Professional Documents
Culture Documents
firefox
| | | | | | | | | | | | |
DNS
800x600
2011/08/05
TCP/IP DNS
IP Internet DNS
zone master/slave DNS
19.1 DNS
19.1.1
19.1.2
19.1.3
19.1.4
19.1.5
19.1.6
19.2 Client
19.2.1 /etc/hosts, /etc/resolv.conf, /etc/nsswitch.conf
19.2.2 DNS host, nslookup, dig
19.2.3 whois
19.3.1 DNS
19.3.2 BIND chroot /etc/sysconfig/named chroot
19.3.3 cache-only DNS forwarding named.conf, messages
19.4 DNS
19.4.1
19.4.2
19.4.3
19.4.4
19.4.5
19.4.6
19.4.7
19.4.8
19.4.9
DNS
master DNS
Slave DNS
DNS
DNS view
19.6 DNS
19.6.1
19.6.2
19.6.3
19.6.4
DNS
LAME Server
RNDC DNS
DNS ISP
19.7
19.8
19.9
19.10 http://phorum.vbird.org/viewtopic.php?p=115692
19.1 DNS
DNS IPv6 128bits IPv4 32bits
128bits IP DNS DNS
DNS
19.1.1 IP
TCP/IP IP IPv4 IPv4 32
12.34.56.78
Internet IP
/etc/hosts
IP Internet IP
IP
IP
/etc/hosts
IP
INTERNIC IP
19.1-1
4.2.1 /etc/hosts IP
... localhost 127.0.0.1
IP
DNS
/etc/hosts 90
/etc/hosts
IP Berkeley Internet Name Domain, BIND
(Domain Name System, DNS) DNS IP
DNS DNS
DNS IP
DNS
ISP
IPv4 128bits IPv6
128bits IP IP DNS
WWW DNS
IP DNS Internet
DNS
DNS FQDNHostname IP DNS
Zone
Tips:
DNS BIND
DNS
Bind
DNS
......
(domain)
1234567 1234567(1) 1234567
1234567 (2) (06)
06 domain name
DNS
DNS
(FQDN)
www www.google.com.tw, www.seednet.net,
www.hinet.net www
.google.com.tw, .seednet.net, .hinet.net
19.1.2 DNS IP
FQDN domain name hostname DNS (1)
(2)
DNS
DNS TLD
DNS domain (ksu)
19.1-3 DNS
DNS . () DNS ( root)
(1)com, edu, gov, mil, org, .net (2)
Top Level Domains (TLDs)
(Generic TLDs, gTLD) .com, .org, .gov
(Country code TLDs, ccTLD) .tw, .uk, .jp, .cn
(gTLD) root
com
org
edu
gov
net
mil
DNS IP
DNS DNS
DNS
19.1-4 DNS
http://www.ksu.edu.tw ( Linux
/etc/resolv.conf ) DNS IP DNS
Hinet 168.95.1.1 DNShinet
1. .
DNS hinet
168.95.1.1
. (root) IP
2. . (root)
168.95.1.1 . www.ksu.edu.tw . .tw (
.tw . ) . IP .tw
.tw
3. .tw
168.95.1.1 .tw .edu.tw, .com.tw, gov.tw...
.edu.tw .tw 168.95.1.1
.edu.tw IP
4. .edu.tw
.edu.tw 168.95.1.1 .ksu.edu.tw .ksu.edu.tw
IP
5. .ksu.edu.tw
168.95.1.1 .ksu.edu.tw Bingo .ksu.edu.tw
IP ... 168.95.1.1 www.ksu.edu.tw IP
6.
IP 168.95.1.1 DNS www.ksu.edu.tw
168.95.1.1
DNS
client cache
DNS ( 24 )
.
DNS
DNS DNS
IP
IP DNS
DNS Internet
DNS
DNS
DNS IP
IP
domain name
2 ~ 3
()
IP DNS
idv.tw idv
idv .tw .tw
DNS DNS
DNS
dig (+trace)
A (Address) 120.114.100.101
DNS dig +trace
(NS) ^_^ A NS
DNS
19.1.3 DNS
DNS
FQDN () FQDN
ISP 19.1-4 www.ksu.edu.tw
IP .ksu.edu.tw
19.1-4 .ksu.edu.tw .edu.tw
.ksu.edu.tw .edu.tw
.ksu.edu.tw DNS .ksu.edu.tw
^_^ DNS
Internet DNS DNS
IP
1. DNS DNS
2. DNS
DNS NS (NameServer)
A (Address)
IP (IP Address) A .vbird.org
ISP DNS dns.vbird.org NS A
19.1-5 A
godaddy .vbird.org dns.vbird.org (NS)
IP 140.116... A (IP
Address) ( 19.1-4 )
dns.vbird.org IP IP godaddy
dns.vbird.org dns.vbird.org
dns.vbird.org IPDNS
A
dns.vbird.org
dns.vbird.org IP
dns.vbird.org
dns.vbird.org IP godaddy
ISP DNS
ISP DNS
dns.vbird.org NS A IP
DNS
DNS
Internet Server
Server DNS
Server Server
DNS
mail server
DNS Hostname
DNS
DNS
DNS zone
DNS
INTERNIC gTLD ccTLD
centos.vbird DNS
*.idv.tw
zone IP DNS
master/slave DNS zone
DNS zone
INTERNIC ISP ()
IP IP IP INTERNIC
ISP IP () IP
ISP ISP IP
class C IP ISP IP
ISP
zone NS SOA
PTR (PoinTeR)
^_^
ADSL ISP
211.74.253.91 seednet IP
211-74-253-91.adsl.dynamic.seed.net.tw.
