Download
1 / 16
170 likes | 327 Views
Linux DNS Service. 前言. Linux 使用的幾個要點 不懂就要問男人 [man] 設定檔只有 [0 跟 1] 參數很多時候都可以救你一命 Log 可以讓你更清楚機器的狀況 本人會撰寫這篇的目的,主要是已經確保先前作業系統的安裝、檔案目錄的管理、純文字模式的編輯、網路的設定,都是已經 Ready 的狀況。. 大綱. DNS ............................................ P.04 DNS Service of Linux ........................... P.05
E N D
前言 • Linux 使用的幾個要點不懂就要問男人[man]設定檔只有[0跟1]參數很多時候都可以救你一命Log可以讓你更清楚機器的狀況 • 本人會撰寫這篇的目的,主要是已經確保先前作業系統的安裝、檔案目錄的管理、純文字模式的編輯、網路的設定,都是已經Ready的狀況。
大綱 • DNS............................................P.04 • DNS Service of Linux...........................P.05 • DNS Service Package............................P.06 • DNS Service Install............................P.07 • DNS Client dig Forward & Reverse...............P.08 • DNS Client dig Resource Record.................P.09 • DNS Service Config.............................P.10 • DNS Zone File Service..........................P.11 • DNS Service Configuration......................P.12 • DNS Service Examination........................P.13 • Dig Examination DNS Status.....................P.14
DNS • DNS網路上主機以及主機溝通的協定,都以 (TCP/IP 32bit) 的協定進行溝通,由於人類有限的記憶力,沒有辦法處理以及清楚的記憶,32bit 數字的資訊,所以才有了,IP 位置對應Hostname 的技術產生,方便人類透過直覺的方式,進行主機以及主機之間的連線。 • Resource RecordA 主機名稱對應IP位置SOA 記錄 DNS Server 上的資訊、紀錄時效性NS DNS Server 的 HostnameMX 郵件服務的紀錄Cname 別名紀錄
DNS Service of Linux • Bind以 Linux 2.6 為例,Named Service 的 Daemon 為主,皆已 Bind 的這套服務,是比較多人去使用以及資源的索取較為廣泛的DNS Service。
DNS Service Install • 服務的安裝方式有很多種 tarbal、rpm、atp、yum我們這裡主要以 yum 安裝為主 • 再安裝變更 Bind 路徑、本機名稱解析的服務。 • 這樣子,DNS的服務就安裝完成了。 [root@mail /]# yum install bind-libs bind-utils bind -y [root@mail /]# yum install bind-chroot -y
DNS Client dig Forward & Reverse • dig 服務查詢反解紀錄 • dig 服務查詢正解紀錄 [root@mail ~]# whois rise-lighting.com.tw [Querying whois.twnic.net] [whois.twnic.net] Domain Name: rise-lighting.com.tw Registrant: 世大照明股份有限公司 RISE LIGHTING CO.,LTD No.7,wu chuan 1st rd.,hsin chuang city,taipei hsien,taiwan Contact: Hung hao cheng rise.s3@msa.hinet.net TEL: (02)2299-0607 FAX: (02)2299-0615 Record expires on 2013-01-29 (YYYY-MM-DD) Record created on 2004-01-20 (YYYY-MM-DD) Domain servers in listed order: mail.rise-lighting.com.tw 59.124.208.200 rise-lighting.com.tw 59.124.208.200 Registration Service Provider: HINET [root@mail ~]# dig -x 59.120.166.242 ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 59.120.166.242 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29853 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;242.166.120.59.in-addr.arpa. IN PTR ;; ANSWER SECTION: 242.166.120.59.in-addr.arpa. 43200 IN PTR tonsin.com.tw. ;; AUTHORITY SECTION: 166.120.59.in-addr.arpa. 29737 IN NS vns2.hinet.net. 166.120.59.in-addr.arpa. 29737 IN NS vns1.hinet.net. ;; ADDITIONAL SECTION: vns1.hinet.net. 139 IN A 168.95.192.3 vns2.hinet.net. 127 IN A 168.95.1.12 ;; Query time: 173 msec ;; SERVER: 168.95.1.1#53(168.95.1.1) ;; WHEN: Wed Jul 20 14:12:43 2011 ;; MSG SIZE rcvd: 151
DNS Client dig Resource Record • dig 服務查詢 mx 紀錄 • dig 服務查詢 ns 紀錄 [root@mail ~]# dig tonsin.com.tw ns ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> tonsin.com.tw ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60924 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;tonsin.com.tw. IN NS ;; ANSWER SECTION: tonsin.com.tw. 86400 IN NS ns2.tonsin.com.tw. tonsin.com.tw. 86400 IN NS ns1.tonsin.com.tw. ;; Query time: 361 msec ;; SERVER: 168.95.1.1#53(168.95.1.1) ;; WHEN: Wed Jul 20 14:17:02 2011 ;; MSG SIZE rcvd: 67 [root@mail ~]# dig tonsin.com.tw mx ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> tonsin.com.tw mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60037 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;tonsin.com.tw. IN MX ;; ANSWER SECTION: tonsin.com.tw. 38400 IN MX 10 mail.tonsin.com.tw. tonsin.com.tw. 38400 IN MX 20 mail2.tonsin.com.tw. ;; AUTHORITY SECTION: tonsin.com.tw. 38400 IN NS mail.tonsin.com.tw. ;; ADDITIONAL SECTION: mail.tonsin.com.tw. 38400 IN A 59.120.166.242 mail2.tonsin.com.tw. 38400 IN A 203.67.31.40 ;; Query time: 28 msec ;; SERVER: 168.95.1.1#53(168.95.1.1) ;; WHEN: Wed Jul 20 14:16:19 2011 ;; MSG SIZE rcvd: 120
