DNS的解析流程
一、DNS的解析方式
1、正向解析
正向解析文件中存储的记录称为A记录,A记录记录着域名和IP的映射关系
2、反向解析
反向解析文件中存储的记录称为PTR指针,PTR记录着IP和域名的映射关系
二、DNS域名的分层结构
国家域:cn中国,hk香港,uk英国,au,澳大利亚
顶级域(领域):com商业用途,net网络组织,edu教育
二级域:个性化的名称,每个域的二级域都不一样
主机名(用途):www(网页),mail(邮箱)
三、DNS解析过程
DNS的解析过程是分层解析的,一般客户机将解析的请求发送给他的DNS服务器,DNS服务器首先是从根DNS服务器(.)开始发送域名解析请求,将根com域的Ip反馈给客户机的
DNS主从配置: 需要两台机器: 一台为主dns服务器,一台为从DNS服务器
[root@localhost ~]# yum install bind -y
[root@server ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.31.128; };#主服务器的ip
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { 192.168.31.0/24; };#配置允许查询的网段
allow-transfer { 192.168.31.129; };#从DNS的IP地址
……
zone "openlab.com" IN {
type master;
file "openlab.zone";
}
[root@server ~]# vim /var/named/openlab.zone
$TTL 1D
@ IN SOA dns.openlab.com. test.163.com (
10
1D
1H
1W
3H )
IN NS dns.openlab.com.
IN MX 10 mail.openlab.com.
IN NS dns2.openlab.com.
mail.opwnlab.com. IN A 192.168.80.200
dns.openlab.com. IN A 192.168.80.128
dns2.openlab.com. IN A 192.168.80.129
ftp IN A 192.168.80.200
dhcp IN A 192.168.80.200
www IN A 192.168.80.200
web IN CNAME www
[root@server ~]# systemctl restart named
[root@server ~]# nslookup dns2.openlab.com 192.168.31.128
Server: 192.168.80.128
Address: 192.168.80.128
Name: dns2.openlab.com
Address: 192.168.80.129
[root@localhost ~]# yum install bind -y
[root@client ~]# vim /etc/named.conf
……
zone "openlab.com" IN {
type slave;
masters { 192.168.80.128; };
file "slaves/openlab.zone";
};
[root@server ~]# systemctl restart named
[root@client ~]# cd /var/named/slaves/
[root@client slaves]# ll
total 4
-rw-r--r--. 1 named named 522 Aug 8 12:10 openlab.zone
使用httpd服务演示安全上下文值的设定(selinux)
[root@localhost ~]# systemctl restart firewalld
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# vim /etc/httpd/conf.d/host.conf
<directory /www>
allowoverride none
require all granted
</directory>
<virtualhost 192.168.80.128:80>
documentroot /www/80
servername 192.168.80.128
</virtualhost>
[root@localhost ~]# mkdir -pv /www/80
[root@localhost ~]# echo this is 80 > /www/80/index.html
[root@localhost ~]# systemctl restart httpd
使用web服务端口的改变来演示端口的设定(selinux)
[root@localhost ~]# vim /etc/httpd/conf.d/host.conf
[root@localhost ~]# mkdir /www/8888
[root@localhost ~]# echo this is 8888 > /www/8888/index.html
[root@localhost ~]# systemctl restart httpd
#服务重启失败,查看日志
[root@localhost ~]# tail -f /var/log/messages
[root@localhost ~]# firewall-cmd --permanent --add-port=8888/tcp
success
[root@localhost ~]# firewall-cmd --reload
success
#添加8888端口为服务端口:
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 8888
[root@localhost ~]# systemctl restart httpd
#访问成功
