr.arpa. 3600 IN PTR bbs.test.com.
24.10.168.192.in-addr.arpa. 3600 IN PTR bbs.test.com.
25.10.168.192.in-addr.arpa. 3600 IN PTR pop3.test.com.
10.168.192.in-addr.arpa. 3600   IN  SOA ns1.test.com. nsadmin.test.com. 2018060103 3600 600 259200 43200
;; Query time: 2 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Fri Jun 01 02:42:53 EDT 2018
;; XFR size: 12 records (messages 1, bytes 319)
這種開放式的區(qū)域傳送對服務(wù)器有巨大的風(fēng)險莹桅,我們需要配置訪問控制昌执,讓主服務(wù)器只開放給輔服務(wù)器做傳送

四、訪問控制诈泼,子域授權(quán)

這里只演示正向解析區(qū)域授權(quán)子域的方法

配置192.168.10.12子域主服務(wù)器流程:

首先到192.168.10.10主服務(wù)器中添加子域服務(wù)器的數(shù)據(jù)
[root@localhost ~]# vim /var/named/test.com.zone 
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053104  #序列號加1
        1H
        10M
        3D
        1D )
        IN NS ns1
        IN NS ns2
        IN MX 10 mx1
        IN MX 20 mx2
ops     IN NS ns1.ops  #增加子域服務(wù)器
ns1 IN A 192.168.10.10
ns2 IN A 192.168.10.11
MX1 IN A 192.168.10.21
MX2 IN A 192.168.10.22
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
ns1.ops IN A 192.168.10.12  #增加子域服務(wù)器A標記
配置12子域服務(wù)器
[root@localhost ~]# yum -y install bind bind-utils
[root@localhost ~]# systemctl start named.service

[root@localhost ~]# vim /etc/resolv.conf 
nameserver 192.168.10.12

[root@localhost ~]# vim /etc/named.conf 
listen-on port 53 { 127.0.0.1; 192.168.10.12; };
//allow-query     { localhost; };    #注釋掉這一行
dnssec-enable no;
dnssec-validation no;

[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "ops.test.com" IN {
        type master;
        file "ops.test.com.zone";
};  
#增加三級域懂拾,增加正向區(qū)域的子域

[root@localhost ~]# vim /etc/named/ops.test.com.zone

$TTL 3600
$ORIGIN ops.test.com.
@ IN SOA ns1.ops.test.com. nsadmin.ops.test.com. (
        2018060101
        1H
        10M
        1D
        2H )
        IN NS ns1
ns1 IN A 192.168.10.12
www IN A 192.168.10.12

[root@localhost ~]# chgrp named /var/named/ops.test.com.zone 
[root@localhost ~]# chmod o= /var/named/ops.test.com.zone
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone ops.test.com /var/named/ops.test.com.zone 
zone ops.test.com/IN: loaded serial 2018060101
OK

[root@localhost ~]# rndc reload
server reload successful
測試
[root@localhost ~]# dig -t A www.ops.test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.ops.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ops.test.com.      IN  A

;; ANSWER SECTION:
www.ops.test.com.   3600    IN  A   192.168.10.12

;; AUTHORITY SECTION:
ops.test.com.       3600    IN  NS  ns1.ops.test.com.

;; ADDITIONAL SECTION:
ns1.ops.test.com.   3600    IN  A   192.168.10.12

;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 03:45:00 EDT 2018
;; MSG SIZE  rcvd: 95
子域服務(wù)器解析www.test.com時,因自己不能解析默認會去互聯(lián)網(wǎng)根域上去迭代查詢
[root@localhost ~]# dig -t A www.test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32424
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3579    IN  A   69.172.200.235

;; AUTHORITY SECTION:
test.com.       172779  IN  NS  ns66.worldnic.com.
test.com.       172779  IN  NS  ns65.worldnic.com.

