Loading... <p dir="ltr"><span style="font-size: 24px"><strong>一、前言</strong></span></p> <p dir="ltr" style="text-indent: 2em">Dns全称domain name system,当我们访问一个网站时,在网站输入一个网址。但是网络是靠ip地址这个逻辑地址来标识地址的。而一个网址是如何转换为ip地址的?下面我们将简单讲解下dns的原理。</p> <p dir="ltr"><strong><span style="font-size: 24px">二、dns查询过程</span></strong></p> <p dir="ltr" style="text-indent: 2em">在了解dns查询过程时,我们先了解一些有关dns的专业名词</p> <p dir="ltr"> 根域:用来管理互联网的主目录,全球共13台。</p> <p dir="ltr"> 一级域:根域下的子域,如com. cn. org. net. 等</p> <p dir="ltr"> 二级域:众多一级域下的子域,如baidu.com. google.com.等</p> <p dir="ltr"> 子域:是相对与它的上级域而言,如根域下的com. org. 等</p> <p dir="ltr"> 递归:dns查询的一种方式,服务器会把查询请求逐级传递。</p> <p dir="ltr"> 迭代:dns查询的一种方式,如主机A查询一条dns资源记录,那么如果服务器告诉主机A它在某一台服务器上,那么将由A去找下一台服务器,而非是</p> <p dir="ltr"> 这台服务器本身帮它去寻找</p> <p dir="ltr"> FQDN :完全合格域名</p> <p dir="ltr"> 资源记录:用于记录解析的属性。</p> <p dir="ltr"> SOA :起始授权记录,一个区域文件只有一个</p> <p dir="ltr"> NS :name server</p> <p dir="ltr"> MX :邮件交换器</p> <p dir="ltr"> A :用于正向解析</p> <p dir="ltr"> PTR :用于反向解析</p> <p dir="ltr"> CNAME :正式名称</p> <p dir="ltr"> Dns查询过程,如下图</p> <p dir="ltr"><img src="//cto.wang/usr/uploads/2016/07/20160703160741-47.png" title="1443594029571381.png" alt="blob.png" /></p> <p dir="ltr">解说:</p> <p dir="ltr"> 1.当客户端请求访问www.baidu.com时,它向本地dns服务器发起请求询问www.baidu.com的ip地址。</p> <p dir="ltr"> 2.本地dns服务器不知道www.baidu.com的ip地址,那么它将向根域询问。</p> <p dir="ltr"> 3.根域说com.是它的子域,你可以问下com.域。</p> <p dir="ltr"> 4.本地dns于是去询问com.域,com.域说baidu.com.是它的一个子域。</p> <p dir="ltr"> 5.于是本地dns去询问baidu.com.域,baidu.com.说它负责解析这个域,知道www.baidu.com.的地址,于是返回ip地址给本地dns服务器</p> <p dir="ltr"> 6.本地dns服务器取得结果,返回给client。</p> <p dir="ltr"><span style="font-size: 24px"><strong>三、案例</strong></span></p> <p dir="ltr">拓扑图</p> <p dir="ltr"><img src="//cto.wang/usr/uploads/2016/07/20160703160742-100.png" title="1443594110817061.png" alt="blob.png" /></p> <p dir="ltr">软件版本:bind-9.10.3</p> <p dir="ltr">简要说明:master ip:192.168.19.128 , slave ip :192.168.19.129 , subdomain ip :192.168.19.131 ,client ip :192.168.19.132</p> <p dir="ltr">master 与slave为主从dns,master与subdomain为父域和子域关系。</p> <p dir="ltr"><strong>3.1、在所有服务器上部署bind并启动之</strong></p> <p dir="ltr"><strong> </strong>所有的服务器中都需要安装以下环境,这里不一一说明举例。<strong><br /></strong></p> <p dir="ltr"> 安装环境:</p> <pre class="brush:bash;toolbar:false">[root@localhost ~]# yum groupinstall "Development tools" "Server Platform" –y #安装编译软件所需的工具</pre> <p dir="ltr"> <span style="line-height: 15px">建立named用户</span></p> <pre class="brush:bash;toolbar:false">[root@localhost bind-9.10.3]# groupadd -g 53 -r named #创建named用户组 [root@localhost bind-9.10.3]# useradd -g 53 -r -u 53 -s /sbin/nologin named #创建named用户,属组named</pre> <p dir="ltr"> 安装bind</p> <pre class="brush:bash;toolbar:false">[root@localhost bind-9.10.3]# mkdir /usr/local/bind-9.10.3 #创建bind-9.10.3的目录 [root@localhost bind-9.10.3]# ./configure --prefix=/usr/local/bind-9.10.3 --disable-ipv6 --disable-chroot --enable-threads [root@localhost bind-9.10.3]# make && make install #编译安装 [root@localhost bind-9.10.3]# ln -s /usr/local/bind-9.10.3 /usr/local/bind #为bind做一个软链接,方便以后版本升级</pre> <p> <span style="line-height: 15px">生成rndc.conf文件</span></p> <pre class="brush:bash;toolbar:false">[root@localhost etc]# /usr/local/bind/sbin/rndc-confgen -urandom > /usr/local/bind/etc/rndc.conf #生成rndc.conf文件</pre> <p><strong> </strong>named.ca文件生成</p> <pre class="brush:bash;toolbar:false">[root@localhost etc]# dig -t NS . >/usr/local/bind/var/named.ca #生成根的信息</pre> <p><strong> 1.