Scribd Logo
Upload

Welcome to Scribd!

  • Dịch vụ DNS

    Uploaded by

    damhai1162
    93 views22 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    93 views22 pages

    Dịch vụ DNS

    Uploaded by

    damhai1162

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    Dch v DNS

    Yu cn thc hin nh x t mt a ch IP dng s khng thn thin vo mt a ch tn min c nh dng thn thin hn tr nn cn thit k t khi Internet bt u thng dng trong nhng nm 1970. Mc d nh x ny l khng bt buc, n lm cho mng Internet tr nn d truy cp, nhiu hu ch hn v d dng s dng i vi con ngi. Ban u, nh x t a ch IP sang dng tn c thc hin thng qua vic duy tr mt tp tin hosts.txt c truyn i thng qua giao thc FTP cho tt c cc my trn Internet. Tuy nhin khi s lng my tnh tng nhanh (bt u t u nhng nm 1980), ngi ta nhanh chng nhn ra rng rng duy tr mt tp tin duy nht ca tt c nhng my ch khng phi l mt vic kh thi khi mng my tinh pht trin rng khp. gii quyt vn ny, mt h thng phn phi c a ra, trong mi mng my tnh s duy tr thng tin v ring ca mnh v cc my tnh thnh vin. Mt my tnh ti mi mng s c xem xt trao cc thm quyn, v cc a ch duy nht s c gi trong mt bng a ch tng th m c th c truy vn bi tt c cc mng khc. y l bn cht ca dch v tn min (DNS Domain Name Service). Tp tin hosts Khng phi tt c cc mng my tnh c cc my ch DNS ca ring ca h. Khng phi tt c cc mng my tnh u cn cc my ch DNS ca ring ca h. Trong cc mng my tnh ni b khng c kt ni Internet, s hp l cho mi my tnh khi gi mt bn sao ca ring ca mnh vi tt c cc tn my trong mng ni b vi a ch IP tng ng ca n. Trong hu ht cc h thng Linux v UNIX, bng ny c lu tr trong file /etc/hosts. Tp tin /etc/hosts gi thng tin trong mt dng bng n gin trong mt tp tin vn bn text . Cc a ch IP trong ct u tin, v tt c cc tn my ch c lin quan l trong 2 c th hai. Ct th ba thng c s dng lu tr cc phin bn ngn ca tn my. Ch c cc khong trng phn bit cc trng. Biu tng thng (#) u ca mt dng i din cho mt ghi ch. Di y l mt v d: # Host table for Internal network 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.1.1 serverA.example.org serverA # Linux server 192.168.1.2 serverB.example.org serverB # Other Linux server 192.168.1.7 dikkog # Win2003 server 192.168.1.8 trillion # Cluster master node 192.168.1.9 sassy # FreeBSD box 10.0.88.20 laserjet5 # Lunchroom Printer Ni chung, tp tin /etc/hosts nn cha t nht, nh x host-to-IP cn thit cho giao din vng lp (127.0.0.1 cho IPv4 v :: 1 cho IPv6) v cc tn my vi a ch IP tng ng ca n. Mt dch v chuyn tn mnh m hn l cc h thng DNS. Hiu cch DNS hot ng Trong phn ny, chng ta s khm ph mt s ti liu nn cn thit cho s hiu bit v ci t v cu hnh ca mt my ch DNS v my tnh. Quy nh t tn min v my tnh Cho n by gi, ta c th tham kho cc mng vi tn min y nh sau www.kernel.org. Mi chui gia cc du chm trong tn min ny u c ngha quan trng Bt u t bn phi v di chuyn sang bn tri, chng ta c tn min cp cao, tn min thnh phn cp th hai, v cc min thnh phn cp th ba. iu ny tip tc

    c minh ha trong hnh di trong tn min y cho mt my tnh (serverA.example.org) v l mt v d c in ca tn min y . Root Domain Cu trc DNS ging nh mt cy trng ngc (upside-down), iu ny c ngha l gc r ca cy l u v l cn cc nhnh pha di!

    Hnh 1.1 tn min y cho my tnh serverA.example.org pha trn ca cy min ngc l mc cao nht ca cu trc DNS, thng c gi l tn min gc v th hin n gin bi cc du chm (.). y l du chm l ngha v phi xy ra sau mi tn min y . Nh vy, v d, tn min y cho www.kernel.org c thc s website www.kernel.org. (vi du chm root kt thc). V tn min y cho trang web Yahoo! thc s l www.yahoo.com. (tng t nh trn). Ti thi im ny, c mt tng cng 13 my ch tn gc qun l 13 nh cung cp. (Mi nh cung cp c th c nhiu cc my ch c trin khai trn ton th gii, cc my ch c trin khai cho cc l do khc nhau, nh an ninh v cn bng ti). Ngoi ra ti thi im ny, 6 my ch tn gc trong 13 my ch tn gc h tr y b giao thc IPv6. Cc my ch tn gc c t tn theo thc t alphabet nh nh a.root server.net, b.rootserver.net, ... m.root-server.net. Cc vai tr ca cc my ch tn gc s c tho lun thm trong cc phn sau. Tn min cp cao nht Cc tn min cp cao nht (tn min cp cao) c th c coi l chi nhnh u tin m chng ta s gp g trn ng xung t pha trn cng ca c cu cy trng ngc. Chng c nh du v th hin cc lnh vc cp hng u vi cc chng loi c quan ca khng gian tn min DNS. iu ny c ngha n gin l khc nhau chi nhnh ca khng gian tn min c chia thnh cc loi r rng trong ting Anh ph hp vi cc yu cu khc nhau khi s dng (v d s dng nh vy c th l a l, chc nng, vv). Ti thi im ny, c hn 270 tn min cp cao. Cc tn min cp cao c th c chia nh hn na vo cc tn min cp cao dng chung (v d, .org, .com, .net, .mil, .gov, .edu, .int, .biz), tn min cp cao theo quc gia (v d, .us, .uk, .ng, v .ca, tng ng vi m quc gia cho Hoa K, Anh, Nigeria, v Canada ), c bit cn tn min cp cao trn cc lnh vc khc (v d, tn min. ARPA). Cc tn min cp cao nht trong tn min y serverA.example.org l "org." Tn min cp th hai Tn min mc ny ca DNS th hin ranh gii t chc thc t ca khng gian tn min. Cc cng ty, nh cung cp dch v Internet (ISP), cc cng ng gio dc, nhm phi li nhun, v cc c nhn thng c c mt tn min duy nht trong mc ny. Sau y l mt vi v d: redhat.com, caldera.com, planetoid.org, labmanual.org, kernel.org, caffenix.com. Cc tn min cp th hai trong tn min y serverA.example.org l example. Tn min cp th ba C nhn v t chc c ch nh tn min cp th hai s quyt nh lm g vi nhng ci tn min cp th ba. Theo quy c, ngi ta s dng tn ca cp th ba phn nh tn my ch hoc cc chc nng . Mt v d v chc nng ca mt tn min cp th ba cho my ch Web s l "www" nh trong tn min y www.yahoo.com. "www" y c th l tn my ch web thc t ca h thng min yahoo.com, hoc n c th l mt b danh cho mt tn my thc s. Tn min cp th ba trong tn min y serverA.example.org l ServerA. y, n ch n gin phn nh tn my thc t ca h thng.

    Bng cch gi DNS phn phi theo cch ny, nhim v theo di tt c cc host kt ni vi Internet c giao cho mi mng qun l thng tin ring ca mnh. Cc danh sch lu tr trung tm ca tt c cc my ch tn chnh, c gi l my ch gc (root server), l danh sch duy nht cc domain hin c. R rng, mt danh sch c tnh cht quan trng nh vy s c sao lu trn nhiu my ch v nhiu vng a l. V d, mt trn ng t Nht Bn c th ph hy cc my ch gc Chu , nhng tt c cc my ch gc khc trn th gii vn c cc bn lu cho n khi h thng hot ng tr li. Ch c s khc bit ng ch cho ngi s dngc th l mt tr cao hn mt cht trong vic tm kim tn min. C cu cy trng ngc DNS c th hin trong hnh sau y.