;; ADDITIONAL SECTION:
ns65.worldnic.com.  172779  IN  A   207.204.40.133
ns66.worldnic.com.  172779  IN  A   207.204.21.133

;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:06:53 EDT 2018
;; MSG SIZE  rcvd: 136
子域定義轉(zhuǎn)發(fā)域到主輔服務(wù)器铐达,test.com會轉(zhuǎn)發(fā)到主輔服務(wù)器中解析
[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN {
        type forward;
        forward only;
        forwarders { 192.168.10.10; 192.168.10.11; };
};
#在配置文件末尾添加這段轉(zhuǎn)發(fā)規(guī)則

[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# rndc flush
#清空緩存
此時可以解析出正確的IP
[root@localhost ~]# dig -t A www.test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63618
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns2.test.com.
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns2.test.com.       3600    IN  A   192.168.10.11
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 6 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:23:08 EDT 2018
;; MSG SIZE  rcvd: 125
上面是對特定區(qū)域的區(qū)域轉(zhuǎn)發(fā)解析請求岖赋,也可以配置本地不能解析的全部轉(zhuǎn)給其他服務(wù)器來解析的全局轉(zhuǎn)發(fā)
[root@localhost ~]# vim /etc/named.conf 
forward only;
forwarders { 192.168.10.10; };  #在options代碼段中添加這兩行指令
#并刪除掉上面的區(qū)域轉(zhuǎn)發(fā)規(guī)則

[root@localhost ~]# rndc reload
[root@localhost ~]# rndc flush

[root@localhost ~]# dig -t A www.test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9713
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3560    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3560    IN  NS  ns2.test.com.
test.com.       3560    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns2.test.com.       3560    IN  A   192.168.10.11
ns1.test.com.       3560    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.12#53(192.168.10.12)
;; WHEN: Fri Jun 01 21:47:02 EDT 2018
;; MSG SIZE  rcvd: 125
配置訪問控制命令
[root@localhost ~]# vim /etc/named.rfc1912.zones 
zone "test.com" IN {
        type master;
        file "test.com.zone";
        allow-transfer { slaves; };
};

[root@localhost ~]# vim /etc/named.conf 
acl slaves {
        192.168.10.11;
};
#在options前面加上這一段
上面的訪問控制列表中沒有12服務(wù)器,所以用12傳輸失敗
[root@localhost ~]# dig -t axfr test.com @192.168.10.12

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr test.com @192.168.10.12
;; global options: +cmd
; Transfer failed.
服務(wù)器只允許列表中網(wǎng)段主機可以執(zhí)行遞歸查詢
[root@localhost ~]# vim /etc/named.conf
acl mynet {
        192.168.10.0/24;
        127.0.0.0/8;
};
#在options前面加上這一段
allow-recuresion { mynet; };
#recursion yes;修改這上面這句

四瓮孙、使用bind搭建智能DNS

要實現(xiàn)DNS服務(wù)器的智能解析唐断,需要先理解一個概念:view
假如有臺web主機,www.test.com是域名杭抠,它有兩個IP脸甘,一個接內(nèi)網(wǎng)IP為192.168.10.10,一個接外網(wǎng)IP為1.1.1.1偏灿。來自互聯(lián)網(wǎng)的用戶會解析成1.1.1.1丹诀,而來自內(nèi)網(wǎng)的用戶不需要解析成外網(wǎng)IP在連進來,只需要直接解析成內(nèi)網(wǎng)IP192.168.10.10就可以了。這種根據(jù)客戶端的不同來源將同一個主機解析成不同的結(jié)果铆遭,就叫做view扁藕。

修改主DNS的named.conf配置文件
[root@localhost ~]# vim /etc/named.conf
options {
......
};
logging {
......
};
view internal {
        match-clients { 192.168.10.11; };#設(shè)置此IP解析成外網(wǎng)
        zone "." IN {
                type hint;
                file "named.ca";
        };
        zone "test.com" IN {
                type master;
                file "test.com/internal";
        };
        include "/etc/named.rfc1912.zones";
        include "/etc/named.root.key";
};
view external {
        match-clients { any; };#除了上面的IP范圍,其他所有IP解析成內(nèi)網(wǎng)
        zone "." IN {
                type hint;
                file "named.ca";
        };
        zone "test.com" IN {
                type master;
                file "test.com/external";
        };
        include "/etc/named.rfc1912.zones";
        include "/etc/named.root.key";
};
建立兩個正向區(qū)域數(shù)據(jù)文件
[root@localhost ~]# vim /var/named/test.com/internal
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053101
        1H
        10M
        3D
        1D )
        IN NS ns1
ns1 IN A 192.168.10.10
www IN A 1.1.1.1
web IN CNAME www
bbs IN A 1.1.1.2
bbs IN A 1.1.1.3