^_^
mail server
Internet mail server mail
server IP ISP hinet
http://hidomain.hinet.net/top1.html
DNS
DNS DNS
DNS
Master
DNS
DNS
DNS
slave DNS
Slave
DNS .ksu.edu.tw 3 DNS
DNS Master
Slave
Slave Master .ksu.edu.tw DNS
Master Master Slave
Master BIND
Slave
Tips:
Master/Slave Master
IP Master
Master/Slave
Master / Slave
DNS internet
Master Slave DNS DNS
DNS DNS DNS
IP
Master / Slave
Master/Slave Slave Master
Slave Master Master Slave
master/slave
slave master
master () SOA
Master/Slave DNS (Master/Slave)
DNS
DNS
19.2 Client
DNS
DNS server
19.2.1
19.1.1 IP
DNS
/etc/hosts hostname IP
/etc/resolv.conf ISP DNS IP
/etc/nsswitch.conf /etc/hosts /etc/resolv.conf
Linux IP /etc/hosts
/etc/nsswitch.conf hosts
[root@www ~]# vim /etc/nsswitch.conf
hosts:
files dns
DNS /etc/resolv.conf
hinet 168.95.1.1 DNS
[root@www ~]# vim /etc/resolv.conf
nameserver 168.95.1.1
nameserver 139.175.10.20
DNS IP () DNS
( 139.175.10.20) DNS
DNS IP DNS
Tips:
3 DNS IP /etc/resolv.conf
DNS
DNS
timeout
DHCP IP /etc/resolv.conf
DHCP DHCP
DHCP
/etc/sysconfig/network-scripts/ifcfg-eth0 PEERDNS=no
host
[root@www ~]# host [-a] FQDN [server]
[root@www ~]# host -l domain [server]
-a IPTTL
-l domain allow-transfer domain
IN
ANY
;; ANSWER SECTION:
linux.vbird.org.
145
IN
140.116.44.180
;; AUTHORITY SECTION:
vbird.org.
vbird.org.
145
145
IN
IN
NS
NS
dns.vbird.org.
dns2.vbird.org.
DNS
DNS /etc/reslov.conf
IP
# 4. vbird.org
[root@www ~]# host -l vbird.org
; Transfer failed.
Host vbird.org not found: 9(NOTAUTH)
; Transfer failed. <==
vbird.org DNS
vbird.org vbird.org host -l
DNS
nslookup
[root@www ~]# nslookup [FQDN] [server]
[root@www ~]# nslookup
1. nslookup IP [server]
2. nslookup IP nslookup
nslookup
set type=any
set type=mx mx
# 1. mail.ksu.edu.tw IP
[root@www ~]# nslookup mail.ksu.edu.tw
Server:
168.95.1.1
Address:
168.95.1.1#53 <== DNS IP
Non-authoritative answer:
Name: mail.ksu.edu.tw
Address: 120.114.100.20
<== IP
dig ()
[root@www ~]# dig [options] FQDN [@server]
# 1. linux.vbird.org
[root@www ~]# dig linux.vbird.org
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> linux.vbird.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37415
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;linux.vbird.org.
<==
IN
A
;; ANSWER SECTION:
linux.vbird.org.
<==
600
IN
A
;; AUTHORITY SECTION:
vbird.org.
vbird.org.
<==
600
IN
NS
dns.vbird.org.
600
IN
NS
dns2.vbird.org.
;;
;;
;;
;;
140.116.44.180
QUESTION() linux.vbird.org IP A
(Address)
ANSWER() QUESTION IP
AUTHORITY() linux.vbird.org DNS
dns.vbird.org dns2.vbird.org 600 19.1-4
() linux.vbird.org
600
# 2. linux.vbird.org SOA
[root@www ~]# dig -t soa linux.vbird.org
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> -t soa linux.vbird.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57511
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;linux.vbird.org.
IN
;; AUTHORITY SECTION:
vbird.org.
600
IN
2007091402 28800 7200 720000 86400
;; Query time: 17 msec
SOA
SOA
dns.vbird.org. root.dns.vbird.org.