    Hnh 1.2 Cy DNS vi 2 lp Tn min ph Nhng vi trang web www.support.example.org th Tn my l g? thnh phn, v nhng g l thnh phn tn min?. Mt tn min ph trnh by tt c cc thuc tnh ca mt min, ngoi tr vic n giao mt tiu mc ca tn min thay v tt c cc my ch ti mt trang web. S dng trang web example.org l mt v d, tn min ph cho b phn h tr v bn tr gip ca Example, Inc, l support.example.org. Khi my ch tn min example.org nhn c mt yu cu cho mt my ch tn c tn min y kt thc trong support.example.org, my ch tn min chnh chuyn tip yu cu xung cc my ch tn min support.example.org. Chnh t my ch tn min support.example.org bit tt c cc my ch hin ti bn di n nh vy nh mt my c tn l "www" s c tn min y l "www.support.example.org". Hnh 1.3 cho thy mi quan h t cc my ch gc example.org v sau l support.example.org trong "www" l tn my tnh.

    Hnh 1.3 cu trc tn min

    Lu rng khi mt tn trang web xut hin phn nh s hin din ca cc tn min ph, n khng c ngha l cc tn min ph trong thc t tn ti. V d: c hay khng mt tn min ph tn ti c x l bi cu hnh ca my ch DNS cho cc trang web. i vi tn min www.bogus.example.org khng t ng ng rng bogus.example. org l mt tn min ph. Thay vo , n cng c th c ngha rng "www.bogus" l tn my cho mt my tnh trong min example.org. Min in-addr.arpa DNS cho php thc hin phn gii tn min trong hai hng. Phn gii thng cho php chuyn i tn min thnh a ch IP, v phn gii ngc chuyn i cc a ch IP thnh tn min ca my. Qu trnh phn gii ngc li da trn cc min in-addr.arpa, y "arpa" l mt t vit tt ca Address Routing and Parameters. Nh gii thch trong phn trc, tn min c phn gii bng cch nhn vo mi thnh phn t phi sang tri, vi du chm (.) ch ra th mc gc ca cy DNS. Theo logic ny, a ch IP phi c mt tn min cp cao nht. iu nymin c gi l in-addr.arpa cho a ch loi IPv4. Trong IPv6, tn min c gi l ip6.arpa. Cc dng ca cc my ch DNS Cc my ch DNS c ba loi: chnh, th cp v b nh m. Mt lp cc my ch tn min c bit bao gm cc my ch DNS gi l "my ch tn min gc". Cc my ch DNS s yu cu cc dch v c cung cp bi cc my ch tn min gc mi mt ln trong mt thi gian. Cc my ch DNS chnh l nhng my ch DNS c thm quyn cho mt tn min c th. Mt my ch DNS c thm quyn l mt trong nhng m trn cc tp tin cu hnh DNS ca min l tr. Mi khi c cp nht bng DNS ca min xy ra, chng c thc hin trn my ch DNS ny. Mt my ch DNS chnh cho mt min ch n gin l mt my ch DNS m bit v tt c cc my tnh v tn min ph hin c thuc phm vi ca min. My ch th cp lm vic nh sao lu v phn phi ti cho my ch DNS chnh. Cc my ch chnh bit s tn ti ca my ch th cp v gi thng tin cp nht nh k cc bng DNS. Khi mt trang web truy vn mt my ch tn th cp, my ch tn th cp tr li vi thm quyn. Thc t m ni, ta c th tin tng cc my ch th cp c chnh xc thng tin. My ch b nh m ch l th hin nh l b nh m my ch chnh. Chng khng c cha tp tin cu hnh cho bt k tn min c th. Thay vo , khi mt my khch hng yu cu mt my ch b nh m phn gii mt tn min, my ch u tin s kim tra b nh cache ca ca n. Nu n khng th tm thy thng tin, n s tm thy cc my ch chnh v yu cu phn gii. Thng tin tr li ny sau c lu li. Thc t ni, my ch b nh m lm vic kh tt v bn cht thi gian ca yu cu DNS. Ci t mt my ch DNS trn Linux Hin khng phi l nhiu phn mm c sn khc nhau dnh cho my ch DNS, nhng hai phn mm DNS c bit thng dng trong th gii Linux/UNIX: djbdns v Berkeley Internet Name Domain (BIND) server. djbdns l mt gii php DNS gn nh m c thng bo l mt thay th an ton hn cho BIND trong khi BIND l mt phn mm kh lu v nhiu ph bin hn. N c s dng trn mt phn ln cc my ch phn gii tn min trn ton th gii. BIND l hin nay c duy tr v pht trin ca Internet Systems Consortium (ISC). Thng tin c th tm thm v ISC ti a ch www.isc.org. ISC l c quan ph trch pht trin ca cc ISC Dynamic Host Configuration Protocol (DHCP) server/client cng nh phn mm khc. Vi h thng ci t chy cc phin bn Fedora Linux, v nh vy, chng ta s c th s dng file nh phn bin dch sn m i km vi h iu hnh (OS). Cc chng trnh BIND c th c tm thy ti th mc /Packages/ ti th mc gc ca a DVD Fedora. Chng ta cng c th ti v my tnh ca mnh t bt k site chc Fedora no (http://download.fedora.redhat.com/pub/fedora/linux/releases/9/Fedora/i386/os/Packages /). Gi s ta ti xung hoc sao chp nh phn BIND vo th mc lm vic hin ti ca, ta c th ci t n bng cch s dng lnh rpm. G dng [root@fedora-serverA root]# rpm -Uvh bind-9*

    Nu ta c mt kt ni Internet, ci t BIND c th n gin nh chy lnh ny: [root@fedora-serverA ~]# yum -y install bind Mt khi lnh ny kt thc, ta c th bt u cu hnh my ch DNS. Nhiu chng trnh i km vi cc gi bind chnh v gi bind-utils l ci t trc . Bn cng c m chng ta quan tm nh sau: Cng c M t /usr/sbin/named chng trnh my ch DNS /usr/sbin/rndc phn tin ch ca bind server /usr/bin/host Thc hin mt truy vn n gin trn mt my ch tn min /usr/bin/dig Thc hin cc truy vn phc tp trn mt my ch tn min Phn cn li ca chng ny s tho lun v mt s cc chng trnh v tin ch c lit k y,cng nh cu hnh v cch s dng. Hiu bit v file cu hnh BIND File named.conf l file cu hnh chnh cho BIND. Cn c vo c th ca file ny, BIND xc nh s hnh x nh th no v nhng tp tin cu hnh thm ra sao. Phn ny ca chng bao gm nhng g cn bit thit lp mt my ch DNS thng thng. Chng ta s tm thy mt ti liu hng dn y n tp tin cu hnh mi nh dng trong th mc html ca ti liu hng dn ca BIND. Cc nh dng chung ca file named.conf nh sau: statement { options; // comments }; Cc t kha statement ni vi BIND v m t mt kha cnh c th ca hot ng ca n, v ty chn cc lnh c th p dng vi statement. Cc du ngoc nhn c yu cu BIND bit nhng ty chn lin quan n statement, c mt du chm phy sau mi la chn v sau khi ng ngoc. Mt v d v iu ny sau: options { directory "/var/named"; // put config files in /var/named }; statement ny c ngha rng y l mt statement c ty chn. V ty chn y l ch th tqua xc nh th mc lm vic ca bind, tc l th mc trn h thng tp tin a phng lu tr d liu cu hnh ca my ch tn min. Cc ch thch Ch thch c th l mt trong cc nh dng sau: Format Indicates // C++-style comments /*...*/ C-style comments # Perl and UNIX shell scriptstyle comments Trong trng hp u tin v cui cng (C + + v Perl / UNIX shell), mt khi mt ch thch bt u, n tip tc cho n cui dng. Bnh thng ch thch loi C-style s dng d, ng * / bo hiu kt thc ca mt ch thch. iu ny lm cho kin C-style d dng hn cho nhiu ch thch. Ni chung, ta c th chn cc nh dng bnh lun m ta thch tt nht v gn b vi n. Cc T kha Ta c th s dng t kho statement sau y: T kho M t acl truy cp danh sch kim sot, xc nh loi ca nhng ngi khc truy cp c my ch DNS.

