dns
2017-12-04 15:14
92 查看
1.安装部署dns
yum install bind ##安装
systemctl start named ##开启
systemctl enable named ##开机自启
systemctl stop firewalld
systemctl disable firewalld
主配置文件 /etc/named.conf
子配置文件 /etc/name.rfc1912.zones
数据目录 /var/named
2.高速缓存dns
修改172.25.254.110主机配置文件
vim /etc/named.conf
listen-on port 53 { any; }; ##所有网关开放53接口
allow-query { any; }; ##允许所有人登录
forwarders {172.25.254.68;}; ###服务端去68主机提供
systemctl restart named ##重启
vim /etc/resolv.conf
nameserver 172.25.254.68
测试:
先用68主机dig www.baidu.com
然后使用110主机dig www.baidu.com,会发现;; Query time比之前快了很多:
3.权威dns的正向解析
vim /etc/named.rfc1912.zones ##子配置文件
zone "westos.com" IN {
type master;
file "westos.com.zone"; ##解析的文件
allow-update { none; };
cd /var/named/
cp -p named.localhost westos.com.zone ##复制模版时复制权限
vim westos.com.zone ##解析文件编写
$TTL 1D ##记录可以保存一天
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com. #域名的名称服务器
dns A 127.25.254.100
www A 172.25.254.111
systemctl restart named ###重启
测试:
dig www.westos.com
4.反向解析
vim /etc/named.rfc1912.zones
49 zone "254.25.172.in-addr.arpa" IN {
50 type master;
51 file "westos.com.ptr";
52 allow-update { none; };
53 };
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.122
111 PTR www.westos.com.
测试:dig -x 172.25.254.122
5.双向解析
vim /etc/named.conf ##主配置文件
50 view localnet { ##内部允许
51 match-clients { 172.25.254.68;};
52 zone "." IN {
53 type hint;
54 file "named.ca";
55 };
56 include "/etc/named.rfc1912.zones"; ##内部的数据文件
57 include "/etc/named.root.key";
58 };
59 view any { ##外部允许
60 match-clients {any;};
61 zone "." IN {
62 type hint;
63 file "named.ca";
64 };
65 include "/etc/named.rfc1912.zones.inter"; ##外部的数据文件
66 include "/etc/named.root.key";
67 };
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter ##建立一个对外部的子配置文件
vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 };
cd /var/named/
cp -p westos.com.zone westos.com.inter ###建立一个对外部的数据文件
vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 1.1.1.100
www A 1.1.1.111
systemctl restart named
测试:
dig www.westos.com [不同主机测试]
当用外部网络访问时
当使用内部网络172.25.254.68访问时
6.辅助dns
主:
vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 also-notify{172.25.254.222;};
30 };
systemctl restart named
注意:每次更改A记录文件后必须更改serial的数值,这个数值最大值10位
辅助:
yum install bind
systemctl restart named
systemctl stop firewalld
vim /etc/named.conf
vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type slave;
27 masters {172.25.254.110;};
28 file "slaves/westos.com.inter";
29 allow-update { none; };
30 };
systemctl restart named
测试:
在非dns主机上
vim /etc/resolv.conf
nameserver 172.25.254.124
然后dig www.westos.com
7.dns的远程更新
###基于ip
vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { 172.25.254.124; }; ##允许谁更新
29 also-notify{172.25.254.124;};
30 };
chmod g+w /var/named/ ##加权限
在辅助dns124这台主机上
[root@dns-slave ~]# nsupdate
> server 172.25.254.110
> update add hello.westos.com 86400 A 172.25.254.119 ##添加一个解析/ >update delete hello.westos.com ##删除
> send
>
注意:当出现update failed: SERVFAIL的时候,需要
