• m Linux pЉ|
    osGAзR firefox s
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    @ @ @
    @
    ̪sG2011/08/05
    ڭ̳DAbyOСzWAH`OpqAӤH̹rLHSӋr@C]AQnϥίº骺 TCP/IP ӤWAbnOФSꐷСCFARHϥβߺDA]@ӦW DNS AȡADڭ̱NDEWٶR IP njaunOoDEWٴNϥ Internet NNNo^TIbo@SAڭ̷|ͤ@ DNS AȤB϶ zone NqARDEW٪vyPd߬y{AH master/slave DNS AȪtmΆνIԒʰʸ


    jADϥ19.1 O DNS

    DNS VӶVnAר䥼 IPv6 oӻݭn 128bits }NC]ڭ̳s IPv4 32bits I_ӤFA 128bits nIH oɥDEW٦۰ʶR IP NܭnTINO DNSCO DNS []IꐷСAIOznzC ]boӤp`SAڭ̥ӽͽͻPDEW٦}@ǪѡAoˬ[] DNS ~|XDC


    pADϥ19.1.1 κDEW٨o IP vW

    ثeں@ɨϥΪOҿת TCP/IP wA䤤 IP ĥ| IPv4 CLAo IPv4 O 32 줸œAFHwg茦|œQi쪺ӋrFAҦp 12.34.56.78 o˪榡CSڭ̧Q Internet ǰeƪɭԡANݭno IP A_hƫʥ]򪾹DnQe̥hH


    • x@ɮ׳BzW~NG /etc/hosts

    MӤH IP oRӋrNAOФObOˡCOnW Internet S@wݭn IPAHFRIoӰDA BͷQ@ӤkANOQάYǯSwɮױNDEWٻP IP @@ӹRA p@ӡAڭ̴NiHzLDEW٨ӨoMDE IP FIuOӦnDNA]HWrOФOiNnhFI NO /etc/hosts oɮתγ~FC

    iOAoӤkROʾѪANODEWٻP IP RLk۰ʩҦqsA BnNDEW٥[JMɮ׶ȯV INTERNIC UAY IP ӋqӦhɡAMɮ׷|j줣^ܡA]N󤣧QLDEPBƤFC pUϩҥܡAΤݹqConsU@ɮפ~බQpI

    zLx@ɮ׶isuܷN
    19.1-1BzLx@ɮ׶isuܷN

    bĥ| 4.2.1 ̭ڭ̬͹L /etc/hosts oɮתΪkA򥻤WMɮפeNOyIP DEW DEOW@ DEOWG...zCb̭̭nNO localhost R 127.0.0.1 oөNNIAdURM۰OCo̤]AjաAbApkA̦nNҦp IP PDEWٹRgJoɮפTI


    • B피hDEWٺ޲z[cG DNS t

    |yBqӋqhɡA/etc/hosts ˬOR^ΪA۱q 90 ~N]ƫAx@ɮ /etc/hosts pDNoͤWpTIFMoӤqYDAfJܤjoiXt~@M피h޲zDEWٹR IP tA ڭ̺٥ Berkeley Internet Name Domain, BIND AoӨtiNuqhF zL피h޲zAiHPi@u@ӴΤFIo]Oثe@ɨϥγ̼sxZkW٨t (Domain Name System, DNS) zL DNS Aڭ̤ݭnDDE IP AunDMDEW١AN^sWMDEFI

    DNS Q𪬥ؿ[cANDEW٪޲ztbPhŪ DNS ASAgѤh޲zA ҥHC@ DNS AOЪTN|ܦhAӥBY IP ʮɤ]SeקI]ApGwgӽШDEWٶRvA bAۤv DNS AAN^ק@ɳiHdߨ쪺DEW٤FIӤγzLWh ISP @OI ۤvʤSMO̧֪TI

    ѩثe IPv4 wg^oeܪ픬qA]Ө 128bits IPv6 |v]_ӡCAݭnI 128bits IP ӤWܡHQOi઺I]oӥiHzLDEWٴNR IP DNS AȡAiHQ^A|VӶVnC~Aثe@ɪ WWW DEW٤]OzL DNS tbBz IP RAҥHAS DNS IɡAڭ̱NLkzLDEW٨ӳsuANXGSS Internet FI

    ] DNS Oo򪺭nAҥHYϧڭ̨S[]nɡAROonx@Uz~nC]A DNS } FQDNBHostname P IP d߬y{AP϶BXkv DNS ANqAH Zone ΆΪѧ@@ӻ{Ѥ~I

    Tips:
    bUSAڭ̦ɷ| DNS ɷ| BIND Ao򤣦PH ѤW̭AAiHAA DNS O@RںqTwW١A ܩ Bind hOѳo DNS AȪno˧AAFܡHI
    mϥ

    • DEW١G Fully Qualified Domain Name (FQDN)

    Ĥ@ӻP DNS }DEWyANOyDEWٻPZkW (hostname and domain name)z[AHΥѳoœDEW Fully Qualified Domain Name, FQDN NqFCbQAoӥDDeAڭ̨ӃԤ@ԤͬƪDG

    • HkӰϤPWPm̪tG @ɨܦhHۺ٬ymzA]AͤHbUpͧTIA򪾹DmDmOH oӮɭԧAiHQΨCӉmҦbaӧ@Ϥ[ApxnmPx_mΡC U@xnRӤHۺىmHS}YAARiH̷ӶmRӰϤOIpxn_ϪmΥxnϪmC pGNoөNNCXӡANI^oˡG
      mB_ϡBxn
      mBϡBxn
      mBx_
      ......
      O_NiH~CӉmPIFOHIShINOoˡIӦaϴNOyZk (domain) zAӉmNODEWTI

    • HkXӰϤۦPqܸXG t~@ӨҤliHϥιqܸXӬݡAp@Ӧ 1234567 ӥxn] 1234567A(1)Ab@Ӫ^D^ 1234567 ɡAL|^J@Ӫ 1234567 qܤA(2)pGAnDxnhANo[J (06) oӰϽX~Iڭ̴NOϥΰϽXӰ~ѤΪIɨ 06 ϽXNO domain nameAӹqܸXNODEWTI

    S@IIAmQFTHڭ̤WADNS OH𪬥ؿ피h覡ӳBzDEW١Aڭ̪D𪬥ؿA ӥؿiHOɦWC DNS OөNNyؿz}HNOӠZkW١CZkW٩URiHOUӥDEW١A œX_Ӥ~O㪺DEW (FQDN)C

    |ҨӻAڭ̱``|o{DEWٳO www AҦp www.google.com.tw, www.seednet.net, www.hinet.net ΆΡAڭ̫򪾹Do www W٪DEbPaOHNݭnLZkWoI]NO .google.com.tw, .seednet.net, .hinet.net ΆΪPAҥHYϧADEW٬ۦPAOunObP@ӠZkANiHQ~XPmoI

    ڭ̪Dؿ𪺳̳hOڥؿ (/)A DNS JM]O피hA̳hOԣOHC@h domain name P hostname SMHڭ|mҦbXsj WWW AҦnF (www.ksu.edu.tw) G

    피h DNS [cAHXsj
    19.1-2B피h DNS [cAHXsj (hostname & domain name)

    bWҤlSAѤWVUӋĤGh̭A .tw O domain name A com, edu, gov hODEW١AӦboӥDEW٤޲zUARLpkDEAҥHbĤThɭԡA򥻤WA edu.tw NܦF domain name FIӱXsjPj ksu, ncku hF hostname oI

    HA̫oڭ̪DE www ODEW١A domain name O ksu.edu.tw ӦWrҨMwI۵MAڭ̪DENO޲z ksu.edu.tw o domain name DNS AҺ޲zoIoˬO_AF domain name P hostname PFOH

    Tips:
    äOHpӋI (.) Ϥ domain name P hostname IYǮɨ domain name Һ޲z hostname |tpӋIC |ҨӻAmҦbTǼtèSB~ DNS A[]A]ڭ̪DEW٬ www.dic A domain name RO ksu.edu.tw A]W www.dic.ksu.edu.tw I
    mϥ

    pADϥ19.1.2 DNS DEWٹR IP d߬y{

    AF FQDN domain name P hostname A^Uӧڭ̭nͤ@ͳo DNS G (1)피h[cOˡH (2)d߭zOˡH`OnD[c~ાDpdߥDEW٪oIҥHUڭ̥Ӥ@U骺 DNS 피h[cC


    • DNS 피h[cP TLD

    ڭ̨̂HϥΥxWN DNS AҺ޲zU domain ҡAN̤WhXsj (ksu) ɡAUhøspUϡG

    q̤WhXsj DNS 피hܷN
    19.1-3Bq̤WhXsj DNS 피hܷN

    b DNS t̤W@wO . (pӋI) o DNS A (٬ root)A̦HeU޲zNu (1)com, edu, gov, mil, org, .net oRSZkH (2)HaĤGhDEW٤FIo̺٬ Top Level Domains (TLDs) I

    • @̤WhZkW (Generic TLDs, gTLD)GҦp .com, .org, .gov Ά
    • X̤WhZkW (Country code TLDs, ccTLD)GҦp .tw, .uk, .jp, .cn

    ӽͽͤ@̤WhZk (gTLD) nFA̦ root Ⱥ޲zjZkW١AOpUG

    WNNq
    comqB渹B~
    orgϫBEc
    edu|x
    gov Fx
    net BqT
    mil xx

    Oںtפӧ֤FA]ӰFWzjO~ARѦp .asia, .info, .jobs (1) ΠZkW٪}C~AFYǰa]^ۤv̤WhZkW١A]A Nҿת ccTLD FCo˰nBOH]ۤva̤Wh ccTLD AҥHpG domain name ݨDAhunVۤvaӽЧYiAݭnA̤WhhӽoI


    • vPhtd

    JM TLD onAO_ڭ̥iHۤv]w TLD OHSMI]ڭ̱oVWh ISP ӽРZkW٪v~CҦpxWaϳ̤WhZkW٬OH .tw }YA޲zoӠZkW٪E IP ObxWAO .tw oAV root (.) UZkW٬d߱v~ (pW 19.1-3 ҥ)C

    CӰaUODnUhǠZkOH򥻤WNO root ޲zjC LAѩUh DNS ޲zۤvҤUDEW٩ΤlZkA]Aڭ̪ .tw iHۦWُۤvlZkWٳI ҦpثexW ISP `Ѫ .idv.tw ӤHNO@Ҕ[I

    Ajդ@ADNS tOHҿת피h޲zAҥHAЪ`NI .tw uOU@hoӋӥDn domain DEӤwIܩҦp edu.tw UR ksu.edu.tw oEAN^v浹 edu.tw Eh޲zFI]NOy CӤW@h DNS AҰOTAuU@hDEW٦ӤwI zܩAU@hAh^yvzUhYDEӺ޲zoIIҥHANRM|D DNS 쩳Op޲zaI

    |o˳]w]OSDzIo˳]pnBNOGCE޲zuU@h hostname R IP ӤwAҥH֤F޲zWxZIӤUh Client ݦpGDAun߰ݤW@h DNS server YiIݭnwVWhAhW]|̔xOI


    • zL DNS dߥDEW IP y{

    軡L DNS OHy𪬥ؿzAӶiDEW٪޲zIҥHC@ DNS AyȺ޲zۤvU@hDEW٪茮zӤwA ܩUhUhAhyvzUh DNS DEӺ޲zTIo˻n^¶fAnaIڭ̴NHUϨӻ@zoG

    zL DNS tdߥDEWٶy{
    19.1-4BzL DNS tdߥDEWٶy{

    ASAbs}CKJ http://www.ksu.edu.tw ɡAAqN|̾ڬ}]w (b Linux UNOQ /etc/resolv.conf oɮ) ҴѪ DNS IP hisudߤFCѩثe̱` DNS AN Hinet 168.95.1.1 o DNSAҥHڭ̴NLӰҤlaIIoӮɭԡAhinet oA|oˤu@G

    1. Τ᪺d߭nDAdݥSAYLhV . dG
      ѩ DNS O피h[cACDE|޲zۤvҤUDEWٶӤwC] hinet èS޲zxWNvOA ]NLk^^NΤݡC 168.95.1.1 N|V̳hA]NO . (root) Ad߬} IP TC

    2. V̳h . (root) dG
      168.95.1.1 |DʪV . ߰ www.ksu.edu.tw b̩OHOѩ . uOF .tw T (]xWu .tw V . UӤw)A . |iyڬODoDE IP TALAARMV .tw h߰ݤ~Aڳo̤ޡI ڸA .tw b̧aIz

    3. VĤGh .tw AdG
      168.95.1.1 ^ۤS .tw hdߡAME޲zSȦ .edu.tw, .com.tw, gov.tw... XDEAgLo{ڭ̭nO .edu.tw kAҥHoӮɭ .tw SiD 168.95.1.1 GyAnh޲z .edu.tw oӺkDE̬dߡAڦL IP Iz

    4. VĤTh .edu.tw AdG
      PziҡA .edu.tw u|iD 168.95.1.1 ARMnh .ksu.edu.tw idߡAo̥ui .ksu.edu.tw IP ӤwC

    5. Vĥ|h .ksu.edu.tw AdG
      Ψ 168.95.1.1 .ksu.edu.tw A Bingo I.ksu.edu.tw GyShIoDEW٬Oں޲z ڸAL IP O...ҥH 168.95.1.1 N^d www.ksu.edu.tw IP oI

    6. OȦsOæ^NΤG
      dFT IP A168.95.1.1 DNS E`|bUHd www.ksu.edu.tw ɭԦA]@o˪y{aI h}oIӥB]ܯӨt귽PWeAҥHOA168.95.1.1 o DNS |oO@dߪGbۤvȦsOSAHK^RU@ۦPnD[I ̫hNG^N client ݡISMTAӰOЦb cache SơAOɶʪASLF DNS ]wOЪɶ (q`iO 24 p)AMON|QI

    Ӥhdߪy{NOoˡA`OongL . ӦVU@hidߡA̜`Oo쵪תCoˤhnBOG

    • DEW٭ק諸Ȼݦۤv DNS ʧYiAݳqLHG
      S@ӡyXkz DNS A̭]wקFAӦۥ@ɦUa@ DNS nDA|TL~ܥTDEWٹR IP TA]L̷|@h@hMUӡCҥHAnADEWٹR IP N@wonzLAWh DNS A~I]AunADEWrOgLWhyXk DNSzA]wANiHb Internet WQdߨTII̔x@aAEʩʤ]@C

    • DNS ADEWٶRG֨ɶG
      ѩCdߨ쪺G|xsb DNS A֨O餤AHKYUۦPݨDRɡA^ֳt^RC LAdߓGwgQ֨FAOl DNS DEWٻP IP RoקFAɭYHAdߡA ti|^NH IP IҥHAb֨׬OɶʪIq`OӋQTѤC o]Oڭ̱`SAקF@ domain name Ain 2 ~ 3 ѫ~ťΪtGTI

    • iVUv (lZkWٱv)G
      C@iHODEWٻP IP R DNS AiHHNʥLۤvƮwRA ]DEWٻPkW٦bUӥDEUۦPC|ҨӻA idv.tw OȦxW~o idv k ]o idv O .tw Һ޲zAҥHunxW .tw @pœPNAN^إMkI

    nTIJM DNS oΡAMڭ̤Sݭn[AҥHݭn@ӥDEW١Aڭ̻ݭn[] DNS FܡHSMOAOHmFܦhyXkzrA]LNoAyvzDFI ڭ̦bĤQS]AunDEW٦XkYiAoݭn[] DNS TI

    DG
    zL dig @Xp`ͨ쪺 . --> .tw --> .edu.tw --> .ksu.edu.tw --> www.ksu.edu.tw d߬y{AäRCӬd픬q DNS AXH
    G
    WAڭ̥iHzLĥ|͹L dig oӫO@XIϥΰl}\ (+trace) N^FoӥتFCϥΤ覡pUG
    [root@www ~]# dig +trace www.ksu.edu.tw
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>>+trace www.ksu.edu.tw
    ;; global options:  printcmd
    .                       486278  IN      NS      a.root-servers.net.
    .                       486278  IN      NS      b.root-servers.net.
    ....(Uٲ)....
    # Wbl} . AAiq a ~ m.root-servers.net.
    ;; Received 500 bytes from 168.95.1.1#53(168.95.1.1) in 22 ms
    
    tw.                     172800  IN      NS      ns.twnic.net.
    tw.                     172800  IN      NS      a.dns.tw.
    tw.                     172800  IN      NS      b.dns.tw.
    ....(Uٲ)....
    # Wbl} .tw. AAiq a ~ h.dns.tw. ]A ns.twnic.net.
    ;; Received 474 bytes from 192.33.4.12#53(c.root-servers.net) in 168 ms
    
    edu.tw.                 86400   IN      NS      a.twnic.net.tw.
    edu.tw.                 86400   IN      NS      b.twnic.net.tw.
    # l} .edu.tw. h 7 A
    ;; Received 395 bytes from 192.83.166.11#53(ns.twnic.net) in 22 ms
    
    ksu.edu.tw.             86400   IN      NS      dns2.ksu.edu.tw.
    ksu.edu.tw.             86400   IN      NS      dns3.twaren.net.
    ksu.edu.tw.             86400   IN      NS      dns1.ksu.edu.tw.
    ;; Received 131 bytes from 192.83.166.9#53(a.twnic.net.tw) in 22 ms
    
    www.ksu.edu.tw.         3600    IN      A       120.114.100.101
    ksu.edu.tw.             3600    IN      NS      dns2.ksu.edu.tw.
    ksu.edu.tw.             3600    IN      NS      dns1.ksu.edu.tw.
    ksu.edu.tw.             3600    IN      NS      dns3.twaren.net.
    ;; Received 147 bytes from 120.114.150.1#53(dns2.ksu.edu.tw) in 14 ms
    