    include

    Cho php ta tham chiu mt tp tin khc v cho php c tp tin i x nh mt phn ca file named.conf bnh thng. Logging Ch nh nhng thng tin c ng nhp v nhng g c b qua. i vi thng tin ng nhp, ta cng c th ch nh ni thng tin c ng nhp. Options a ch my ch cu hnh ton cu. Controls Cho php ta khai bo cc knh iu khin s dng bi tin ch rndc. Server Thit lp ty chn my ch cu hnh c th. Zone nh ngha mt vng DNS. Include Statement Nu ta thy rng tp tin cu hnh bt u n rng nn kh kim sot, ta c th xem xt vic chia nh tp tin thnh cc thnh phn nh hn. Mi tp tin c th c tham chiu (include) vo file named.conf chnh. Lu rng ta khng th tham chiu mt statement bn trong mt statement. Di y l mt v d v mt statement tham chiu: include "/path/to/filename_to_be_included"; Logging Statement Cc logging statement c s dng xc nh nhng thng tin ta mun ng nhp v u. Khi statement ny c s dng trong kt hp vi cc c s syslog, ta s c c mt h thng qun l ng nhp cc k mnh m v d cu hnh. Cc d liu ng nhp l cc thng k v tnh trng ca named. Theo mc nh, ng nhp vo tp tin /var/log/messages. Cu hnh ca cc logging statement i km vi mt s phc tp thm, nhng mc nh ng nhp named l hay s dng nht. Di y l mt v d logging statement n gin: logging { category default { default_syslog; }; category queries { default_syslog; }; }; Statement ca server Nhng statement ca server cho BIND cc thng tin c th v cc my ch tn min khc m n c th c giao dch. nh dng ca statement ca server nh sau: server ip-address { bogus yes/no; keys { string ; [ string ; [...]] } ; ] transfer-format one-answer/many-answers; ...<other options>... }; y ip-address trong dng u l a ch IP ca my ch tn min t xa trong cu hi. Cc ty chn bogus trong dng th hai cho my ch bit khi no my ch t xa c gi thng tin xu. iu ny rt hu ch trong trng hp ta ang i ph vi mt trang web khc c th gi cho ta thng tin xu do c cu hnh sai. Cc keys trong dng 3 c t key_id c xc nh bi cc statement quan trng, c th c s dng m bo giao dch khi lin lc vi cc my ch t xa. Kha ny c s dng trong vic to ra mt ch k in t c gn vo thng ip trao i vi my ch tn min t xa. Cc thnh phn trong dng 4, transferformat, cho BIND bit khi no my ch tn min t xa c th chp nhn nhiu tr li trong mt truy vn duy nht. Mt mu nhp server c th nh th ny:

    server 192.168.1.12 { bogus no; transfer-format many-answers; }; Zones (Khu vc) Mt zone statement cho php ta xc nh mt DNS zone - nh ngha ny c v kh hiu. Di y l nhng ch : Mt DNS zone khng phi l iu ging nh mt min DNS. Cc s khc bit l tinh t, nhng quan trng. Hy xem xt: domain (min) c thit k dc theo ranh gii mt t chc. Mt t chc n c th c chia thnh nh hn cc subdomain hnh chnh. mi subdomain c c zone ring ca n. Tt c cc zone to thnh ton b domain. V d, example.org l mt domain. Bn trong n l nhng subdomain nh .engr.example.org, .marketing.example.org, .sales.example.org, v .admin.example.org. Mi domain c zone ring ca mnh. Nh .example.org c mt s my ch bn trong n m lm khng ri vo bt c mt subdomain no, do , n c mt zone ca mnh. Kt qu l, domain "example.org" thc s bao gm nm zone. Trong m hnh n gin, mt domain duy nht khng c subdomain, nh ngha ca vng, min u ging nhau v thng tin lin quan n my ch, cu hnh. Qu trnh thit lp zone trong file named.conf c tho lun trong nhng phn sau. Cu hnh my ch DNS Trc , ta hc v s khc bit gia c ba loi my ch DNS chnh, th cp v b nh m. tm li, my ch DNS chnh c cha c s d liu vi DNS mi nht thng tin cho mt khu vc. Khi mt qun tr vin khu vc mun cp nht cc c s d liu, my ch DNS chnh c cp nht u tin, v phn cn li ca th gii s yu cu cc bn cp nht. My ch DNS th cp theo di st thay i trn my ch DNS chnh, v my ch DNS chnh thng bo cho my ch DNS th cp thay i xy ra. My ch DNS chnh v cc my ch DNS th cp c coi l c gi tr nh nhau cu tr li. My ch DNS b nh m khng c h s thm quyn ch c cc mc ch lu tr. Xc nh mt Primary Zone trong file named.conf C php c bn nht cho mt mc zone nh sau: zone domain-name { type master; file path-name; }; Cc path-name lin quan n cc tp tin c cha cc thng tin c s d liu cho zone trong cc yu cu. V d, to ra mt zone cho domain example.org, tp tin c s d liu nm trong th mc /var/name/example.org.db, ta s to ra mt zone xc nh trong file named.conf nh sau zone "example.org" { type master; file "example.org.db"; }; Lu rng ty chn directory trong file named.conf s t ng cp nht tin t tn tp tin example.org.db. V vy, nu ta ch nh th mc /var/named, phn mm my ch s t ng tm kim thng tin ca domain example.org trong th mc /var/named/example.org.db. '. nh ngha zone to ra y ch l mt d liu tham kho trc tin - ngha l, c ch m nhng ngi khc c th tm kim mt tn v a ch IP cho mt h thng theo domain example.org m my ch DNS ca ta qun l. Hnh vi thch hp trong Internet cng cung cp mt nh x IP-to-hostname (cng cn thit nu ta mun gi e-mail mt s trang web). lm iu ny, ta cung cp mt mc nhp trong domain in-addr.arpa.

    nh dng ca mt mc in-addr.arpa l ba octet u tin ca a ch IP ca ta, ngc li, tip theo "in-addr.arpa.". Gi s rng a ch mng cho example.org l 192.168.1, domain in-addr.arpa s l 1.168.192.in-addr.arpa. Nh vy, zone statement tng ng trong file named.conf nh sau: zone "1.168.192.in-addr.arpa" { type master; file "example.org.rev"; }; Lu rng cc tn tp tin (example.org.db v example.org.rev) c s dng trong zone section y l hon ton ty . Ta c t do la chn quy c t tn ca ring min l n lm cho ngha vi chng ta. Cc ty chn Cc domain chnh cng s dng mt s trong nhng la chn cu hnh t cc ty chn ca statement. Cc ty chn ny l check-names allow-update allow-query allow-transfer notify also-notify S dng cc ty chn ny trong mt cu hnh zone s nh hng n duy nht n zone ny. Xc nh mt zone th cp trong file named.conf Cc nh dng zone cho cc my ch DNS th cp l tng t nh cc my ch DNS chnh. V d cho phn gii, y l nh dng: zone domain-name { type slave; masters IP-address-list; ; file path-name; }; domain-name l tn chnh xc ca zone nh quy nh trn l tn chnh my ch DNS, IP-address-list l danh sch cc a ch IP m cc my ch DNS chnh cho zone ang tn ti, v path-name l v tr ng dn y ti th mc m my ch DNS gi bn sao cc tp tin zone. Cc ty chn Mt cu hnh zone th cp cng c th s dng mt s trong nhng ty chn cu hnh sau check-names allow-update allow-query allow-transfer max-transfer-time-in Xc nh mt Cache zone trong file named.conf Cu hnh cach l d nht ca tt c cc cu hnh. N cng cn thit cho mi cu hnh my ch DNS, ngay c khi ta ang chy mt my ch DNS chnh hay th cp. iu ny l cn thit cho my ch tm kim quy theo cy DNS tm cc my tnh khc trn Internet. i vi mt my ch DNS b nh m, chng ta xc nh ba phn zone. y l mc u tin: zone "." { type hint;