;; SERVER: 168.95.1.1#53(168.95.1.1)
;; WHEN: Thu Aug 4 14:15:57 2011
;; MSG SIZE rcvd: 78
dig DNS
DNS
^_^ -t type DNS
# 3. 120.114.100.20
[root@www ~]# dig -x 120.114.100.20
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> -x 120.114.100.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60337
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;20.100.114.120.in-addr.arpa.
IN
PTR
;; ANSWER SECTION:
20.100.114.120.in-addr.arpa. 3600 IN
20.100.114.120.in-addr.arpa. 3600 IN
20.100.114.120.in-addr.arpa. 3600 IN
PTR
PTR
PTR
mail-out-r2.ksu.edu.tw.
mail-smtp-proxy.ksu.edu.tw.
mail.ksu.edu.tw.
;; AUTHORITY SECTION:
100.114.120.in-addr.arpa. 3600 IN
100.114.120.in-addr.arpa. 3600 IN
100.114.120.in-addr.arpa. 3600 IN
NS
NS
NS
dns1.ksu.edu.tw.
dns3.twaren.net.
dns2.ksu.edu.tw.
;; ADDITIONAL SECTION:
dns1.ksu.edu.tw.
3036
dns2.ksu.edu.tw.
2658
dns3.twaren.net.
449
A
A
A
120.114.50.1
120.114.150.1
211.79.61.47
;;
;;
;;
;;
IN
IN
IN
120.114.100.20 20.100.114.120.inaddr.arpa.
in-addr.arpa.
19.2.3 whois
host -l
whois
CentOS 6.x whois jwhois whois
yum
whois
[root@www ~]# whois [domainname] <== domain hostname
[root@www ~]# whois centos.org
[Querying whois.publicinterestregistry.net]
[whois.publicinterestregistry.net]
# whois
Domain ID:D103409469-LROR
Domain Name:CENTOS.ORG
Created On:04-Dec-2003 12:28:30 UTC
Last Updated On:05-Dec-2010 01:23:25 UTC
Expiration Date:04-Dec-2011 12:28:30 UTC <==
Sponsoring Registrar:Key-Systems GmbH (R51-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:P-8686062
Registrant Name:CentOS Domain Administrator
Registrant Organization:The CentOS Project
Registrant Street1:Mechelsesteenweg 170
#
whois domain
whois
whois whois
^_^y
whois domain
[root@www ~]# whois vbird.idv.tw
[Querying whois.twnic.net]
[whois.twnic.net]
<== whois
Domain Name: vbird.idv.tw <== domain
Contact:
<==
Der-Min Tsai
vbird@pc510.ev.ncku.edu.tw
Record expires on 2018-09-17 (YYYY-MM-DD)
Record created on 2002-09-13 (YYYY-MM-DD)
Registration Service Provider: HINET
19.3.1 DNS
/etc/sysconfig/named chroot
distributions bind
chroot chroot /etc/sysconfig/named
named chroot
/var/named/chroot /var/named/chroot bind
/etc, /var/named, /var/run ... bind
/var/named/chroot/etc/named.conf
/var/named/chroot/var/named/zone_file1
/var/named/chroot/var/named/zone_file.....
/var/named/chroot/var/run/named/...
CentOS 6.x chroot
mount --bind ( /etc/init.d/named ) /var/named
mount --bind /var/named /var/named/chroot/var/named CentOS
6.x /var/named/chroot/ ^_^
Tips:
/etc/sysconfig/named /etc/init.d/named
/etc/init.d/named script
cache-only DNS
Internet
port 53 DNS port
cache-only DNS
DNS Client
hostname <--> IP DNS Client IP
DNS IP IP cache only
DNS
1. /etc/named.conf
chroot CentOS 6.x
/etc/named.conf /var/named/chroot/etc/named.conf
zone
forwarding cache-only DNS
zone ( . )
//
;
named.conf
options options
{ } options
directory "/var/named";
zone file
/var/named/ chroot
/var/named/chroot/var/named/
dump-file, statistics-file, memstatistics-file
named
allow-query { any; };
DNS
localhost (
) DNS
forward only ;
DNS forward . zone file
2. named
named
DNS
# 1. DNS
[root@www ~]# /etc/init.d/named start
Starting named:
[ OK ]
[root@www ~]# chkconfig named on
# 2.
[root@www ~]# netstat -utlnp | grep named
Proto Recv-Q Send-Q Local Address
Foreign Address
tcp
0
0 192.168.100.254:53 0.0.0.0:*
tcp
0
0 192.168.1.100:53
0.0.0.0:*
tcp
0
0 127.0.0.1:53
0.0.0.0:*
tcp
0
0 127.0.0.1:953
0.0.0.0:*
tcp
0
0 ::1:953
:::*
udp
0
0 192.168.100.254:53 0.0.0.0:*
udp
0
0 192.168.1.100:53
0.0.0.0:*
udp
0
0 127.0.0.1:53
0.0.0.0:*
State
LISTEN
LISTEN
LISTEN
LISTEN
LISTEN
PID/Program name
3140/named
3140/named
3140/named
3140/named
3140/named
3140/named
3140/named
3140/named
3. /var/log/messages ()
named /var/log/messages
4
4
4
4
4
4
4
4
4
4
4
4
4
4
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
14:57:09
www
www
www
www
www
www
www
www
www
www
www
www
www
www
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
named[3140]:
-t ... chroot
/etc/named.conf /var/named/etc/named.conf
(:10)
port 53 DNS
DNS
Tips:
/var/log/messages
couldn't add command channel 127.0.0.1#953: not found
rndc key
RNDC DNS
named.conf
4.