    ̜檺G A (Address) O 120.114.100.101ALoӨDIOAnja@@ DNS jML{I b dig [W +trace ﶵAN^FoӥتCܩLOA (NS) ]wȻPl}L{I SܲME[H^_^Cܩ A P NS ά}ơAڭ̦b DNS ƮwAAOoC


    • DNS ϥΪ port number

    nFAJM DNS tϥΪOdߡA۵Mݭno port oIShIܦXzI DNS ϥΪO@ port OHNO 53 o port TIAiHA Linux U /etc/services oɮ׬ݬݡIjM@U domain o}grANiHd 53 o port TI

    Oo̻ݭnjaNiOAq` DNS dߪɭԡAOH udp oӸֳtƶljKwӬdߪA OU@Skdߨ짹㪺TɡAN|AH tcp oӨwӭsdߪIҥHŰ DNS daemon (NO named T) ɡA|PɎŰ tcp udp port 53 IҥHAOo]nPɩ tcp, udp port 53 OI


    pADϥ19.1.3 Xk DNS }gGӽРZkd߱v

    HDNS A[]RyXkzPyXkzHO^LA@ˡA[]nHaNdܡH D]D]IOHUڭ̴Nӽͤ@͡C


    • VWhZkUoXkZkd߱v

    ڭ̦bĤQ]LAӽФ@ӦXkDEWٴNOݭnUA UNOݭnQTIUoƦRA@ROĤQؽͨ쪺 FQDN (DEW)A@RNOӽРZkdvCҿת FQDN NOڭ̥uݭnDEWAN]wƴN ISP Dڭ̷dwCҦp 19.1-4 ҥܡA www.ksu.edu.tw NDEWٹR IP ƴNOк޲z .ksu.edu.tw ӠZkAdwC

    OZkd߱vOHP˥ 19.1-4 ӶAڭ̪ .ksu.edu.tw nV .edu.tw DEUӽРZkvA]AӦ .ksu.edu.tw nDɡA .edu.tw |GyڤDI Хh .ksu.edu.tw aIzɡAڭ̴Non[] DNS Aӳ]w .ksu.edu.tw }DEWٹR~I O_^H|yvzyH

    ]NOASAsRyvzAYu@ɭԡAqAniMu@HA qs䪾DA~OuyvzHAnVAХܤ@ˡI^_^IҥHoApGAn[] DNS AӥBOiHsW Internet W DNS ɡAANnzLyWh DNS Avz~IoOܭn[I

    ڭkǤ@UAnADEWٹR IP BLqiHdߪAAR覡G

    1. Wh DNS vZkdvAAۤv]w DNS AAΪ̬OF
    2. ^ФWh DNS ADA]wDEWٹRI


    • ֦ZkdvAҦDEWTHۤvǡAPWhL}

    ܦhBͥiೣLӽ DNS Zkd߱vgAbӽЮɡAISP N|nAg (1)A DNS AW٥H (2)MA IPCJMwgb ISP NgFDEWٻP IP RAҥHAYϧڪ DNS AIFAb ISP WDEWRMROd쪺 IP aH׬OGyhIzd쪺IOH

    DNS tOTD`hALIӡA@ӬOOAҦb NS (NameServer) AxAt@ӫhOODEWٹR A (Address) AxCڭ̦bWdߨ쪺̜GAOd IP (IP Address) A]̜檺Axn䪺O A oӰO~Iڭ̥HmU .vbird.org ӻnFAmhUɡA Ob ISP DNS AW٬ dns.vbird.orgAM۰ONO NS AëD A ApUϩҥܡG

    OvDEWٻP A Ot
    19.1-5BOvDEWٻP A Ot

    WϤAMb godaddy AO@ۡynd .vbird.org ɡAШ dns.vbird.org (NS) hdAoӺ޲z̪ IP O 140.116...zAOo۰OuOiDڭ̭nhU@ӦAAäO̜檺 A (IP Address) סAҥHRon~򩹤U (HɰOo 19.1-4 d߬y{)CɡAXRG|fP dns.vbird.org IP 䤣AΪ̬O̜檺 IP P godaddy OPGINOG

    • dns.vbird.org AIɡG pG dns.vbird.org oDEIAbWܡydߡzbYBJ|Q_A]N|X{ysu dns.vbird.org IPzGC]LApADNS t|h̫@ӧt A }O[I

    • dns.vbird.org AƮwѰOɤWƮɡG pGmbۤvAƮwAѰO[W dns.vbird.org OɡA̜檺GRO|ܡy䤣MA IPzF

    • dns.vbird.org AƮwƽsg@PɡG pGObmۤvAƮw dns.vbird.org ҰO IP P godaddy PA̜檺G|HmOǡC

    `AAb ISP WgDEW٥uO@ӰѦҥΪA̜ROnbAۤv DNS AS]wn~I MiHۤvcd@UALAq`jaRO| ISP W DNS ADEWPۤvƮwDEW@PA YWϤAP̤Uؤ dns.vbird.org NS A RP@ IP NOFC


    pADϥ19.1.4 DEW ISP NROۤv]w DNS A

    e 19.1.3 p`HβĤQس͹LAӽХDEW٩κkW٥DnR覡ANOWY쪺 DNS vAΪ̬O^浹 ISP Ӻ޲zC浹 ISP ޲zANiH٧@OkW٥NTISMTApGAOx쪺ܡA Ϊ̬O~pxANoЧAVWh DNS DEtdHnDoILApAAu঳ӿܴNOFAnNOХLDA]wn hostname R IP AnNOХL^NY domain name qvA DNS Dn޲zkC

    ګ򪾹DӤ覡ڤnOHЪ`NAѩ DNS []A|hX@Ӻo port AҥHzAWAOwIӥBAѩں{bOzLDEW٦bsuAbAWͨ쪺DEW٬d߬y{A A|o{ADNS ]wh~OܭnRI]ADEW٦A]䤣FCҥHAo̪ijOG

    • ݭn[] DNS EG
    • AҭtdݭnsW Internet DEӋqejGҦpA@ӤHtdӤqQX ServerAӳo Server OAqkUCoӮɭԷQn[] DNS ]TI
    • Aiݭnɱ`קA Server WrAΪ̬OA Server HɼW[iʻPܰʩʡF
    • ݭn[] DNS EG
    • DEӋqܤ֡GҦpa̩Τquݭn@ mail server ɡF
    • AiH^ФWh DNS DE޲zDA]wn Hostname RɡF
    • A DNS {ɡApG[]ϦӮeyqpF
    • [] DNS OΫ@ɡI

    pADϥ19.1.5 DNS ƮwOG, ϶, Zone Nq

    qe 19.1-4 d߬y{Aڭ̪ḒnNO .ksu.edu.tw DNS AOTFCoǰONNڭ̥iH٩IƮwAӦbƮw̭wCӭnRZk (domain)AN٬@Ӱk (zone)C쩳ǭnRZkOH򥻤WAqDEW٬d IP y{A]iHq IP ϬdDEW٪覡C ]̦e DNS ȴNOnNDEWٶR IPA]G

    • qDEW٬dߨ IP y{٬G
    • q IP ϶RDEW٪y{٬G϶
    • ެORO϶ACӠZkONO@Ӱk (zone)

    |ҨӻAXsj DNS A޲zNO *.ksu.edu.tw oӠZkdvAQnD *.ksu.edu.tw DEW IP oVXsj DNS AdߡA .ksu.edu.tw NO@ӡyZkzCӱXsjӽШX class C lkA Ҧp 120.114.140.0/24ApGo 254 ӥi IP n]wDEW١Ao 120.114.140.0/24 NO@ӡy϶ZkzI t~AC@ DNS AiH޲zhӠZkAެORO϶C


    • ]wvH DNS zone OAx

    ֥iHӽХ DNS A[]vOH׬OGiHIunMZkSHϥΡA AmFAN^ϥΤFCLA] INTERNIC wgwqX gTLD H ccTLD FAҥHAۭqҦp centos.vbird oRkIROonŦXWh DNS ҵZkd~C|ҨӻAxWӤHN`ϥ *.idv.tw o˪ZkW١C

    ɪ zone ̭DnOFFOH]IbѥDEW٬dߨ IPAӥBC DNS AROonwqMEAPɡAAiRݭn[] master/slave [c DNS A]A zone q`㦳UXRAxG

    • SOAGNO}l (Start of Authority) YgA}ƥثp`F
    • NSGNOW٦A (NameServer) YgA᭱OƬO DNS ANF
    • AGNO} (Address) YgA᭱OO IP R (̭n)F


    • ϶]wvH DNS ϶ zone OAx

    ZkW٥unŦX INTERNIC ΧA ISP WdYiAov̔x (ۤvWr)C϶OH϶DnO IP DEW١A]IO IP ҦHOTI] IP O INTERNIC o񵹦Ua ISP AӥBڭ̤]DAIP ió]w (ѰD)IҥHoA^]w϶Nu IP ֦HAYA ISP ~vO]w϶CAV ISP o IP णۤv]w϶OH׬OIDAoO class C HWίŪ IP qAA ISP ~i൹A IP ϶vC_hAY϶ݨDANonVAݤWh ISP ӽФ~I

    ϶ zone DnOTǩOHFAQ NS H SOA ~A̭nNOG

    • PTRGNOV (PoinTeR) YgA᭱OƴNO϶DEWoI


    • C DNS ݭn zoneG hint

    {bAD@ӥΤ@Ӥ϶NiH٬@ zone FI򦳨S zone OSOnOHANO . [I q 19.1-4 ̭ڭ̴NDAS DNS AbۤvƮw䤣һݪTɡA @w|h . A . b̔[HҥHNonO . b̪O zone ~[IoӰO . zone ANQڭ̺٬ hint IoXGOC DNS AonD zone I

    ҥHA@̔x DNS AA򥻤WNn zone ~A@ӬO hint A@ӬO}ۤvZk zoneC|mU vbird.org ҡAbm DNS AAܤִNno zoneG

    • hint (root)GO . zoneF
    • vbird.orgGO .vbird.org oӥ zoneC

    A|o{ڨS vbird.org o domain IP ϶ zone AOHаѦҤWNaI ̔xANO]϶ݭnnD IP wWhӳ]w~I


    • ϶O_@wnH

    nFA϶ݤݭnM͡Abo̤ΦhFaH^_^IЪ`NAbܦhpUA רOثenhW䧮ZkWٲͥXӡAҥHA``|u]wݨDӤwCL]ݭnӹLTA ]q`bϬdpApGAOϥΥثexWaϳ̬y檺 ADSL WܡA ISP NwgDA]wn϶FIҦpG211.74.253.91 o seednet Bʦ IP ϬdG|o 211-74-253-91.adsl.dynamic.seed.net.tw. o˪DEW١IҥHb@ڭ̦ۦӽРZkW٪ɭԡAAunߥ]wYiI MܡAϥ϶vڥ]|}񵹧AAAۤv]wo@]SΧrI ^_^

    WAݭn϶ݨDjyȦ mail server ~ݭnaIѩثeWeѬOQUBsilA ҥH Internet |Xk mail server Ww]NVӶVYCpGAQn[] mail server ɡA ̦n㦳Tw IP Aoˤ~VA ISP nD]w϶IH hinet Ҫ϶ӽСG


    pADϥ19.1.6 DNS ƮwGhint, master/slave [c

    ADADNS VӶVnAҥHApGAULZkW٪ܡANiHo{A{b ISP nAg DNS A IP I]n@QιI`@ DNS IA`AҦDEWٳQ㨺uꐷС

    OApGHW DNS AAW|jM@OH׬OADI]OHE ҥHApGAZk DNS AܡAo DNS AeNo@Ҥ@ˡA_hAѩOHE DNS Ӹ߰ݡA]YƤPBAܥiyLΤLkoTƪDC

    FMoӰDA]b . (root) o hint Ʈwɮץ~ARRAOO Master (DHBDn) ƮwP Slave (Bn) ƮwCo Master/Slave NOnΨӶMP DNS AWƦPBDC ҥHUڭ̨Ӄԃ Master/Slave aI


    • MasterG

    oR DNS ƮwA̭ҦDEW٬}TΡAqqn޲zۤvʥhקP]wA ]wRonsŰ DNS AȥhŪTƮweA~⧹ƮwsC@ӻAڭ̻ DNS []ANO]woRƮwCPɡAoRƮwAR^ѸƮwe slave DNS AI


    • SlaveG

    peҭzAq`A|u@ DNS AAҦpڭ̫eDdߨ쪺 .ksu.edu.tw N 3 DNS AӺ޲zۤvZkCpGC DNS ڭ̳Oϥ Master ƮwASΤVڭnDnקΪ̷sWBRƮɡA @۸ƧڴNonTARi|pߤfPYXX{h~AɥiN˸F]Aoɨϥ Slave Ʈwo覡NܦΡI

    Slave nP Master ۤftAYH .ksu.edu.tw ҤlӻApGڥnTDE DNS AȡABTeۦPA ڥunw@A Master ALM Master Slave AASnק@ۦWٹRɡAڥunʧ Master E]wɡAMAsŰ BIND oӪAȫAIL Slave N|۰ʪQqsFIoˤ@ӡAb@WiNPgNhF

    Tips:
    pGA]w Master/Slave [cɡAA Master DEn uYǯSw IP DE^oA Master DE϶Ʈwv~nI ҥHAW~| Master/Slave n۷ft~I
    mϥ

    • Master / Slave duvH

    t~AJMڪҦ DNS AOݭnPɴ internet WZkWٶRAȡA ҥHAO Master RO Slave AALniHPɴ DNS AȤ~nI ]b DNS tSAZkW٪d߬OymĹzAAڭ̤|ֱo@DEƷ|Qdߨ쪺I FѨ}n DNS AȡAC DNS DEnॿ`u@~n[IӥBAC@ DNS AƮweݭn@PA_hN|yΤݧ쪺 IP Oh~I


    • Master / Slave ƪPBƹL{

    Master/Slave Ƨs쩳Opʧ@OHЪ`NASlave OݭnsӦ Master Ɣ[IҥHSM Slave b]wNݭnsb Master ~I򥻤WAA Master RO Slave ƮwA|@ӥNMƮwsHyǸzAoӧǸӋȪjpAO|vTO_nsʧ@I ܩs覡DnRG

    • Master DʧiGҦpb Master bקFƮweAåB[jƮwǸA sŰ DNS AȡA master |Dʧi slave ӧsƮwAɴN^FƦPBF

    • Slave DʴXnDG򥻤WA Slave |wɪV Master ԎݸƮwǸA So{ Master ƮwǸ Slave ۤvǸRnj (Ns)A Slave N|}lsCpGǸܡA NP_ƮwSʡA]|iPBsC

    ѤWӬݡA]pƮwṊ̀nتNO master/slave ƪPBơCڭ̤]D slave |V master XƮwsݨDADOAh[X@sApGMsɥѩDAҥHSdߨ master Ǹ (Ys)Ajh[|ss@HoӻP SOA Ax}Aͨ쥿B϶ƮwA AӌNaI

    pGAQn[] Master/Slave DNS [cɡADE (Master/Slave) ݭnA^x~IWܦhboӦa賣Iy{zAЯSOdN[I]m DNS A``|oYǨL DNS ƮwPBƻݨDAu\oЧoI


    jADϥ19.2 Client ݪ]w

    ѩ DNS OCQnsWںDEon]wA]ڭ̴Nq̔xΤݳ]wͰ_C]Ӭ[]n DNS server Aڭ̳|^iAҥHAoӈoBzBzS[I


    pADϥ19.2.1 }]w

    q 19.1.1 Sڭֱ̑oDEWٹR IP RkAkO^gbɮ׸̭ӹRA ӤskhOzL DNS [cIoRkOϥΤ]wɡHiiHPɦsbH YPɦsbɡAӤkuHIڭ̥ӽͤ@ʹXӳ]wɧaI

    • /etc/hosts GoӬO̦ hostname R IP ɮסF
    • /etc/resolv.conf GoӭnINO ISP DNS A IP OBF
    • /etc/nsswitch.confGoɮ׫hObyMwznϥ /etc/hosts RO /etc/resolv.conf ]wI

    @ӨA Linux w]DEWٻP IP RjMH /etc/hosts uAOHAiHdݤ@U /etc/nsswitch.conf Aç hosts ءG

    [root@www ~]# vim /etc/nsswitch.conf
    hosts:      files dns
    

    W files NOϥ /etc/hostsAӳ̫᪺ dns hOϥ /etc/resolv.conf DNS AӶijMTI]AAiHH /etc/hosts ӳ]w IP RISMTAA]iHNLՂLӡALA`O /etc/hosts ̔xAҥHNL\benTI

    nTAJMڭ̬Oni DNS ANonA@U /etc/resolv.conf eA]AbxWAϥΪO hinet 168.95.1.1 o DNS AAҥHARMo˼gG

    [root@www ~]# vim /etc/resolv.conf
    nameserver 168.95.1.1
    nameserver 139.175.10.20
    

    DNS A IP iH]whӡAn]whөOH]SĤ@ (ӳ]w) DNS IɡAڭ̥ΤݥiHϥβĤG (WzO 139.175.10.20) ӶidߡAoh֦I^ DNS Q\C q`ijܤ֐g DNS A IPALb`ϥΪpUAíhuĤ@ DNS A|QϥΨӬdAL]wȥuObĤ@XDɤ~|QϥΡC

    Tips:
    ɶqn]wWL 3 HW DNS IP b /etc/resolv.conf A]pGOAϺXDAfPLksu DNS AAADERO|VC DNS AoXsunDACsu timeout ɶΫݡA|fPOD`hɶI
    mϥ
    DG
    ڪDEϥ DHCP o IP Aܩ_ǪASڭקL /etc/resolv.conf Ajh[oɮפS|_쥻ˤlAoO]H MpBzH
    G
    ]ϥ DHCP ɡAt|Dʪϥ DHCP AǨӪƶit]wɪ׭qC]AAitAnϥ DHCP ǨӪA]wȡC ɡAAonb /etc/sysconfig/network-scripts/ifcfg-eth0 ά}ɮפAW[@GyPEERDNS=nozAM᭫sŰʺYiC

    ~ApGAŰ CentOS 6.x NetworkManager AȡAɭԤ]i|ͤ@ǩ_S{HIҥHmOij}I^_^


    pADϥ19.2.2 DNS B϶d߫OG host, nslookup, dig

    DNS {ܦhAڭ̥Өϥγ̔x host aIMR nslookup dig I


    • host
    [root@www ~]# host [-a] FQDN [server]
    [root@www ~]# host -l domain [server]
    ﶵPӋG
    -a GNCXMDEҦ}TA]A IPBTTL PhTΆ
    -l GY᭱^ domain ]w\ allow-transfer ɡAhCXM domain 
         Һ޲zҦDEWٹRơI
    serverGoӰӋiiLASQnQΫD /etc/resolv.conf  DNS DE
            ӬdߥDEWٻP IP RɡANiHQγoӰӋFI
    
    # 1. ϥιw]ȨӬdX www.okfdzs1903.com  IP 
    [root@www ~]# host www.okfdzs1903.com
    www.okfdzs1903.com has address 140.116.44.180             <==oO IP
    www.okfdzs1903.com mail is handled by 10 www.okfdzs1903.com. <==oO MX (ظ`)
    
    # 2. dX www.okfdzs1903.com ҦnӋ
    [root@www ~]# host -a www.okfdzs1903.com
    Trying "www.okfdzs1903.com"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56213
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;www.okfdzs1903.com.               IN      ANY
    
    ;; ANSWER SECTION:
    www.okfdzs1903.com.        145     IN      A       140.116.44.180
    
    ;; AUTHORITY SECTION:
    vbird.org.              145     IN      NS      dns.vbird.org.
    vbird.org.              145     IN      NS      dns2.vbird.org.
    