<span style="line-height: 15px">master配置</span></strong></p> <p><span style="line-height: 15px"> named.conf文件配置</span></p> <pre class="brush:bash;toolbar:false">options { directory "/usr/local/bind/var"; #设置named的工作目录 allow-recursion { localnet; }; #允许使用递归查询的客户端 notify yes; #启用通知功能,当masterzone问修改后,通知slave }; acl localnet { #定义一个localnet的acl 192.168.19.128; 192.168.19.129; 192.168.19.131; 127.0.0.1; }; acl order { #定义一个order的acl 192.168.19.132; 172.16.0.0/16; }; view orderview { #创建orderview视图 match-clients { order; }; #允许访问这个视图的客户端 zone "jack.com." IN { #定义一个zone文件 type master; #类型 file "jack.com.zone"; #存储路径,相对于directory目录而言 allow-update { none; }; #不允许所有客户端更新 allow-transfer { order; }; #允许被传输文件的客户端 }; }; view localview { #定义一个localview视图 match-clients { localnet; }; #允许访问这个视图的客户端 zone "." IN { type hint; #设置类型 file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "127.0.0.zone"; allow-update { none; }; }; zone "leon.com." IN { #定义一个zone type master; #类型是master file "leon.com.zone"; allow-update { none; }; allow-transfer { localnet; }; #允许acl是localnet的客户端传输文件 allow-query { localnet; }; #允许哪些客户端查询 }; zone "19.168.192.in-addr.arpa" { #定义一个反向zone type master; file "192.168.19.zone"; allow-update { none; }; allow-transfer { localnet; }; allow-query { localnet; }; }; }; key "rndc-key" { #指定rndc的key文件和控制信息,这部分内容来源于,rndc.conf文件中的后半段 algorithm hmac-md5; secret "wCtvv1ALOnb7Tv0d/o/qyw=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };</pre> <p> <span style="line-height: 15px">编辑master的zone文件</span></p> <pre class="brush:bash;toolbar:false">[root@localhost var]# ll #查看需要哪些zone文件 total 28 -rw-r--r--. 1 root named 118 Sep 27 15:28 127.0.0.zone -rw-r--r--. 1 root named 223 Sep 29 05:07 192.168.19.zone -rw-r--r--. 1 root named 238 Sep 28 05:10 jack.com.zone -rw-r--r--. 1 root named 330 Sep 29 05:03 leon.com.zone -rw-r--r--. 1 root named 114 Sep 27 15:28 localhost.zone -rw-r--r--. 1 root named 890 Sep 27 14:57 named.ca drwxr-xr-x. 3 root root 4096 Sep 27 15:41 run [root@localhost var]# cat *.zone #zone文件内容如下,本处只给出结果,不给出内容 $TTL 86400 @ IN SOA localhost. admin.localhost.( 2015092801 #版本号 3H #刷新间隔 15M #重现刷新间隔 7D #失效日期 1D #否定答案的统一缓存时长 ) IN NS localhost. 1 IN PTR localhost. #此处为127.0.0.zone内容 $TTL 86400 #此处为192.168.19.zone的内容 @ IN SOA ns1.leon.com. admin.leon.com. ( 2015092801 3H 15M 7D 1D ) IN NS ns1.leon.com. #NS记录 IN NS ns2.leon.com. #slave服务器的NS记录 128 IN PTR ns1.leon.com. #master的PTR记录 129 IN PTR ns2.leon.com. #slave的PTR记录 3 IN PTR www.leon.com. 4 IN PTR mail.leon.com. $TTL 86400 #此处为jack.com.zone的内容 @ IN SOA ns1.jack.com. admin.jack.com. ( 2015092801 3H 15M 7D 1D ) IN NS ns1.jack.com. ns1 IN A 192.168.19.128 www IN A 192.168.19.3 smtp IN CNAME mail #正式名称,类似于别名 mail IN A 192.168.19.4 @ IN MX 5 mail.jack.com. * IN A 192.168.19.5 $TTL 86400 #此处为leon.com.zone的内容 @ IN SOA ns1.leon.com. admin.leon.com. ( 2015092801 3H 15M 7D 1D ) @ IN NS ns1.leon.com. #master的NS记录 @ IN NS ns2.leon.com. #slave的NS记录 secret IN NS ns3.secret.leon.com. #子域授权NS记录 ns3.secret IN A 192.168.19.131 #子域授权A记录 ns2 IN A 192.168.19.129 ns1 IN A 192.168.19.128 www IN A 192.168.19.3 smtp IN CNAME mail mail IN A 192.168.19.4 @ IN MX 5 mail.leon.com. $TTL 86400 #此处为localhost.zone的内容 @ IN SOA localhost. admin.localhost.