[root@localhost ~]# vim /var/named/test.com/external
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
        2018053101
        1H
        10M
        3D
        1D )
        IN NS ns1
ns1 IN A 192.168.10.10
www IN A 192.168.10.10
web IN CNAME www
bbs IN A 192.168.10.23
bbs IN A 192.168.10.24
檢測語法并設(shè)置權(quán)限
[root@localhost ~]# named-checkconf
[root@localhost ~]# named-checkzone test.com /var/named/test.com/internal 
zone test.com/IN: loaded serial 2018053101
OK
[root@localhost ~]# named-checkzone test.com /var/named/test.com/external 
zone test.com/IN: loaded serial 2018053101
OK
[root@localhost ~]# chgrp named /var/named/test.com/{internal,external}
[root@localhost ~]# chmod o= /var/named/test.com/{internal,external}

[root@localhost ~]# rndc reload
server reload successful
用192.168.10.12進行解析疚脐,解析成內(nèi)網(wǎng)IP
[root@localhost ~]# dig -t A www.test.com @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47742
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   192.168.10.10

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 2 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:45:02 EDT 2018
;; MSG SIZE  rcvd: 91

[root@localhost ~]# dig -t A bbs.test.com @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A bbs.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.test.com.          IN  A

;; ANSWER SECTION:
bbs.test.com.       3600    IN  A   192.168.10.24
bbs.test.com.       3600    IN  A   192.168.10.23

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:45:20 EDT 2018
;; MSG SIZE  rcvd: 107
用192.168.10.11進行解析亿柑,解析成外網(wǎng)IP
[root@localhost ~]# dig -t A www.test.com @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A www.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39708
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.          IN  A

;; ANSWER SECTION:
www.test.com.       3600    IN  A   1.1.1.1

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:47:01 EDT 2018
;; MSG SIZE  rcvd: 91

[root@localhost ~]# dig -t A bbs.test.com @192.168.10.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A bbs.test.com @192.168.10.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44362
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.test.com.          IN  A

;; ANSWER SECTION:
bbs.test.com.       3600    IN  A   1.1.1.2
bbs.test.com.       3600    IN  A   1.1.1.3

;; AUTHORITY SECTION:
test.com.       3600    IN  NS  ns1.test.com.

