DNS 簡介
- resolv.conf : /etc/resolv.conf , 這個檔案可以指定DNS的伺服器IP,每當主機需要將Domain轉換成IP時,就會去DNS伺服器查詢。
Example
- [puritys@www etc]$ cat /etc/resolv.conf
- domain mydomain.com.tw
- search mydomain.com.org
- nameserver 192.168.1.2
- nameserver 168.95.1.1
- nameserver 用戶端要求進行名稱解析的 nameserver IP位址。
- search是指當查詢 domain失敗時,會將sub-domain的值導到search domain去查詢,如 www.mydomain.com.tw 查詢失敗,則會查詢www.mydomain.com.org。
DNS Bind 安裝
我將DNS預設安裝的目錄,修改到/home/program/dns_server,DNS的指令就變成在/home/program/dns_server/bin , /home/program/dns_server/sbin , 設定檔位置在 /home/conf/named.conf
- 下載 bind-9.7.4.tar.gz
- 解壓 tar -zxvf bind-9.7.4.tar.gz
- cd bind-9.7.4
- ./configure –prefix=/home/program/dns_server --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/home/conf
- make
- make install
DNS File
- DNS TTL : time to live , 當其他的DNS伺服器查詢到dns資料之後,cache 記錄存活的秒數。
- TTL 寫法
- $TTL 86400
- $TTL 1440m
- $TTL 24h
- $TTL 1d
- DNS Zone file
- SOA : Start Of Authority , domain.com.tw是指主機 , admin.domain.com.tw是指管理信箱 (admin@domain.com.tw)
Example
- @ IN SOA domain.com.tw. mail.domain.com.tw. (
- 2011081201 ; Serial
- 3600 ; Refresh
- 300 ; Retry
- 86400 ; Expire
- 3600 ) ; Minimum
- Seria : serial number , 流水號,當zone file有變動時,應增加流水號。
- NS : DNS伺服器主機名稱,如ns1.domain.com.tw,另外需將 網址管理的轉址方式改為 DNS,並將 DNS Server 改到你設定的 Name。
- A : 將 Domain Name 指到對應的IP
DNS named.conf設定
Example
- options {
- directory "/home/program/dns_server/etc";
- allow-query {any;};
- listen-on { 192.168.1.2; };
- forwarders {
- 219.84.160.137;
- 168.95.1.1;
- 208.76.62.100;
- };
- };
- zone "ewebsite.com.tw" {
- type master;
- file "/home/program/dns_server/etc/ewebsite.zone";
- allow-query{any;};
- };
- directory : zone 檔案的目錄。一定要設定正確
- allow-query {any;}; 充許其他DNS伺服器查詢,any代表充許任何dns伺服器查詢,你也可以用IP來做限制。
DNS 啟動
- ln -s /home/program/dns_server/sbin/named /usr/bin/named
- sudo /home/program/dns_server/sbin/name 或 sudo /usr/bin/named
- 設定開機自動啟動:/etc/rc.d/rc.local 加入 /usr/bin/named
- port:53 要開放給網外連進來, router 的port:53記得開
DNS 查詢工具
- host [hostname]
Example
- [puritys@www etc]$ host www.google.com.tw
- www.google.com.tw is an alias for www.google.com.
- www.google.com is an alias for www.l.google.com.
- www.l.google.com has address 74.125.153.103
- www.l.google.com has address 74.125.153.104
- www.l.google.com has address 74.125.153.105
- www.l.google.com has address 74.125.153.106
- www.l.google.com has address 74.125.153.147
- www.l.google.com has address 74.125.153.99
- dig [hostname] [dns server]
第二個參數是指定 DNS Server,如果你才剛剛裝好 DNS Server ,而又不知道是否以開始作用時,可以加上這個參數來測試。
Example
- [puritys@www etc]$ dig www.google.com.tw
- ; DiG 9.2.4 www.google.com.tw
- ;; global options: printcmd
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 4, ADDITIONAL: 4
- ;; QUESTION SECTION:
- ;www.google.com.tw. IN A
- ;; ANSWER SECTION:
- www.google.com.tw. 308692 IN CNAME www.google.com.
- www.google.com. 567890 IN CNAME www.l.google.com.
- www.l.google.com. 290 IN A 74.125.153.147
- www.l.google.com. 290 IN A 74.125.153.99
- www.l.google.com. 290 IN A 74.125.153.103
- www.l.google.com. 290 IN A 74.125.153.104
- www.l.google.com. 290 IN A 74.125.153.105
- www.l.google.com. 290 IN A 74.125.153.106
- ;; AUTHORITY SECTION:
- google.com. 136507 IN NS ns4.google.com.
- google.com. 136507 IN NS ns3.google.com.
- google.com. 136507 IN NS ns2.google.com.
- google.com. 136507 IN NS ns1.google.com.
- ;; AUTHORITY SECTION:
- google.com. 136507 IN NS ns4.google.com.
- google.com. 136507 IN NS ns3.google.com.
- google.com. 136507 IN NS ns2.google.com.
- google.com. 136507 IN NS ns1.google.com.
- ;; ADDITIONAL SECTION:
- ns1.google.com. 308886 IN A 216.239.32.10
- ns2.google.com. 308719 IN A 216.239.34.10
- ns3.google.com. 308764 IN A 216.239.36.10
- ns4.google.com. 308723 IN A 216.239.38.10
- ;; Query time: 19 msec
- ;; SERVER: 168.95.1.1#53(168.95.1.1)
- ;; WHEN: Tue Aug 30 02:39:07 2011
- ;; MSG SIZE rcvd: 315
- nslookup [hostname]
Example
- [puritys@www etc]$ nslookup www.google.com.tw
- Server: 168.95.1.1
- Address: 168.95.1.1#53
- Non-authoritative answer:
- www.google.com.tw canonical name = www.google.com.
- www.google.com canonical name = www.l.google.com.
- Name: www.l.google.com
- Address: 72.14.203.147
- Name: www.l.google.com
- Address: 72.14.203.99
- Name: www.l.google.com
- Address: 72.14.203.103
- Name: www.l.google.com
- Address: 72.14.203.104
- Name: www.l.google.com
- Address: 72.14.203.105
- Name: www.l.google.com
- Address: 72.14.203.106
DNS Server 小技巧
DNS server 安裝還蠻簡單的,不過要能動,卻有點小困難,其中最大的原因是很難驗證設定檔是否正確,除了用DNS 查詢工具外,其實還可以去看看 dns log檔,看一下重啟 DNS 時,是否有 Error 訊息 , log 檔位置在此 /var/log/message。