Bind是加州大学伯克利分校开发维护的开源、稳定的DNS服务。

www.baidu.com = www.baidu.com.最后的一个.表示根域,.com是一级域,baidu.com是二级域。

DNS解析记录分类

常见的有A记录,CNAME,MX和NS,参见鸟哥的Linux私房菜

Bind安装和配置

A记录

下面的例子中,DNS服务器为192.168.1.128。

1
2
3
4
5
$ yum install -y bind bind-chroot bind-utils
$ rpm -qa | grep bind
$ rpm -ql bind | more # 查看具体安装了哪些内容
$ service named start # 启动DNS
$ cp /etc/named.conf /etc/named.conf.default # 备份配置文件

配置/etc/named.conf为如下:

1
2
3
4
5
6
7
8
options {
       	directory "/var/named";
};

zone "baidu.com" {
       	type master;
       	file "baidu.com.zone";
};

创建文件/var/named/baidu.com.zone,内容如下:

1
2
3
4
5
$TTL 7200
baidu.com. IN SOA baidu.com. consoles.baidu.com. (222 1H 15M 1W 1D)
baidu.com. IN NS dns1.baidu.com.
dns1.baidu.com. IN A 192.168.1.128
www.baidu.com. IN A 2.2.2.2

baidu.com.zone可以简写如下:

1
2
3
4
5
$TTL 7200
@ IN SOA baidu.com. consoles.baidu.com. (222 1H 15M 1W 1D)
baidu.com. IN NS dns1.baidu.com.
dns1 IN A 192.168.1.128
www IN A 14.215.177.38

小提示:如果服务启动失败,可以使用tail -f /var/log/messages查看日志。

第一行的consoles.baidu.com.其实是管理员邮箱consoles@baidu.com.(@是DNS的保留字,表示当前域名,即baidu.com.二级域名)。配置完成后service named restart

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
$ dig @192.168.1.128 www.baidu.com
; <<>> DiG 9.8.3-P1 <<>> @192.168.1.128 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3495
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.baidu.com.			IN     	A

# www.baidu.com的权威DNS解析结果为14.215.177.38
;; ANSWER SECTION:
www.baidu.com. 		7200   	IN     	A      	14.215.177.38

# baidu.com 二级域名ns到了dns1.baidu.com
;; AUTHORITY SECTION:
baidu.com.     		7200   	IN     	NS     	dns1.baidu.com.

# dns1.baidu.com找到了192.168.1.128
;; ADDITIONAL SECTION:
dns1.baidu.com.		7200   	IN     	A      	192.168.1.128

;; Query time: 3 msec
;; SERVER: 192.168.1.128#53(192.168.1.128)
;; WHEN: Wed Dec 28 21:44:02 2016
;; MSG SIZE  rcvd: 82

CNAME记录

CNAME,别名记录,多个域名指向同一个ip。上面的A记录中www.baidu.com解析到了14.215.177.38,我们要做的是将`baidu.admin.com`解析到14.215.177.38。

/etc/named.conf

1
2
3
4
5
6
7
8
9
10
11
12
options {
        directory "/var/named";
};

zone "baidu.com" {
        type master;
        file "baidu.com.zone";
};
zone "admin.com" {
        type master;
        file "admin.com.zone";
};

/var/named/admin.com.zone

1
2
3
4
5
$TTL 7200
admin.com. IN SOA admin.com. admin.gmail.com. (4012100 1H 15M 1W 1D)
admin.com. IN NS dns1.admin.com.
dns1.admin.com. IN A 192.168.1.128
baidu.admin.com. IN CNAME www.baidu.com.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
$ dig @127.0.0.1 baidu.admin.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> @127.0.0.1 baidu.admin.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28830
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.admin.com.      		IN     	A

;; ANSWER SECTION:
# baidu.admin.com. CNAME 到了www.baidu.com.
baidu.admin.com.       	7200   	IN     	CNAME  	www.baidu.com.
www.baidu.com. 		7200   	IN     	A      	14.215.177.38

;; AUTHORITY SECTION:
baidu.com.     		7200   	IN     	NS     	dns1.baidu.com.

;; ADDITIONAL SECTION:
dns1.baidu.com.		7200   	IN     	A      	192.168.1.128

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 四 12月 29 06:13:42 CST 2016
;; MSG SIZE  rcvd: 119

我们可以修改宿主机的dns为192.168.1.128,然后运行:

1
2
3
4
5
6
7
$ nslookup baidu.admin.com
Server:		192.168.1.128
Address:       	192.168.1.128#53

baidu.admin.com	canonical name = www.baidu.com.
Name:  	www.baidu.com
Address: 14.215.177.38

正向解析和反向解析

正向解析是通过域名查找IP,例如A记录;反向解析是使用IP查找域名,例如PTR记录。反向解析多用于邮件服务器,通常情况下并不需要使用。

MX记录

/var/named/baidu.com.zone

1
2
3
4
5
6
7
$TTL 7200
@ IN SOA baidu.com. consoles.baidu.com. (222 1H 15M 1W 1D)
baidu.com. IN NS dns1.baidu.com.
dns1 IN A 192.168.1.128
www IN A 14.215.177.38
@ IN MX 10 mail
mail IN A 192.168.1.165
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
$ dig @127.0.0.1 mail.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> @127.0.0.1 mail.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15666
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.baidu.com.       			IN     	A

;; ANSWER SECTION:
mail.baidu.com.		7200   	IN     	A      	192.168.1.165

;; AUTHORITY SECTION:
baidu.com.     		7200   	IN     	NS     	dns1.baidu.com.