;; ADDITIONAL SECTION:
ns1.test.com.       3600    IN  A   192.168.10.10

;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat Jun 02 02:47:24 EDT 2018
;; MSG SIZE  rcvd: 107
此時一個智能DNS服務(wù)器就搭建完成了,比如在我國應(yīng)用比較多的場景是按照客戶端的線路是電信線路還是網(wǎng)通線路棍弄,服務(wù)器自動解析成自己服務(wù)器上相對應(yīng)的電信IP或者網(wǎng)通IP望薄,從而使客戶端和服務(wù)端連接在同一個運營商的線路上,獲得最好的網(wǎng)速呼畸。
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
  • 人面猴
    序言:七十年代末痕支,一起剝皮案震驚了整個濱河市,隨后出現(xiàn)的幾起案子蛮原,更是在濱河造成了極大的恐慌卧须,老刑警劉巖,帶你破解...
    沈念sama閱讀 206,839評論 6 482
  • 死咒
    序言:濱河連續(xù)發(fā)生了三起死亡事件儒陨,死亡現(xiàn)場離奇詭異花嘶,居然都是意外死亡,警方通過查閱死者的電腦和手機蹦漠,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 88,543評論 2 382
  • 救了他兩次的神仙讓他今天三更去死
    文/潘曉璐 我一進店門椭员,熙熙樓的掌柜王于貴愁眉苦臉地迎上來,“玉大人笛园,你說我怎么就攤上這事隘击。” “怎么了研铆?”我有些...
    開封第一講書人閱讀 153,116評論 0 344
  • 道士緝兇錄:失蹤的賣姜人
    文/不壞的土叔 我叫張陵埋同,是天一觀的道長。 經(jīng)常有香客問我棵红,道長凶赁,這世上最難降的妖魔是什么? 我笑而不...
    開封第一講書人閱讀 55,371評論 1 279
  • ?港島之戀(遺憾婚禮)
    正文 為了忘掉前任窄赋,我火速辦了婚禮哟冬,結(jié)果婚禮上楼熄,老公的妹妹穿的比我還像新娘忆绰。我一直安慰自己,他們只是感情好可岂,可當我...
    茶點故事閱讀 64,384評論 5 374
  • 惡毒庶女頂嫁案:這布局不是一般人想出來的
    文/花漫 我一把揭開白布错敢。 她就那樣靜靜地躺著,像睡著了一般。 火紅的嫁衣襯著肌膚如雪稚茅。 梳的紋絲不亂的頭發(fā)上纸淮,一...
    開封第一講書人閱讀 49,111評論 1 285
  • 城市分裂傳說
    那天,我揣著相機與錄音亚享,去河邊找鬼咽块。 笑死,一個胖子當著我的面吹牛欺税,可吹牛的內(nèi)容都是我干的侈沪。 我是一名探鬼主播,決...
    沈念sama閱讀 38,416評論 3 400
  • 雙鴛鴦連環(huán)套:你想象不到人心有多黑
    文/蒼蘭香墨 我猛地睜開眼晚凿,長吁一口氣:“原來是場噩夢啊……” “哼亭罪!你這毒婦竟也來了?” 一聲冷哼從身側(cè)響起歼秽,我...
    開封第一講書人閱讀 37,053評論 0 259
  • 萬榮殺人案實錄
    序言:老撾萬榮一對情侶失蹤应役,失蹤者是張志新(化名)和其女友劉穎,沒想到半個月后燥筷,有當?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體箩祥,經(jīng)...
    沈念sama閱讀 43,558評論 1 300
  • ?護林員之死
    正文 獨居荒郊野嶺守林人離奇死亡,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點故事閱讀 36,007評論 2 325
  • ?白月光啟示錄
    正文 我和宋清朗相戀三年肆氓,在試婚紗的時候發(fā)現(xiàn)自己被綠了滥比。 大學(xué)時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片。...
    茶點故事閱讀 38,117評論 1 334
  • 活死人
    序言:一個原本活蹦亂跳的男人離奇死亡做院,死狀恐怖盲泛,靈堂內(nèi)的尸體忽然破棺而出,到底是詐尸還是另有隱情键耕,我是刑警寧澤寺滚,帶...
    沈念sama閱讀 33,756評論 4 324
  • ?日本核電站爆炸內(nèi)幕
    正文 年R本政府宣布,位于F島的核電站屈雄,受9級特大地震影響村视,放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜酒奶,卻給世界環(huán)境...
    茶點故事閱讀 39,324評論 3 307
  • 男人毒藥:我在死后第九天來索命
    文/蒙蒙 一蚁孔、第九天 我趴在偏房一處隱蔽的房頂上張望。 院中可真熱鬧惋嚎,春花似錦杠氢、人聲如沸。這莊子的主人今日做“春日...
    開封第一講書人閱讀 30,315評論 0 19
  • 一樁弒父案鼻百,背后竟有這般陰謀
    文/蒼蘭香墨 我抬頭看了看天上的太陽。三九已至,卻和暖如春温艇,著一層夾襖步出監(jiān)牢的瞬間因悲,已是汗流浹背。 一陣腳步聲響...
    開封第一講書人閱讀 31,539評論 1 262
  • 情欲美人皮
    我被黑心中介騙來泰國打工勺爱, 沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留晃琳,地道東北人。 一個月前我還...
    沈念sama閱讀 45,578評論 2 355
  • 代替公主和親
    正文 我出身青樓琐鲁,卻偏偏與公主長得像蝎土,于是被迫代替她去往敵國和親。 傳聞我的和親對象是個殘疾皇子绣否,可洞房花燭夜當晚...
    茶點故事閱讀 42,877評論 2 345

推薦閱讀更多精彩內(nèi)容

  • 1. 概述 在網(wǎng)絡(luò)環(huán)境中一般用戶只需要在瀏覽器中輸入url如www.sunny.com就可以到對應(yīng)服務(wù)器獲取相應(yīng)的...
    ghbsunny閱讀 2,869評論 0 7
  • 目錄: 一些基本概念主機名DNS名稱解析DNS 解析的后端存儲名稱解析總結(jié) 大規(guī)模域名解析的體系架構(gòu)DNS 解析需...
    C86guli閱讀 12,477評論 3 34
  • 14.1 引言 域名系統(tǒng)(DNS)是一種用于TCP/IP應(yīng)用程序的分布式數(shù)據(jù)庫誊涯,它提供主機名字和IP地址之間的轉(zhuǎn)換...
    張芳濤閱讀 1,874評論 0 8
  • DNS(Domain Name System,域名系統(tǒng))蒜撮,因特網(wǎng)上作為域名和IP地址相互映射的一個分布式數(shù)據(jù)庫暴构,能...
    一直在努力hard閱讀 4,607評論 3 19
  • Spring Cloud為開發(fā)人員提供了快速構(gòu)建分布式系統(tǒng)中一些常見模式的工具(例如配置管理,服務(wù)發(fā)現(xiàn)段磨,斷路器取逾,智...
    卡卡羅2017閱讀 134,600評論 18 139