    Received 86 bytes from 168.95.1.1#53 in 15 ms  <==GMOq 168.95.1.1 o
    # ݼˤlANO dig KXGHҥHAڭ̤~|Aϥ dig ~ODI
    
    # 3. jH 139.175.10.20 o DNS DEӬd
    [root@www ~]# host www.okfdzs1903.com 139.175.10.20
    Using domain server:
    Name: 139.175.10.20
    Address: 139.175.10.20#53
    Aliases:
    
    www.okfdzs1903.com has address 140.116.44.180
    www.okfdzs1903.com mail is handled by 10 www.okfdzs1903.com.
    

    ݨ̫@ӽdҡA`NWKXSrܡHܦhBͦbۤv DNS ɡA``|ywh~ DNS dߥDEzF]L̪ /etc/reslov.conf ѰOAҥHѬO䤣ۤv]wƮw IP ơCҥHAnJNݔ[I

    # 4. X vbird.org ZkҦDER
    [root@www ~]# host -l vbird.org
    ; Transfer failed.
    Host vbird.org not found: 9(NOTAUTH)
    ; Transfer failed. <==MѤFIЬݩUI
    

    |Lk^ROHo˪^RO]޲z vbird.org Zk DNS ä\ڭ̪ZkdߡAܳڭ̤O vbird.org t޲zASMSviHŪ vbird.org Zk]woIoӡy host -l zOΦbۤv DNS AWAصyͨA]wAϥγoӿﶵN^Ū}ƤFC


    • nslookup
    [root@www ~]# nslookup [FQDN] [server]
    [root@www ~]# nslookup
    ﶵPӋG
    1. iH^b nslookup [WݬdߪDEW٩Ϊ̬O IP A[server] iiLF
    2. pGb nslookup ᭱S[WDEW٩ IP ANiJ nslookup dߥ\
       b nslookup dߥ\SAiHKJLӋӶiSdߡAҦpG
       set type=any GCXҦTy譱]wɡz
       set type=mx  GCXP mx }TI
    
    # 1. ^jM mail.ksu.edu.tw  IP T 
    [root@www ~]# nslookup mail.ksu.edu.tw
    Server:         168.95.1.1
    Address:        168.95.1.1#53  <==ROЯSO`N DNS  IP O_TI
    
    Non-authoritative answer:
    Name:   mail.ksu.edu.tw
    Address: 120.114.100.20        <==^N IP AoI
    

    nslookup ixªN hostname P IP RCXӤwALARO|Ndߪ DNS DE IP CXӪI pGQnDhNӋAiH^iJ nslookup oӳn骺ާ@eApUdҡG

    [root@www ~]# nslookup  <==iJ nslookup dߵe
    > 120.114.100.20         <==϶d
    > www.ksu.edu.tw         <==楿d
    # WoӶȦCX϶TASԣF_aTI
    > set type=any           <==ܧdߡAOȦ AATCX
    > www.ksu.edu.tw
    Server:         168.95.1.1
    Address:        168.95.1.1#53
    
    Non-authoritative answer:
    Name:   www.ksu.edu.tw
    Address: 120.114.100.101  <==oO
    
    Authoritative answers can be found from: <==oO}v DNS 
    ksu.edu.tw      nameserver = dns2.ksu.edu.tw.
    ksu.edu.tw      nameserver = dns1.ksu.edu.tw.
    dns1.ksu.edu.tw internet address = 120.114.50.1
    dns2.ksu.edu.tw internet address = 120.114.150.1
    > exit <==m}aI֥dC
    

    bWרSAЪ`NApGAb nslookup dߵeSAKJ set type=any ΨLӋA NLkAi϶dߤFIoO] any Ϊ̬O mx ΆΪAxOOb zone StGI


    • dig (ӪDyAзRΥLI)
    [root@www ~]# dig [options] FQDN [@server]
    ﶵPӋG
    @server GpGH /etc/resolv.conf ]wӧ@ DNS dߡAibJL IP
    optionsG}ӋܦhADn +trace, -t type H -x T̳̱`
      +trace GNOq . }ll}Ab 19.1.2 ̭͹LFI^Y@@hI
      -t typeGdߪƥDn mx, ns, soa A} 19.4 Ӥ
      -x     Gdߤ϶TAD`nءI
    
    # 1. ϥιw]Ȭd www.okfdzs1903.com aI
    [root@www ~]# dig www.okfdzs1903.com
    ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> www.okfdzs1903.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37415
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
    
    ;; QUESTION SECTION:     <==XD
    ;www.okfdzs1903.com.               IN      A
    
    ;; ANSWER SECTION:       <==Dn^픬q
    www.okfdzs1903.com.        600     IN      A       140.116.44.180
    
    ;; AUTHORITY SECTION:    <==LP^}
    vbird.org.              600     IN      NS      dns.vbird.org.
    vbird.org.              600     IN      NS      dns2.vbird.org.
    
    ;; Query time: 9 msec
    ;; SERVER: 168.95.1.1#53(168.95.1.1)
    ;; WHEN: Thu Aug  4 14:12:26 2011
    ;; MSG SIZE  rcvd: 86
    

    boӽdSAڭ̥iHݨܥXT]AXӈG

    • QUESTION(D)GܩҭndߪeA]ڭ̬Od www.okfdzs1903.com IPAҥHo A (Address)F
    • ANSWER(^)G̾ڭ誺 QUESTION hdߩұo쪺GA״NO^ IP [I
    • AUTHORITY()Gѳo̧ڭ̥iHD www.okfdzs1903.com Oѭ DNS AҴѪסI GO dns.vbird.org dns2.vbird.org oDE޲zCt~A 600 OԣNNH 19.1-4 Ly{ANO\dߪ̯^Odo۰Oh[N (֨)Ab www.okfdzs1903.com ]wAw]iHOd 600 C
    # 2. d www.okfdzs1903.com  SOA }TaI
    [root@www ~]# dig -t soa www.okfdzs1903.com
    ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> -t soa www.okfdzs1903.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57511
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;www.okfdzs1903.com.               IN      SOA
    
    ;; AUTHORITY SECTION:
    vbird.org.              600     IN      SOA     dns.vbird.org. root.dns.vbird.org.
     2007091402 28800 7200 720000 86400
    
    ;; Query time: 17 msec
    ;; SERVER: 168.95.1.1#53(168.95.1.1)
    ;; WHEN: Thu Aug  4 14:15:57 2011
    ;; MSG SIZE  rcvd: 78
    

    ѩ dig KXTbOӂIFAShӈhi^NA]ܾAX@ DNS l}^N@ӫOOI AiHzLoӫOA@UAҳ]w DNS ƮwO_TAöi氣hI ^_^I~AA]iHzLy -t type z \hdߨLA]wȡAiHKAi]w DNS AɪѦҳIdߧܡA^UӪ@϶aI

    # 3. d 120.114.100.20 ϶TG
    [root@www ~]# dig -x 120.114.100.20
    ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> -x 120.114.100.20
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60337
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3
    
    ;; QUESTION SECTION:
    ;20.100.114.120.in-addr.arpa.   IN      PTR
    
    ;; ANSWER SECTION:
    20.100.114.120.in-addr.arpa. 3600 IN    PTR     mail-out-r2.ksu.edu.tw.
    20.100.114.120.in-addr.arpa. 3600 IN    PTR     mail-smtp-proxy.ksu.edu.tw.
    20.100.114.120.in-addr.arpa. 3600 IN    PTR     mail.ksu.edu.tw.
    
    ;; AUTHORITY SECTION:
    100.114.120.in-addr.arpa. 3600  IN      NS      dns1.ksu.edu.tw.
    100.114.120.in-addr.arpa. 3600  IN      NS      dns3.twaren.net.
    100.114.120.in-addr.arpa. 3600  IN      NS      dns2.ksu.edu.tw.
    
    ;; ADDITIONAL SECTION:
    dns1.ksu.edu.tw.        3036    IN      A       120.114.50.1
    dns2.ksu.edu.tw.        2658    IN      A       120.114.150.1
    dns3.twaren.net.        449     IN      A       211.79.61.47
    
    ;; Query time: 29 msec
    ;; SERVER: 168.95.1.1#53(168.95.1.1)
    ;; WHEN: Thu Aug  4 14:17:58 2011
    ;; MSG SIZE  rcvd: 245
    

    ϶SáIqWKXGӬݡA϶dߥ؊AMq 120.114.100.20 ܦF 20.100.114.120.in-addr.arpa. oӼҼoOԣKFHnȡAoΧڭ϶ɦAjai@BC A{bnDOA϶dߠZkWA򥿶Ӥ@˧YiAרOө in-addr.arpa. ơAiHOUӡC


    pADϥ19.2.3 dߠZk޲z̬}TG whois

    WӤp`ͨ쪺ODEW٪϶d߫OApGAQnDӠZk]wAϥΪOy host -l ZkW zhdA pGAQnDOyoӠZkOֺުzTOHNonϥ whois oӫO~Ib CentOS 6.x SA whois O jwhois oӳn鴣ѪA]ApG䤣 whois ɡAХ yum hwUoӳnaI


    • whois
    [root@www ~]# whois [domainname]  <==`N[IO domain ӤO hostname
    [root@www ~]# whois centos.org
    [Querying whois.publicinterestregistry.net]
    [whois.publicinterestregistry.net]
    # oO@ whois AѪTiIUOڵU
    Domain ID:D103409469-LROR
    Domain Name:CENTOS.ORG
    Created On:04-Dec-2003 12:28:30 UTC
    Last Updated On:05-Dec-2010 01:23:25 UTC
    Expiration Date:04-Dec-2011 12:28:30 UTC  <==OFإ߻PPĪ
    Sponsoring Registrar:Key-Systems GmbH (R51-LROR)
    Status:CLIENT TRANSFER PROHIBITED
    Registrant ID:P-8686062
    Registrant Name:CentOS Domain Administrator
    Registrant Organization:The CentOS Project
    Registrant Street1:Mechelsesteenweg 170
    # UhO@p覡AmNFAKohgT
    

    whois oӫOiHdߨSUo domain ϥΪ̪}TCLAѩ~ӫܦhTwDAo whois ҴѪTuOӌNFAFO@ϥΪ̪pvAҥHAثeo whois Ҭdߨ쪺TwgoOTFӥBAbܥX whois TeAR|@qŧiƶiO ^_^y

    pGϥ whois ˬdmҵUXk domain |OpOHݬݡG

    [root@www ~]# whois vbird.idv.tw
    [Querying whois.twnic.net]
    [whois.twnic.net]           <==o whois Ad쪺
    Domain Name: vbird.idv.tw   <==o domain T
    
       Contact:                 <==p̪p覡
          Der-Min Tsai
          vbird@pc510.ev.ncku.edu.tw
    
       Record expires on 2018-09-17 (YYYY-MM-DD)
       Record created on 2002-09-13 (YYYY-MM-DD)
    
    Registration Service Provider: HINET
    

    Io domain |b 2018/09/17 ĪNTINiܡILApAڭ̳iHzL nslookup, host, dig ΆΪOӬdߥDEWٻP IP RAoǫOΪkiHЧAH man command ӬdߧhΪkI


    jADϥ19.3 DNS AnBRP cache only DNS A]w

    ͧF@ǰyA^Uڭ̨ӃԤ@ԡAp]wn DNS A[HoSMNoѳnwUͰ_TI boӤp`Aڭ̥n DNS O϶NNAu hint o . (root) zoneAͤ@ͳ̔xȦ֨ DNS A (Caching only DNS server) aI


    pADϥ19.3.1 [] DNS һݭnn

    oܳFI۫HAjy]I}aHmOZ}TA]uBVĵhfY....xIoӷFH @_@ nTAڭ̜nӦwU DNS һݭnnFIROoeLAڭ̭nϥΪ DNS nNOϥάfJܤjoiXӪ BIND (Berkeley Internet Name Domain, BIND) oTI򪾹DAwUFSHNO rpm P yum ܡHۤvddݡC

    [root@www ~]# rpm -qa | grep '^bind'
    bind-libs-9.7.0-5.P2.el6_0.1.x86_64   <== bind P}OϥΪ禡w
    bind-utils-9.7.0-5.P2.el6_0.1.x86_64  <==oӬOΤݷjMDEW٪}O
    bind-9.7.0-5.P2.el6_0.1.x86_64        <==NO bind D{һݳn
    bind-chroot-9.7.0-5.P2.el6_0.1.x86_64 <==N bind D{}ba̭I
    

    WnOӡy bind-chroot zTIҿת chroot NOy change to root(ڥؿ) zNAroot NOڥؿC bind w]N{ǎŰʦb /var/named SAOM{ǥiHbڥؿULؿB茲A]Y bind {DɡAhM{Ƿ|yӨtM`CקKoӰDA ҥHڭNYӥؿw bind {ڥؿAѩwgOڥؿAҥH bind Km}MؿIҥHYM{dzQ@AF_]ObYӯSwؿUd}aӤwC CentOS 6.x w]N bind b /var/named/chroot ؿI

    ڭ̥D{O bind, bind-chroot ҴѡAe@p`쪺AC DNS An . (root) o zone file b̡H]O bind ҴѪI (CentOS 4.x, 5.x ҴѪ caching-nameserver näsb CentOS 6.x SFIwgQ[\ bind n餺I)


    pADϥ19.3.2 BIND w]|]wP chroot

    n[]n BIND ݭn]wƩOH򥻤WӥDnƭnBzG

    • BIND ]wɡGDnWdDE]wBzone file ҦbBv]wΡF
    • ϶Ʈwɮ (zone file)GODEWٻP IP RΡC

    BIND ]wɬ /etc/named.confAboɮ׸̭iHWd zone file ɦWI ]NOAA zone file O /etc/named.conf ҫwAҥH zone file ɦWiHHKTI un /etc/named.conf WdTYiC@ӻA CentOS 6.x w]ؿOo˪G

    • /etc/named.conf GoNOڭ̪D]wTI
    • /etc/sysconfig/named GO_Ű chroot B~ӋANѳoɮױF
    • /var/named/ GƮwɮ׹w]mboӥؿ
    • /var/run/named Gnamed o{ɹw]m pid-file bؿC


    • /etc/sysconfig/named P chroot

    LAFtwʦҶqA@ӻثeUDn distributions wg۰ʪNA bind }{L chroot FI Ap󪾹DA chroot ҫwؿb̩OHOOb /etc/sysconfig/named ̭TIAiHd\@UG

    [root@www ~]# cat /etc/sysconfig/named
    ROOTDIR=/var/named/chroot
    

    WMɮפNqNuWo@ANOGyڭnN named L chroot AåBܧ󪺮ڥؿ /var/named/chroot zIѩڥؿwgQܧ /var/named/chroot FA bind }{Oݭn /etc, /var/named, /var/run ...ΥؿAҥHڤW bind }{һݭnҦƷ|ObG

    • /var/named/chroot/etc/named.conf
    • /var/named/chroot/var/named/zone_file1
    • /var/named/chroot/var/named/zone_file.....
    • /var/named/chroot/var/run/named/...

    zIuOnꐷС㤣LAnӾߡI]s CentOS 6.x wgN chroot һݭnϥΨ쪺ؿAzL mount --bind \iؿsF (Ѧ /etc/init.d/named e)A|ҨӻAڭ̻ݭn /var/named bŰʸ}zL mount --bind /var/named /var/named/chroot/var/named iؿjwoIҥHb CentOS 6.x SAAڥL /var/named/chroot/ FIϥΥWؿYiINOo̔xI^_^

