DNS伺服器-正向及反向解析設定

DNS查詢只會使用53/UDP,除非是做Zonetranfer才會使用53/TCP。

正向解析(Forward DNS lookup):從主機名稱查到 IP 位址的流程
# dig www.hinet.net
 .....(略)
 ;; ANSWER SECTION:
 www.google.com. 5 IN A 74.125.31.103
 www.google.com. 5 IN A 74.125.31.104
 www.google.com. 5 IN A 74.125.31.105
 www.google.com. 5 IN A 74.125.31.106
 www.google.com. 5 IN A 74.125.31.147
 www.google.com. 5 IN A 74.125.31.99

 .....(略)

反向解析(Reverse DNS lookup):從 IP 位址查到主機名稱的流程
# dig -x 168.95.1.1
 .....(略)
 ;; ANSWER SECTION:
 1.1.95.168.in-addr.arpa. 5 IN PTR dns.hinet.net.
 .....(略)

範例:解析 192.168.122.0/24 網域內的郵件伺服器
DNS 伺服器(192.168.122.108):ns.linux.org.tw
郵件伺服器(192.168.122.225):mailer.linux.org.tw
測試用主機(192.168.122.76)
網域名稱:linux.org.tw

DNS 伺服器

  1. 編輯主設定檔 /etc/named.conf
  2. # vim /etc/named.conf
     listen-on port 53 { any; };
     listen-on-v6 port 53 { any; };
     allow-query { any; };

    # service named restart

  3. 開啟防火牆

  4. 測試:解析外部網域成功
  5. # dig www.google.com @192.168.122.108
     .....(略)
     ;; ANSWER SECTION:
     www.google.com. 250 IN A 74.125.31.105
     www.google.com. 250 IN A 74.125.31.99
     www.google.com. 250 IN A 74.125.31.147
     www.google.com. 250 IN A 74.125.31.103
     www.google.com. 250 IN A 74.125.31.104
     www.google.com. 250 IN A 74.125.31.106
     .....(略)

    # dig -x 168.95.1.1 @192.168.122.108
     .....(略)
     ;; ANSWER SECTION:
     1.1.95.168.in-addr.arpa. 86345 IN PTR dns.hinet.net.
     .....(略)

  6. 測試:解析內部網域的郵件伺服器失敗失敗
  7. # dig mailer.linux.org.tw @192.168.122.108
      沒有 ANSWER SECTION:

    # dig -x 192.168.122.225 @192.168.122.108
      沒有 ANSWER SECTION:

  8. 增加 zone 記錄,可放在主設定檔或 /etc/named.rfc1912.zones
  9. # vim /etc/named.rfc1912.zones
     zone "linux.org.tw" IN {
       type master;
       file "linux.org.tw.zone";
     };

     zone "122.168.192.in-addr.arpa" IN {
       type master;
       file "192.168.122.zone";
     };

  10. 新增並編輯 linux.org.tw.zone 檔案
  11. # cp -p /var/named/named.localhost /var/named/linux.org.tw.zone
    # vim linux.org.tw.zone
     $TTL 1D
     @ IN SOA dns root.linux.org.tw. (  // @為 zone 的名稱 linux.org.tw
              2013010201 ; serial
              1D ; refresh
              1H ; retry
              1W ; expire
              3H ) ; minimum
         NS dns
         IN MX 10 mailer
     dns A 192.168.122.108
     mailer A 192.168.122.225

  12. 新增並編輯 192.168.122.zone 檔案
  13. # cp -p /var/named/named.loopback /var/named/192.168.122.zone
    # vim 192.168.122.zone
     $TTL 1D
     @ IN SOA dns.linux.org.tw. root.linux.org.tw. (  // @為 zone 的名稱 122.168.192.in-addr.arpa
              2013010201 ; serial
              1D ; refresh
              1H ; retry
              1W ; expire
              3H ) ; minimum
         NS dns.linux.org.tw.
     108 PTR dns.linux.org.tw.
     225 PTR mailer.linux.org.tw.

  14. 重啟服務
  15. # service named restart

測試用主機(192.168.122.76)

  1. 增加一筆 DNS 位址 192.168.122.108
  2. # vim /etc/resolv.vonf
     nameserver 192.168.122.108
    # chattr +i /etc/resolv.vonf  // 當 NetworkManager 重啟後,會自動更改內容,此方法可鎖定檔案(-i 可移除鎖定)。不然就是要停止 NetworkManager 開機時啟動,並更改 /etc/sysconfig/network-scripts/ifcfg-eth* 內容。

  3. 正解 DNS 及郵件伺服器成功
  4. # dig dns.linux.org.tw
     .....(略)
     ;; ANSWER SECTION:
     dns.linux.org.tw. 86400 IN A 192.168.122.108

     .....(略)

    # dig mailer.linux.org.tw
     .....(略)
     ;; ANSWER SECTION:
     mailer.linux.org.tw. 86400 IN A 192.168.122.225

     .....(略)

  5. 反解 DNS 及郵件伺服器成功
  6. # dig -x 192.168.122.108
     .....(略)
     ;; ANSWER SECTION:
     108.122.168.192.in-addr.arpa. 86400 IN PTR dns.linux.org.tw.

     .....(略)

    # dig -x 192.168.122.225
     .....(略)
     ;; ANSWER SECTION:
     225.122.168.192.in-addr.arpa. 86400 IN PTR mailer.linux.org.tw.

     .....(略)

沒有留言:

張貼留言