DNS dig www.google.com @127.0.0.1
google IP SERVER:
127.0.0.1#53(127.0.0.1) 19.2
Forwarders
forwarder
Forwarder
DNS forwarder forwarder
( 19.1-4 ) DNS
forwarder
forwarder forwarder DNS
.
Forwarder
DNS
cache only DNS
DNS
cache only server
DNS forwarder
19.4 DNS
DNS
1.
2.
3.
4.
5.
6.
ISP
DNS DNS
centos.vbird DNS
DNS
120.114.100.101
;; AUTHORITY SECTION:
ksu.edu.tw.
911
IN
NS
dns1.ksu.edu.tw.
....()....
# RR
A ksu.edu.tw NS
A IP NS
[domain] [ttl]
IN [[RR type] [RR data]]
[] [()] IN [[] []]
IN RR type RR data A
IP domain FQDN
(.) FQDN dig www.ksu.edu.tw
www.ksu.edu.tw.
ttl time to live DNS
DNS dig www.ksu.edu.tw
DNS
DNS . (root)
()
ttl RR ttl
RR RR
#
[domain]
IN
. IN
. IN
. IN
. IN
. IN
. IN
RR
[[RR type]
A
AAAA
NS
SOA
MX
CNAME
[RR data]]
IPv4 IP
IPv6 IP
.
()
.
A, AAAA IP
A RR IP RR
www.ksu.edu.tw A
[root@www ~]# dig [-t a] www.ksu.edu.tw
;; ANSWER SECTION:
www.ksu.edu.tw.
2987
IN
A
120.114.100.101
# FQDN.
ttl
IP
# RR
# [-t a]
NS (zone)
www.ksu.edu.tw DNS NS
(NameServer) RR NS
domain ksu.edu.tw
[root@www ~]# dig -t ns ksu.edu.tw
;; ANSWER SECTION:
ksu.edu.tw.
1596
IN
NS dns1.ksu.edu.tw.
;; ADDITIONAL SECTION:
dns1.ksu.edu.tw.
577
IN
A 120.114.50.1
# NS IP
DNS DNS
NS IP NS
A NS ^_^
SOA
DNS master/slave
zone file SOA (Start Of Authority)
dns1.ksu.edu.tw.
abuse.mail.ksu.edu.tw.
slave
YYYYMMDDNU 2010080369
2010/08/03 69 2 32
4294967296
4. (Refresh) slave master
DNS 1800 slave master slave
CNAME (alias)
A A
(CNAME) www.google.com
[root@www ~]# dig www.google.com
;; ANSWER SECTION:
www.google.com.
557697 IN
www.l.google.com.
298
IN
CNAME
A
www.l.google.com.
72.14.203.99
www.google.com www.1.google.com A
... (CNAME)
CNAME A IP IP
IP A
A CNAME IP A
CNAME
MX
MX Mail eXchanger () MX
email email server
MX
8 mx01.ksu.edu.tw.
;; ADDITIONAL SECTION:
mx01.ksu.edu.tw.
3600
120.114.100.28
IN
ksu.edu.tw mx01.ksu.edu.tw
mx01.ksu.edu.tw MX
mail server MX A
mx01.ksu.edu.tw A
mx01 8
google.com MX 5
19.4.2 RR
www.ksu.edu.tw.
.(root) > tw > edu
19.1-4
IP 120.114.100.101 120 > 114 > 100 > 101
DNS zone
IP .in-addr.arpa.
www.ksu.edu.tw.
IP
PTR
PTR IP
zone IP .in-addr.arpa.
120.114.100.0/24 class C IP 100.114.120.in-addr.arpa. zone
PTR
FQDN (.)
100.114.120.in-addr.arpa.
www.100.114.120.in-addr.arpa.
Tips:
FQDN
^_^
DNS centos.vbird
IP 192.168.100.0/24 centos.vbird
192.168.100.0/24 DNS .(root) forwarders
.
1.
2.
3.