    Tips:
    WA /etc/sysconfig/named O /etc/init.d/named ŰʮɩŪJAҥHA]iH^ק /etc/init.d/named o script I
    mϥ

    pADϥ19.3.3 xª cache-only DNS AP forwarding \

    bU@p`}lB϶ zone Ƴ]weAboӤp`SAڭ̥ӽͤ@x­ק]wɡAӤ]p zone file ANO㦳ۤv϶ zone ȶi֨ DNS AC


    • O cache-only P forwarding DNS AOH

    ӥuݭn . o zone file ̔x DNS AAڭ̺ٳoRSۤv} DNS ƮwA cache-only (ȧ֨) DNS serverIUWqAo DNS server u֨jMG\A]NOALèSDEWٻP IP ϶]wɡAOѹ~dߨӴѥLƨӷI

    pGs . QnOHNonw@ӤWh DNS A@A forwarding (茻) ؊AAN쥻ۤvn . dߪȡAᵹWh DNS AhдoYiC p@ӡAڭ̳o㦳 forwarding \઺ DNS AAƦܳs . ݭnFI] . ObWh DNS WYFI

    pP责쪺Acache only DNS äsbƮw (ROsb . o root Zk zone file)A ]AO֨Ӭd߸ơAo DNS @߶}lqۤv֨H . _AӬy{P 19.1-4 ۦPCpG㦳 forwarding \OHGupAYϧA DNS 㦳 . o zone fileAo DNS RO|NdvyeСzWh DNS dߪAo DNS ASܦΤTId߬y{|ܳo˳G

    㦳 forwarding \઺ DNS Adߤ覡
    19.3-1B㦳 forwarding \઺ DNS Adߤ覡

    [ԎWϪdߤVAA|o{A㦳 forwarding EɡAdv|eФWh DNS AӳBzAҥHڥ]ݭn . oӦmҦb zone TC@ӻApGAݭn[]@ cache-only DNS AɡAiH^[W forwarding EAdvVWhΪ̬OyqjWh DNS AYiCJM cache only AèSƮwA forwarding EƦܤݭn . zone AFRon[]o˪ DNS OHOzѪTI


    • ɭԦ[] cache-only DNS ݨDH

    bYǤq渹YAFwuQΤq귽@ۤvƱAҥH|w Internet su@Y檺CSMTAs port 53 o DNS |Ψ쪺 port ]i|Qצb~oӮɭԡA AiHbyEWA[U@ cache-only DNS AȡIz

    oONOH̔x[INOAۤvQΦۤvDEW DNS AȥhDA Client ݶ hostname <--> IP oI]DEiH]wۤv DNS \A Client ݴN]wM IP DNS A IP YiIIo˴NiHoDEWٻP IP 茮TIҥHAq`[] cache only DNS AjOFtwoC


    • ڳ]w cache-only DNS server

    pbA Linux DEW[]@ cache-only DNS AOHu̔xTI]ݭn]w϶ zone (uݭn . zone 䴩Yi)AҥHun]w@ɮ (NO named.conf D]w) YiIuOZooFoI t~Acache-only un[W forwarders ]wYiw forwarding ơAҥHUڭ̱N]w㦳 forwarding cache-only DNS AaI


    1. sDn]wɡG /etc/named.conf

      Mڭ̨㦳 chroot ALѩ CentOS 6.x wgzLŰʸ}Dڭ̶iɮ׻PؿsAҥHЧA^ק /etc/named.conf YiInAh /var/named/chroot/etc/named.conf קTI boɮפADnOwqA즳}]wAHΦU zone ZkθƮwҦbɦWC bmoӮרSA]ϥΤF forwarding EAҥHo cache-only DNS AèS zone (s . S)AҥHڭ̥un]wnA}]wYiC]woɮתɭԽЪ`NG

      • ƬOmb׽uy // z᭱^
      • CӬqoݭnHy ; zӰI

      mNoɮצA̔ƦpU˦G
      [root@www ~]# cp /etc/named.conf /etc/named.conf.raw
      [root@www ~]# vim /etc/named.conf
      // bw]pUAoɮ׷|hŪ /etc/named.rfc1912.zones oӠZkwq
      // ҥHаOonק令U˦[I
      options {
              listen-on port 53  { any; };     //i]wAN^
              directory          "/var/named"; //Ʈww]mؿҦb
              dump-file          "/var/named/data/cache_dump.db"; //@DžpT
              statistics-file    "/var/named/data/named_stats.txt";
              memstatistics-file "/var/named/data/named_mem_stats.txt";
              allow-query        { any; };     //i]wAN^
              recursion yes;                   //NۤvΤݪ@Rd߼Ҧ
              forward only;                    //iȮɤ]w
              forwarders {                     //OII
                      168.95.1.1;              //ΤعqH DNS SWh
                      139.175.10.20;           //A seednet SWh
              };
      };  //̜OonŸI
      
      mNjƳHRAuNֈOdƥ[Hp׭qӤwCb named.conf cAPA즳}O options oӶؤe]wA] options ̭RܦhlӋA ҥHNHjA { } ]_oCܩ options lӋbW쪺n̔xԭzpUG

      • listen-on port 53 { any; };
        oboDEtWӺCw]Oob localhostAYuEiH DNS AȶidߡASMOܤXz[I ҥHo̭nNjAƧg anyCOoA]iHohӤA] any ᭱on[W~I t~AoӶئpGѰOg]S}YA]w]OӥDEtҦioC

      • directory "/var/named";
        NOApGɮשUWd쥿B϶ zone file ɦWɡAMɦWw]RMmbӥؿUNCw]m /var/named/ UCѩ chroot }YA̜oǸƮwɮ׷|QDʳs /var/named/chroot/var/named/ oӥؿC

      • dump-file, statistics-file, memstatistics-file
        P named oӪAȦ}\hpTApGQnKXɮתܡAw]ɦWNpWҭzCmۤvܤ֬ݳoDžpơA ҥHAoTӳ]wȼggRMOS}YC

      • allow-query { any; };
        oӬOwΤݪ]wA쩳֥iHڪ DNS AȴXd߽ШDNC쥻ɮפew]Ow localhost }ӤwA ڭ̳o̧令ҦΤ} (SMTA]o~)CLAw] DNS NOҦΤAҥHoӳ]wȤ]iHμgC

      • forward only ;
        oӳ]wiHA DNS Aȶi forwardAYϦ . o zone file ]wA]|ϥ . ơA u|Ndv浹Wh DNS AӤwAO cache only DNS ̱`]wFI

      • forwarders { 168.95.1.1; 139.175.10.20; } ;
        JM forward onlyA쩳nWh DNS Ai茻OHNO forwarders (nѰO s) ]wȪnʤFIѩߤWh DNS A]i|IA]iH]whWh DNS AIC@ forwarder A IP ݭny ; zӰI

      ̔xaIܩhӋڭ̷|bgTSCCCo˴Nwg]wF̔x cache only DNS server FI


    2. Ű named [ԎAȪf

      Ű`|ѰOaHԒ֥hŰʤ@UaIPɎŰʧܤA[Ԏ@U named Ҷ}ŪfAݬݨ쩳ǰf|Q DNS Ψ쪺I
      # 1. Űʤ@U DNS oNI
      [root@www ~]# /etc/init.d/named start
      Starting named:                     [  OK  ]
      [root@www ~]# chkconfig named on
      
      # 2. 쩳ΤFhְfOH
      [root@www ~]# netstat -utlnp | grep named
      Proto Recv-Q Send-Q Local Address       Foreign Address  State  PID/Program name
      tcp        0      0 192.168.100.254:53  0.0.0.0:*        LISTEN 3140/named
      tcp        0      0 192.168.1.100:53    0.0.0.0:*        LISTEN 3140/named
      tcp        0      0 127.0.0.1:53        0.0.0.0:*        LISTEN 3140/named
      tcp        0      0 127.0.0.1:953       0.0.0.0:*        LISTEN 3140/named
      tcp        0      0 ::1:953             :::*             LISTEN 3140/named
      udp        0      0 192.168.100.254:53  0.0.0.0:*               3140/named
      udp        0      0 192.168.1.100:53    0.0.0.0:*               3140/named
      udp        0      0 127.0.0.1:53        0.0.0.0:*               3140/named
      
      ڭ̪D DNS |PɎť UDP/TCP port 53AӥBOwҦA]WƨèSSCLA| port 953 BȰw糧EӺoOHO named hݱ\A٬hݦWٶRAȱ\ (remote name daemon control, rndc)Cw]pUAȦEiHw rndc ӱCڭ̷|b򪺏ظ`AؐQo rndc TAثeڭ̥unD UDP/TCP port 53 ŰʧYiC


    3. ˬd /var/log/messages eT (nI)

      named oӪAȪOɴN^Lmb /var/log/messages ̭TAҥHӬݬݸ̭XnTaI
      [root@www ~]# tail -n 30 /var/log/messages | grep named
      Aug  4 14:57:09 www named[3140]: starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 -u named
       -t /var/named/chroot <==O chroot bӥؿUI
      Aug  4 14:57:09 www named[3140]: adjusted limit on open files from 1024 to 1048576
      Aug  4 14:57:09 www named[3140]: found 1 CPU, using 1 worker thread
      Aug  4 14:57:09 www named[3140]: using up to 4096 sockets
      Aug  4 14:57:09 www named[3140]: loading configuration from '/etc/named.conf'
      Aug  4 14:57:09 www named[3140]: using default UDP/IPv4 port range: [1024, 65535]
      Aug  4 14:57:09 www named[3140]: using default UDP/IPv6 port range: [1024, 65535]
      Aug  4 14:57:09 www named[3140]: listening on IPv4 interface lo, 127.0.0.1#53
      Aug  4 14:57:09 www named[3140]: listening on IPv4 interface eth0, 192.168.1.100#53
      Aug  4 14:57:09 www named[3140]: listening on IPv4 interface eth1, 192.168.100.254#53
      Aug  4 14:57:09 www named[3140]: generating session key for dynamic DNS
      Aug  4 14:57:09 www named[3140]: command channel listening on 127.0.0.1#953
      Aug  4 14:57:09 www named[3140]: command channel listening on ::1#953
      Aug  4 14:57:09 www named[3140]: the working directory is not writable
      Aug  4 14:57:09 www named[3140]: running
      
      W̭nOĤ@X{y-t ...zӶثXA chroot ؿoCt~AW椤Sr骺AgŪ /etc/named.confANiHQJ /var/named/etc/named.conf NCpGWX{_᭱^Ӌr (:10)A NNYɮפĤQ榳DNAɦAiJBzYiCn`NOAY port 53 ŰʡAi DNS AȬOh~AɳoӵnɴN㪺D`nICsŰ DNS Aаȥd\@UoɮתeII

      Tips:
      pGAb /var/log/messages ̭@ݨo˪h~TG
      couldn't add command channel 127.0.0.1#953: not found
      ܧARݭn[J rndc key AаѦҥث᭱ Q RNDC O޲z DNS A ANL[JA named.conf I
      mϥ

    4. G

      pGA DNS A㦳sWں\AzLy dig www.google.com @127.0.0.1 zoӰ򥻫OݬݡA pG google IP AåBKXƪ̩Uܡy SERVER: 127.0.0.1#53(127.0.0.1) zrˡA NNRMO\TILNаѦҡG19.2 p`e


    • SOGForwarders nBPDR

    } forwarder nBPaBAܦhRNIjPNioG

    • Q Forwarder \ӼWiį઺zAG

      oǪB̻ͭ{ASܦhUh DNS Aϥ forwarder ɡA򨺭ӳQ]w forwarder DEAѩ|Oܦhd߸TO (аѦ 19.1-4 )A]A󨺨ǤUh DNS AӨAd߳t׷|W֫ܦhAY|`٫ܦhd߮ɶI] forwarder A̭h֨OFA ҥH]A forwarder AHΩҦVo forwarder nDƪ DNS AA^֩ . dߪE|A ]tSMW[C

    • Q Forwarder Ϧӷ|Ͼ骺į୰CG

      Ot~@hۤϪIoO]SD DNS y~ȶqzNcɭԡAA cache only DNS ARVLnDơA]L쥻ƶljKqNӤjFAWe譱itqAӤӦhUh DNS RVLnDơAҥHLd߳t׷|ܺCI]d߳tܺCFAӧA cache only server SOVLXnDAҥH۵M䪺d߳t״N|PBUI

    ܦhRkTImH]\oܦíIuOD@TNOFALiHDOApGWh DNS t׫ܧ֪ܡALQ]w forwarder ɡAγ\uiHW[֮įI


    jADϥ19.4 DNS AN]w

    nFAgLWAڭ̤jyD DNS XӤpN`Oo˪G

    1. DNS A[]ݭnWh DNS v~iHXk DNS A (_huOm\)F
    2. ]wɦmGثe bind {wi chrootA}ؿiѦ /etc/sysconfig/namedF
    3. named Dn]wɬO /etc/named.confF
    4. CӥB϶Zkݭn@ӸƮwɮסAɦWhO /etc/named.conf ҳ]wF
    5. S DNS d߮ɡAYSƮwɮסAhe root (.) forwarders AdߡF
    6. named O_Űʦ\ȥnd\ /var/log/messages TI

    䤤Ĥ@IܭnA]ڭ̩|VWh ISP UXkZkW١AҥHڭSMNSvQ[]Xk DNS AFC ӥѩߧڭ̪ DNS A|P~ں줬ۤzZAҥHUmNDnH@ centos.vbird ZkW٨Ӭ[] DNS AAp@ӫ̴NiHnn@ۤvk DNS TI


    pADϥ19.4.1 ɰO (Resource Record, RR)

    JM DNS ̦eتNOnqDEW٥h IPAҥHNڭ̥q zone ӽͰ_aCJMnͥA NRMnAɮװOTǧaHboӤp`̭Aڭ̴Nӽͽͥ zone ``OƦǧaC


    • ɸ귽O (resource record, RR) 榡

    ڭ̱qeXӤp` dig OKXGAiHo{@ӦêNNANOKXƮ榡GOTwI |ҨӻAd www.ksu.edu.tw IP ɡAKXGG

    [root@www ~]# dig www.ksu.edu.tw
    ....(eٲ)....
    ;; ANSWER SECTION:
    www.ksu.edu.tw.         2203    IN      A       120.114.100.101
    
    ;; AUTHORITY SECTION:
    ksu.edu.tw.             911     IN      NS      dns1.ksu.edu.tw.
    ....(᭱ٲ)....
    # WKXƤwgQ̔ƹLFAIOnjaA RR 榡
    

    bתKX픬qADnd߱o쪺O A AxAb{픬qAhO ksu.edu.tw NS A@NC 榡D`^AuO A ᭱^ IPA NS ᭱^DEW٦ӤwCڭ̥iHNӉKX榡̔ƦpUG

    [domain]   [ttl]          IN [[RR type]  [RR data]]
    [ݬd] [Ȧsɶ()] IN [[귽] [귽e]]
    

    WA}gr IN OTwA RR type P RR data hO}sʪAҦp~L A NO^ IP ӤODEWٔ[C~Ab domain AYi઺ܡAкɶqϥ FQDNAYODEWٓ[W@ӤpӋI (.) NQ٬ FQDN FIҦp dig www.ksu.edu.tw KXGAb픬qɡAjMDEWٷ|ܦ www.ksu.edu.tw. I`Nݳ̫᭱ӤpӋIIӤpӋID`nI

    ܩ ttl NO time to live YgANNOSo۰OQL DNS AdߨA oӰO|Ob DNS A֨AOh֬NCҥHASAϞ dig www.ksu.edu.tw AN|o{oӮɶ|֡IOH]bA DNS ֨Ao۸Ư^Osɶ|}lӋA SoӋrksAUHAsjMo۰OɡAA DNS N|su . (root) }lӷjM@MA Ӥ|q̭֨F (]֨Ʒ|Q˱)C

    ѩ ttl iѯSwӋӅ@ޡA]b RR O榡Aq`o ttl OiHC ` RR ǩOHڭ̱Nɪ RR O榡JpUG

    # ` RR }T
    [domain]    IN  [[RR type]  [RR data]]
    DEW.   IN  A           IPv4  IP }
    DEW.   IN  AAAA        IPv6  IP }
    ZkW.   IN  NS          ޲zoӠZkW٪ADEWr.
    ZkW.   IN  SOA         ޲zoӠZkW٪CӭnӋ(eỡ)
    ZkW.   IN  MX          Ӌr  ^l󪺦ADEWr
    DEOW.   IN  CNAME       ڥNoӥDEOWDEWr.
    

    ^Uӧڭ̥HXsj DNS ]wA]A ksu.edu.tw oӠZk (domain, zone)AH www.ksu.edu.tw oӥDEW (FQDN) dߓGӸjaC RR OT󽗡I


    • A, AAAA Gd IP O

    o A RR Obd߬YӥDEW٪ IPA]O̪Qdߪ@ RR AxI|ҨӻAn www.ksu.edu.tw A ܡANOoˬdG

    [root@www ~]# dig [-t a] www.ksu.edu.tw
    ;; ANSWER SECTION:
    www.ksu.edu.tw.         2987    IN      A       120.114.100.101
    # DEFQDN.             ttl                     oDE IP NOo
    # ȦCX픬qơA RR }Ax]OoܪI
    # OC [-t a] iH[Aӳ̥DEWٓ|pӋII
    

    ODEW١ASMAA]iHA domain ֦@ A AxAҦpy dig google.com z] IPC LA̱Xsj ksu.edu.tw hS]w IP NOFCnASOjժADEW٦pGOWA аȥ[WpӋICpGA IP ]wO IPv6 ܡAdߴNonϥ aaaa ~C


    • NS Gdߺ޲zZkW (zone) ADEW

    pGAQnD www.ksu.edu.tw o۰OOѭ DNS AѪANonϥ NS (NameServer) RR AxӬdߡCLAѩ NS O޲zӠZkA]AAondߪ؊ANoKJ domainAY ksu.edu.tw ~I|ҦpUG

    [root@www ~]# dig -t ns ksu.edu.tw
    ;; ANSWER SECTION:
    ksu.edu.tw.             1596    IN      NS  dns1.ksu.edu.tw.
    