    file "root.hints"; }; Dng zone u tin y l nh ngha ca cc my ch DNS gc. Cc dng type hint;, quy nh c th rng y l mt mc nhp khu vc b nh m, v dng file "root.hints";, xc nh tp tin s tp trung hot ng cache vi mc tr n cc my ch DNS gc. Ban lun lun c th c c tp tin root mi nht gi t www.internic.net/zones/named.root. Mc zone th hai xc nh phn gii tn cho cc local host. Zone th hai nh sau: zone "localhost" in { type master; file "localhost.db"; }; Mc zone th ba xc nh tra cu ngc li cho cc local host. iu ny l mt mc ngc phn gii cc a ch local host (127.0.0.1) tr li tn my tnh. zone "0.0.127.in-addr.arpa" { type master; file "127.0.0.rev"; }; a cc mc zone ny vo /etc/named.conf l to ra mt my ch DNS b nh m. Nhng, ni dung ca cc tp tin c s d liu thc t (localhost.db, 127.0.0.rev example.org.db, vv) c tham chiu bi cc ch th file cng rt quan trng. Loi record ca DNS Phn ny bn v cc thit k ca cc tp tin c s d liu trn my ch DNS, tc l, cc tp tin m lu tr thng tin c th lin quan n tng zone m cc my ch DNS nm gi. Cc tp tin c s d liu bao gm ch yu ca h s cc loi, do , ta cn phi hiu c ngha v cch thc s dng cc loi records ph bin cho DNS nh: SOA, NS, A, PTR, CNAME, MX, TXT, v RP. SOA: Start of Authority Cc bn ghi SOA bt u m t mc lin quan n mt site trong DNS. Cc nh dng ca mc ny l nh sau: domain.name. IN SOA ns.domain.name. hostmaster.domain.name. ( 1999080801 ; serial number 10800 ; refresh rate in seconds (3 hours) 1800 ; retry in seconds (30 minutes) 1209600 ; expire in seconds (2 weeks) 604800 ; minimum in seconds (1 week) ) Dng u tin cha mt s chi tit m ta cn phi ch n: domain.name, tt nhin, c thay th bng tn min DNS ca ta. iu ny thng l dng chung tn c quy nh trong ch th zone trong tp tin /etc/named.conf. Ch du chm (.) cui cng ti kt thc ca domain.name. l thc t, cc tp tin cu hnh DNS l cc k cu k. Thi gian kt thc l cn thit cho my ch DNS phn bit tn my tnh tng i t cc tn min y , v d, s khc bit gia serverA v serverA.example.org. IN cho cc my ch DNS bit rng y l bt u mt Internet record. C nhiu loi record khc nhau, nhng n cn c nhiu nm trc khi mt ai c mt nhu cu. Ta c th b qua mt cch an ton. SOA cho cc my ch DNS bit bt u ca Authority record.

    Ns.domain.name. l tn min y cho my ch DNS ny (c ngha s l my ch DNS cha tp tin ny). Mt ln na, xem ra v khng qun rng c du v thi gian. Hostmaster.domain.name. l a ch e-mail cho cc ngi qun tr domain. Ch thiu ca mt @ trong a ch e-mail ny. Biu tng @ c thay th vi mt du chm (.). V vy, a ch e-mail c cp trong v d ny l hostmaster@domain.name. cc du chm (.) c s dng y. Phn cn li ca record bt u sau khi m ngoc n dng 1. Dng 2 l s serial. N c s dng cho my ch DNS vit khi tp tin c cp nht. Xem ra, nu qun tng con s ny khi ta thc hin mt thay i l mt sai lm khi phi thng xuyn thc hin qu trnh qun l bn ghi DNS. (Qun t mt du chm (.) ng ni l mt li ph bin khc.) Line 3 trong danh sch cc gi tr tc lm mi tnh bng giy. Gi tr ny cho cc my ch DNS th cp mc thng xuyn cn truy vn cc my ch DNS chnh xem cc record c c cp nht khng. Dng 4 l tc th li tnh bng giy. Nu my ch DNS th cp c gng nhng khng th lin lc cc my ch DNS chnh kim tra cp nht, cc my ch th cp c gng mt ln na sau s giy nht nh. Dng 5 quy nh c th cc ch du ht hn. N c thit k cho cc my ch DNS th cp c lu tr d liu zone. N ni vi nhng my ch DNS ny rng nu h khng th lin lc vi my ch DNS chnh cp nht, h nn loi b cc gi tr sau khi s giy quy nh. Mt hoc hai tun l mt gi tr tt cho khong thi gian ny. Gi tr cui cng (dng 6, ti thiu) cho bit cc my ch DNS b nh m bao lu h nn ch i trc khi ht hn lu tr nu h khng th lin lc vi my ch DNS chnh. Nm n by ngy l mt tham s tt cho mc ny. NS: Name Server Cc NS record c s dng ch nh my ch DNS duy tr cc record cho zone ny. Nu bt k my ch DNS th cp tn ti m ta c nh cho chuyn zone, chng cn phi c quy nh y. Cc nh dng ca record ny nh sau: IN NS ns1.domain.name. IN NS ns2.domain.name. Ta c th c nhiu my ch DNS nh l bn sao lu nh ta mun cho mt tn min, y c t nht hai sao lu l mt tng tt. Hu ht cc nh cung cp dch v Internet (ISP) cho khi ng hot ng nh my ch DNS th cp nu h cung cp kt ni cho ta. A: Address Record y c l l loi record ph bin nht ca c tm thy trong thc t. A record c s dng cung cp mt nh x t tn my n a ch IP. Cc nh dng ca mt a ch A rt n gin: Host_name IN A IP-Address V d, mt A record cho serverB.example.org ch, c a ch IP 192.168.1.2, s ging nh th ny: serverB IN A 192.168.1.2 Tng ng vi IPv4, ti nguyn "A" record trong IPv6 c gi l "AAAA" (quad-A) record. V d, mt quadA record cho serverB m a ch IPv6 l 2001: DB8 :: 2 s ging nh sau: serverB IN A AAA 2001:DB8::2 Lu rng bt k tn my c t ng vi hu t tn min c lit k trong cc bn ghi SOA, tr khi tn my kt thc vi mt du chm. Trong v d trn y cho serverB, nu cc bn ghi SOA trc l example.org, sau serverB c hiu l serverB.example.org. Nu ta thay i ny serverB.example.org (khng c mt du chm), my ch tn s hiu n l serverB.example.org.example.org. m c l khng phi l nhng g ta d nh! V vy, nu ta mun s dng tn min y , hy chc chn hu t n vi mt du chm. PTR: Pointer Record Cc PTR record thc hin phn gii tn min ngc, do cho php mt ngi no xc nh mt a ch IP v xc nh tn my tng ng. Cc nh dng record l tng t nh A record, ngoi tr vi gi tr o ngc: IP-Address IN PTR Host_name