4.
named.conf ()
named.centos.vbird ( centos.vbird )
named.192.168.100 ( 192.168.100.0/24 )
named.ca ( bind . )
niki.vbird
DNS ^_^
( 3.2-1)
IP
RR
Linux (192.168.100.254)
master.centos.vbird (NS, A)
www.centos.vbird (A)
linux.centos.vbird (CNAME)
ftp.centos.vbird (CNAME)
forum.centos.vbird (CNAME)
www.centos.vbird (MX)
DNS master.centos.vbird
DNS
www.centos.vbird
CNAME
MX
Linux (192.168.100.10)
slave.centos.vbird (NS, A)
clientlinux.centos.vbird(A)
slave DNS
WinXP (192.168.1.101)
workstation.centos.vbird (A)
WinXP (192.168.100.20)
winxp.centos.vbird (A)
Windows XP
Win7 (192.168.100.30)
win7.centos.vbird (A)
Windows 7
IP IP
www.centos.vbird
IP
Tips:
DNS Internet
192.168.100.254 *.yahoo.com
192.168.100.254
yahoo.com 192.168.100.254
19.4.4 /etc/named.conf
options 19.3.3
forwarders zone file zone
zone
options DNS (forward )
zone zone (domain name) zone file ( master/slave/hint)
DNS (key file)()
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query
{ any; };
recursion yes;
allow-transfer { none; }; // zone
};
zone "." IN {
type hint;
file "named.ca";
};
zone "centos.vbird" IN {
type master;
file "named.centos.vbird";
};
zone "100.168.192.in-addr.arpa" IN
type master;
file "named.192.168.100";
};
// zone
//
//
{
options allow-transfer
allow-transfer ( none; };
slave DNS master/slave DNS
slave DNS
none
zone
zone
type
zone . hint
master slave
file
zone
in-addr.arpa 19.4.2
named
zone file named.conf
19.4.5 . (root)
19.1-4 . . INTERNIC
13 . DNS
ftp://rs.internic.net/domain/named.root
CentOS 6.x bind named.ca
19.4.6
RR
(TTL) (ORIGIN)
master/slave (SOA)
IP (NS, A)
(A, MX, CNAME )
RR 19.4.1
domain
zone named.centos.vbird @
centos.vbird. named.192.168.100 @ 100.168.192.inaddr.arpa. ( named.conf zone )
(.) (FQDN)
hostname named.centos.vbird www.centos.vbird
FQDN www.centos.vbird.@ ==> www.centos.vbird.centos.vbird.
www.centos.vbird.
DNS
master.centos.vbird email vbird@www.centos.vbird
IN A
192.168.100.254
IN CNAME www.centos.vbird.
IN CNAME www.centos.vbird.
IN CNAME www.centos.vbird.
#
slave.centos.vbird.
IN A
192.168.100.10
clientlinux.centos.vbird. IN A
192.168.100.10
workstation.centos.vbird. IN A
192.168.1.101
winxp.centos.vbird.
IN A
192.168.100.20
win7
IN A
192.168.100.30 ;
$TTL, SOA, NS ( NS A)
19.4.1
$TTL
RR TTL
DNS TTL DNS
600
$ORIGIN
zone
zone named.conf zone zone
$ORIGIN
DNS (.)
. (FQDN) "hostname + domain name" .
"hostname" zone centos.vbird
(win7) FQDN zone
win7 win7.centos.vbird.
19.4.7
TTL, SOA, NS A PTR
zone zz.yy.xx.in-addr.arpa.
FQDN 19.4.2
192.168.100.0/24 DNS
[root@www ~]# vim /var/named/named.192.168.100
$TTL
600
@
IN SOA master.centos.vbird. vbird.www.centos.vbird. (
2011080401 3H 15M 1W 1D )
@
IN NS master.centos.vbird.
254
IN PTR master.centos.vbird. ; A PTR
254
10
20
30
IN
IN
IN
IN
PTR
PTR
PTR
PTR
www.centos.vbird.
slave.centos.vbird.
winxp.centos.vbird.
win7.centos.vbird.
; IP
101
IN PTR dhcp101.centos.vbird. ; DHCP () IP
102
IN PTR dhcp102.centos.vbird.
....()....
200
IN PTR dhcp200.centos.vbird.
19.4.8 DNS
DNS script
[root@www ~]# /etc/init.d/named start
[root@www ~]# chkconfig named on
<== restart
OK DNS
/var/log/messages
-t chroot_dir chroot
(configuration) /etc/named.conf zone (hint . )
(serial) :
OK
/var/log/messages
DNS
(.) MX
mail server
DNS client
/var/log/messages
named: /etc/named.conf:8: missing ';' before '}'
# /etc/named.conf 8
# (;)
dns_rdata_fromtext: named.centos.vbird:4: near eol: unexpected end of input
zone centos.vbird/IN: loading master file named.centos.vbird: unexpected end of input
...
netstat port 53
[root@www ~]# vim /usr/local/virus/iptables/iptables.rule
#
iptables -A INPUT -p UDP -i $EXTIF --dport 53 --sport 1024:65534 -j ACCEPT
19.4.9
DNS
client
http://thednsreport.com/
DNS
zone DNS
DNS /etc/resolv.conf
[root@www ~]# vim /etc/resolv.conf
nameserver 192.168.100.254 <== IP
nameserver 168.95.1.1
# 1. master.centos.vbird www.centos.vbird A
[root@www ~]# dig master.centos.vbird
;; ANSWER SECTION:
master.centos.vbird.