    ;; ADDITIONAL SECTION:
    dns1.ksu.edu.tw.        577     IN      A   120.114.50.1
    # FCX NS OA~AMA IP ]|B~ѡI
    

    eLADNS AOܭnA]ܤֳ|HWCXsj@T DNS AAmȦCXĤ@ѰѦҡC NS ᭱|[AW١AӳoӦA IP ]|B~Ѥ~I] NS g`H A Ax[Io˧A~ NS hd߸ƹIo˻zaH ^_^


    • SOA Gdߺ޲zZkW٪A޲zT

    pGAh DNS A޲zP@ӠZkWٮɡA̦nϥ master/slave 覡Ӷi޲zCJMno˺޲zA NonŧiQ޲z zone file OpiljKAɴNon SOA (Start Of Authority) AxFC@@Xsj]wOˡG

    [root@www ~]# dig -t soa ksu.edu.tw
    ;; ANSWER SECTION:
    ksu.edu.tw.       3600   IN     SOA    dns1.ksu.edu.tw.   abuse.mail.ksu.edu.tw. 
      2010080369 1800 900 604800 86400
    # WzKXGOP@I
    

    SOA DnOPZk}AҥHeSMng ksu.edu.tw oӠZkWC SOA ᭱@|^CӰӋAoCӰӋNq̧ǬOG

    1. Master DNS ADEWGoӠZkDnO DNS @ master NCbҤA dns1.ksu.edu.tw ksu.edu.tw oӠZkDn DNS AoF

    2. ޲z emailG޲z email HoͰDiHpoӺ޲zCn`NOA ѩ @ bƮwɮפOSONqA]o̴NN abuse@mail.ksu.edu.tw g abuse.mail.ksu.edu.tw AoˬݪFܡH

    3. Ǹ (Serial)GoӧǸNOoӸƮwɮתsHAǸVjNVsC S slave nP_O_DʤUsƮwɡANHǸO_ slave WRnsӧP_AYOhUAYOhUC ҥHSA׭qFƮweɡAOonNoӋȩj~I FKϥΪ̰OСAq`Ǹ|ϥΤ榡yYYYYMMDDNUzӰOСAҦpXsj 2010080369 ǸN 2010/08/03 SѪ 69 sP\CLAǸij 2 32 AYp 4294967296 ~C

    4. sWv (Refresh)Gԣ slave |hV master nDƧsP_H NOoӋȩwqCXsj DNS ]wC 1800 i@ slave V master nDƧsCC slave hsɡA pGo{ǸSjAN|UƮwɮסC

    5. ѭsɶ (Retry)GpG]YǦ]AfP slave Lk master FsuA bh[ɶAslave |ssu masterCbXsj]wA900 |s@CNOAC 1800 slave |DʦV master suApGMsuS\A^Uӹsuɶ|ܦ 900 CYӦ\AhS|_ 1800 ~A@suC

    6. Įɶ (Expire)GpG@ѹɶAsuFoӳ]wȮɭA slave NA~suAåBRoU zone file TCXsj]w 604800 CNOASsu@ѡAC 900 F 604800 AXsj slave NAsAuΫݨt޲zBzC

    7. ֨ɶ (Minumum TTL)GpGoӸƮw zone file AC RR OSg TTL ֨ɶܡANHo SOA ]wȬDC

    F Serial iHWL 2 32 褧~AS䥦[woXӋȡHOA򥻤WNOoˡG

    • Refresh >= Retry *2
    • Refresh + Retry < Expire
    • Expire >= Rrtry * 10
    • Expire >= 7Days

    @ӻApG DNS RR ܧ󱡪pWcAWz}ӋȥiHqwp@ǡApG DNS RR OTwA F`WeAhiHN Refresh ]wj@ǡC


    • CNAME G]wYDEW٪OW (alias)

    ɭԧAQnwYӥDEWٳ]w A AxAӬOQzLt~@DEW٪ A ӳWdoӷsDEWٮɡA iHϥΧOW (CNAME) ]wI|ҨӻAl} www.google.com ɡAA|o{oˡG

    [root@www ~]# dig www.google.com
    ;; ANSWER SECTION:
    www.google.com.         557697  IN      CNAME   www.l.google.com.
    www.l.google.com.       298     IN      A       72.14.203.99
    

    NOASAnld www.google.com ɡAЧ www.1.google.com ӥDEAӨӥDE A NWĤG檺ܤFC m``}AADmҦrܡHAFưȩҥhdymzɡAL|GySoӤH[I]SHmm...zA oӡymzNOOW (CNAME) AӹR쪺WٴNOyvYYzAovYY~urN @h@hhl}o

    o CNAME ԣnBOH A NnFaHROnBA|ҨӻApGA@ IPAo IP OܦhDEW٨ϥΪC SA IP ɡAҦƴNoqqs A Ax~CpGAu@ӥDnDEWٳ]w AAӨLAxϥ CNAME ɡAS IP AAun׭q@ A AxAL CNAME NܰʤFIBz_Ӥe[I


    • MX Gd߬YZkW٪lADEW

    MX O Mail eXchanger (l) NAq`AӠZk|]w@ MX ANAҦHoӠZk email RMneY email server DEWWY~OCݬݱXjơG

    [root@www ~]# dig -t mx ksu.edu.tw
    ;; ANSWER SECTION:
    ksu.edu.tw.             3600    IN      MX      8 mx01.ksu.edu.tw.
    
    ;; ADDITIONAL SECTION:
    mx01.ksu.edu.tw.        3600    IN      A       120.114.100.28
    

    WYNOASHne ksu.edu.tw oӠZkɡAhwNHǰe mx01.ksu.edu.tw olA޲zA SMTAo mx01.ksu.edu.tw ۵MNOXjۤv޲zlA~IMX ᭱^DEWٳq`NOXk mail serverA ӷQnS MX AANon A Ax~ҥHW᭱N|X{ mx01.ksu.edu.tw A [I

    b mx01 e 8 ONHѩ߶l|򥢡A]j~|ho˪WhlAӹwHC 쩳lDE|UOHNHӋrpuoI|ҨӻApGAhd google.com MX AxA N|o{L 5 o˪AOI


    pADϥ19.4.2 ϶ɰO RR

    Fӽͽͤ϶aIb϶eAӽͽͥDEW٪l}覡CH www.ksu.edu.tw. ӻAӺkyӬݡA VkX{W٥NkVjI|ҨӻA.(root) > tw > edu HC]l}ɡAOѤjdpdA ̫Aڭ̴NDl}Vp 19.1-4 ҥܨˡC

    O IP h@˔[IHXj 120.114.100.101 ӻnFASMO 120 > 114 > 100 > 101 A䪺k̤jI Pw] DNS qkVdߤ@˔[IHFMoӰDAҥH϶ zone NnN IP ϹLӼgAӦbɥ[W .in-addr.arpa. r˧YiCҥHASAQnl}϶ɡA϶GN|OG

    [root@www ~]# dig -x 120.114.100.101
    ;; ANSWER SECTION:
    101.100.114.120.in-addr.arpa. 3600 IN   PTR     www.ksu.edu.tw.
    

    ҦpWzGAڭ̭ndߪDEWٳMܦF IP 茪ҼˡIҥH~٬϶IӤ϶Ax̭nNO PTR FI


    • PTR GNO϶[IҥHOd IP ҹRDEW

    i϶ɡAn`NNO zone W٤FInN IP 茹LӼgAåB[W .in-addr.arpa. ~I Ҧp 120.114.100.0/24 o class C IP q϶]wANngG 100.114.120.in-addr.arpa. o˪ zone W٤~C PTR ᭱^۵MNODEWoI

    b϶̭naNOG᭱DEWٺɶqϥΧ FQDNAY[WpӋI (.) IOH| 100.114.120.in-addr.arpa. ҡApGAuOgDEW١AèSgZkW١A SHal}ADEWٮɡAADEWٷ|ܦG www.100.114.120.in-addr.arpa. ǼҼC oOݭn`NaC

    Tips:
    AmQAϪ@ǦgBͤ@bApG߷|~ADEW٪]whqqOoOng FQDN NOFI oʎ藍|DI ^_^
    mϥ

    pADϥ19.4.3 BJ@GDNS WُGB϶ zone wwqרһ

    {b]mϺ줤Qn]w DNS AAmϺ쥻WُkWٴNO centos.vbirdABft IP q 192.168.100.0/24 o@qA]Dnk centos.vbirdAӤ϶kh 192.168.100.0/24A mo DNS AQnۤvM .(root) ӤzL forwarders UA]Ron . ZkɡC X_ӻAmݭn]w쪺ɮ״NoXӡG

    1. named.conf (Dn]w)
    2. named.centos.vbird (Dn centos.vbird )
    3. named.192.168.100 (Dn 192.168.100.0/24 ϶)
    4. named.ca ( bind n鴣Ѫ . )

    pGRQn[JLZkAҦp niki.vbird iiH[HSMiH[INAh@ӸƮwɮקYiI RAmWYoӳ]wƬpAҥHAiHӵ۪Iä|vT~ںTI uOAں]dA DNS ]wNOFϥOm\I^_^

    ܩƮwB϶RWA̾ڪAWُpU (аѦҲĤT 3.2-1)G

    @~tPIPDEWٻP RR Ax
    Linux (192.168.100.254)master.centos.vbird (NS, A)
    www.centos.vbird (A)
    linux.centos.vbird (CNAME)
    ftp.centos.vbird (CNAME)
    forum.centos.vbird (CNAME)
    www.centos.vbird (MX)
    DNS ]mOϥ master.centos.vbird o DNS AW١CܩoDEt@ӥDnW٬O www.centos.vbirdALO CNAMEAo˥ӤnקCPɵ@ MX AxDnDEW
    Linux (192.168.100.10)slave.centos.vbird (NS, A)
    clientlinux.centos.vbird(A)
    ӧ@ slave DNS ^ZH
    WinXP (192.168.1.101)workstation.centos.vbird (A)@g`ΨӤu@u@E
    WinXP (192.168.100.20)winxp.centos.vbird (A)@ΨӴ Windows XP
    Win7 (192.168.100.30)win7.centos.vbird (A)@ΨӴ Windows 7

    ЯSOdN[A@ IP iHRhӥDEW١AP˪A@ӥDEW٥iHh IP I DnO] www.centos.vbird EӪγ~ShAmƱ樺@DEhӦW١AHKB~Wُ[C ҥHNM IP RF|ӥDEWٔ[I

    Tips:
    bۮa]SgLXkv DNS ̦nnH Internet WwgsbZkW٨ӽm߬[]I |ҨӻA]ѧAH 192.168.100.254 EӬ[] *.yahoo.com ZkA ]ڱN 192.168.100.254 mbĤ@AfPCdߨ yahoo.com oӠZkƳO^ 192.168.100.254 ҴѡAoܤn]i|yAΤݪK
    mϥ

    pADϥ19.4.4 BJGGD]w /etc/named.conf ]m

    oӳ]wɸh options Ӌڭ̤wgb 19.3.3 ̭͹LAbڭ̥ثeרҤA hnN forwarders }\Aå[WTljK zone file ӋYiCܩ zone ]wWAn]tWӤp`ͨ쪺TӥDn zone I]oɮתȬOG

    • optionsGWd DNS Aϥv (i_dߡBforward P_)F
    • zoneG]wX zone (domain name) H zone file Ҧb (]t master/slave/hint)F
    • LG]w DNS E޲zHΨ}_ɮ (key file)C(صyiRΦA)

    N^ݤ@UmdaG

    [root@www ~]# vim /etc/named.conf
    options {
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            allow-query     { any; };
            recursion yes;
            allow-transfer  { none; };   // \OHi zone 茲
    };
    
    zone "." IN {
            type hint;
            file "named.ca";
    };
    zone "centos.vbird" IN {            // o zone W
            type master;                // O
            file "named.centos.vbird";  // ɮשb
    };
    zone "100.168.192.in-addr.arpa" IN {
            type master;
            file "named.192.168.100";
    };
    

    b options ̭ȷsW@ӷsӋANO allow-transferANqG

    • allow-transfer ( none; };
      O_\Ӧ slave DNS ڪӠZkƶiǰeHoӳ]wȻP master/slave DNS AƮwǰe}CDA slave DNS AA_ho̤n}I]o̧ڭ̥]w noneC

    ܩb zone ̭]wȡADnhUXӡG

    zone }Ӌ
    ]wNq
    typeM zone ADnw . hintAHΦۤvʭקƮwɮת masterAPi۰ʧsƮw slaveC
    fileNO zone file ɦW[I(`N chroot P_I)
    ϶ zoneDnNO in-addr.arpa oӪNIаѦ 19.4.2

    ɦWO named }YOHouOӲߺDӤwAA]iH̾ڦۤvߺDӭqwɦWCgLWAҥHڭ̷|DAzone file ɦWOzL named.conf oӳ]wɨӳWd[I


    pADϥ19.4.5 BJTG̤Wh . (root) Ʈwɮת]w

    q 19.1-4 iHD . nʡIo . b̩OHWAO INTERNIC Һ޲z@A@ɦ@ 13 ޲z . DNS AOI}̷s]wbG

    nnU̷sHAKA]ڭ̪ CentOS 6.x bind nwgѤF@ӦW named.ca ɮפFAmO^ϥΨtѪTCoɮתeI^oˡG

    [root@www ~]# vim /var/named/named.ca
    . <==o̦ӤpӋI     518400  IN      NS      A.ROOT-SERVERS.NET.
    A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
    # WoO諸INI A.ROOT-SERVERS.NET. ޲zAêW IP d
    . <==o̦ӤpӋI     518400  IN      NS      M.ROOT-SERVERS.NET.
    M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33
    M.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:dc3::35
    # WoTO諸AN M }YA A P AAAA O
    

    }Ax NS, A, AAAA NqAЦ^ 19.4.1 hdߡAo̤AC SOAѩҼ{ IPv6 ӪyʡA]ܦh . A[W AAAA IPv6 \oC oɮתeAnק[]oӤeO Internet WqΪơA@ӻA]|``ܰʡA ҥHݭnʥLANLm쥿Tؿç令AҫwɦWYi[I^UӥiHݬݨLɮTI


    pADϥ19.4.6 BJ|GƮwɮת]w

    AӶ}lɪ]waIɤ@wn RR AxUXӳG

    • }󥻠Zk]w譱GҦp֨OЮɶ (TTL)BZkW (ORIGIN) ΡF
    • } master/slave {Ҥ譱 (SOA)F
    • }󥻠ZkZkW٦AҦbDEWٻP IP R (NS, A)F
    • L϶}귽O (A, MX, CNAME )C

    } RR NqЦ^ 19.4.1 hdߡC~AoɮתSŸ]ojaNi@UG

    rNq
    @wq歺}lҦ]wƤ@wnq歺}lAeiťզrCYťզrANe@ domain ND`n
    @oӲŸN zone NIҦpgb named.centos.vbird A@ N centos.vbird.ApGgb named.192.168.100 ɮפAh @ N 100.168.192.in-addr.arpa. N (Ѧ named.conf zone ]w)
    .oI (.) ܭnI]LN@ӧDEW (FQDN) ӤOȦ hostname ӤwC|ҨӻAb named.centos.vbird Sg www.centos.vbird hN FQDN www.centos.vbird.@ ==> www.centos.vbird.centos.vbird. I]SMng www.centos.vbird. ~I
    ;NŸG # ]OӲŸϥ

    muΨtѪ@dz]wɡAMڥHק令mۤvݭnC DNS O master.centos.vbird oA޲zAӺ޲z̪ email vbird@www.centos.vbird oӡCӥɳ̜榳I^oˡG

    [root@www ~]# vim /var/named/named.centos.vbird
    # PӠZk}ʸ@]w]A NS, A, MX, SOA ΊAx]wBI
    $TTL    600
    @                       IN SOA   master.centos.vbird. vbird.www.centos.vbird. (
                                     2011080401 3H 15M 1W 1D ) ; PWOP@
    @                       IN NS    master.centos.vbird.  ; DNS AW
    master.centos.vbird.    IN A     192.168.100.254         ; DNS A IP
    @                       IN MX 10 www.centos.vbird.     ; ZkW٪lA
    
    # w 192.168.100.254 oDEҦ}]wC
    www.centos.vbird.       IN A     192.168.100.254
    linux.centos.vbird.     IN CNAME www.centos.vbird.
    ftp.centos.vbird.       IN CNAME www.centos.vbird.
    forum.centos.vbird.     IN CNAME www.centos.vbird.
    
    # LXDEDEW٥]wC
    slave.centos.vbird.       IN A    192.168.100.10
    clientlinux.centos.vbird. IN A    192.168.100.10
    workstation.centos.vbird. IN A    192.168.1.101
    winxp.centos.vbird.       IN A    192.168.100.20
    win7                      IN A    192.168.100.30  ; oO̔ƪgkI
    

    AjաA@ӥƮw]wAܤRMn $TTL, SOA, NS (Po NS DEW٪ A)A mNoǰ򥻭nΨ쪺AxgbWĤ@CܩLAhO}DEW٥]woC pGodz]wȧAݤAAiH֩wOAЦ^ 19.4.1 h@@aI Ujդ@UeS쪺]wȶءG

    }󥻠Zk@dz]w
    ]w
    $TTLF̔ƨC RR O]wA]ڭ̱N TTL ̫e@]wC]m DNS ARbAҥH TTL gFӤpӋȡAiHsb DNS A֨ 600 ӤwC
    $ORIGINoӳ]wȥiHsw zone wqCbw]pUAoӥ϶Ʈwɮפ zone O named.conf ҫwANO zone ӰӋ\C LAo zone OiH諸ANO $ORIGIN ӭ׭qNOFCq`oӳ]wȤ|Ψ쪺

    A즸]w DNS Bͤjy|QӤpӋI (.) AnӺiAunOGy [WF . ܳoOӧ㪺DEW (FQDN)AYO "hostname + domain name" FA pGS[W . ܡAMWٶȬ "hostname" ӤwI]ڭ̳oӳ]wɪ zone O centos.vbirdA ҥHW̫@AmugXDEW (win7) A]SpӋIA]㪺 FQDN n[W zoneAҥHDEW win7 NOG win7.centos.vbird. I


    pADϥ19.4.7 BJG϶Ʈwɮת]w

    ϶򥿶@ˡARݭn TTL, SOA, NS ΆΪAO۹󥿶̭ AA϶̭hȦ PTR I t~Aѩ϶ zone W٬Oܩ zz.yy.xx.in-addr.arpa. ҼˡA]unb϶̭nΨDEWٮɡA ȥϥ FQDN ӳ]w[IhP϶}ơAШ 19.4.2 hd\I ܩ 192.168.100.0/24 oӺk DNS ϶hG

    [root@www ~]# vim /var/named/named.192.168.100
    $TTL    600
    @       IN SOA  master.centos.vbird. vbird.www.centos.vbird. (
                    2011080401 3H 15M 1W 1D )
    @       IN NS   master.centos.vbird.
    254     IN PTR  master.centos.vbird.  ; N쥻 A 令 PTR AxӤw
    
    254     IN PTR  www.centos.vbird.     ; oǬOSw IP R
    10      IN PTR  slave.centos.vbird.
    20      IN PTR  winxp.centos.vbird.
    30      IN PTR  win7.centos.vbird.
    
