View
255
Download
4
Category
Preview:
Citation preview
中華技術學院中華技術學院LinuxLinux 課程課程
Chap two : DNSChap two : DNS王俊城王俊城RHCE/RHCXRHCE/RHCX
AgendaAgenda DNS overviewDNS overview Configuring BINDConfiguring BIND Creating BIND databasesCreating BIND databases Additional DNS methodsAdditional DNS methods Using BIND toolsUsing BIND tools
Domain Name System (DNS)Domain Name System (DNS) forward lookupforward lookup
www.hinet.netwww.hinet.net -> 61.219.38.89 -> 61.219.38.89
reverse lookupreverse lookup61.219.38.89 -> 61.219.38.89 -> www.hinet.netwww.hinet.net
Logically group by name domains Logically group by name domains Provides email routing informationProvides email routing information
Name Server HierarchyName Server Hierarchy
Master name serverMaster name servermaintain zone file itselfmaintain zone file itself
Slave name serverSlave name serverProvides a backup to the master name Provides a backup to the master name
serverserverSynchronization with master or another Synchronization with master or another
slave name serverslave name server Cache-onlyCache-only
No any one zone fileNo any one zone file
DNS ServerDNS Server Server receives requestServer receives request
If zone file have answerIf zone file have answerIf cache have answerIf cache have answerIf forward assignIf forward assignAsks root name serverAsks root name server
/var/named/named.ca/var/named/named.ca dig @168.95.192.1dig @168.95.192.1
BINDBIND Berkeley Internet Name Domain (BIND)Berkeley Internet Name Domain (BIND)
BIND 9BIND 9/usr/share/doc/bind*/README/usr/share/doc/bind*/READMEhttp://www.isc.org/products/Bhttp://www.isc.org/products/B
INDIND
Service Profile : DNSService Profile : DNS Type:Type: System V-manager serviceSystem V-manager service Packages:Packages: bind,bind-utilsbind,bind-utils
caching-nameservercaching-nameserveropensslopenssl
Daemons:Daemons: namednamed Script:Script: namednamed Ports:Ports: UDP(53),TCP(53)UDP(53),TCP(53) Configs:Configs: /etc/named.conf/etc/named.conf
/var/named/named.ca/var/named/named.ca/var/named/*/var/named/*
Log:Log: /var/log/messages/var/log/messages
Configuring BINDConfiguring BIND /etc/named.conf/etc/named.conf service named restartservice named restart Text-file specifying directives:zones,optiText-file specifying directives:zones,opti
ons,access control lists,etcons,access control lists,etc Comments can be in C,C++ or shell styleComments can be in C,C++ or shell style
/* C style comment *//* C style comment */// C++ style comment// C++ style comment# shell style comment# shell style comment
Global OptionsGlobal Options
acl "mynet" { 192.168.0/24;acl "mynet" { 192.168.0/24; 192.168.1/24; };192.168.1/24; };options {options {
directorydirectory "/var/named"; "/var/named";forwardsforwards { 168.95.192.1; }; { 168.95.192.1; };
forward only;forward only;allow-queryallow-query { mynet; }; { mynet; };allow-transfer { mynet; };allow-transfer { mynet; };
};};
BIND utlitiesBIND utlities host: gather host/domain informationhost: gather host/domain information
host example.comhost example.comhost –al example.comhost –al example.comhost –t mx example.comhost –t mx example.com
dig: send queries to name server directlydig: send queries to name server directlydig @168.95.192.1 dig @168.95.192.1 www.redhat.comwww.redhat.comdig @168.95.192.1dig @168.95.192.1
nslookup is deprecatednslookup is deprecated
LAB1-Cache-only DNS ServerLAB1-Cache-only DNS Server
/var/named/chroot/etc/named.conf/var/named/chroot/etc/named.conf
/etc/hosts/etc/hosts /etc/resolv.conf/etc/resolv.conf service named restartservice named restart host station251.example.com host station251.example.com
options {options {directory "/var/named/chroot/var/named";directory "/var/named/chroot/var/named";forwarders { 192.168.0.249; };forwarders { 192.168.0.249; };forward only;forward only;
};};
Slave ZonesSlave Zones
zone "example.com" {zone "example.com" {type slave;type slave;masters { 192.168.0.249; };masters { 192.168.0.249; };file "example.com.zone-slave";file "example.com.zone-slave";
};};zone "0.168.192.in-addr.arpa" {zone "0.168.192.in-addr.arpa" {