;; ADDITIONAL SECTION:
dns1.baidu.com.		7200   	IN     	A      	192.168.1.128

配置反向解析的域,/etc/named.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
options {
        directory "/var/named";
};

zone "baidu.com" {
        type master;
        file "baidu.com.zone";
};
zone "admin.com" {
        type master;
        file "admin.com.zone";
};
zone "1.168.192.in-addr.arpa" {
        type master;
        file "192.168.1.zone";
};

注意上面配置的时候使用ip倒置。

192.168.1.zone配置:

1
2
3
4
5
$TTL 3600
@ IN SOA 1.168.192.in-addr.arpa. consoles.gmail.com. (2014012200 1H 15M 1W 1D)
@ IN NS dns1.baidu.com.
128 IN PTR dns1.baidu.com.
165 IN PTR mail.baidu.com.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
$ dig -x 192.168.1.165 @127.0.0.1 # 测试反向解析
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> -x 192.168.1.165 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27561
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;165.1.168.192.in-addr.arpa.   	IN     	PTR

;; ANSWER SECTION:
165.1.168.192.in-addr.arpa. 3600 IN    	PTR    	mail.baidu.com.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.	3600   	IN     	NS     	dns1.baidu.com.

;; ADDITIONAL SECTION:
dns1.baidu.com.		7200   	IN     	A      	192.168.1.128

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 四 12月 29 06:49:06 CST 2016
;; MSG SIZE  rcvd: 118

DNS客户端工具

1
2
3
$ host -t SOA baidu.com
$ host -t NS baidu.com
$ host -t A baidu.com

nslookup支持交互模式.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
➜  named nslookup
server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> www.baidu.com
Server:		127.0.0.1
Address:       	127.0.0.1#53

Name:  	www.baidu.com
Address: 14.215.177.38
> set q=a
> baidu.com
Server:		114.114.114.114
Address:       	114.114.114.114#53

Non-authoritative answer:
Name:  	baidu.com
Address: 220.181.57.217
Name:  	baidu.com
Address: 111.13.101.208
Name:  	baidu.com
Address: 123.125.114.144
1
$ dig -t a baidu.com @127.0.0.1 # 使用127.0.0.1这个DNS服务器

Bind负载均衡

递归查询

递归查询和迭代查询

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
➜  ~ cat /etc/named.conf
options {
       	directory "/var/named";
        # recursion no;   默认为yes,允许递归查询
};

zone "baidu.com" {
       	type master;
       	file "baidu.com.zone";
};
zone "admin.com" {
       	type master;
       	file "admin.com.zone";
};
zone "1.168.192.in-addr.arpa" {
       	type master;
       	file "192.168.1.zone";
};
➜  ~ dig @127.0.0.1 www.qq.com # 本地没有配置www.qq.com的解析,发起递归查询

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> @127.0.0.1 www.qq.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6921
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.qq.com.   			IN     	A

;; ANSWER SECTION:
www.qq.com.    		300    	IN     	A      	59.37.96.63
www.qq.com.    		300    	IN     	A      	14.17.32.211
www.qq.com.    		300    	IN     	A      	14.17.42.40

;; AUTHORITY SECTION:
www.qq.com.    		86400  	IN     	NS     	ns-tel2.qq.com.
www.qq.com.    		86400  	IN     	NS     	ns-tel1.qq.com.

;; ADDITIONAL SECTION:
ns-tel1.qq.com.		600    	IN     	A      	183.2.186.153
ns-tel1.qq.com.		600    	IN     	A      	182.140.184.140
ns-tel2.qq.com.		3600   	IN     	A      	183.61.47.15

;; Query time: 4975 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 五 12月 30 05:19:53 CST 2016
;; MSG SIZE  rcvd: 179

# 将options中的recursion设置为no再次发起对www.qq.com的dns查询
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> @127.0.0.1 www.qq.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 13654
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available # 递归请求不可用

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.qq.com.   			IN     	A

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 五 12月 30 05:26:37 CST 2016
;; MSG SIZE  rcvd: 39

子域授权

A服务负责(baidu.com)的域名解析,授权B服务器子域(test.baidu.com)的域名解析。DNS迭代查询利用的就是子域授权。