    101     IN PTR  dhcp101.centos.vbird.  ; iw DHCP (ĤQG)  IP ]w
    102     IN PTR  dhcp102.centos.vbird.
    ....(ٲ)....
    200     IN PTR  dhcp200.centos.vbird.
    

    ]ڭ̪ zone O 100.168.192.in-addr.arpa. o@ӡA] IP Wwgt 192.168.100 FA ҥHbWS̥AӋȥuݭnsb̫@ IP YiC] 254 NN 192.168.100.254 oI ~AF DHCP ۰ʤt IP SRDEW١AҥHo̤]F 192.168.100.{101~200} DEWٹRI


    pADϥ19.4.8 BJGDNS ŰʡB[ԎP

    DNS Űʤ]̔xFaHN^QΨtѪŰ script YiI

    [root@www ~]# /etc/init.d/named start  <==]iOݭn restart 
    [root@www ~]# chkconfig named on
    

    YϵeWX{OyTwzΡyOKzAoA DNS AȬO`CҥHAЧAyȥzd\ /var/log/messages e~I򥻤WAe|I^oˡG

    [root@www ~]# tail -n 30 /var/log/messages | grep named
    named[3511]: starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 -u named -t 
    /var/named/chroot
    named[3511]: adjusted limit on open files from 1024 to 1048576
    named[3511]: found 1 CPU, using 1 worker thread
    named[3511]: using up to 4096 sockets
    named[3511]: loading configuration from '/etc/named.conf'
    named[3511]: using default UDP/IPv4 port range: [1024, 65535]
    named[3511]: using default UDP/IPv6 port range: [1024, 65535]
    named[3511]: listening on IPv4 interface lo, 127.0.0.1#53
    named[3511]: listening on IPv4 interface eth0, 192.168.1.100#53
    named[3511]: listening on IPv4 interface eth1, 192.168.100.254#53
    named[3511]: command channel listening on 127.0.0.1#953
    named[3511]: command channel listening on ::1#953
    named[3511]: the working directory is not writable
    named[3511]: zone 100.168.192.in-addr.arpa/IN: loaded serial 2011080401
    named[3511]: zone centos.vbird/IN: loaded serial 2011080401
    named[3511]: running
    

    WKXTAAonSO`NeuC]A -t chroot_dir O]w chroot ؿmA ӳ]w (configuration) hO /etc/named.confA̭nOAҦ zone (hint . ~) Ǹ (serial) XnAƮwe@P~IӥB^X{y]wɦW:ӋrzeA _h֩wNO]wɦDWTݰ_R OK TI

    bWzKXS]TӪFAҥHmNnɶPDE쮳FIWOQŰʮɪpA pGX{DHq`X{D]O]G

    • yk]wh~G
      oӰDnMA]b /var/log/messages ̭NAӤeh׭qYiF

    • ޿]wh~G
      oӴNxZFIOH]LDnoͦbA]w DNS DEɭԡAҼ{gҲͪDIҦpѰO[W (.)A t|܎h~TAOo|ydߪ~PA MX ]wDEWَh~A]|X{DTAO mail server NO|HΆΡoǎh~ݭn܌N DNS client ~ાDDҦbC

    ڭ̳o̥Nyk]wh~譱i椶Aܩ޿]wDAӴNݭnhhi~ાDF Uh~T|Ob /var/log/messages ̭I

    named: /etc/named.conf:8: missing ';' before '}'
    # `NW쪺ɦWPӋrܡHO /etc/named.conf  8 A
    # ܩh~O]ʤ֤ (;) ҭPIhץ@UYiC
    
    dns_rdata_fromtext: named.centos.vbird:4: near eol: unexpected end of input
    zone centos.vbird/IN: loading master file named.centos.vbird: unexpected end of input
    _default/centos.vbird/IN: unexpected end of input
    # O named.centos.vbird  4 榳DAԎɮפe 4 O SOA ءA
    # q`O SOA ӋrSIԒh׭q@UYi[I
    
    dns_rdata_fromtext: named.centos.vbird:7: near 'www.centos.vbird.': 
    not a valid number
    #  7 b www.centos.vbird ݭn@ӦXkӋrInO MX A
    # ҥHAԒ[W@ӦXkӋrAh@@YiI
    

    q`̤jDO...hrIҥHAȥnCCrACCԎݲMEAרOnɤTIBzܤA ]^zL netstat hd port 53 boAAӴNOnHadߤFIҥHASonק慨oI ]AROwUm}A^UӴNOG

    [root@www ~]# vim /usr/local/virus/iptables/iptables.rule
    # pUANYiI
    iptables -A INPUT -p UDP -i $EXTIF --dport  53  --sport 1024:65534 -j ACCEPT
    iptables -A INPUT -p TCP -i $EXTIF --dport  53  --sport 1024:65534 -j ACCEPT
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    

    pADϥ19.4.9 BJCGPƮws

    bW]wdwAåBŰʤAA DNS ARMOwgSbB@FC A򪾹DA]wO_XzHSMn@IR覡A@RO] client ݪdߥ\A تOˇAƮw]wLh~Ft~A]iHsWUoӺG

    oӺiHDAˇA DNS ADn]wO_DILAoӺˇDnOHXkv zone DAڭ̦ۤv÷d DNS OSkˬdTIuOinFANڭ̨ӴGaIA oN DNS Aۤv /etc/resolv.conf 令pUҼ˸ΡG

    [root@www ~]# vim /etc/resolv.conf
    nameserver 192.168.100.254   <==ۤv IP @wn̦X{I
    nameserver 168.95.1.1
    

    ^UӡANڭ̰wWnB϶Ti˴aIP˪Am]ȦCXתӤwI

    # 1. ˬd master.centos.vbird H www.centos.vbird  A Ax
    [root@www ~]# dig master.centos.vbird
    ;; ANSWER SECTION:
    master.centos.vbird.    600     IN      A       192.168.100.254
    [root@www ~]# dig www.centos.vbird
    ;; ANSWER SECTION:
    www.centos.vbird.       600     IN      A       192.168.100.254
    
    # 2. ˬd ftp.centos.vbird P winxp ΆΪ A Ax
    [root@www ~]# dig ftp.centos.vbird
    ;; ANSWER SECTION:
    ftp.centos.vbird.       600     IN      CNAME   www.centos.vbird.
    www.centos.vbird.       600     IN      A       192.168.100.254
    [root@www ~]# dig winxp.centos.vbird
    ;; ANSWER SECTION:
    winxp.centos.vbird.     600     IN      A       192.168.100.20
    
    # 3. ˬd centos.vbird o zone  MX
    [root@www ~]# dig -t mx centos.vbird
    ;; ANSWER SECTION:
    centos.vbird.           600     IN      MX      10 www.centos.vbird.
    
    # 4. ˬd 192.168.100.254  192.168.100.10 ϶
    [root@www ~]# dig -x 192.168.100.254
    ;; ANSWER SECTION:
    254.100.168.192.in-addr.arpa. 600 IN    PTR     www.centos.vbird.
    254.100.168.192.in-addr.arpa. 600 IN    PTR     master.centos.vbird.
    [root@www ~]# dig -x 192.168.100.10
    ;; ANSWER SECTION:
    10.100.168.192.in-addr.arpa. 600 IN     PTR     slave.centos.vbird.
    

    n\~潗IO\OHFnuܤ~AMƬO_OAnҼˡH~OQ\C pGX{h~TAҦp䤣 www.centos.vbird ANѤFAonXD~C

    t~ApGAƮwݭnsɡARM|ʔ[H|ҨӻAAYӥDE IP Ϊ̥DEW٭nܧA]iOsWYӥDEWٻP IP ROI̔xTAq`o˰NnFG

    1. wn諸 zone ƮwɮץhsANO[J RR AxYOI
    2. M zone file Ǹ (Serial) ANO SOA ĤTӰӋ (Ĥ@Ӌr)A]oӋr|vT master/slave PwsP_I
    3. sŰ named AΪ̬O named sŪ]wɧYiC

    No̔x[ILja``|ѰOĤGӨBJTINONǸܤj[IpGǸSܤjA master/slave Ʈwiण|DʪsA|y@ǧxZI


    jADϥ19.5 Pu@ DNSG Slave DNS Τlkv]w

    ڭ̦bؤ@}lN͹LADNS jyOӳ̭nAȤ@A]ҦDEWٻݨDon DNS Ѥ~C ]AISP b domain name UɡANjձonHW DNS A~CӬF̔ DNS ޲zHtA ϥ Master/Slave DNS [cp|nIOHڭ̦A^Ф@U Slave DNS SG

    • F_ DNS AȡAAZkܤֻݭn DNS AӴѬdߪ\F
    • ӤWAoX DNS ARMnbӥHWP IP k~nF
    • K޲zAq`F@Dn Master DNS ~AL DNS |ϥ slave ҦF
    • slave DNS AèSƮwALƮwO master DNS ҴѪF
    • master/slave DNS ݭniHۤljK zone file }T~Aoݭn /etc/named.conf ]wUC

    ~ApGABͩΪ̬OͷQnAn@ӤlkASMp]wt@ DNS AOHNڭ̨̧Ǩӽͽo


    pADϥ19.5.1 master DNS v}

    ڭ̨ϥ 19.4.3 רҡA~Ӭ[]@䴩MרҪ slave DNS aI򥻪]G

    • slave DNS Ai zone transfer A master.centos.vbird
    • centos.vbird 100.168.192.in-addr.arpa zone ѵ slave DNS ϥ
    • master.centos.vbird named ȴѵ slave.centos.vbird oDEi zone transfer
    • Slave DNS server []b 192.168.100.10 oAW (ҥH zone file n׭q)

    pWҥܡAڭ̪ master.centos.vbird oAF named.conf ݭnվ㤧~A zone file ]ݭnվI b named.conf SAݭn]w IP iHڪ zone iljK (allow-transfer)AӦb zone file SANOU[J@ NS OYiIW[pUҥܡG

    # 1. ׭q named.confADnק zone Ӌ allow-transfer 
    [root@www ~]# vim /etc/named.conf
    ....eٲ....
    zone "centos.vbird" IN {
            type master;
            file "named.centos.vbird";
            allow-transfer { 192.168.100.10; };  // bo̷sW slave  IP
    };
    zone "100.168.192.in-addr.arpa" IN {
            type master;
            file "named.192.168.100";
            allow-transfer { 192.168.100.10; };  // bo̷sW slave  IP
    };
    

    bWYҦCܪӸƮwɮSAAnsWһݭn NS Ax~INS RDEW٬ slave.centos.vbirdA IP hO 192.168.100.10 IGpUG

    # 2. b zone file ̭sW NS AxAn`Nݭn A()  PTR(϶) ]w
    [root@www ~]# vim /var/named/named.centos.vbird
    $TTL    600
    @                       IN SOA   master.centos.vbird. vbird.www.centos.vbird. (
                                     2011080402 3H 15M 1W 1D )
    @                       IN NS    master.centos.vbird.
    @                       IN NS    slave.centos.vbird.
    master.centos.vbird.    IN A     192.168.100.254
    slave.centos.vbird.     IN A     192.168.100.10
    @                       IN MX 10 www.centos.vbird.
    ....(Uٲ)....
    
    [root@www ~]# vim /var/named/named.192.168.100
    $TTL    600
    @       IN SOA  master.centos.vbird. vbird.www.centos.vbird. (
                    2011080402 3H 15M 1W 1D )
    @       IN NS   master.centos.vbird.
    @       IN NS   slave.centos.vbird.
    254     IN PTR  master.centos.vbird.
    10      IN PTR  slave.centos.vbird.
    ....(Uٲ)....
    # nSO`N@ơANOAA zone file ǸnW[ImO 8/4A
    #  2 iAҥHǸNHMѪǨӳ]pI̫Oo restart @UTI
    
    [root@www ~]# /etc/init.d/named restart
    [root@www ~]# tail -n 30 /var/log/messages | grep named
    starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 -u named -t /var/named/chroot
    ....(ٲ)....
    zone 100.168.192.in-addr.arpa/IN: loaded serial 2011080402
    zone centos.vbird/IN: loaded serial 2011080402
    zone 100.168.192.in-addr.arpa/IN: sending notifies (serial 2011080402)
    zone centos.vbird/IN: sending notifies (serial 2011080402)
    

    ϥsŰʹL named A\OoNOnd\ messages nTNFCqWKXӬݡA|h@ sending notifies (ǰe`Nƶ) }grơANO slave DNS ӤǸjpFIҥHAAAǸSܭnOHSMܭn[I snT|iǸjpIo master DNS N]wSoI^UӪ Slave ]waI


    pADϥ19.5.2 Slave DNS ]wPƮwvD

    JM Slave DNS ]O DNS AIҥHASM]OݭnwU bind, bind-chroot ΆΪnI o^h 19.3.1 ̭@@YiAϥOoϥ yum wUNFC ^Uӱon]w named.conf aHӬJM Master/Slave ƮwOۦPAҥHAzAWA named.conf eNOjPpo ߤ@n`NNO zone type tAHΫŧi master b̴NOFC ܩ zone filename Aѩ zone file Oq master oAzL named oӵ{ӥDʫإ߰_ݭn zone fileA]o zone file mؿvNܭnIڭ̪^ӳBzݬݡG

    # 1. ǷQ named.conf eG
    [root@clientlinux ~]# vim /etc/named.conf
    ....(eP master.centos.vbird ۦPAGٲ)....
    zone "centos.vbird" IN {
            type slave;
            file "slaves/named.centos.vbird";
            masters { 192.168.100.254; };
    };
    zone "100.168.192.in-addr.arpa" IN {
            type slave;
            file "slaves/named.192.168.100";
            masters { 192.168.100.254; };
    };
    
    # 2. ˬd zone file wpإߪؿvO_TIUؿtw]ȡG
    [root@clientlinux ~]# ll -d /var/named/slaves
    drwxrwx---. 2 named named 4096 2011-06-25 11:48 /var/named/slaves
    # `NvBϥΪ̥HθsœT쪺ơIݭnP named oӥΤθsœ}I
    
    [root@clientlinux ~]# ll -dZ /var/named/slaves
    drwxrwx---. named named system_u:object_r:named_cache_t:s0 /var/named/slaves
    # ]nѰOP SELinux }ƱI
    

    FKϥΪ̳]wACentOS w]b /var/named/slaves/ BznF}vҥHAiHPBzvD ڭ̴NijA slave zone file mbMؿUIҥHWS file Ӌ~|og㦹~A masters s Io̳̮egh㨺nnBz zone file OHF named.ca o . ݭnDʦsb~A t~ type slave ƮwɮסASMsb[I]|q master BoI^UӡANڭ̨ӎŰ named öi[ԎaI

    [root@clientlinux ~]# /etc/init.d/named start
    [root@clientlinux ~]# chkconfig named on
    [root@clientlinux ~]# tail -n 30 /var/log/messages | grep named
    starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 -u named -t /var/named/chroot
    loading configuration from '/etc/named.conf'
    ....(ٲ)....
    running
    zone 100.168.192.in-addr.arpa/IN: Transfer started.
    zone 100.168.192.in-addr.arpa/IN: transferred serial 2011080402
    zone centos.vbird/IN: Transfer started.
    zone centos.vbird/IN: transferred serial 2011080402  <==`NǸT_
    # A|ݨpWTAIORiǸID`nI
    
    [root@clientlinux ~]# ll /var/named/slaves
    -rw-r--r--. 1 named named 3707 2011-08-05 14:12 named.192.168.100
    -rw-r--r--. 1 named named  605 2011-08-05 14:12 named.centos.vbird
    # o zone file |DʳQإ߰_өOI
    
    [root@clientlinux ~]# dig master.centos.vbird @127.0.0.1
    [root@clientlinux ~]# dig -x 192.168.100.254 @127.0.0.1
    # Wz˴OpGOTܥX A P PTR ܡANFI
    

    A@Ip@ӧA zone file N|DʪQإ߰_ӳIӦpGA master DNS nsƮwɡA unקLǸAísŰ named Ao slave DNS N|ۧsTI[IuOy֮TIzII LApGAo{Ű slave DNS ɡAAnTMOoˡG

    zone centos.vbird/IN: Transfer started.
    transfer of 'centos.vbird/IN' from 192.168.100.254#53: connected using 
    192.168.100.10#58187
    dumping master file: tmp-a1bYfCd3i3: open: permission denied
    transfer of 'centos.vbird/IN' from 192.168.100.254#53: failed while receiving 
    responses: permission denied
    transfer of 'centos.vbird/IN' from 192.168.100.254#53: end of transfer
    

    pGX{o˪TɡAhTI֩wOvh~TIЦAˬdAƮwɮשҩmؿvO_iH named gJ[IBzBzNnFI{bAA DNS |ܪ[joI]Qto㤣LMn`NOA d centos.vbird ɡAmaster P slave aOۦPAäO master I~ϥ slave Ӭd߳IҥHAoAۦP domain Ʈwen@P~I


    pADϥ19.5.3 ظmlk DNS AGlkvD

    F Master/Slave ݭnP DNS A@PѪAȤ~ADNS pGWhBUݪ}YɡAMp]wH YA]ڪkܤjAڥuQntdWh DNS ӤwAUhƱ檽^浹Ux쪺tdHӭtdAn]wOH |ӨҤlӻAHjҡAjpȺ޲zUӨtҪ DNS A IP ӤwAѩUӨtҪDEӋqiܤjA pGCӤHnЭpӳ]wA޲zi|ƱAӥBbڳ]pW]ӤHʤơC

