如何使用 Linux BIND 命令安装和配置 DNS
域名系统 (DNS) 用于将主机名解析(翻译)为互联网协议 (IP) 地址,反之亦然。DNS 服务器(也称为名称服务器)将 IP 地址映射到主机名或域名。
在本文中,您将了解 DNS 的基础知识,从 DNS 如何获取 IP 地址和主机名,到正向和反向查找区域的概念。它还将向您展示如何安装和配置 DNS、定义和编辑区域文件,以及如何在命令的帮助下验证 DNS 是否可以解析到正确的地址。如果您是 DNS 新手,本文将帮助您使用基本配置在系统上使用它。
DNS 的工作原理
当客户端向名称服务器请求信息时,它通常连接到端口 53,然后名称服务器解析请求的名称。
- 从 DNS 客户端向 DNS 服务器发送请求称为查找请求。
- 从 DNS 服务器到 DNS 客户端的响应称为查找响应。
- 配置了DNS服务的系统称为DNS服务器。
- 访问 DNS 服务器的系统称为DNS 客户端。
DNS 从哪里获取 IP 地址?
您可能想知道 DNS 如何获取相应主机名或域名的 IP。DNS 如何在不同的 IP 地址中搜索并正确关联您的域名?谁存储了域名和 IP 地址之间的映射?
DNS 工作流程说明了 DNS 内部如何进行通信以及如何解析地址。
- 当客户端搜索域名时
www.example.com,请求将首先转到互联网服务提供商 (ISP) 的解析器。它将响应用户的请求来解析域名。 - 如果在解析器上找不到 IP 地址,则请求将被转发到根 DNS 服务器,然后再转发到顶级域 (TLD) 服务器。
- TLD 服务器存储顶级域名(例如.com或.net )的信息。
- 请求被转发到名称服务器,该名称服务器了解有关域和 IP 地址的详细信息。
- 名称服务器响应 ISP 的解析器,然后解析器使用请求的 IP 响应客户端。
- 当解析器不知道 IP 时,它会将 IP 及其域存储在缓存中,以提供将来的查询服务。
[立即下载: 系统管理员的 IT 自动化指南。]
正向和反向查找
The forward lookup zone uses the domain name to search for IP addresses, whereas the reverse lookup zone uses IP addresses to search for the domain name.
Install and configure DNS
BIND is a nameserver service responsible for performing domain-name-to-IP conversion on Linux-based DNS servers.
[root@servera ~] # yum install bindThe BIND package provides the named service. It reads the configuration from the /etc/named and /etc/named.conf files. Once this package is installed, you can start configuring DNS.
Configure the /etc/named.conf file
First, add or edit the two values in the options field. One is the DNS server address, and the other is the allow-query to any.
[root@servera ~] # vim /etc/named.conf
listen-on port 53 { 127.0.0.1; 192.168.25.132; };
allow-query { localhost; any; };Here are the values from the above file:
- 192.168.25.132 – DNS server address
- any – matches every IP address
Define the forward and reverse zones
Define the forward and reverse zones in the /etc/named.conf or /etc/named.rfc1912.zones (you can define zones in either of those files). In this example, I am appending zone definition details to the /etc/named.rfc1912.zones file.
[root@servera ~] # vim /etc/named.rfc1912.zones
zone "example.com" IN { type master;
file "example.forward.zone";
allow-update { none; };
};
zone "25.168.192.in-addr.arpa" IN {
type master;
file "example.reverse.zone";
allow-update { none; };
};
Create forward and reverse zone files
You also need to create forward and reverse zone files in the /var/named directory.
Note: By default, the named.conf file includes the /var/named directory for checking zone files. Sample zone files named.localhost and named.loopback are created during the installation of the BIND package.
[root@servera ~] # vim /var/named/example.forward.zone
[root@servera ~] # vim /var/named/example.reverse.zone
Add the nameserver IP to /etc/resolv.conf
First, you must disable DNS processing by NetworkManager because it dynamically updates the /etc/resolv.conf file with DNS settings from its active connection profiles. To disable this and allow manual editing of /etc/resolv.conf, you must create a file (For example, 90-dns-none.conf), as root in the /etc/NetworkManager/conf.d/ directory that contains the following:
[main]
dns=noneSave the file and reload (restart) NetworkManager.
# systemctl reload NetworkManagerAfter you reload NetworkManager, it won't update /etc/resolv.conf. Now, you can manually add the nameserver's IP address to the /etc/resolv.conf file.
[root@servera ~] # vim /etc/resolv.conf
# Generated by NetworkManager
search localdomain example.com
nameserver 192.168.25.132Start/restart and enable the named service
If the named service is not running or is disabled, then start and enable it. If it is already active (running) and you made all these configurations, you need to restart the service to make changes.
[root@servera ~] # systemctl status named.service
[root@servera ~] # systemctl start named.service
[root@servera ~] # systemctl enable named.service
[root@servera ~] # systemctl restart named.service
Verify the DNS name resolution
You have installed the BIND package, configured named files, created lookup zones, and restarted the service to make configurations take effect. Now use the nslookup and dig commands to check whether DNS is working properly and verify whether you are getting the intended results.
nslookupis a program to query internet domain name servers.digis a tool for interrogating DNS servers. It performs DNS lookups and displays the answers that are returned from the nameserver.
Query with nslookup
[root@servera ~] # nslookup servera.example.com
Server: 192.168.25.132
Address: 192.168.25.132#53
Name: servera.example.com
Address: 192.168.25.132
[root@servera ~] # nslookup 192.168.25.132
132.25.168.192.in-addr.arpa name = servera.example.com.Query with dig
Here is a forward lookup, where DNS responds with 192.168.11.132 as an IP for servera.example.com:
[root@servera ~] # dig servera.example.com
...output truncated...
;; ANSWER SECTION:
servera.example.com. 86400 IN A 192.168.25.132
;; AUTHORITY SECTION:
example.com. 86400 IN NS servera.example.com.
...output truncated...
This example displays a reverse lookup, where the DNS server responds with servera.example.com as the domain name for 192.168.25.132:
[root@servera ~] # dig -x 192.168.25.132
...output truncated...
;; ANSWER SECTION:
132.25.168.192.in-addr.arpa. 86400 IN PTR servera.example.com.
;; AUTHORITY SECTION:
25.168.192.in-addr.arpa. 86400 IN NS servera.example.com.
;; ADDITIONAL SECTION:
servera.example.com. 86400 IN A 192.168.25.132
...output truncated...Wrap up
In this article, you learned what DNS is and how it works. Also, you now know what forward and reverse lookup zones are and how they work. You also learned how to install the BIND package, which is responsible for setting up DNS on the system and configuring the named files and lookup zones. Finally, you learned two commands, nslookup and dig, to interrogate DNS resolutions.