600
IN
A
192.168.100.254
[root@www ~]# dig www.centos.vbird
;; ANSWER SECTION:
www.centos.vbird.
600
IN
A
192.168.100.254
# 2. ftp.centos.vbird winxp A
[root@www ~]# dig ftp.centos.vbird
;; ANSWER SECTION:
ftp.centos.vbird.
600
IN
CNAME www.centos.vbird.
www.centos.vbird.
600
IN
A
192.168.100.254
[root@www ~]# dig winxp.centos.vbird
;; ANSWER SECTION:
winxp.centos.vbird.
600
IN
A
192.168.100.20
# 3. centos.vbird zone MX
[root@www ~]# dig -t mx centos.vbird
;; ANSWER SECTION:
centos.vbird.
600
IN
MX
10 www.centos.vbird.
# 4. 192.168.100.254 192.168.100.10
[root@www ~]# dig -x 192.168.100.254
;; ANSWER SECTION:
254.100.168.192.in-addr.arpa. 600 IN
PTR
www.centos.vbird.
254.100.168.192.in-addr.arpa. 600 IN
PTR
master.centos.vbird.
[root@www ~]# dig -x 192.168.100.10
;; ANSWER SECTION:
10.100.168.192.in-addr.arpa. 600 IN
PTR
slave.centos.vbird.
www.centos.vbird
IP
IP
1. zone RR
2. zone file (Serial) SOA ()
master/slave
3. named named
master/slave
DNS
NS NS
slave.centos.vbird IP 192.168.100.10
named messages
sending notifies () slave DNS
master DNS
Slave
# 1. named.conf
[root@clientlinux ~]# vim /etc/named.conf
....( master.centos.vbird )....
zone "centos.vbird" IN {
type slave;
file "slaves/named.centos.vbird";
masters { 192.168.100.254; };
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/named.192.168.100";
masters { 192.168.100.254; };
};
# 2. zone file
[root@clientlinux ~]# ll -d /var/named/slaves
drwxrwx---. 2 named named 4096 2011-06-25 11:48 /var/named/slaves
# named
[root@clientlinux ~]# ll -dZ /var/named/slaves
drwxrwx---. named named system_u:object_r:named_cache_t:s0 /var/named/slaves
# SELinux
CentOS /var/named/slaves/
slave zone file file
masters s zone file named.ca .
type slave master
named
[root@clientlinux ~]# /etc/init.d/named start
[root@clientlinux ~]# chkconfig named on
[root@clientlinux ~]# tail -n 30 /var/log/messages | grep named
starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 -u named -t /var/named/chroot
loading configuration from '/etc/named.conf'
....()....
running
zone 100.168.192.in-addr.arpa/IN: Transfer started.
zone 100.168.192.in-addr.arpa/IN: transferred serial 2011080402
zone centos.vbird/IN: Transfer started.
zone centos.vbird/IN: transferred serial 2011080402 <==
#
[root@clientlinux ~]# ll /var/named/slaves
-rw-r--r--. 1 named named 3707 2011-08-05 14:12 named.192.168.100
-rw-r--r--. 1 named named 605 2011-08-05 14:12 named.centos.vbird
# zone file
[root@clientlinux ~]# dig master.centos.vbird @127.0.0.1
[root@clientlinux ~]# dig -x 192.168.100.254 @127.0.0.1
# A PTR
named DNS
centos.vbird master slave
master slave domain
19.5.3 DNS
Master/Slave DNS DNS
DNS
DNS
IP
subdomain ()
DNS
master centos.vbird zone
ISP domain name domain niki.centos.vbird
DNS zone
DNS 19.4
# 1. named.conf zone named.niki.centos.vbird
[root@niki ~]# vim /etc/named.conf
....()....
zone "niki.centos.vbird" IN {
type master;
file "named.niki.centos.vbird";
};
# 2. named.niki.centos.vbird
[root@niki ~]# vim /var/named/named.niki.centos.vbird
$TTL 600
@
IN SOA dns.niki.centos.vbird. root.niki.centos.vbird. (
2011080501 3H 15M 1W 1D )
@
IN NS
dns.niki.centos.vbird.
dns
IN A
192.168.100.200
www
IN A
192.168.100.200
@
IN MX 10 www.niki.centos.vbird.
@
IN A
192.168.100.200
# hostname FQDN
# 3.
[root@niki ~]# /etc/init.d/named restart
[root@niki ~]# tail -n 30 /var/log/messages | grep named
....()....
zone niki.centos.vbird/IN: loaded serial 2011080501
....()....