    IP-Address c th c mt trong hai hnh thc: octet cui cng ca a ch IP (cho my ch DNS t ng hu t n vi cc thng tin c t domain in-addr.arpa) hoc a ch IP y , c hu t vi mt du chm. Cc Host_name phi c cc tn min y y . V d, PTR record cho my ch serverB s l nh sau: 192.168.1.2. IN PTR serverB.example.org. Mt ti nguyn PTR record cho mt a ch IPv6 trong domain ip6.arpa c th hin tng t nh cch n c thc hin cho mt a ch IPv4, nhng th t ngc li. Khng ging nh bnh thng cch IPv6, a ch khng th c nn hay c vit tt, n c th hin trong, gi l o ngc nh dng nibble (tp hp 4-bit). Do , vi mt PTR record cho a ch IPv6 2001: DB8 :: 2, "a ch s phi c m rng ca n tng ng 2001:0 db8: 0000:0000:0000:0000:0000:0002. " V d, tng ng vi IPv6 cho mt PTR record cho serverB my ch vi IPv6 a ch 2001: DB8 :: 2 s l (mt dng): 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2. IN PTR serverB.example.org. MX: trao i Mail Cc bn ghi MX chu trch nhim cho cc mng khc bit v my ch mail trong zone. Nu mt my tnh trn mng to ra mt thng ip mail gi i vi tn my ca mnh, mt ngi no gi tr li mt thng ip mail s khng gi li trc tip n my tnh . Thay vo , mail server ni gi tr li s tm kim cc bn ghi MX cho site v gi thng ip mail. V d, bn ghi MX c s dng khi my tnh ca ngi dng t tn pc.domain. gi 1 message s dng chng trnh mail trn PC / ngi c, khng th chp nhn giao thc SMTP gi mail; iu quan trng l bn tr li c mt cch ng tin cy tr li danh tnh ca my ch mail ca pc.domain.name. Cc nh dng ca bn ghi MX l nh sau: domainname. IN MX weight Host_name y domainname. l tn min ca site (vi du chm cui); weight l tm quan trng ca my ch mail (nu nhiu my ch mail tn ti, my vi s nh nht c c u tin hn nhng my vi s ln hn); Host_name l tn ca my ch mail. iu quan trng l cc host_name c mt A record. y l mt v d: example.org. IN MX 10 smtp1 IN MX 20 smtp2 Thng thng, cc MX record nm gn u trong cc tp tin cu hnh DNS. Nu mt tn domain khng c ch r, tn mc nh c ly t cc SOA record. CNAME: Name hp chun CNAME record cho php ta to cc b danh cho tn my tnh. Mt CNAME record c th l c coi nh mt b danh. iu ny rt hu ch khi ta mun cung cp mt dch v tnh sn sng cao vi mt ci tn d nh, nhng vn cung cp cho cc my ch lu tr tn tht. Mt s dng ph bin cho CNAMEs l "to ra" mt my ch mi vi tn gi d dng nh m khng cn phi u t vo mt my ch mi tht s. Mt v d: Gi s mt site c mt my ch web vi mt tn my ca zabtsuj-content.example.org. C th lp lun zabtsuj-content.example.org khng phi l mt tn ng nh v cng khng thn thin vi ngi s dng. V vy, k t khi h thng l mt my ch web, mt bn ghi CNAME, hoc b danh, "www" c th c to ra cho cc my ch web ny. iu ny ch n gin l s nh x cc tn khng thn thin zabtsuj content.example.org vo mt tn thn thin hn l www.example.org. iu ny s cho php tt c cc yu cu i n www.example.org c hng ti cch r rng ti h thng thc t lu tr ni dung trang web, tc l, zabtsuj-content.example.org. y l nh dng cho cc CNAME record: New_host_name IN CNAME old_host_name V d: zabtsuj-content IN A 192.168.1.111 www IN CNAME zabtsuj-content

    RP v TXT: Entries d liu i khi s hu ch xem cung cp thng tin giao dch nh mt phn ca c s d liu nh record tht s m nhng ngi khc c th truy vn. iu ny c th c thc hin bng cch s dng RP (Responsible Person) v cc TXT record. Mt TXT record l mt hnh thc nhp vn bn khng nh dng m ta c th t bt c thng tin ta cho l ph hp. Thng thng, ta s ch mun a thng tin giao dch trong nhng record ny. Mi bn ghi TXT phi c gn vi mt tn my c th. V d, serverA.example.org. IN TXT "Contact: Admin Guy" IN TXT "SysAdmin/Android" IN TXT "Voice: 999-999-9999" Cc RP record c to ra nh l mt container r rng cho thng tin giao dch ca mt my ch. Cc record cho bit ai l ngi chu trch nhim cho cc my ch c th, y l mt v d: serverB.example.org. IN RP admin-address.example.org. example.org Nh hu ch nh l nhng record ny c th l, n c th ch cn ti ngy ny, bi v ngi ta cm nhn hin c qu nhiu thng tin v trang web m c th dn n cc cuc tn cng ca x hi. Ta c th tm thy h s hu ch trong cc my ch DNS ni b, nhng c l ta nn giu chng trnh ai c th truy vn t Internet. Thit lp file dng liu BIND By gi ta bit y v tt c cc loi DNS record bt u i vo su hn. l vic to ra c s d liu thc t cung cp ho my ch DNS. Cc nh dng tp tin c s d liu khng phi l qu nghim ngt, nhng mt s quy tc hnh thnh theo thi gian. Tun theo cc quy tc ny s lm cho cng vic ca ta d dng hn v s d dng mn cho cc qun tr vin khi s dng thnh qu ca ta. Cc tp tin c s d liu l cc tp tin cu hnh quan trng nht ca chng ta. N rt d dng to ra cc c s d liu tra cu chuyn tip, nhng g thng c b qua c tra cu ngc li. Mt s cng c, nh Sendmail v TCP Wrappers, s thc hin tra cu ngc li trn a ch IP xem ni m ngi ta ang n t u. V vy, l mt lch s ph bin c thng tin ny. Mi tp tin c s d liu cn bt u vi mt $TTL entry. Entry ny ni cho BIND v thi gian sng cho mi bn ghi c nhn bt c khi no n khng quy nh mt cch r rng. (Thi gian sinh sng (TTL) trong SOA record ch dnh cho cc SOA record) Sau khi $TTL entry l SOA record v c t nht mt NS record. Mi th khc l ty chn. (Tt nhin, "Tt c mi th khc" l nhng g lm cho cc tp tin hu ch!) Ta c th tm thy nh dng chung hu ch sau y: $TTL SOA record NS records MX records A and CNAME records Hy i qua qu trnh xy dng mt my ch DNS hon chnh t u n cui s thy tt hn thng tin hin th nh th no i km vi nhau. i vi v d ny, chng ta s xy dng cc my ch DNS cho example.org s thc hin cc mc tiu sau y: Thit lp hai tn my ch: ns1.example.org v ns2.example.org. My ch DNS s c th tr li cho truy vn cho IPv6 record m my ch c. Hnh ng nh mt my ch ph cho zone sales.example.org, ni serverB.example.org s l my ch chnh. Xc nh cc A record cho serverA, serverB, smtp, ns1 v ns2. Xc nh cc AAAA record (IPv6) cho serverA-v6 v serverB-v6

    Xc nh smtp.example.org nh my ch mail (MX) cho domain example.org. Xc nh www.example.org l mt tn thay th (CNAME) cho ServerA.example.org, v xc nh ftp.example.org l mt tn thay th cho serverB.example.org. Cui cng, chng ta s xc nh cc thng tin giao dch cho serverA.example.org. Ch tit tng bc thc hin hon thnh mc tiu ca chng ta thit lp mt my ch DNS cho example.org, chng ta s cn lm mt lot cc bc. 1. Hy chc chn rng ta ci t phn mm my ch DNS BIND l m t trc trong chng ny. S dng lnh rpm xc nhn iu ny. Hy g: [root@serverA ~]# rpm -q bind bind-9.* 2. S dng trnh son tho vn bn to ra tp tin cu hnh chnh ca my ch DNS, tc l, tp tin /etc/named.conf. Nhp vn bn sau y vo tp tin: options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; notify yes; }; # The following zone definitions don't need any modification. The first one # is the definition of the root name servers and sets up our server as a # caching-capable DNS server. # The second one defines localhost. # The third zone definition defines the reverse lookup for localhost. zone "." in { type hint; file "root.hints"; }; zone "localhost" in { type master; file "localhost.db"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.rev"; }; # The zone definition below is for the domain that our name server is # authoritative for i.e. the example.org domain name. zone "example.org" { type master; file "example.org.db";