( 2015092801 3H 15M 7D 1D ) IN NS localhost. IN A 127.0.0.1</pre> <p> 修改zone文件的属组</p> <pre class="brush:bash;toolbar:false">[root@localhost sbin]# chown :named /usr/local/bind/etc/named.conf [root@localhost sbin]# chown :named named.ca localhost.zone 127.0.0.zone</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:0;line-height:15px">修改rndc.conf的属组</p> <pre class="brush:bash;toolbar:false">[root@localhost sbin]# chown :named /usr/local/bind/etc/rndc.con</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:0;line-height:15px"><strong>2.部署slave</strong></p> <p class="MsoListParagraph" style="margin-left:48px;text-indent:0;line-height:15px"><span style="font-family: Tahoma, sans-serif;font-size: 15px;line-height: 15px">named.conf文件配置</span></p> <pre class="brush:bash;toolbar:false">[root@localhost etc]# cat named.conf #查看slave的named.conf文件配置,此处不给出过程 options { directory "/usr/local/bind/var"; #工作目录 }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "127.0.0.zone"; }; zone "leon.com." IN { #定义zone文件 type slave; #定义其类型为slave masters { 192.168.19.128; }; #指明它的master地址 file "slaves/leon.com.zone"; #存放位置 }; zone "19.168.192.in-addr.arpa" IN { #定义zone文件 type slave; #定义其类型为slave masters { 192.168.19.128; }; file "slaves/192.168.19.zone"; }; key "rndc-key" { #此处内容和master来源类似 algorithm hmac-md5; secret "ywDZNig5qX0rHte7dIEK8Q=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-indent: 0px">编辑zone文件</span></p> <pre class="brush:bash;toolbar:false">[root@localhost var]# cat *.zone #对于slave的zone文件,只需要设置localhost蒸发zone即可,对于leon.com的区域文件从master中传输过来 $TTL 86400 #定义localhost的反向区域 @ IN SOA localhost. admin.localhost. ( 2015092801 3H 15m 7D 1D ) IN NS localhost. 129 IN PTR localhost. $TTL 86400 #定义localhost的正向区域 @ IN SOA localhost. admin.localhost. ( 2015092801 3H 15m 7D 1D ) IN NS localhost. IN A 192.128.19.129 admin IN A 192.168.19.129</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px">创建slaves文件</p> <pre class="brush:bash;toolbar:false">[root@localhost var]# mkdir -p /usr/local/bind/var/slaves #创建slaves文件,存储master传输过来的zone文件 [root@localhost var]#chmod :named /usr/local/bind/var/slaves && chown +w /usr/local/bind/var/slaves #设置slaves的属组,否则无法创建文件</pre> <p> <strong>3</strong>.<strong><span style="line-height: 15px">子域设置</span></strong></p> <p><span style="line-height: 15px"> named.conf文件配置</span></p> <pre class="brush:bash;toolbar:false">[root@localhost etc]# cat named.conf options { directory "/usr/local/bind/var"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "127.0.0.zone"; allow-update { none; }; }; zone "secret.leon.com." IN { type master; file "secret.leon.com.zone"; allow-update { none; }; }; zone "19.168.192.in-addr.arpa" { type master; file "192.168.19.zone"; allow-update { none; }; }; zone "leon.com." IN { #定义leon.com的zone区域 type forward; #类型是转发,即当客户端询问这个区域是,把请求转发到指定的服务器上 forward only; #only指无论转发服务器是否返回有结果,这个服务器依然转发到被转发的服务器上 forwarders { 192.168.19.128; }; #转发到指定的服务器上 }; key "rndc-key" { algorithm hmac-md5; secret "4qikE7ovgm5AA8rTY+fYLQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px">zone文件配置</p> <pre class="brush:bash;toolbar:false">[root@localhost var]# cat *.zone $TTL 86400 #localhost的反向区域 @ IN SOA localhost. admin.localhost.( 2015092801 3H 15M 7D 1D ) IN NS localhost. 1 IN PTR localhost. $TTL 86400 #子域的反向区域 @ IN SOA ns1.secret.leon.com. admin.secret.leon.com. ( 2015092801 3H 15M 7D 1D ) IN NS ns1.secret.leon.com. 131 IN PTR ns1.secret.leon.com. 30 IN PTR www.secret.leon.com. 40 IN PTR mail.secret.leon.com. $TTL 86400 #localhost的正向区域 @ IN SOA localhost. admin.localhost.