在主dns里面设置
setsebool -P named_write_master_zones 1
测试:dig hello.westos.com
主机要恢复以前的
[root@localhost named]# rm -fr westos.com.inter.jnl
###基于钥匙key
1. cp -p /etc/rndc.key /etc/westos.key ###复制一个钥匙文件模版
2.dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos ##生成一个钥匙
3.cat Kwestos.+157+07219.key ###查看钥匙
westos. IN KEY 512 3 157 9P43krIszU6XI1KnwMC//Q==
4. vim /etc/westos.key ##编辑钥匙文件,
key "westos" { ##更改钥匙名字
algorithm hmac-md5;
secret "9P43krIszU6XI1KnwMC//Q=="; ##把钥匙正确的哈希字符改过来
};
5.vim /etc/named.conf ##主配置文件
42 include "/etc/westos.key";
6.vim /etc/named.rfc1912.zones.inter ##子配置文件
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { key westos; }; ##允许更新的类型
29 also-notify{172.25.254.222;};
30 };
systemctl restart named
测试:
scp Kwestos.+157+07219.* root@172.25.254.124:/mnt/ ##把公钥密钥发给测试机
222机
[root@dns-slave ~]# cd /mnt/
[root@dns-slave mnt]# ls
Kwestos.+157+54740.key Kwestos.+157+54740.private westos
[root@dns-slave mnt]# nsupdate -k Kwestos.+157+54740.private ##测试机命令
> server 172.25.254.110
> update add log.westos.com 86400 A 172.25.254.123
> send
>
测试:dig log.westos.com
## ddns
ddns是动态域名服务器,将用户的动态ip地址映射到一个固定的域名服务器上,
用户每次链接网络的时候,客户端程序就会通过信息传递把该主机的动态ip地址
传送给服务上主机上的服务器哦程序,服务器程序提供dns服务并实现动态域名解析。
安装dhcp并生成dhcp配置文件
yum install -y dhcp
cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
7 option domain-name "westos.com";
8 optiot domain-name-servers 172.25.254.110;
14 ddns-update-style interim;
30 subnet 172.25.254.0 netmask 255.255.255.0 {
31 range 172.25.254.200 172.25.254.210;
32 option routers 172.25.254.110;
33 }
34 key westos {
35 algorithm hmac-md5;
36 secret "9P43krIszU6XI1KnwMC//Q==";
37 } ##切记没有分号
38 zone westos.com. {
39 primary 127.0.0.1;
40 key westos;
41 }
重启dhcp和dns服务
systemctl restart dhcpd
sytemctl restart named
设置测试主机主机名:hostnamectl set-hostname www.westos.com
在测试机输入:dig www.westos.com
图中获取的ip在dhcp地址池中,符合条件,故测试成功。
yum install bind ##安装
systemctl start named ##开启
systemctl enable named ##开机自启
systemctl stop firewalld
systemctl disable firewalld
主配置文件 /etc/named.conf
子配置文件 /etc/name.rfc1912.zones
数据目录 /var/named
2.高速缓存dns
修改172.25.254.110主机配置文件
vim /etc/named.conf
listen-on port 53 { any; }; ##所有网关开放53接口
allow-query { any; }; ##允许所有人登录
forwarders {172.25.254.68;}; ###服务端去68主机提供
systemctl restart named ##重启
vim /etc/resolv.conf
nameserver 172.25.254.68
测试:
先用68主机dig www.baidu.com
然后使用110主机dig www.baidu.com,会发现;; Query time比之前快了很多:
3.权威dns的正向解析
vim /etc/named.rfc1912.zones ##子配置文件
zone "westos.com" IN {
type master;
file "westos.com.zone"; ##解析的文件
allow-update { none; };
cd /var/named/
cp -p named.localhost westos.com.zone ##复制模版时复制权限
vim westos.com.zone ##解析文件编写
$TTL 1D ##记录可以保存一天
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com. #域名的名称服务器
dns A 127.25.254.100
www A 172.25.254.111
systemctl restart named ###重启
测试:
dig www.westos.com
4.反向解析
vim /etc/named.rfc1912.zones
49 zone "254.25.172.in-addr.arpa" IN {
50 type master;
51 file "westos.com.ptr";
52 allow-update { none; };
53 };