#
[root@niki ~]# dig www.niki.centos.vbird @192.168.100.254
#
view
intranet 192.168.100.0/24
internet 192.168.100.0/24
intranet zone file zone filenameinternet zone filename
inter
www.centos.vbird IP 192.168.100.254
www.centos.vbird IP 192.168.1.100
view "lan" {
<==
match-clients { "intranet"; }; <== zone
zone "." IN {
type hint;
file "named.ca";
};
zone "centos.vbird" IN {
type master;
file "named.centos.vbird";
allow-transfer { 192.168.100.10; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.100";
allow-transfer { 192.168.100.10; };
};
};
view "wan" {
<==
match-clients { "internet"; }; <== internet
zone "." IN {
type hint;
file "named.ca";
};
zone "centos.vbird" IN {
type master;
file "named.centos.vbird.inter"; <==
};
// IP IP
};
named.centos.vbird.inter
[root@www ~]# cd /var/named
[root@www named]# cp -a named.centos.vbird named.centos.vbird.inter
[root@www named]# vim named.centos.vbird.inter
$TTL
600
@
IN SOA master.centos.vbird. vbird.www.centos.vbird. (
2011080503 3H 15M 1W 1D )
@
IN NS
master.centos.vbird.
master.centos.vbird.
IN A
192.168.1.100
@
IN MX 10 www.centos.vbird.
www.centos.vbird.
IN A
linux.centos.vbird.
IN CNAME
ftp.centos.vbird.
IN CNAME
forum.centos.vbird.
IN CNAME
workstation.centos.vbird. IN A
[root@www named]#
[root@www named]#
[root@www named]#
www.centos.vbird.
# IP
192.168.1.100
www.centos.vbird.
www.centos.vbird.
www.centos.vbird.
192.168.1.101
/etc/init.d/named restart
tail -n 30 /var/log/messages
dig www.centos.vbird @192.168.100.254
600
IN
A
192.168.100.254
192.168.100.0/24
DNS
DNS IP
view
IP
IP http://www.iana.org/numbers/
IP
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
IP
http://rms.twnic.net.tw/twnic/User/Member/Search/main7.jsp?Order=inet_aton%28Startip%29
acl view
acl asia { 1.0.0.0/8; 14.0.0.0/8; 27.0.0.0/8; 36.0.0.0/8; 39.0.0.0/8;
42.0.0.0/0; 49.0.0.0/8; 58.0.0.0/8; 59.0.0.0/8; 60.0.0.0/8;
61.0.0.0/8; 101.0.0.0/8; 103.0.0.0/8; 106.0.0.0/8; 110.0.0.0/8;
111.0.0.0/8; 112.0.0.0/8; 113.0.0.0/8; 114.0.0.0/8; 115.0.0.0/8;
116.0.0.0/8; 117.0.0.0/8; 118.0.0.0/8; 119.0.0.0/8; 120.0.0.0/8;
121.0.0.0/8; 122.0.0.0/8; 123.0.0.0/8; 124.0.0.0/8; 125.0.0.0/8;
126.0.0.0/8; 175.0.0.0/8; 180.0.0.0/8; 182.0.0.0/8; 183.0.0.0/8;
202.0.0.0/8; 203.0.0.0/8; 210.0.0.0/8; 211.0.0.0/8; 218.0.0.0/8;
219.0.0.0/8; 220.0.0.0/8; 221.0.0.0/8; 222.0.0.0/8; 223.0.0.0/8;
139.175.0.0/16; 140.0.0.0/8;150.116.0.0/16;150.117.0.0/16;
163.0.0.0/8; 168.95.0.0/16;192.0.0.0/8;
};
acl nonasia { ! "asia"; any; };
19.6 DNS
DNS
DNS rndc DNS
19.6.1 DNS
DNS DNS
http://www.twnic.net/index3.php
TWNIC domain ISP
ISP Hinet vbird.idv.tw
Hinet
1.
http://domain.hinet.net
2.
3.
(1)
vbird.tw (2)
4. DNS
ISP host IP ()
DNS mail server DNS
19.6-1 (3) DNS
DNS hostname IP IP
IP
3.
DNS
http://thednsreport.com/
DNS Internet
^_^
( CentOS 6.x
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch06.html ) DNS DNS
DNS
lame server
DNS
DNS DNS
Linux
/var/log/messages
lame server
/var/log/messages BIND
/etc/named.conf
# 1. /etc/named.conf
[root@www ~]# vim /etc/named.conf
//
logging {
category lame-servers { null; };
};
# 2. bind
[root@www ~]# /etc/init.d/named restart
rndc DNS
rndc (rndc key) named.conf
DNS DNS rndc distributions
rndc key
# 2. rndc.key
[root@www ~]# vim /etc/rndc.key
#
key "rndc-key" {
algorithm hmac-md5;
secret "UUqxyIwui+22CobCYFj5kg==";
};
# 3. named.conf
[root@www ~]# vim /etc/named.conf
#
key "rndc-key" {
algorithm hmac-md5;
secret "UUqxyIwui+22CobCYFj5kg==";
};
controls {
inet 127.0.0.1 port 953
# DNS
[root@www ~]# rndc status
version: 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1
CPUs found: 1
worker threads: 1
number of zones: 27
<== DNS zone
debug level: 0
<== debug debug
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
<== debug debug
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
<== debug debug
# DNS
[root@www ~]# rndc stats
# /var/named/data
[root@www ~]# cat /var/named/data/named_stats.txt
+++ Statistics Dump +++ (1312528012)
....()....