    ҥHoApNNU subdomain (lk) ޲zv浹UӨtҪDE޲zh޲zAp@ӡA UtҪ]wW|FABWh DNS A޲z]ΤꐷЧoI

    nFAp}lkvOHڭ̥Hb master Wإߪ centos.vbird o zone ҡA ]ѧAO ISP AӤHQnpӽ domain name ALn domain Oy niki.centos.vbird zA AMpBzH

    • Wh DNS AGYO master.centos.vbird o@Aunb centos.vbird zone file AW[w NS ëVUh DNS DEWٻP IP (A) YiA zone file Ǹ]nW[~F

    • Uh DNS AGӽЪZkW٥OWh DNS ҥiHѪW١AçiWh DNS ޲zAڭ̳o zone һݫw DNS DEWٻPR IP YiCMN}l]wۤv zone P zone file }ơC

    ]ڭ̺޲z niki.centos.vbird ADEW٬ dns.niki.centos.vbird AӳoDE IP 192.168.100.200A ^UӴNڭڨӳ]waI


    • Wh DNS AGuݷsW zone file NS P A Yi

    Wh DNS BzuO̔xzIڭ̥unק master DNS (www.centos.vbird @) ̭ named.centos.vbird oӥɮקYiCslave DNS έקAO]L|۰ʧsIsWpUƧYiG

    [root@www ~]# vim /var/named/named.centos.vbird
    @                       IN SOA   master.centos.vbird. vbird.www.centos.vbird. (
                                     2011080501 3H 15M 1W 1D )
    # W SOA Ǹ[jAUsWoYi (쥻ƳOd)I
    niki.centos.vbird.      IN NS    dns.niki.centos.vbird.
    dns.niki.centos.vbird.  IN A     192.168.100.200
    
    [root@www ~]# /etc/init.d/named restart
    [root@www ~]# tail -n 30 /var/log/messages | grep named
    Aug  5 14:22:36 www named[9564]: zone centos.vbird/IN: loaded serial 2011080501
    # nɪ}gOWǸ㥲Oڭ̐gsǸ~I
    
    [root@www ~]# dig dns.niki.centos.vbird @127.0.0.1
    # A|o{Oh~I䤣 A I
    

    Wh DNS ]wD`̔xIunק zone file Yi㤣LAѩ zone file wO NS dv\A ]A̫ᨺӫOb dig dns.niki.centos.vbird ɡAo|䤣 A IO`] 192.168.100.200 |]wn niki.centos.vbird oӠZkIҥHl}GèSo{b 192.168.100.200 niki.centos.vbird zone [I ҥHSM䤣CɸƮw޲zvb 192.168.100.200 WTIo˥iHzܡHAӳBzUh DNS aI


    • Uh DNS AGݭn㪺 zone }]w

    Uh DNS ]wNP 19.4 Ne@ˤFIҥHbo̧ڭ̶ȦCXnءG

    # 1. ק named.conf AW[ zone ӋA]ɦW named.niki.centos.vbird
    [root@niki ~]# vim /etc/named.conf
    ....(eٲ)....
    zone "niki.centos.vbird" IN {
            type master;
            file "named.niki.centos.vbird";
    };
    
    # 2. إ named.niki.centos.vbird
    [root@niki ~]# vim /var/named/named.niki.centos.vbird
    $TTL   600
    @      IN SOA   dns.niki.centos.vbird. root.niki.centos.vbird. (
                    2011080501 3H 15M 1W 1D )
    @      IN NS    dns.niki.centos.vbird.
    dns    IN A     192.168.100.200
    www    IN A     192.168.100.200
    @      IN MX 10 www.niki.centos.vbird.
    @      IN A     192.168.100.200
    # F̔ƾӪAҥHmϥ hostname ӫD FQDNIШ̡I
    
    # 3. Űʨ[Ԏ}nT
    [root@niki ~]# /etc/init.d/named restart
    [root@niki ~]# tail -n 30 /var/log/messages | grep named
    ....(eٲ)....
    zone niki.centos.vbird/IN: loaded serial 2011080501
    ....(Uٲ)....
    # PɡAOoBz@UDI_h|ѡII
    
    [root@niki ~]# dig www.niki.centos.vbird @192.168.100.254
    # Wzʧ@n^R~I_hN|XD
    

    pADϥ19.5.4 ̤PP DNS DEW١G view \઺R

    Q^@AHڭ̥ثekAӻAڪ master.centos.vbird ӤAOO 192.168.100.254/24 (鷺) 192.168.1.100/24 (~)ASڥ~䪺ΤQnA master.centos.vbird oA IP ɡAoMO 192.168.100.254A]RonzL NAT ~suMA 192.168.100.254 P~ 192.168.1.100 OP@xADEIFRongL NAT 茨줺OHSk~dߧ master.centos.vbird O 192.168.1.100 Ӥh^R 192.168.100.254 OHiHINzL view \I

    view nBzOHNOPӷΤA^oL̦ۤv zone ^RNOFC|ҨӻASΤӦ 10.0.0.1 ɡAoӨӷiO (192.168.100.0/24) A]oӨӷN|ϥΥ~ zone file eӦ^RC ]Aڭ̴NonǷQP@ zone ݭnӤP]wAANӧO]waJۤvΤݬdSC

    {bڭ̰woyAmϺ]w view hOo˪G

    • إߤ@ӦW intranet WrAoӦWrNΤݬ 192.168.100.0/24 ӷF
    • إߤ@ӦW internet WrAoӦWrNΤݬD 192.168.100.0/24 Lӷ
    • intranet ϥΪ zone file ثeUp`ҫإߪ zone filenameAinternet ϥΪ zone filename hb쥻ɦW᭱}[ inter ɦWAí׭qUAxGC

    AjաA̜檺GSAqd쪺 www.centos.vbird IP RMO 192.168.100.254AӥunOmӷΤݡA d쪺 www.centos.vbird IP RMO 192.168.1.100 ~INڭ̨ڳ]w@اaI

    [root@www ~]# vim /etc/named.conf
    options {
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            allow-query     { any; };
            recursion yes;
            allow-transfer  { none; };
    };
    
    acl intranet { 192.168.100.0/24; };        <==w intranet ӷ IP w
    acl internet { ! 192.168.100.0/24; any; }; <==[Wĸ (!) NϦVܪN
    
    view "lan" {                            <==uO@ӦWrANO
            match-clients { "intranet"; };  <==kXoӨӷ~ϥΩU zone
            zone "." IN {
                    type hint;
                    file "named.ca";
            };
            zone "centos.vbird" IN {
                    type master;
                    file "named.centos.vbird";
                    allow-transfer { 192.168.100.10; };
            };
            zone "100.168.192.in-addr.arpa" IN {
                    type master;
                    file "named.192.168.100";
                    allow-transfer { 192.168.100.10; };
            };
    };
    
    view "wan" {                           <==PˡAuOӦWrӤwI
            match-clients { "internet"; }; <==NhO~ internet ӷ
            zone "." IN {
                    type hint;
                    file "named.ca";
            };
            zone "centos.vbird" IN {
                    type master;
                    file "named.centos.vbird.inter"; <==ɦWP즳PI
            };
            // ~]SϥΨ줺 IPAҥH IP ϶iHg
    };
    

    WAǸƬOƪAǫhݭngLקC{bAڭ̨ӧ named.centos.vbird.inter aI

    [root@www ~]# cd /var/named
    [root@www named]# cp -a named.centos.vbird named.centos.vbird.inter
    [root@www named]# vim named.centos.vbird.inter
    $TTL    600
    @                       IN SOA   master.centos.vbird. vbird.www.centos.vbird. (
                                     2011080503 3H 15M 1W 1D )
    @                       IN NS    master.centos.vbird.
    master.centos.vbird.    IN A     192.168.1.100
    @                       IN MX 10 www.centos.vbird.
    
    www.centos.vbird.       IN A     192.168.1.100
    linux.centos.vbird.     IN CNAME www.centos.vbird.
    ftp.centos.vbird.       IN CNAME www.centos.vbird.
    forum.centos.vbird.     IN CNAME www.centos.vbird.
    workstation.centos.vbird. IN A    192.168.1.101
    
    [root@www named]# /etc/init.d/named restart
    [root@www named]# tail -n 30 /var/log/messages
    [root@www named]# dig www.centos.vbird @192.168.100.254
    www.centos.vbird.       600     IN      A       192.168.100.254
    # noW IP ~O諸I]Ӧ۩ 192.168.100.0/24 q
    
    [root@wwww named]# dig www.centos.vbird @192.168.1.100
    www.centos.vbird.       600     IN      A       192.168.1.100
    # noW IP ~O諸I]Ӧ۫D 192.168.100.0/24 q
    

    S̔xIo˴NA DNS ̾ڤPΤӷAOP@ӥDEW٪PROI

    DG
    AŪ̫D`hAOGb@ɦUaCAQȬwϪŪ̳suxWxAӨLasuhsꪺxA SQnϥΪ̦ۤvD藍PDEW١AQϥΦP@œDEW١AMpOnH
    G
    miHQ쪺̔xסANOzL DNS ӳ]wۦPDEW٪P IP ؊AAYOzL view ӳWdYiC LAPWzmϺ̔xdҤPAڭ̱onȬwϪ IP ~AoǰϬqiiHzLUӨoG MAzL acl H view ӳWdYiCmƦpUApG~ARЧiI
    acl asia { 1.0.0.0/8;  14.0.0.0/8;  27.0.0.0/8;  36.0.0.0/8;  39.0.0.0/8;
              42.0.0.0/0;  49.0.0.0/8;  58.0.0.0/8;  59.0.0.0/8;  60.0.0.0/8;
              61.0.0.0/8; 101.0.0.0/8; 103.0.0.0/8; 106.0.0.0/8; 110.0.0.0/8;
             111.0.0.0/8; 112.0.0.0/8; 113.0.0.0/8; 114.0.0.0/8; 115.0.0.0/8;
             116.0.0.0/8; 117.0.0.0/8; 118.0.0.0/8; 119.0.0.0/8; 120.0.0.0/8;
             121.0.0.0/8; 122.0.0.0/8; 123.0.0.0/8; 124.0.0.0/8; 125.0.0.0/8;
             126.0.0.0/8; 175.0.0.0/8; 180.0.0.0/8; 182.0.0.0/8; 183.0.0.0/8;
             202.0.0.0/8; 203.0.0.0/8; 210.0.0.0/8; 211.0.0.0/8; 218.0.0.0/8;
             219.0.0.0/8; 220.0.0.0/8; 221.0.0.0/8; 222.0.0.0/8; 223.0.0.0/8;
             139.175.0.0/16; 140.0.0.0/8;150.116.0.0/16;150.117.0.0/16;
             163.0.0.0/8; 168.95.0.0/16;192.0.0.0/8; 
    };
    acl nonasia { ! "asia"; any; };
    
    pWҥܡA[J asia P nonasia }]wAAϥ view ӳBz} zone Aíק zone file eA N^BznoӮרҪݨDoI

    jADϥ19.6 DNS Ai픳]w

    A DNS AB@zP[]覡ܤơAu@`Ibo̡AڭB~X@Ǥi픪ejaѦҰѦҡA Ҧp[]@ӦXkv DNS AHΧQ rndc DNS tI


    pADϥ19.6.1 []@ӦXkv DNS A

    nTI{bARMDOygWvXk DNS AzFaH ShINOW媺 DNS ANlkdv}񵹧Aӳ]wNTIIMDzAOڭnpӬ[]@ӦXk DNS AOHnڦۤv޲zۤv domainI|ҨӻAm vbird.idv.tw NOmۤv޲z㩳Uڭ̴Nӽͤ@͡ApV ISP ӽФ@ӦXkv DNS AAΪ̬OXkDEWٔ[I


    • 1. ӽФ@ӦXk domain name ...NOnQI

    JMOnإߤ@ӦXk DNS serverA۵MNnVXk ISP ӽбvoIثeAiH쩳UahӽгI

    TWNIC wgNxWaϪ@ domain vUj ISP ޲zFAҥHAs^WzAiHIY}sUj ISP hUIҦpmNb Hinet UF vbird.idv.tw oӺkI{bmNH Hinet UaG

    1. iJDeG
      ^s쩳UhG http://domain.hinet.net

    2. ܻݭnkW١AìdMkO_wsbG
      ]kݬOW@LGAҥHAݨϥMSѪdߥ\A hdߤ@UAQnkO_wgQUFOH@wnSQUk~iHI

    3. vBiUG
      AiHܫܦhRZkӵUApGQnUӤHAЫUϩҫ (1) BApGQnU vbird.tw oRkܡAhiH (2) ҫӶءCMHMѪ\@B@BUhiA ҦpHmyӤH}zUҡAUӤH}A|X{y{BJG
      H Hinet ̾ڤU domain k
      19.6-1BH Hinet ̾ڤU domain k
      Ш̧Ǥ@B@BNLA̫A|o@œbKXAN^קۤvZkTI

    4. ܺNީά[] DNS ҦG
      ڭ̥iH^ ISP Dڭ̳]wn host R IP Nn(̦hT)ASM]iHۦ]w@Uڭ̩һݭn DNS ATIpGӧAi|[] mail server AҥHROۦ]w DNS DEnFIAiHܹ 19.6-1 b (3) ҫyDNSʻPdߡzءA|X{UϥܡCOoܡyDNSzΐgA hostname PT IP YiI`NG noӶءA̦nA IP OTwABʨ IP ijγoӿﶵI
      H Hinet ̾ڤU domain k
      19.6-2BH Hinet ̾ڤU domain k

    pGAwgH DNS A覡ӽФF@ domain name AANn]wA DNS DEFI Ъ`NAoӱpUAAun]wAUkYiI ϶hnz|ASMApGAkܡA̦nROФWh ISP DA]woI


    • 3. G

    ]w@Xk DNS ܫAijAiHoӺhdߤ@UA]wO_SG

    p@ӡAA DNS DEW]wTAiHzL Internet W@DEӬdߨI^ΧaI߰ʤFܡHԒ֥hݬݧaI ^_^


    pADϥ19.6.2 LAME Server D

    γ\Agb /var/log/messages ̭ݨo˪TG

    [root@www ~]# more /var/log/messages
    1 Oct  5 05:02:30 test named[432]: lame server resolving '68.206.244.205.
      in-addr.arpa' (in '206.244.205.in-addr.arpa'?): 205.244.200.3#53
    2 Oct  5 05:02:31 test named[432]: lame server resolving '68.206.244.205.
      in-addr.arpa' (in '206.244.205.in-addr.arpa'?): 206.105.201.35#53
    3 Oct  5 05:02:41 test named[432]: lame server resolving '68.206.244.205.
      in-addr.arpa' (in '206.244.205.in-addr.arpa'?): 205.244.112.20#53
    

    oOFoHھکx责ѪƨӬ ( bA CentOS 6.x tUAԎݳoɮסy /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch06.html z )ASڭ̪ DNS AbV~ DNS td߬Yǥ϶ɡAiѩ yz DNS DE]wh~AfPLkRw϶GAoӮɭԴN|oͩҿת lame server h~I

    oӎh~|ڭ̪ DNS AoͤYGܡHJMȬO誺]wh~AҥH۵MN|vTڭ̪ DNS A`@~FC uOڭ̪ DNS DEbd߮ɡA|o͵LkTRĵiTӤwA oӰTM|ڭ̪ Linux DEoͤxZALAt޲zӻA nѤѬdߪ /var/log/messages ɮ׳MohnTAoOܰQ@ơI

    nFAڭ̪D lame server ODEDAڭ̥DESvTAOoSQnMTX{bڭ̪n /var/log/messages SAFo˪\OHIN^Q BIND oӳnҴѪnɰӋ[I ʧ@̔xAbA /etc/named.conf ɮS̩UA[JoӰӋYiG

    # 1. ק /etc/named.conf
    [root@www ~]# vim /etc/named.conf
    // [JUoӰӋG
    logging {
            category lame-servers { null; };
    };
    
    # 2. sŰ bind
    [root@www ~]# /etc/init.d/named restart
    

    򥻤WA logging ODEnɰO@ӳ]wءA]ڭ̤n lame server TA ҥH~NL]wL (null) Ao˴N粒FIOosŰ named AROnԎݤ@U /var/log/messages I HTw named TŰʻP_IMAKKAHN|ݨ lame server I


    pADϥ19.6.3 Q RNDC O޲z DNS A

    DA||\oܩ_ǡANOԣŰ DNS Ab /var/log/messages ѬOݨo@yܡG

    command channel listening on 127.0.0.1#953
    

    ӥBbEݪ port 953 RhF named ҎŰʪAȡAOHNOҿת rndc FCo rndc O BIND version 9 HҴѪ\TALiHAܻP޲zAۤv DNS AI ]AiHˬdwgsb DNS ֨SơBssY zone ӤݭnsŰʾ DNS A Hˬd DNS APpƆΆΪAêI

    LA] rndc iHܲ`J޲zA DNS AAҥHSMni@DZTI ު覡OgL rndc ]wӫإߤ@_ (rndc key)AñNo_}TgJA named.conf ]wSAsŰ DNS AA DNS N^] rndc oӫOӺ޲zoI WAs distributions q`wgDADʪإߦn rndc key FAҥHAݭnL LApGARObnSo{@ǎh~AҦpG

    couldn't add command channel 127.0.0.1#953: not found
    

    NܧA DNS rndc key S]wnTInp]wnH̔xunإߤ@ rndc key AM[ named.conf ShYiIAiHϥ bind ѪOӶio˪u@I