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.122
111 PTR www.westos.com.
测试:dig -x 172.25.254.122
5.双向解析
vim /etc/named.conf ##主配置文件
50 view localnet { ##内部允许
51 match-clients { 172.25.254.68;};
52 zone "." IN {
53 type hint;
54 file "named.ca";
55 };
56 include "/etc/named.rfc1912.zones"; ##内部的数据文件
57 include "/etc/named.root.key";
58 };
59 view any { ##外部允许
60 match-clients {any;};
61 zone "." IN {
62 type hint;
63 file "named.ca";
64 };
65 include "/etc/named.rfc1912.zones.inter"; ##外部的数据文件
66 include "/etc/named.root.key";
67 };
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter ##建立一个对外部的子配置文件
vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 };
cd /var/named/
cp -p westos.com.zone westos.com.inter ###建立一个对外部的数据文件
vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 1.1.1.100
www A 1.1.1.111
systemctl restart named
测试:
dig www.westos.com [不同主机测试]
当用外部网络访问时
当使用内部网络172.25.254.68访问时
6.辅助dns
主:
vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 also-notify{172.25.254.222;};
30 };
systemctl restart named
注意:每次更改A记录文件后必须更改serial的数值,这个数值最大值10位
辅助:
yum install bind
systemctl restart named
systemctl stop firewalld
vim /etc/named.conf
vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type slave;
27 masters {172.25.254.110;};
28 file "slaves/westos.com.inter";
29 allow-update { none; };
30 };
systemctl restart named
测试:
在非dns主机上
vim /etc/resolv.conf
nameserver 172.25.254.124
然后dig www.westos.com
7.dns的远程更新
###基于ip
vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { 172.25.254.124; }; ##允许谁更新
29 also-notify{172.25.254.124;};
30 };
chmod g+w /var/named/ ##加权限
在辅助dns124这台主机上
[root@dns-slave ~]# nsupdate
> server 172.25.254.110
> update add hello.westos.com 86400 A 172.25.254.119 ##添加一个解析/ >update delete hello.westos.com ##删除
> send
>
注意:当出现update failed: SERVFAIL的时候,需要
在主dns里面设置
setsebool -P named_write_master_zones 1
测试:dig hello.westos.com
主机要恢复以前的
[root@localhost named]# rm -fr westos.com.inter.jnl
###基于钥匙key
1. cp -p /etc/rndc.key /etc/westos.key ###复制一个钥匙文件模版
2.dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos ##生成一个钥匙
3.cat Kwestos.+157+07219.key ###查看钥匙
westos. IN KEY 512 3 157 9P43krIszU6XI1KnwMC//Q==
4. vim /etc/westos.key ##编辑钥匙文件,
key "westos" { ##更改钥匙名字
algorithm hmac-md5;
secret "9P43krIszU6XI1KnwMC//Q=="; ##把钥匙正确的哈希字符改过来
};
5.vim /etc/named.conf ##主配置文件
42 include "/etc/westos.key";
6.vim /etc/named.rfc1912.zones.inter ##子配置文件
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { key westos; }; ##允许更新的类型
29 also-notify{172.25.254.222;};
30 };
systemctl restart named
测试:
scp Kwestos.+157+07219.* root@172.25.254.124:/mnt/ ##把公钥密钥发给测试机
222机
[root@dns-slave ~]# cd /mnt/
[root@dns-slave mnt]# ls
Kwestos.+157+54740.key Kwestos.+157+54740.private westos
[root@dns-slave mnt]# nsupdate -k Kwestos.+157+54740.private ##测试机命令
> server 172.25.254.110
> update add log.westos.com 86400 A 172.25.254.123
> send
>
测试:dig log.westos.com
## ddns
ddns是动态域名服务器,将用户的动态ip地址映射到一个固定的域名服务器上,
用户每次链接网络的时候,客户端程序就会通过信息传递把该主机的动态ip地址
传送给服务上主机上的服务器哦程序,服务器程序提供dns服务并实现动态域名解析。
安装dhcp并生成dhcp配置文件
yum install -y dhcp
cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
7 option domain-name "westos.com";
8 optiot domain-name-servers 172.25.254.110;
14 ddns-update-style interim;
30 subnet 172.25.254.0 netmask 255.255.255.0 {
31 range 172.25.254.200 172.25.254.210;
32 option routers 172.25.254.110;
33 }
34 key westos {
35 algorithm hmac-md5;
36 secret "9P43krIszU6XI1KnwMC//Q==";
37 } ##切记没有分号
38 zone westos.com. {
39 primary 127.0.0.1;
40 key westos;
41 }
重启dhcp和dns服务
systemctl restart dhcpd
sytemctl restart named
设置测试主机主机名:hostnamectl set-hostname www.westos.com
在测试机输入:dig www.westos.com
图中获取的ip在dhcp地址池中,符合条件,故测试成功。
相关文章推荐
- [Linux]Debian 9重启DNS重置问题
- 通过DNS的负载均衡方案Round-robin DNS[zz]
- 几个英文简称:IDC、CDN、DNS、ISP、SP、CP、B2C、B2B、C2C
- 构建DNS缓存、主从域名服务器
- 域名解析错误(ipconfig/flushdns).
- 如何查询域名的MX、A、DNS、txt、cname记录
- DNS使用的是TCP协议还是UDP协议
- windows2003 server 上配置dns服务----续
- DNS服务器能遭受到的DDNS攻击类型
- Linux命令行修改IP、网关、DNS的方法
- 7月第4周安全回顾 DNS漏洞影响广泛 网络访问控制受关注 推荐
- ubuntu的dns设置
- python-dnspython模块
- 如何修复DNS?
- 配置 DNS
- HttpClient DNS缓存问题解决办法
- DNS服务器的搭建
- 一次关于DNS服务器的故障排错记录——RNDC故障
- CentOS 修改IP地址, DNS, 网关
- 简易DNS快速设置(正反解析)