    }; # Below is the zone for the in-addr.arpa domain, for the example.org site. zone "1.168.192.in-addr.arpa" { type master; file "example.org.rev"; }; # Below is the entry for the sub-domain for which this server is a slave server # IP address of sales.example.orgs master server is 192.168.1.2 zone "sales.example.org" { type slave; file "sales.example.org.bk"; masters {192.168.1.2;}; }; # Below is the zone for the ip6.arpa domain for the example.org site. # The zone will store its data in the same file as # the 1.168.192.in-addr.arpa domain zone "0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "example.org.rev"; }; 3.Lu tp tin trn vo /etc/named.conf v thot khi trnh son tho vn bn. 4. Tip theo chng ta s cn phi to ra cc tp tin c s d liu thc t c tham chiu trong phn tp tin /etc/named.conf. c bit, cc tp tin m chng ta mun to ra root.hints, localhost.db, 127.0.0.rev, example.org.db, v example.org.rev. Tt c cc tp tin c lu tr trong th mc lm vic ca BIND, /var/named/. Chng ta s to ra chng nh l h xut hin ra t phn u ca file named.conf n phn pha di. 5. Rt may, chng ta s khng phi to th cng ra cc tp tin gc. Ta c th ti v bn sao mi nht ca tp tin gc t Internet. S dng lnh wget ti v v sao chp n vo th mc thch hp. G [root@serverA ~]# wget -O /var/named/root.hints \ http://www.internic.net/zones/named.root 6. S dng bt k trnh son tho vn bn ta cm thy thoi mi to ra cc tp tin zone cho cc local host. y l tp tin localhost.db. Nhp vn bn sau y vo tp tin: $TTL 1W @ IN SOA localhost root ( 2006123100 ; serial 3H ; refresh (3 hours) 30M ; retry (30 minutes) 2W ; expiry (2 weeks) 1W) ; minimum (1 week) IN NS @ IN A 127.0.0.1 7. Lu tp tin trn vo /var/named/localhost.db v thot khi trnh son tho vn bn. 8. S dng bt k trnh son tho vn bn to cc khu tp tin cho cc tra cu zone ngc li cho cc local host. y l tp tin 127.0.0.rev . Nhp vn bn sau y vo tp tin:

    $TTL 1W @ IN SOA localhost. root.localhost. ( 2006123100 ; serial 3H ; refresh 30M ; retry 2W ; expiry 1W ) ; minimum IN NS localhost. 1 IN PTR localhost. 9. Lu tp tin trn vo /var/named/127.0.0.rev v thot khi trnh son tho vn bn. 10. Tip theo to cc tp tin c s d liu cho zone chnh m chng ta quan tm, tc l, domain example.org. S dng mt trnh son tho vn bn to tp tin example.org.db, v nhp vo cc vn bn sau y vo tp tin $TTL 1W @ IN SOA ns1.example.org. root ( 2009123100 ; serial 3H ; refresh (3 hours) 30M ; retry (30 minutes) 2W ; expiry (2 weeks) 1W) ; minimum (1 week) IN NS ns1.example.org. IN NS ns2.example.org. IN MX 10 smtp.example.org. ns1 IN A 192.168.1.1 ;primary name server ns2 IN A 192.168.1.2 ;secondary name server serverA IN A 192.168.1.1 serverB IN A 192.168.1.2 smtp IN A 192.168.1.25 ;mail server www IN CNAME serverA ;web server ftp IN CNAME serverB ;ftp server serverA IN TXT "Fax: 999-999-9999" ; IPv6 entries for serverA (serverA-v6) and serverB (serverB-v6) are below serverA-v6 IN AAAA 2001:DB8::1 serverB-v6 IN AAAA 2001:DB8::2 11. Lu tp tin trn vo /var /named/example.org.db v thot khi trnh son tho vn bn. 12. Cui cng, to ra cc tp tin tra cu ngc ca zone cho zone example.org. S dng mt trnh son tho vn bn to ra tp tin /var/named/example.org.rev, v nhp vo vn bn sau y vo tp tin: $TTL 1W @ IN SOA ns1.example.org. root ( 2009123100 ; serial 3H ; refresh (3 hours) 30M ; retry (30 minutes) 2W ; expiry (2 weeks) 1W) ; minimum (1 week)

    IN NS ns1.example.org. IN NS ns2.example.org. 1 IN PTR serverA.example.org. ; Reverse info for serverA 2 IN PTR serverB.example.org. ; Reverse info for serverB 25 IN PTR smtp.example.org. ; Reverse for mailserver ; IPv6 PTR entries for serverA (serverA-v6) and serverB (serverB-v6) are below $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR serverA-v6.example.org. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR serverB-v6.example.org. 13. Chng ta khng cn to ra bt k tp tin ph cho sales.example.com. Chng ta ch cn phi thm cc mc chng ta c trong file named.conf. (Mc d cc tp tin ng nhp s thiu st v vic khng th lin lc vi thng tin chnh, iu ny khng quan trng, k t khi chng ta ch cho thy lm th no thit lp thng tin trn my ch DNS chnh cho zone cho my ch DNS ca chng ta l c thm quyn.) Bc tip theo s hin th nh th no bt u dch v named. Nhng bi v cc phn mm BIND l rt kh tnh v cc du chm v du chm phy ca n, v bi v ta c th c phi t nhp vo tt c cc tp tin cu hnh, rt c th l tuyt vi m ta rt hn hu thc hin mt s li chnh t (hoc chng ta thc hin mt s t li chnh t mnh). V vy, tt nht ca ta theo di cn thn cc tp tin h thng ng nhp xem thng bo li nh chng ang c to ra trong thi gian thc. 14. S dng lnh tail trong mt ca s terminal xem cc bn ghi, v sau ra lnh trong bc tip theo trong mt ca s terminal ring bit ta c th xemc hai cng mt lc. Trong ca s terminal mi ca ta, g [root@serverA named]# tail -f /var/log/messages 15.Chng ta sn sng bt u cc dch v named ti thi im ny. S dng lnh service khi ng dch v. G [root@serverA named]# service named start Starting named: [ OK ] 16.Nu ta nhn c mt lot cc li trong cc bn ghi h thng, ta s thy rng cc bn ghi thng cho ta bit s dng v/hoc cc loi li. V vy, sa cha cc li khng nn qu cng. Ch cn quay tr li v t du chm v du chm phy chnh xc. Mt li ph bin l li chnh t trong cc tp tin cu hnh v d nh, master thay v masters, mc d c hai u l nhng ch th hp l, c s dng trong cc bi cnh khc nhau. 17. Cui cng, ta c th cn m bo rng dch v my ch DNS s khi ng nu h thng khi ng li. S dng lnh chkconfig. G [root@serverA named]# chkconfig named on Phn tip theo s hng dn vic s dng cc cng c c th c dng kim tra hay truy vn mt my ch DNS. B lnh DNS Phn ny m t mt vi lnh m ta mun lm quen vi khi lm vic vi DNS. Chng s gip ta khc phc s c cc vn mt cch nhanh chng hn. Lnh host Lnh host thc s l mt tin ch n gin s dng. Chc nng ca n c th, tt nhin, c m rng bng cch s dng vi cc ty chn khc nhau ca n. La chn v c php ca lnh host c hin th y: host [aCdlrTwv] [-c lp] [n] [N ndots] [-t type] [W time] [-R number] hostname [server] -a tng ng vi-v-t *