type slave;type slave;masters { 192.168.0.249; };masters { 192.168.0.249; };file "192.168.0.zone";file "192.168.0.zone";
};};
LAB2-Slave DNS ServerLAB2-Slave DNS Server /var/named/chroot/etc/named.conf/var/named/chroot/etc/named.conf
/etc/hosts/etc/hosts /etc/resolv.conf/etc/resolv.conf service named restartservice named restart host station251.example.com host station251.example.com
zone "example.com" {zone "example.com" {type slave;type slave;masters { 192.168.0.249; };masters { 192.168.0.249; };file "example.com.zone-slave";file "example.com.zone-slave";
};};zone "0.168.192.in-addr.arpa" {zone "0.168.192.in-addr.arpa" {
type slave;type slave;masters { 192.168.0.249; };masters { 192.168.0.249; };file "192.168.0.zone";file "192.168.0.zone";
};};
Master ZonesMaster Zones
zone "domain251.example.com" {zone "domain251.example.com" {
type master;type master;
file "domain251.example.com.zone";file "domain251.example.com.zone";
};};
zone "0.168.192.IN-ADDR.ARPA" {zone "0.168.192.IN-ADDR.ARPA" {
type master;type master;
file "192.168.0.251.zone";file "192.168.0.251.zone";
};};
Special ZonesSpecial Zones Root zone: “.” Root zone: “.”
zone "." {zone "." {type hint;type hint;file "named.ca";file "named.ca";
};};zone "0.0.127.in-addr.arpa" {zone "0.0.127.in-addr.arpa" {
type master;type master;file "127.0.0.zone";file "127.0.0.zone";
};};
Zone FilesZone Files /var/named/* ( or /var/named/chroot/va/var/named/* ( or /var/named/chroot/va
r/named/*)r/named/*) Begin with $TTL (time to live)Begin with $TTL (time to live) First resource record is zone`s start of aFirst resource record is zone`s start of a
uthority(SOA)uthority(SOA) Zone data in additional resource recordsZone data in additional resource records Comments can be “;”Comments can be “;”
Example Zone FilesExample Zone Files SOA recordSOA record NS recordsNS records A recordsA records CNAME recordsCNAME records MX recordsMX records
Example Zone FilesExample Zone Files$TTL 86400$TTL 86400@ IN SOA station251.domain251.example.com. root.station251.domain251.example.com. (@ IN SOA station251.domain251.example.com. root.station251.domain251.example.com. (; Dont forget to increment the serial number; Dont forget to increment the serial number 20030401002003040100 ;serial number;serial number 1H1H ;refresh slave;refresh slave 5M5M ;retry refresh;retry refresh 1W1W ;expire zone;expire zone 5M 5M ;cache time-to-live for negative answers;cache time-to-live for negative answers)); Name server resource records ( NS ); Name server resource records ( NS ); owner; owner TTL CL typeTTL CL type RDATARDATA@@ IN NS IN NS station251.domain251.example.com.station251.domain251.example.com.; Mail exchanger resource records ( MX ); Mail exchanger resource records ( MX ); owner; owner TTL CL type RDATATTL CL type RDATAdomain251.example.com.domain251.example.com. IN MXIN MX 10 station251.domain251.example.com. 10 station251.domain251.example.com.; Internet address resource records( A ); Internet address resource records( A ); owner; owner TTLTTL CL typeCL type RDATARDATA@@ IN AIN A 192.168.0.251192.168.0.251station251.domain251.example.com.station251.domain251.example.com. IN AIN A 192.168.0.251192.168.0.251
LAB2-Master DNS ServerLAB2-Master DNS Server
/var/named/chroot/etc/named.conf/var/named/chroot/etc/named.conf
/etc/hosts/etc/hosts /etc/resolv.conf/etc/resolv.conf service named restartservice named restart host station251.example.com host station251.example.com
zone “domain251.example.com" {zone “domain251.example.com" {type master;type master;file "domain251.example.com.zone";file "domain251.example.com.zone";
};};
Delegating SubdomainsDelegating Subdomains Configure the subdomain as a zone on tConfigure the subdomain as a zone on t
he new serverhe new server On delegating server,set up NS record foOn delegating server,set up NS record fo
r the subdomain pointing to the new serr the subdomain pointing to the new serverver
If new server is in subdomain it manages,If new server is in subdomain it manages,on delegating server need a “glue” A ron delegating server need a “glue” A record for new serverecord for new server
T h an k Y ou !
Recommended