( 2015092801 3H 15M 7D 1D ) IN NS localhost. IN A 127.0.0.1 $TTL 86400 #子域的正向区域 @ IN SOA ns3.secret.leon.com. admin.secret.leon.com. ( 2015092801 3H 15M 7D 1D ) IN NS ns3.secret.leon.com. ns3 IN A 192.168.19.131 www IN A 192.168.19.30 mail IN A 192.168.19.40</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">检查配置文件</span></p> <pre class="brush:bash;toolbar:false">[root@localhost var]# /usr/local/bind/sbin/named-checkconf #检测配置文件是否有语法错误</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">启动named(先检测子域的配置文件正确后在启动named服务,master和slave服务器named服务后面启动)</span></p> <pre class="brush:bash;toolbar:false">[root@localhost var]# /usr/local/bind/sbin/named #使用绝对路径启动named服务,master和slave也一样,这里不给出过程了</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">检测配置文件是否正确</span></p> <pre class="brush:bash;toolbar:false">[root@localhost sbin]# /usr/local/bind/sbin/named-checkconf #检测配置文件是否正确,无提示则正确,否则错误 [root@localhost sbin]# /usr/local/bind/sbin/named-checkzone localhost /usr/local/bind/var/localhost.zone zone localhost/IN: loaded serial 2015092801 #检测localhost的zone文件是否正确 OK [root@localhost sbin]# /usr/local/bind/sbin/named-checkzone 0.0.127.in-addr-arpa /usr/local/bind/var/127.0.0.zone zone 0.0.127.in-addr-arpa/IN: loaded serial 2015092801 OK [root@localhost var]# /usr/local/bind/sbin/named-checkzone "leon.com." /usr/local/bind/var/leon.com.zone zone leon.com/IN: loaded serial 2015092801 #检测leon.com的正向zone文件是否正确,子域也一使用这种方法检测,这里就不给出检测过程 OK [root@localhost var]# /usr/local/bind/sbin/named-checkzone "19.168.192.in-addr.arpa." /usr/local/bind/var/192.168.19.zone zone 19.168.192.in-addr.arpa/IN: loaded serial 2015092801 OK #检测leon.com的反向zone文件是否正确,子域也一使用这种方法检测,这里就不给出检测过程</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">查看是否监听端口</span></p> <pre class="brush:bash;toolbar:false">[root@localhost var]# lsof -i:53 #通过lsof命令查看是否监听了53端口,如果没有则返回状态结果为1,也可以使用netstat或ss命令 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME named 2821 root 21u IPv4 24148 0t0 TCP localhost:domain (LISTEN) named 2821 root 22u IPv4 24150 0t0 TCP ns1.leon.com:domain (LISTEN) named 2821 root 512u IPv4 24147 0t0 UDP localhost:domain named 2821 root 513u IPv4 24147 0t0 UDP localhost:domain named 2821 root 514u IPv4 24149 0t0 UDP ns1.leon.com:domain named 2821 root 515u IPv4 24149 0t0 UDP ns1.leon.com:domain</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">查看日志</span></p> <pre class="brush:bash;toolbar:false">[root@localhost var]# tail -5 /var/log/messages #启动master和slave时,查看master的日志信息 Sep 29 08:00:57 localhost rsyslogd-2177: imuxsock lost 30 messages from pid 2821 due to rate-limiting Sep 29 08:00:57 localhost named[2821]: client 192.168.19.129#41820 (leon.com): view localview: transfer of 'leon.com/IN': AXFR started (serial 2015092801) #开始传输serial为2015092801的zone文件,类型为AXFR Sep 29 08:00:57 localhost named[2821]: client 192.168.19.129#41820 (leon.com): view localview: transfer of 'leon.com/IN': AXFR ended #结束传输serial为2015092801的zone文件,类型为AXFR Sep 29 08:00:58 localhost named[2821]: client 192.168.19.129#49398 (19.168.192.in-addr.arpa): view localview: transfer of '19.168.192.in-addr.arpa/IN': AXFR started (serial 2015092801) Sep 29 08:00:58 localhost named[2821]: client 192.168.19.129#49398 (19.168.192.in-addr.arpa): view localview: transfer of '19.168.192.in-addr.arpa/IN': AXFR