    -c quy nh c th lp truy vn d liu none-IN -C so snh cc cc SOA record trn my ch DNS c thm quyn -d l tng ng vi -v -l s lit k tt c cc my trong mt domain, s dng AXFR -i s dng cc hnh thc IN6.INT c ca tra cu o ngc IPv6 -N thay i s lng du chm cho php trc khi tra cu gc c thc hin -r v hiu ha ch bin quy -R quy nh c th s lng cc retries cho gi tin UDP -t quy nh c th cc loi truy vn -T cho php ch TCP/IP -v cho php u ra rm r -w quy nh c th ch i mi mi cho mt tr li -W quy nh c th bao lu ch i cho mt tr li s dng n gin, lnh host cho php ta phn gii tn my thnh a ch IP t cc dng lnh. V d: [root@serverA ~]# host internic.net internic.net has address 198.41.0.6 Chng ta cng c th s dng my ch thc hin tra cu ngc li.V d: [root@serverA ~]# host 198.41.0.6 6.0.41.198.in-addr.arpa domain name pointer rs.internic.net. Lnh host cng c th c s dng truy vn cc IPv6 record. V d, truy vn (trn chng trnh giao din IPv6) tn my ch DNS (:: 1) cho cc a ch IPv6 cho my serverB v6.example.org, chng ta c th chy [root@serverA ~]# host serverB-v6.example.org ::1 Using domain server: Name: ::1 Address: ::1#53 Aliases: serverB-v6.example.org has IPv6 address 2001:db8::2 truy vn cho cc PTR record cho serverB-V6, chng ta c th s dng [root@serverA ~]# host 2001:db8::2 ::1 Using domain server: Name: ::1 Address: ::1#53 Aliases: 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6. arpa domain name pointer serverB-v6.example.org. Lnh Dig Trong vic tm thng tin domain, dig, l mt cng c tuyt vi thu thp thng tin v cc my ch DNS. y l cng c c tin cy v c xc nhn ca BIND. C php ca n v mt s ty chn ca n c hin th y (xem trang hng dn (man page) ca lnh dig bit ngha ca cc ty chn khc nhau): dig [@global-server] [domain] [q-type] [q-class] {q-opt} {global-d-opt} host [@local-server] {local-d-opt} [ host [@local-server] {local-d-opt} [...]] Where: domain are in the Domain Name System.

    Tm tt s dng lnh dig dig @server domain query-type @server l tn ca my ch DNS m ta mun truy vn, domain l tn min ta ang quan tm truy vn, v querytype l tn ca record m ta ang c c gng c c (A, MX, NS, SOA, HINFO, TXT, ANY, vv). V d, c c cc MX record cho domain example.org chng ta thnh lp trong cc phn trc t my ch DNS chng ta thit lp, ta s ra lnh dig nh th ny: [root@serverA ~]# dig @localhost example.org MX truy vn my ch DNS ca chng ta cho cc A record cho tn domain yahoo.com, g [root@serverA ~]# dig @localhost yahoo.com t yu cu mt my ch IPv6 DNS cho mt AAAA record i vi my tnh serverB-v6.example.org, g [root@serverA ~]# dig @localhost serverB-v6.example.org -t AAAA pht hnh li mt trong cc lnh trc nhng ln ny gim thiu tt c cc d tha bng cch s dng mt trong nhng la chn dig (+ short), g [root@serverA ~]# dig +short @localhost yahoo.com 66.94.234.13 216.109.112.135 truy vn cc my ch DNS cho cc thng tin tra cu ngc li (PTR RR) cho ach 192.168.1.1, g [root@serverA ~]# dig -x 192.168.1.1 @localhost truy vn cc my ch DNS cho cc thng tin tra cu IPv6 o ngc (PTR RR) cho a ch 2001:db8::2, g [root@serverA ~]# dig -x 2001:db8::2 @localhost Lnh dig l v cng mnh m. La chn ca n l qu nhiu th hin ht y. Ta nn c trang hng dn (man page) c ci t vi dig tm hiu lm th no s dng mt s tnh nng tin tin ca n. nslookup Tin ch nslookup l mt trong nhng cng c m ta s tm thy tn ti trn cc h iu hnh khc nhau. V do , n c l l mt trong nhng cng c m hu ht mi ngi quen thuc. Cch s dng ca n l kh n gin. N c th c s dng tng tc v khng tng tc (trc tip t dng lnh). Ch tng tc ny c thc hin vo khi khng c i s cho lnh. Ta g nslookup v bc bo nslookup shell. ra khi ch tng tc, ch cn g exit ti du nhc nslookup. Cch s dng cho ch khng tng tc c tm tt y: nslookup [ -option ] [ name | - ] [ server ] V d, s dng nslookup ch khng tng tc truy vn my ch DNS cho thng tin v ach my ch, www.example.org [root@serverA ~]# nslookup www.example.org localhost Server: localhost Address: 127.0.0.1#53 www.example.org canonical name = serverA.example.org. Name: serverA.example.org Address: 192.168.1.1 Lnh whois Lnh whois c s dng xc nh quyn s hu ca mt domain. Thng tin v ch s hu ca mt domain khng phi l bt buc mt phn ca h s ca mnh, cng khng phi l giao dch c t trong TXT hoc RP record. V vy, ta s cn phi thu thp thng tin ny bng cch s dng k thut whois, s bo co ca cc ch s hu thc t domain, a ch ca h, a ch e-mail, v s in thoi lin lc k thut. Hy th mt v d cho nhn c thng tin v cc min example.com. G [root@serverA ~]# whois example.com

    [Querying whois.verisign-grs.com] [Redirected to whois.iana.org] [Querying whois.iana.org] [whois.iana.org] ...<OUTPUT TRUNCATED>... Registrant: Name: Internet Assigned Numbers Authority (IANA) Organization: Internet Assigned Numbers Authority (IANA) ...<OUTPUT TRUNCATED>... Technical Contact: Name: Internet Assigned Numbers Authority (IANA) ...<OUTPUT TRUNCATED>... Nameserver Information: Nameserver: a.iana-servers.net. IP Address: 192.0.34.43 ...<OUTPUT TRUNCATED>... Tin ch nsupdate Mt tin ch DNS mnh m thng b b qun l tin ch nsupdate. N c s dng gi Dynamic DNS (DDNS) cp nht cc yu cu ti mt my ch DNS. N cho php cc record ti nguyn (RR) c thm vo hoc g b t mt zone m khng cn chnh sa th cng cc tp tin c s d liu zone. iu ny c bit hu ch bi v zone loi DDNS, khng c chnh sa hoc cp nht bng tay, k t khi thay i hng dn s dng rng buc cuc xung t vi cc bn cp nht th cng xung t vi vic cp nht ng c duy tr t ng trong cc tp tin nht k, m c th dn n d liu zone b hng. Lnh nsupdate ln c u vo t mt tp tin nh dng c bit hoc t cc u vo chun. C php lnh l nsupdate [ -d ] [[ -y keyname:secret ] [ -k keyfile ] ] [-v] [filename ] Cng c rndc Chng trnh rndc c th c s dng qun l an ton cc my ch DNS. lm iu ny, mt tp tin cu hnh ring bit l cn thit cho rndc, k t khi tt c cc thng tin lin lc vi my ch cn chng thc vi ch k s thc s l mt b mt c chia s, v b mt ny c chia s thng c lu tr trong mt tp tin cu hnh, m thng c t tn l /etc/rndc.conf. Ta s cn phi to ra cc b mt c chia s gia cc tin ch v my ch DNS bng cch s dng cc cng c nh rndc-confgen. Bn tm tt s dng cho rndc c lit k nh sau: rndc [-c config] [-s server] [-p port] [-k key-file ] [-y key] [-V] command command is one of the following: reload Reload configuration file and zones. reload zone [class [view]] Reload a single zone. refresh zone [class [view]] Schedule immediate maintenance for a zone. reconfig Reload configuration file and new zones only. stats Write server statistics to the statistics file. querylog Toggle query logging.

