2011
Aug
30

DNS 簡介

  • resolv.conf : /etc/resolv.conf , 這個檔案可以指定DNS的伺服器IP,每當主機需要將Domain轉換成IP時,就會去DNS伺服器查詢。
Example
  1. [puritys@www etc]$ cat /etc/resolv.conf
  2. domain mydomain.com.tw
  3. search mydomain.com.org
  4. nameserver 192.168.1.2
  5. nameserver 168.95.1.1
  • nameserver 用戶端要求進行名稱解析的 nameserver IP位址。
  • search是指當查詢 domain失敗時,會將sub-domain的值導到search domain去查詢,如 www.mydomain.com.tw 查詢失敗,則會查詢www.mydomain.com.org。

DNS Bind 安裝

我將DNS預設安裝的目錄,修改到/home/program/dns_server,DNS的指令就變成在/home/program/dns_server/bin , /home/program/dns_server/sbin , 設定檔位置在 /home/conf/named.conf

  • 下載 bind-9.7.4.tar.gz
  • 解壓 tar -zxvf bind-9.7.4.tar.gz
  • cd bind-9.7.4
  • ./configure –prefix=/home/program/dns_server --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/home/conf
  • make
  • make install

DNS File

  • DNS TTL : time to live , 當其他的DNS伺服器查詢到dns資料之後,cache 記錄存活的秒數。
  • TTL 寫法
    • $TTL 86400
    • $TTL 1440m
    • $TTL 24h
    • $TTL 1d
  • DNS Zone file
    • SOA : Start Of Authority , domain.com.tw是指主機 , admin.domain.com.tw是指管理信箱 ([email protected])
Example
  1. @ IN SOA domain.com.tw. mail.domain.com.tw. (
  2. 2011081201 ; Serial
  3. 3600 ; Refresh
  4. 300 ; Retry
  5. 86400 ; Expire
  6. 3600 ) ; Minimum
  • Seria : serial number , 流水號,當zone file有變動時,應增加流水號。
  • NS : DNS伺服器主機名稱,如ns1.domain.com.tw,另外需將 網址管理的轉址方式改為 DNS,並將 DNS Server 改到你設定的 Name。
  • A : 將 Domain Name 指到對應的IP

DNS named.conf設定

Example
  1. options {
  2. directory "/home/program/dns_server/etc";
  3. allow-query {any;};
  4. listen-on { 192.168.1.2; };
  5. forwarders {
  6. 219.84.160.137;
  7. 168.95.1.1;
  8. 208.76.62.100;
  9. };
  10. };
  11.  
  12. zone "ewebsite.com.tw" {
  13. type master;
  14. file "/home/program/dns_server/etc/ewebsite.zone";
  15. allow-query{any;};
  16. };
  • directory : zone 檔案的目錄。一定要設定正確
  • allow-query {any;}; 充許其他DNS伺服器查詢,any代表充許任何dns伺服器查詢,你也可以用IP來做限制。

DNS 啟動

  • ln -s /home/program/dns_server/sbin/named /usr/bin/named
  • sudo /home/program/dns_server/sbin/name 或 sudo /usr/bin/named
  • 設定開機自動啟動:/etc/rc.d/rc.local 加入 /usr/bin/named
  • port:53 要開放給網外連進來, router 的port:53記得開

DNS 查詢工具

  • host [hostname]
Example
  1. [puritys@www etc]$ host www.google.com.tw
  2. www.google.com.tw is an alias for www.google.com.
  3. www.google.com is an alias for www.l.google.com.
  4. www.l.google.com has address 74.125.153.103
  5. www.l.google.com has address 74.125.153.104
  6. www.l.google.com has address 74.125.153.105
  7. www.l.google.com has address 74.125.153.106
  8. www.l.google.com has address 74.125.153.147
  9. www.l.google.com has address 74.125.153.99

  • dig [hostname] [dns server]

第二個參數是指定 DNS Server,如果你才剛剛裝好 DNS Server ,而又不知道是否以開始作用時,可以加上這個參數來測試。

Example
  1. [puritys@www etc]$ dig www.google.com.tw
  2. ; DiG 9.2.4 www.google.com.tw
  3. ;; global options: printcmd
  4.  
  5. ;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 4, ADDITIONAL: 4
  6.  
  7. ;; QUESTION SECTION:
  8. ;www.google.com.tw. IN A
  9.  
  10. ;; ANSWER SECTION:
  11. www.google.com.tw. 308692 IN CNAME www.google.com.
  12. www.google.com. 567890 IN CNAME www.l.google.com.
  13. www.l.google.com. 290 IN A 74.125.153.147
  14. www.l.google.com. 290 IN A 74.125.153.99
  15. www.l.google.com. 290 IN A 74.125.153.103
  16. www.l.google.com. 290 IN A 74.125.153.104
  17. www.l.google.com. 290 IN A 74.125.153.105
  18. www.l.google.com. 290 IN A 74.125.153.106
  19.  
  20. ;; AUTHORITY SECTION:
  21. google.com. 136507 IN NS ns4.google.com.
  22. google.com. 136507 IN NS ns3.google.com.
  23. google.com. 136507 IN NS ns2.google.com.
  24. google.com. 136507 IN NS ns1.google.com.
  25. ;; AUTHORITY SECTION:
  26. google.com. 136507 IN NS ns4.google.com.
  27. google.com. 136507 IN NS ns3.google.com.
  28. google.com. 136507 IN NS ns2.google.com.
  29. google.com. 136507 IN NS ns1.google.com.
  30.  
  31. ;; ADDITIONAL SECTION:
  32. ns1.google.com. 308886 IN A 216.239.32.10
  33. ns2.google.com. 308719 IN A 216.239.34.10
  34. ns3.google.com. 308764 IN A 216.239.36.10
  35. ns4.google.com. 308723 IN A 216.239.38.10
  36.  
  37. ;; Query time: 19 msec
  38. ;; SERVER: 168.95.1.1#53(168.95.1.1)
  39. ;; WHEN: Tue Aug 30 02:39:07 2011
  40. ;; MSG SIZE rcvd: 315
  • nslookup [hostname]
Example
  1. [puritys@www etc]$ nslookup www.google.com.tw
  2. Server: 168.95.1.1
  3. Address: 168.95.1.1#53
  4.  
  5. Non-authoritative answer:
  6. www.google.com.tw canonical name = www.google.com.
  7. www.google.com canonical name = www.l.google.com.
  8. Name: www.l.google.com
  9. Address: 72.14.203.147
  10. Name: www.l.google.com
  11. Address: 72.14.203.99
  12. Name: www.l.google.com
  13. Address: 72.14.203.103
  14. Name: www.l.google.com
  15. Address: 72.14.203.104
  16. Name: www.l.google.com
  17. Address: 72.14.203.105
  18. Name: www.l.google.com
  19. Address: 72.14.203.106

DNS Server 小技巧

DNS server 安裝還蠻簡單的,不過要能動,卻有點小困難,其中最大的原因是很難驗證設定檔是否正確,除了用DNS 查詢工具外,其實還可以去看看 dns log檔,看一下重啟 DNS 時,是否有 Error 訊息 , log 檔位置在此 /var/log/message。


回應 (Leave a comment)