ended</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">测试主从</span></p> <pre class="brush:bash;toolbar:false">[root@localhost var]# dig -t A www.leon.com. @192.168.19.129 #可以在指定解析服务器为slave来解析,能解析可证明主从同步 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.leon.com. @192.168.19.129 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3597 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 #flags类型为aa则表示权威应答 ;; QUESTION SECTION: ;www.leon.com. IN A ;; ANSWER SECTION: #返回的解析结果 www.leon.com. 86400 IN A 192.168.19.3 ;; AUTHORITY SECTION: leon.com. 86400 IN NS ns2.leon.com. leon.com. 86400 IN NS ns1.leon.com. ;; ADDITIONAL SECTION: ns1.leon.com. 86400 IN A 192.168.19.128 ns2.leon.com. 86400 IN A 192.168.19.129 ;; Query time: 4 msec ;; SERVER: 192.168.19.129#53(192.168.19.129) ;; WHEN: Tue Sep 29 08:04:56 2015 ;; MSG SIZE rcvd: 114</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">测试子域,授权及转发</span></p> <pre class="brush:bash;toolbar:false">[root@localhost var]# dig -t A www.leon.com. @192.168.19.131 #可以指定子域服务器解析父域负责解析的资源, ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.leon.com. @192.168.19.131 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4294 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 #可以看到flags无aa这个类型,则表示非权威应答,因为它不负责解析这个记录,只是把请求转发了出去,父域返回这条记录,然后子域在返回该客户端 ;; QUESTION SECTION: ;www.leon.com. IN A ;; ANSWER SECTION: www.leon.com. 86400 IN A 192.168.19.3 ;; Query time: 14 msec ;; SERVER: 192.168.19.131#53(192.168.19.131) ;; WHEN: Tue Sep 29 08:06:26 2015 ;; MSG SIZE rcvd: 46</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">测试acl (在192。168.19.132机器中,指定父域解析)</span></p> <pre class="brush:bash;toolbar:false">[root@localhost ~]# dig -t A www.leon.com. @192.168.19.128 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.leon.com. @192.168.19.128 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 54867 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available #ANSWER为0,没有解析这条记录,原因是父域做了acl限制 ;; QUESTION SECTION: ;www.leon.com. IN A ;; Query time: 4 msec ;; SERVER: 192.168.19.128#53(192.168.19.128) ;; WHEN: Tue Sep 29 08:09:38 2015 ;; MSG SIZE rcvd: 30</pre> <p class="MsoListParagraph" style="margin-left:48px;text-indent:29px;line-height:15px"><span style="text-align: justify;text-indent: 0px">测试视图(在192。168.19.132上指定父域解析)</span></p> <pre class="brush:bash;toolbar:false">[root@localhost ~]# dig -t A www.jack.com. @192.168.19.128 #在192.168.19.132上指定父域解析www.jack.com这条记录。有返回结果,因为这个视图上没限制这个ip地址。 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -t A www.jack.com. @192.168.19.128 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45223 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.jack.com. IN A ;; ANSWER SECTION: www.jack.com. 86400 IN A 192.168.19.3 ;; AUTHORITY SECTION: jack.com. 86400 IN NS ns1.jack.com. ;; ADDITIONAL SECTION: ns1.jack.com. 86400 IN A 192.168.19.128 ;; Query time: 1 msec ;; SERVER: 192.168.19.128#53(192.168.19.128) ;; WHEN: Tue Sep 29 08:10:47 2015 ;; MSG SIZE rcvd: 80</pre> <p class="MsoListParagraph" style="margin-left:48px;text-align:justify;text-indent:29px;line-height:15px"></p> <p><span style="font-size: 24px"><strong>四、总结</strong></span></p> <p style="text-indent: 2em">做此次实验中,出现了较多错误,像zone文件一些忘记更改属组,特别是zone文件内容格式很重要,尽量不要简写。几台服务器之前named启动顺序也比较重要,负责zone文件检测时会出现错误,如先启动子域,在启动从域,最后主域。如果子域最后启动,那么主域简称zone文件时会出错。</p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信