    dumpdb Dump cache(s) to the dump file (named_dump.db). stop Save pending updates to master files and stop the serve halt Stop the server without saving pending updates. trace Increment debugging level by one. trace level Change the debugging level. notrace Set debugging level to 0. flush Flushes all of the server's caches. flush [view] Flushes the server's cache for a view. status Display status of the server. V d, ta c th s dng rndc xem trng thi ca my ch DNS. G [root@serverA ~]# rndc status number of zones: 7 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 1 query logging is OFF server is up and running V d, ta thc hin thay i cc tp tin c s d liu zone ( /var/named/example.org.db). i vi mt trong cc zone di s kim sot ca chng ta (v d, example.org), v ta mun ti li ch zone m khng cn khi ng li ton b cc my ch DNS, ta c th pht lnh rndc vi cc ty chn c hin th y: [root@serverA ~]# rndc reload example.org Cu hnh DNS clients Trong phn ny, chng ta s nghin cu vo qu trnh cu hnh DNS client! C l n khng phi l th v, nhng khng th ph nhn ca n ngha vi bt k mt mng no. Phn gii - Resolver Cho n nay, chng ta nghin cu cc my ch v cy DNS mt cch tng th. Cc phn khc l vic khch hng cc my ch DNS l lin lc vi my ch DNS phn gii mt tn my tnh vo mt a ch IP. Trong Linux, phn gii thc hin trn my khch hng ca DNS. iu ny thc s l mt phn ca mt th vin ca cc chc nng lp trnh C m c c lin kt vi mt chng trnh khi chng trnh bt u. Bi v tt c nhng iu ny xy ra t ng v minh bch, ngi s dng khng phi bit bt c iu g v n. N ch n gin mt cht php thut m cho php h lt trn Internet. T quan im ca qun tr h thng, cu hnh my khch DNS khng phi l ma thut, nhng n n gin. C hai tp tin: /etc/resolv.conf, /etc/nsswitch.conf. Tp tin /etc/resolv.conf Tp tin /etc/resolv.conf l tp tin cha cc thng tin cn thit cho khch hng bit nhng g my ch cc b DNS ca mnh cha. (Mi mng nn c, t nht, my ch DNS b nh m ring ca mnh) Tp tin ny c hai dng, u tin ch ra domain tm kim mc nh, v th hai cho bit a ch IP ca my ch DNS ca my tnh. Domain tm kim mc nh c p dng ch yu l cc mng c my ch cc b ca ring. Khi domain tm kim mc nh c quy nh c th, cc ngi dng s t ng ni thm tn min ny cho cc mng yu cu v kim tra chng u tin. V d, nu ta ch nh tn min mc nh ca ta l yahoo.com v sau c gng kt ni ti my c tn l my, phn mm s t ng c gng lin h vi my.yahoo.com. S dng cng mt mc nh, nu ta c gng lin lc vi a ch www.stat.net, phn mm s c gng kt ni vi www.stat.net.yahoo.com

    (tn my hon ton hp php), thy rng n khng tn ti, v sau th www.stat.net mt mnh (m khng tn ti). Tt nhin, ta c th cung cp nhiu lnh vc mc nh. Tuy nhin, lm nh vy s lm chm qu trnh truy vn mt cht, bi v mi min s cn phi c kim tra. V d, nu c hai example.org v stanford.edu u c mt, v ta thc hin mt truy vn trn www.stat.net, ta s nhn c ba cu truy vn: www.stat.net.yahoo.com, www.stat.net.stanford.edu, v www.stat.net. Cc nh dng ca tp tin /etc/resolv.conf nh sau: search domainname nameserver IP-address y domainname l tn min mc nh tm kim, v a ch IP l a ch IP a ch ca my ch DNS ca ta. V d, y l mt mu tp tin /etc /resolv.conf: search example.org nameserver 127.0.0.1 V vy, khi mt truy vn tn tra cu l cn thit cho serverB.example.org, ch c phn cc tn my l cn thit, v d, serverB. Cc hu t example.org s c t ng ni thm vo cc truy vn. Tt nhin, iu ny ch c gi tr ti mng a phng ca ta, ni ta c kim sot client c cu hnh nh th no! Tp tin /etc/nsswitch.conf Cc tp tin /etc/nsswitch.conf cho h thng ni m n nn tm mt s loi thng tin cu hnh (dch v). Khi nhiu v tr c xc nh, tp tin /etc/nsswitch.conf cng c quy nh c th trnh t, trong thng tin tt nht c th c tm thy. Cc tp tin cu hnh tiu biu c thit lp s dng /etc/nsswitch.conf bao gm tp tin mt khu, tp tin nhm, v cc tp tin my tnh. ( xem danh sch y , m tp tin nsswitch.conf trong trnh son tho vn bn.) Cc nh dng ca tp tin /etc/nsswitch.conf l n gin. Tn dch v u tin trn dng (lu rng /etc/nsswitch.conf p dng cho nhiu yu cu hn l ch tra cu tn my), tip theo bng du hai chm. Tip theo l cc v tr c cha cc thng tin. Nu nhiu v tr c xc nh, cc mc c lit k theo th t m trong h thng cn phi thc hin tm kim. Mc hp l cho cc a im l cc files, nis, dns, [NOTFOUND], v NISPLUS. Ghi ch c bt u vi mt du (#). V d, nu ta m tp tin vi trnh son tho ca ta, ta c th nhn thy mt dng Similar ny: hosts: files nisplus nis dns Dng ny cho h thng bit tt c cc tra cu tn my u tin nn bt u vi /etc/hosts file. Nu mc khng th c tm thy , NISPLUS c kim tra. Nu my tnh khng c tm thy qua NISPLUS, NIS c kim tra, v nh vy. C th rng NISPLUS khng hot ng ti trang web ca ta v ta mun h thng kim tra cc DNS record trc khi n kim tra NIS record. Trong trng hp ny, ta cn thay i dng hosts: files dns nis Lu tp tin ca ta, v h thng s t ng pht hin s thay i. Cc khuyn ngh duy nht cho dng ny l rng cc tp tin ca my tnh (files) nn lun lun l u tin trong th t tra cu. Th t u tin cho NIS v DNS l g? iu ny ph thuc vo mng. Cho d ta mun gii quyt cc tn my ch DNS trc khi c gng NIS s ph thuc vo liu my ch DNS l gn gi hn so vi my ch NIS v kt ni mng, nu mt my ch nhanh hn hn khc, cc vn bc tng la, cc vn chnh sch mng, v cc yu t khc. S dng [NOTFOUND = action] Trong cc tp tin /etc/ nsswitch.conf, ta s thy cc entry m kt thc trong [NOTFOUND = action]. iu nyl mt ch th c bit cho php ta ngn chn qu trnh tm kim cc thng tin sau khi h thng tht bi tt c cc entry trc. Hnh ng c th c, hoc tr li hoc tip tc khi cc hnh ng mc nh s tip tc. V d, nu file ca ta c dng hosts: files [NOTFOUND=return] dns nis, h thng s c gng tm kim thng tin my tnh lu tr trong tp tin /etc/hosts. Nu yu cu thng tin l khng c, NIS v DNS s khng c tm kim.

    Cu hnh Linux client Hy i qua qu trnh cu hnh mt Linux client s dng mt my ch DNS. Chng ta s gi s rng chng ta ang s dng my ch DNS trn serverA v chng ta c cu hnh serverA mnh l client. Cc bc cu hnh Linux client nh sau: 1. Chnh sa tp tin /etc/resolv.conf v thit lp cc nameserver entry tr n my ch DNS ca ta.y l mt v d: search example.org nameserver 127.0.0.1 2. Xem xt qua cc tp tin /etc/nsswitch.conf m bo rng DNS s c s dng cho vic phn gii tn my. Chnh sa /etc/nsswitch.conf lm cho n thc hin tn tra cu. [root@serverA ~]# grep "^hosts" /etc/nsswitch.conf hosts: files dns Nu ta khng c dns lit k, s dng bt k trnh son tho vn bn g dns trn dng hosts. 3. Kim tra cu hnh vi tin ch dig, g [root@serverA ~]# dig +short serverA.example.org 192.168.1.1 Ch rng ta khng c ch nh r rng cc my ch tn s dng (nh @ localhost) cho truy vn trc . iu ny l bi v dig s s dng mc nh (truy vn) cc my ch DNS c quy nh ti cc tp tin cc b /etc/resolv.conf.

    You might also like