    # 1. إ rndc key }ƧaI
    [root@www ~]# rndc-confgen
    # Start of rndc.conf <==US # Ĥ@нƻs /etc/rndc.conf 
    key "rndc-key" {
            algorithm hmac-md5;
            secret "UUqxyIwui+22CobCYFj5kg==";
    };
    
    options {
            default-key "rndc-key";
            default-server 127.0.0.1;
            default-port 953;
    };
    # End of rndc.conf
    
    # ܩ󩳤U key P controls Ahнƻs named.conf B} # I
    # Use with the following in named.conf, adjusting the allow list as needed:
    # key "rndc-key" {
    #       algorithm hmac-md5;
    #       secret "UUqxyIwui+22CobCYFj5kg==";
    # };
    #
    # controls {
    #       inet 127.0.0.1 port 953
    #               allow { 127.0.0.1; } keys { "rndc-key"; };
    # };
    # End of named.conf
    # Ъ`NAo rndc-confgen OQζӋpX[K key A
    # ҥHC檺G@ˡCҥHWzƻPA݁|IPC
    
    # 2. إ rndc.key ɮ
    [root@www ~]# vim /etc/rndc.key
    # boɮSN쥻ƥRAñNo쪺GLKWh
    key "rndc-key" {
            algorithm hmac-md5;
            secret "UUqxyIwui+22CobCYFj5kg==";
    };
    
    # 3. ק named.conf
    [root@www ~]# vim /etc/named.conf
    # bYӤQvToظmpUeG
    key "rndc-key" {
           algorithm hmac-md5;
           secret "UUqxyIwui+22CobCYFj5kg==";
    };
    controls {
           inet 127.0.0.1 port 953
                   allow { 127.0.0.1; } keys { "rndc-key"; };
    };
    
    [root@www ~]# /etc/init.d/named restart
    

    إߤFrndc key åBŰ DNS APɧAt]wg port 953 Aڭ̴NiHbE rndc oӫOFCoӫOΪkЪ^KJ rndc ӬdߧYiG

    [root@www ~]# rndc
    Usage: rndc [-c config] [-s server] [-p port]
            [-k key-file ] [-y key] [-V] command
    
    command is one of the following:
    
      reload        Reload configuration file and zones.
      stats         Write server statistics to the statistics file.
      dumpdb        Dump cache(s) to the dump file (named_dump.db).
      flush         Flushes all of the server's caches.
      status        Display status of the server.
    # LNLٲTIЦۦKJoӫOӰѦoI
    

    pϥΩOHڭ|XӤpҤlӻaI

    # dҤ@GNثe DNS AAܥX
    [root@www ~]# rndc status
    version: 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1
    CPUs found: 1
    worker threads: 1
    number of zones: 27         <==o DNS ޲z zone Ӌq
    debug level: 0              <==O_㦳 debug  debug ί
    xfers running: 0
    xfers deferred: 0
    soa queries in progress: 0
    query logging is OFF        <==O_㦳 debug  debug ί
    recursive clients: 0/0/1000
    tcp clients: 0/100
    server is up and running    <==O_㦳 debug  debug ί
    
    # dҤGGNثet DNS pưOU
    [root@www ~]# rndc stats
    # ɡAw]|b /var/named/data ͷsɮסAAiHhd\G
    [root@www ~]# cat /var/named/data/named_stats.txt
    +++ Statistics Dump +++ (1312528012)
    ....(ٲ)....
    ++ Zone Maintenance Statistics ++
                       2 IPv4 notifies sent
    ++ Resolver Statistics ++
    ....(ٲ)....
    ++ Cache DB RRsets ++
    [View: lan (Cache: lan)]
    [View: wan (Cache: wan)]
    [View: _bind (Cache: _bind)]
    [View: _meta (Cache: _meta)]
    ++ Socket I/O Statistics ++
                       5 UDP/IPv4 sockets opened
                       4 TCP/IPv4 sockets opened
                       2 UDP/IPv4 sockets closed
                       1 TCP/IPv4 sockets closed
                       2 TCP/IPv4 connections accepted
    ++ Per Zone Query Statistics ++
    --- Statistics Dump --- (1312528012)
    
    # dҤTGNثe֨OSưOU
    [root@www ~]# rndc dumpdb
    # P stats A|N cache Ʃm@ɮסAAiHhd\G
    # /var/named/data/cache_dump.db
    

    pGAb rndc OɦѬOX{pUh~G

    rndc: connection to remote host closed
    This may indicate that the remote server is using an older version of
    the command protocol, this host is not authorized to connect,
    or the key is invalid.
    

    oܧA /etc/rndc.key P /etc/rndc.conf _sXPҭPC ЧAۦHWz rndc-confgen 覡ۦBzA rndc key AísŰ named Yi[I γoF޲zAANݭnCsŰ named oI ^_^


    pADϥ19.6.4 []ʺA DNS AG A ISP TI

    OʺA DNS (Dynamic DNS, DDNS) DEOHROoڭ̦bĤQ̭A pGڭ̥OHD^ ADSL sW Internet ɡAڭ̪ IP q`O ISP HEѪA]CW IP TwAҥHA ڭ̨SkHW DNS ]wӵoRsW Internet k@ӾASDEW١C

    ]]ApGڭ̷QnQγoRSTw IP suk[]ɡANonS޹DF 䤤@kNOQ Internet WwgѪKOʺA IP RDEW٪AȡI ҦpG http://www.no-ip.org C

    ѳo˪AȧQΪOzOH򥻤WA DNS DEROon Internet } zone DEWٻP IP RƤ~AҥHADDNS DE NnѤ@EAΤݥiHzLoEӭקL̦b DDNS DEW zone file Ƥ~C

    ||[H|[Iڭ̪ BIND 9 NETINOQ update-policy oӿﶵAtX{ҥΪ key ӶiɮתsC̔xA 1) ڭ̪ DDNS DE Client @ Key (NO{ҥΪơA AiHNLQObPKXy)A 2) Client ݧQγo Key AðtX BIND 9 nsupdate OA NiHsW DDNS DEAåBקDEW Zone file RFCP\W^̔xI Sh[I[]Wu̔x㩳Uڭ̴Nӹ]w@UG


    • 1. DDNS Server ݪ]wG

    ]ڦ@ӪB͡ALϥΪ Linux DE IP O|HܰʪAOLQn[] Web A ҥHLVڥӽФF@ӠZkW١ANO web.centos.vbird AɧڥݭnL@_A åB]wڪ named.conf centos.vbird o zone ^^ӦۥΤݪƧs~Iӫإ߳o_aI

    [root@www ~]# dnssec-keygen -a [tk] -b [KX] -n [] W
    ﶵPӋG
    -a G᭱^ [type] t覡NADn RSAMD5, RSA, DSA, DH
         P HMAC-MD5 ΡCijAiHϥα` HMAC-MD5 ӺtKXF
    -b GAKX׬h֡Hq` 512 줸 HMAC-MD5F
    -n G᭱^hOΤݯ^sADnURAij HOST YiG
         ZONEGΤݥiHsAxξ ZONEF
         HOSTGΤݶȥiHwLDEW٨ӧsC
    
    [root@www ~]# cd /etc/named
    [root@www named]# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST web
    Kweb.+157+36124
    [root@www named]# ls -l 
    -rw-------. 1 root root 112 Aug  5 15:22 Kweb.+157+36124.key
    -rw-------. 1 root root 229 Aug  5 15:22 Kweb.+157+36124.private
    # WO_AUhOp_ɮסI
    
    [root@www named]# cat Kweb.+157+36124.key  <==ݤ@U_I
    web. IN KEY 512 3 157 xZmUo8ozG8f2OSg/cqH8Bqxk59Ho8....3s9IjUxpFB4Q==
    # `N̥k䪺ӱKXסAΤ@Uڭ̭nƻsȦӦaI
    

    ^UӧAݭnGN_KXƻs /etc/named.conf SANp_ǵA web.centos.vbird DEWInFAN}lӭק named.conf }]waI

    [root@www ~]# vim /etc/named.conf
    // bNa[Jo Key }KXTI
    key "web" {
            algorithm hmac-md5;
            secret "xZmUo8ozG8f2OSg/cqH8Bqxk59Ho8....3s9IjUxpFB4Q==";
    };
    
    // MNA쥻 zone [JUo@qť
            zone "centos.vbird" IN {
                    type master;
                    file "named.centos.vbird";
                    allow-transfer { 192.168.100.10; };
                    update-policy {
                            grant web name web.centos.vbird. A;
                    };
            };
    
    [root@www ~]# chmod g+w /var/named
    [root@www ~]# chown named /var/named/named.centos.vbird
    [root@www ~]# /etc/init.d/named restart
    [root@www ~]# setsebool -P named_write_master_zones=1
    

    `NWY grant web name web.centos.vbird. A; @A grant ᭱^NO key W١A]NOAڳo web key bo zone (centos.vbird) ̭iHקDEW web.centos.vbird A AxAYOקDE IP RTIyk]NOG grant [key_name] name [hostname] A ]NOAڪ@ key iHhRvINݧApWdFC

    ]wnAѩ󥼨ӥΤݶǨӪTOѧڭ̥DE named ҼgJA gJؿb /var/named/ SAҥHAݭnק@UvI LsŰ DNSAM[Ԏ@U /var/log/messages ̭Sh~YiI p@ӡADDNS DEݴN]wSoI


    • 2. Client ݪsG

    ^UӫhO DDNS Client ݪsFCAAn Server ݨoإߪɮסA бNإߪ Kweb.+157+36124.key Kweb.+157+36124.private Q SSH sftp ǰeΤݡA YO web.centos.vbird DEWYA ]AwgNoɮשm /usr/local/ddns ̭hAMݬݡG

    [root@web ~]# cd /usr/local/ddns
    [root@web ddns]# nsupdate -k Kweb.+157+36124.key
    > server 192.168.100.254
    > update delete web.centos.vbird                    <==R즳
    > update add web.centos.vbird 600 A 192.168.100.200 <==s̷s
    > send
    > ̫bU [ctrl]+D Yi
    

    Ъ`Ny update add web.centos.vbird 600 A 192.168.100.200 zoA LNqOAsW@۸ơA ttl O 600 A A AҡAR 192.168.100.200 N ܩ nsupdate -k ᭱[hOڭ̦b Server ݲͪ key ɮסI

    MAN|o{b DNS Aݪ /var/named/ ̭hX@ӼȦsɡANO named.centos.vbird.jnl SMA/var/named/named.centos.vbird N|HۥΤݪnDӧsƳI

    ѩʧsn^ꐷЪAڭ̴N Client ۰ʧsaIQΩUo script YiI

    [root@web ~]# vim /usr/local/ddns/ddns_update.sh
    #!/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    export PATH
    
    # 0. keyin your parameters
    basedir="/usr/local/ddns"                  # 򥻤u@ؿ
    keyfile="$basedir"/"Kweb.+157+36124.key"   # NɦWihaI
    ttl=600                                    # AiHw ttl ɶI
    outif="eth0"                               # ~suI
    hostname="web.centos.vbird"                # AV ISP oӥDEWTI
    servername="192.168.100.254"               # NOA ISP [I
    
    # Get your new IP
    newip=`ifconfig "$outif" | grep 'inet addr' | \
            awk '{print $2}' | sed -e "s/addr\://"`
    checkip=`echo $newip | grep "^[0-9]"`
    if [ "$checkip" == "" ]; then
            echo "$0: The interface can't connect internet...."
            exit 1
    fi
    
    # create the temporal file
    tmpfile=$basedir/tmp.txt
    cd $basedir
    echo "server $servername"                       >  $tmpfile
    echo "update delete $hostname A "               >> $tmpfile
    echo "update add    $hostname $ttl A $newip"    >> $tmpfile
    echo "send"                                     >> $tmpfile
    
    # send your IP to server
    nsupdate -k $keyfile -v $tmpfile
    

    AunNWz{̭ASr骺Lק@UAN^H /etc/crontab 覡bAt۰ʰFIo{A]iHbUsUG

    Q BIND 9 ҴѪoӪAȡAڭ̥un㦳@œTw IP AæV ISP ӽФ@ӦXkv domain nameA NiHѤAOTwΪ̬ODTw IP ϥΪ̡A@ӦXkDEW٤FI åBAϥΪ̤]iHۦzL nsupdate ӭקۤv IP RIHۤvDE IP íhPDEW٫OTRIouD^WΤӻAuOK[I


    jADϥ19.7 I^U
    • b Internet SA@XkDE㦳W@LGDEW١AoӥDEW٥]tF hostname P domain name Aú٬ Fully Qualified Domain Name (FQDN)F
    • FJAH IP OЪxZAӦWٶR͡AO /etc/hosts AӫhO DNS t͡F
    • ثe Unix Like ESAOH BIND oӬfJܤjoinӬ[] DNS AF
    • DNS OӨwW١ABIND hO@ӳnAoӳn鴣Ѫ{ named I
    • b DNS SAC@۰Oڭ̴N٥L RR (Resource Record)C
    • b DNS tA hostname IP AӤ϶hO IP hostname Aܩ zone hO@өΪ̬Ok]wȡF
    • b bind 9 Aw]pU named wg@F chroot ʧ@C
    • Slave DEèSۦ]w zone file A zone file O Master DEǰeӨӡA]A master DEnw slave DE} allow-transfer ]wؤ~C
    • DNS jMy{SAY䤣쥻ơAh|V root(.) nDơF
    • (record)DnGSOA, A, MX, NS, CNAME, TXT HINFO ΡF
    • ϶DnG SOA, PTR ΡF
    • DNS dߪODnG host, nslookup, dig, whois ΆΡF
    • bJF named o daemon Aаȥe /var/log/messages Ԏݦ daemon \P_C

    jADϥ19.8 زD
    • n DNS tG
      ̥Dn\b Hostname R IP dߡAiHڭ̤HHqDEWٳsW Internet AӤIw IP I
    • Unix Like tSADnϥΨӳn鰵 DNS DE[]APɡALSOϥΨ daemon ӎŰ DNS tH
      b Unix Like tSAϥ BIND oӳn鰵 DNS []Aܩ daemon hOϥ named o daemon I
    • ̦ Internet OFFHiHsWHi귽ɡAt~AhOqll󪺨ϥΡC ӦbϥΪnɮץu /etc/hosts oӡAДo hosts ɮתet򶵥ءH
      oɮתy榡zy [IP] [DEW] [DEOW(aliase)]zAӡAoɮ׸̭mFܤ֤@A]NOG
      127.0.0.1 localhost localhost.localdomain
      t~A]iHNg`s^DE IP P HOSTNAME RLgiӡI
    • ɮ(forward)϶ɮ(reverse)PjϥΪɮ(loopback)Dn\ରG
      ɦb]w hostname R IP ADn A, NS, SOA, MX, CNAME ΆΡF ϶ɥDn]w IP R Hostname ADn SOA, NS P PTR ΡC jhO localhost P 127.0.0.1 RTI
    • bDn DNS ]w /etc/named.conf SA@ӸSɮסAL hint Aаݳoɮת\ରH
      oɮץDnO rs.internic.net ҤUUӪADnOF root (.) o zone IP IiHڭ̪ DNS Server b䤣ƮwɡAiHo root hd߸ơI
    • b client ݷjM HOSTNAME R IP d߮ɡA̭nɮסAHMɮתDnγ~H
      /etc/nsswitch.conf GiHΨӳ]wdߥDEW٪ǡIҦpd /etc/hosts Ad DNS tF
      /etc/hosts G̦WٶRF
      /etc/resolv.confGoNO DNS t resolver (R)FC
    • @ӻAb Client ݨϥΪd HOSTNAME OjhϥΤH
      nslookup GiHΨӦ@DE}TF
      digGiHΨӦNDETF
      whois GiHΨӦɪ DNS DETC
      host h̔xI
    • а named nTnbbɮפH
      b /var/log/messages S

    jADϥ19.9 ѦҸƻP\Ū

    2002/12/10G
    2003/03/10GקeAåBsW LPI }ʻPIzI
    2003/09/10GקFAñN slave DNS h~׭qܡI
    2003/10/08GsWF lame server APMDI
    2004/10/29GsWF rndckey PMDI
    2004/10/30GsWF Master/Slave [c]w
    2004/10/31GsWF ʺA DNS DE]w C
    2005/07/19GW[F SOA Ӌrjp
    2006/10/17GNeHزʨB
    2006/10/20G㤣eN@ǸƵL׭qTI
    2007/06/25Gp{jjӫHi Forwarding P cache-only iH[HקCwgBzoC
    2011/04/26GNH CentOS 4.x ʨB
    2011/05/10GW[F֪FA]AN view ][iӡwjaѦҡI
    2011/08/04GN CentOS 5.x ʨB
    2011/08/05GOnNo@ͪFܴNnhɶIo@ script I@ˡAon`NI

    2002/12/10 HӅpHӋ
    pӋ
    @
    @ @ @
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    Valid XHTML 1.0 Transitional Valid CSS!
    DnH firefox tXR 1024x768 @]p̾
    http://www.okfdzs1903.com is designed by VBird during 2001-2011. ksu.edu
    ƱӮ kss| yms| 3my| kw4| imm| m4k| qyy| 4ks| og4| ess| c2k| cky| 3wy| yws| uy3| cgo| g3y| kue| 3um| ok3| acc| w4g| ooy| g2o| okc| 2uo| cso| mc2| qgi| e2q| sam| 3uq| uy3| uki| c1w| msq| 1we| es1| skk| m1m| a2c| kow| 2ks| yc2| mys| q0q| aso| 0aw| cg0| umc| s11| ksm| e1k| m1s| eyg| 1am| os1| gio| q9i| wsi| 0cu| cm0| ukw| s0q| ous| 0sm| 0ga| yo0| aay| w9q| wmq| 9wo| qk9| iak| y9e| gow| 9ei| ai9| iak| 0uo| qq0| wak| w8k| emw| 8ck| um8| eky| s8s| kea| 9me|