DNS Service Config • Bind 主要服務設定檔設置 /var/named/chroot/etc/named.conf options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-transfer { none; }; }; zone "." IN { type hint; file "named.root"; }; zone “mydomain.corp" IN { type master; file “mydomain.corp.hosts"; };
DNS Zone File Service • Bind Zone File 放置路徑 /var/named/chroot/var/named/ [root@mail ~]# cd /var/named/chroot/var/named/ [root@mail named]# wget ftp://rs.internic.net/domain/named.root [root@mail named]# vi mydomain.corp.hosts $TTL 3D @ IN SOA @ root.mydomain.corp. ( 2011072001 3H 15M 1W 1D ) ; NS @ IN NS ns.mydomain.corp. ns IN A 59.120.166.242 ; RR @ IN A 203.67.31.40 mail.mydomain.corp. IN A 59.120.166.242 www.mydomain.corp. IN A 203.67.31.40 @ IN MX 10 mail mail.mydomain.corp. IN MX 20 mail
DNS Service Configuration • 將 Name Server 指向自己/etc/resolv.conf [root@mail /]# less /etc/resolv.conf nameserver 127.0.0.1 • 啟用 DNS Service 服務 [root@mail ~]# service named restart Stopping named: . [FAILED] Starting named: [ OK ]
DNS Service Examination • 查看 DNS Service 啟用狀態 [root@mail ~]# netstat -tlunp |grep named tcp 0 0 10.195.34.175:53 0.0.0.0:* LISTEN 2963/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2963/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2963/named tcp 0 0 ::1:953 :::* LISTEN 2963/named udp 0 0 10.195.34.175:53 0.0.0.0:* 2963/named udp 0 0 127.0.0.1:53 0.0.0.0:* 2963/named • 查看 DNS Service 啟用狀態 [root@mail ~]# tail -n100 /var/log/messages Jul 20 17:19:17 mail named[2963]: starting BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 -u named -t /var/named/chroot Jul 20 17:19:17 mail named[2963]: found 2 CPUs, using 2 worker threads Jul 20 17:19:17 mail named[2963]: using up to 4096 sockets Jul 20 17:19:17 mail named[2963]: loading configuration from '/etc/named.conf' Jul 20 17:19:17 mail named[2963]: max open files (1024) is smaller than max sockets (4096) Jul 20 17:19:17 mail named[2963]: using default UDP/IPv4 port range: [1024, 65535] Jul 20 17:19:17 mail named[2963]: using default UDP/IPv6 port range: [1024, 65535] Jul 20 17:19:17 mail named[2963]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 20 17:19:17 mail named[2963]: listening on IPv4 interface eth0, 10.195.34.175#53 Jul 20 17:19:17 mail named[2963]: command channel listening on 127.0.0.1#953 Jul 20 17:19:17 mail named[2963]: command channel listening on ::1#953 Jul 20 17:19:17 mail named[2963]: the working directory is not writable
DNS Service Examination • 使用 dig 進行測試 [root@mail ~]# dig @127.0.0.1 mydomain.corp soa ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @127.0.0.1 mydomain.corp soa ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31817 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;mydomain.corp. IN SOA ;; ANSWER SECTION: mydomain.corp. 38400 IN SOA ns.mydomain.corp. admin.mydomain.corp. 1280075473 10800 3600 604800 38400 ;; AUTHORITY SECTION: mydomain.corp. 38400 IN NS ns.mydomain.corp. ;; ADDITIONAL SECTION: mail.mydomain.corp. 38400 IN A 59.120.166.242 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 20 17:32:32 2011 ;; MSG SIZE rcvd: 108
Internet & Intranet Zone File Configuragetion Database & DDNS Coming Soon !
