撞车后我全责怎么处理:DNS服务——BIND（named)

DNS服务——BIND（named)

(2009-09-09 22:43:36) 转载标签：

/etc/hosts

/etc/

resolv.conf

正向解析

反向解析

ns

a

ptr

分类： unix应用
    域名解析的方法  

•     HOSTS文件：适用于小型网络（文本文件）
•     NIS服务器：
•     DNS服务器：分布式解析

    /etc/hosts ，也负责映射，但它通常是当作DNS的备份出现的

 

    unix上dns客户端的设置

• /etc/resolv.conf文件

# vi /etc/resolv.conf
domain   xxx  
nameserver 192.168.2.1
search iei.com

• /etc/nsswitch.conf文件   用于记录主机名的搜索顺序等信息

vi /etc/nsswitch.conf
hosts: files dns 
  

• nslookup www.sun.com    nslookup测试

  /etc/resolv.conf 设DNS SERVER与nslookup测试DNS正确与否
[root@old145 mac]# cat /etc/resolv.conf
search iei.com
nameserver 219.142.217.166
[root@old145 mac]# nslookup www.cisco.com
Server:         219.142.217.166
Address:        219.142.217.166#53

Non-authoritative answer:
Name:   www.cisco.com
Address: 198.133.219.25


   nslookup也可以反查：查IP地址的域名
[root@old145 mac]# nslookup 198.133.219.25
Server:         219.142.217.166
Address:        219.142.217.166#53

Non-authoritative answer:
25.219.133.198.in-addr.arpa     name = www.cisco.com.

Authoritative answers can be found from:
219.133.198.in-addr.arpa        nameserver = ns1.cisco.com.
219.133.198.in-addr.arpa        nameserver = ns2.cisco.com.
ns1.cisco.com   internet address = 128.107.241.185
ns2.cisco.com   internet address = 64.102.255.44


    named 安装配置步骤
    在Linux中都是用Bind来实现DNS，即“named进程”

•     /etc/named.conf

options {
        directory "/var/named";     
此目录是形式上的目录，其实其内的zone文件是通过ln链接指令指向/var/named/chroot/var/named/ 
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
};
zone “区域名”  IN {
type   master/slave/hint
        定义区域类型
    master   主DNS
    slave    辅DNS （很少用）
    hint 根，只用于下面的”.” named.ca
file “文件名”   区域文件名，此文件存于/var/named目录下
}；

zone "macg.com" IN {
        type master;
        file "macg.zone";
        allow-update { none; };
};zone "." IN {                   根区域    
        type hint;              类型：根   
        file "named.ca";          /var/named/named.ca 指向上级DNS（通常是公网顶级DNS）
                                  该文件不需要管理员更改，而是系统自带  
};   

•     正向解析,区域文件格式 （域名---地址）

[root@localhost named]# more macg.zone
$TTL    86400
@               IN SOA  @       root (       @则代表相应的域名,macg.com
                                        42              
                                        3H       
                                        15M         
                                        1W            
                                        1D );

@ IN NS         192.168.1.12;     
  IN A          192.168.1.12;     
@则代表相应的域名,macg.com 
NS：域名记录， 一个zone文件，必须有NS条目，否则报错
A条目，真正的映射条目
域名都是两条条目，一条NS条目，一条A条目

www IN A 192.168.1.12;      主机A条目：主机映射条目，“主机名 IN A 地址”
test IN A 192.168.1.12;
ftp IN A 192.168.1.12;
www1 IN CNAME www        CNAME：等价指令，即www1,等价于www，相当于别名alias映射条目   

  IN不能打头，前面应该有域名，或@,或至少应该有一个空格
  zone文件必须有NS条目
[root@localhost named]# vi macg.zone
IN NS           192.168.1.12;
IN A            192.168.1.12;
[root@localhost named]# /etc/init.d/named restart
Starting named:
macg.zone:9: NS record '192.168.1.12' appears to be an address
zone macg.com/IN: has no NS records
_default/macg.com/IN: bad zone
[root@localhost named]# vi macg.zone
@ IN NS         192.168.1.12;
  IN A          192.168.1.12;
[root@localhost named]# /etc/init.d/named restart
Starting named: [  OK  ]总之，IN前可以空，但必须有一个空格，不能用IN顶头

   IN语句的主机名前面不能留空格
[root@localhost named]# vi macg.zone
       www IN A 192.168.1.12;

[root@localhost named]# /etc/init.d/named restart
Starting named:
Error in named configuration:
macg.zone:11: unknown RR type 'www'
zone macg.com/IN: loading master file macg.zone: unknown class/type
_default/macg.com/IN: unknown class/type
[FAILED]
将www行之前的空格去掉，错误解决
[root@localhost named]# vi macg.zone
@ IN NS         192.168.1.12;
 IN A            192.168.1.12;
www IN A 192.168.1.12;

    /var/named 目录出错的问题
在/var/named下建立文件macg.zone
[root@localhost named]# ls
chroot  localdomain.zone  macg.com   named.broadcast  named.ip6.local  named.zero
data    localhost.zone    macg.zone  named.ca         named.local      slaves
但启动named出错
[root@localhost named]# /etc/init.d/named restart
Stopping named: [  OK  ]
Starting named:
Error in named configuration:
zone localdomain/IN: loaded serial 42
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
zone macg.com/IN: loading master file macg.zone: file not found 
_default/macg.com/IN: file not found
[FAILED]
原来zone文件的真正地点是/var/named/chroot/var/named/, 表面上的/var/named是建立的符号链接
[root@localhost named]# ls -l
total 68
drwxrwx---  6 root  named 4096 Nov 30 12:03 chroot
drwxrwx---  2 named named 4096 May 18  2005 data
lrwxrwxrwx  1 root  root    44 Nov  3 01:19 localdomain.zone -> /var/named/chroot/var/named/localdomain.zone
lrwxrwxrwx  1 root  root    42 Nov  3 01:19 localhost.zone -> /var/named/chroot/var/named/localhost.zone
-rwxrwxrwx  1 root  root   218 Nov 30 19:57 macg.zone
[root@localhost named]# cp macg.zone /var/named/chroot/var/named/