++ Zone Maintenance Statistics ++
2 IPv4 notifies sent
++ Resolver Statistics ++
....()....
++ Cache DB RRsets ++
[View: lan (Cache: lan)]
[View: wan (Cache: wan)]
[View: _bind (Cache: _bind)]
[View: _meta (Cache: _meta)]
++ Socket I/O Statistics ++
5 UDP/IPv4 sockets opened
4 TCP/IPv4 sockets opened
2 UDP/IPv4 sockets closed
1 TCP/IPv4 sockets closed
2 TCP/IPv4 connections accepted
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1312528012)
#
rndc
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
1. DDNS Server
Linux IP Web
web.centos.vbird
named.conf centos.vbird zone
[root@www ~]# dnssec-keygen -a [] -b [] -n []
/etc/named.conf web.centos.vbird
named.conf
[root@www ~]# vim /etc/named.conf
// Key
key "web" {
algorithm hmac-md5;
secret "xZmUo8ozG8f2OSg/cqH8Bqxk59Ho8....3s9IjUxpFB4Q==";
};
// zone
zone "centos.vbird" IN {
type master;
file "named.centos.vbird";
allow-transfer { 192.168.100.10; };
update-policy {
grant web name web.centos.vbird. A;
};
};
[root@www
[root@www
[root@www
[root@www
~]#
~]#
~]#
~]#
2. Client
DDNS Client Server
Kweb.+157+36124.key Kweb.+157+36124.private SSH sftp
web.centos.vbird /usr/local/ddns
[root@web ~]# cd /usr/local/ddns
[root@web ddns]# nsupdate -k Kweb.+157+36124.key
> server 192.168.100.254
> update delete web.centos.vbird
<==
> update add web.centos.vbird 600 A 192.168.100.200 <==
> send
> [ctrl]+D
#
#
#
#
#
#
ttl
ISP
ISP
>
>>
>>
>>
$tmpfile
$tmpfile
$tmpfile
$tmpfile
/etc/crontab
http://linux.vbird.org/linux_server/0350dns/ddns_update.sh
BIND 9 IP ISP domain
name IP
nsupdate IP IP
19.7
Internet hostname
domain name Fully Qualified Domain Name (FQDN)
IP /etc/hosts DNS
19.8
DNS
Hostname IP Internet IP
Internet
/etc/hosts hosts
[IP] [] [(aliase)]
127.0.0.1 localhost localhost.localdomain
IP HOSTNAME
(forward)(reverse)(loopback)
hostname IP A, NS, SOA, MX, CNAME IP
Hostname SOA, NS PTR localhost 127.0.0.1
client HOSTNAME IP
/etc/nsswitch.conf /etc/hosts DNS
/etc/hosts
/etc/resolv.conf DNS resolver ()
Client HOSTNAME
nslookup
dig
whois DNS
host
named
/var/log/messages
19.9
1 (gTLD, ccTLD) http://www.whois365.com/tw/listtld
http://icannwiki.org/GTLD_and_ccTLD
BIND http://www.isc.org/products/BIND/
Study Area http://www.study-area.org/linux/servers/linux_dns.htm
http://turtle.ee.ncku.edu.tw/~tung/dns/dnsintro.html
lame server http://linux.cvf.net/lame_server.html
DDNS http://www.study-area.org/tips/ddns.htm
Hinet http://hidomain.hinet.net/top1.html
DNS http://www.dnsreport.com/
DNS view
http://www.study-area.org/tips/bind9_view.htm
Red Hat
http://www.redhat.com/magazine/026dec06/features/dns/?sc_cid=bcm_edmsept_007
NIC http://dns-learning.twnic.net.tw/bind/toc.html
bind view http://www.l-penguin.idv.tw/article/dns.htm
IP http://rms.twnic.net.tw/twnic/User/Member/Search/main7.jsp?Order=inet_aton%28Startip%29
2002/12/10
2003/03/10 LPI
2003/09/10 slave DNS
2003/10/08 lame server
2004/10/29 rndckey
2004/10/30 Master/Slave
2004/10/31 DNS
2005/07/19 SOA
2006/10/17
2006/10/20
2007/06/25 Forwarding cache-only
2011/04/26 CentOS 4.x
2011/05/10 view
2011/08/04 CentOS 5.x
2011/08/05 script
2002/12/10
| | | | | | | | | | | | |
firefox 1024x768
http://linux.vbird.org is designed by VBird during 2001-2011. ksu.edu