[root@localhost named]# ln -s /var/named/chroot/var/named/macg.zone macg.zone   
建立的符号链接


[root@localhost named]# ls -l
lrwxrwxrwx  1 root  root    37 Nov 30 20:24 macg.zone -> /var/named/chroot/var/named/macg.zone
启动,问题解决

    一个基本的正向解析+测试

• 配/etc/named.conf

[root@localhost named]# more /etc/named.conf
zone "macg.com" IN {
        type master;
        file "macg.zone";
        allow-update { none; };
};

• 建立zone文件

在/var/named/chroot/var/named/建立macg.zone
在/var/named建立ln –s符号连接
[root@localhost named]# vi macg.zone
$TTL    86400
@               IN SOA  @       root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D );

@ IN NS         192.168.1.12;
  IN A          192.168.1.12;
www IN A 192.168.1.12;
test IN A 192.168.1.12;  
ftp IN A 192.168.1.12;

• 启动service

[root@localhost named]# /etc/init.d/named restart
Stopping named: [  OK  ]
Starting named: [  OK  ]

• 测试

在其他PC上，设DNS指向linux
www访问http://www.macg.com,http://test.macg.com,http://ftp.macg.com成功
ftp ftp.macg.com成功。
浏览器访问ftp://ftp.macg.com成功（因为配了匿名）
[root@localhost named]# ping www.macg.com
PING www.macg.com (192.168.1.12) 56(84) bytes of data.
64 bytes from 192.168.1.12: icmp_seq=0 ttl=64 time=0.133 ms
64 bytes from 192.168.1.12: icmp_seq=1 ttl=64 time=0.093 ms
64 bytes from 192.168.1.12: icmp_seq=2 ttl=64 time=0.102 ms

[root@localhost named]# ping test.macg.com
PING test.macg.com (192.168.1.12) 56(84) bytes of data.
64 bytes from 192.168.1.12: icmp_seq=0 ttl=64 time=0.109 ms
64 bytes from 192.168.1.12: icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from 192.168.1.12: icmp_seq=2 ttl=64 time=0.104 ms

[root@localhost named]# ping ftp.macg.com
PING ftp.macg.com (192.168.1.12) 56(84) bytes of data.
64 bytes from 192.168.1.12: icmp_seq=0 ttl=64 time=0.109 ms
64 bytes from 192.168.1.12: icmp_seq=1 ttl=64 time=0.126 ms
64 bytes from 192.168.1.12: icmp_seq=2 ttl=64 time=0.102 ms



    反向解析（地址---域名）
作用：通过查询IP地址的PTR记录
            得到该IP地址指向的域名，
用途：常用于MAIL SERVER 过滤垃圾邮件:
如果SERVER没有做反向解析，那么对方mail服务器的反向解析验证就会失败，对方mail服务器就会以我们是不明发送方而拒收我们发往的邮件，这也就是没做反向解析时无法向sina.com、homail.com发信的原因

•     修改/etc/named.conf

vi /etc/named.conf
zone "1.168.192.in-addr.arpa" IN {
           IP地址前三位倒叙+ in-addr.arpa
        type master;
        file "192.168.1";
        allow-update { none; };
};

•    建立反向zone文件

在/var/named/chroot/var/named/下建立192.168.1
在/var/named建立符号链接
[root@localhost named]# ln -s /var/named/chroot/var/named/192.168.1 192.168.1

[root@localhost named]# ls -l
lrwxrwxrwx  1 root  root    37 Nov 30 22:38 192.168.1 -> /var/named/chroot/var/named/192.168.1
[root@localhost named]# vi 192.168.1
$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum

@ IN NS macg.com                   反向解析也要NS条目
@表示的是主机的IP地址最后一位（省略了网络地址部分）

12 IN PTR www.macg.com      反向解析的标准条目，PTR条目
1 IN PTR www1.macg.com.
2 IN PTR test.macg.com.
2 IN PTR comp.macg.com.

•     PC上ping -a实验

配前无显示
D:\Documents and Settings\ >ping -a 192.168.1.12

Pinging 192.168.1.12 with 32 bytes of data:
Reply from 192.168.1.12: bytes=32 time<10ms TTL=64
Reply from 192.168.1.12: bytes=32 time<10ms TTL=64
Reply from 192.168.1.12: bytes=32 time<10ms TTL=64
Reply from 192.168.1.12: bytes=32 time<10ms TTL=64实验后
D:\Documents and Settings >ping -a 192.168.1.12

Pinging www.macg.com.1.168.192.in-addr.arpa [192.168.1.12] with 32 bytes of data

Reply from 192.168.1.12: bytes=32 time<10ms TTL=64
Reply from 192.168.1.12: bytes=32 time<10ms TTL=64
Reply from 192.168.1.12: bytes=32 time<10ms TTL=64
Reply from 192.168.1.12: bytes=32 time<10ms TTL=64