新秀篇 ##Linux企业级高速缓存DNS配置##
高速缓存DNS:
DNS 服务器可以高速缓存从其他 DNS 服务器收到的 DNS 记录。 也可以在 DNS 客户服务中使用高速缓存,将其作为 DNS 客户端保存在最近的查询过程中得到的信息高速缓存的方法。 总的来说就是提高解析速度。
DNS排错:
它显示来自 DNS 查找的详细信息 , 其中包括为什么查询失败 :
– NOERROR : 查询成功
– NXDOMAIN : DNS 服务器提示不存在这样的名称
– SERVFAIL : DNS 服务器停机或 DNSSEC 响应验证失败
– REFUSED : DNS 服务器拒绝回答 ( 也许是出于访问控制原因 )
高速缓存DNS服务下载与配置
%%在虚拟机:
[root@foundation20 ~]# rht-vmctl view desktop ##记得设定IP:172.25.254.120
[root@foundation20 ~]# ssh [email protected]
[email protected]'s password:
Last login: Sat May 19 03:02:32 2018
[root@localhost ~]# hostnamectl set-hostname dns-server.example.com ##重新命名
[root@localhost ~]# cd /etc/yum.repos.d/ ##配置yum源
[root@localhost yum.repos.d]# ls
rhel_dvd.repo
[root@localhost yum.repos.d]# vim rhel_dvd.repo ##编写yum源文件
%%编辑内容:
# Created by cloud-init on Thu, 10 Jul 2014 22:19:11 +0000
[rhel_dvd]
gpgcheck = 0
enabled = 1
baseurl = http://172.25.254.250/rhel7
name = Remote classroom copy of dvd
[root@localhost yum.repos.d]# yum search dns ##查找DNS安装包
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
=============================== N/S matched: dns ===============================
dnsmasq.x86_64 : A lightweight DHCP/caching DNS server
dnssec-trigger.x86_64 : NetworkManager plugin to update/reconfigure DNSSEC
: resolving
kdenetwork-kdnssd.x86_64 : Kdnssd
ldns.i686 : Low-level DNS(SEC) library with API
ldns.x86_64 : Low-level DNS(SEC) library with API
perl-Net-DNS.x86_64 : DNS resolver modules for Perl
python-dns.noarch : DNS toolkit for Python
bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System)
: server
bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS server,
: named(8)
bind-libs.i686 : Libraries used by the BIND DNS packages
bind-libs.x86_64 : Libraries used by the BIND DNS packages
bind-libs-lite.i686 : Libraries for working with the DNS protocol
bind-libs-lite.x86_64 : Libraries for working with the DNS protocol
bind-license.noarch : License of the BIND DNS suite
bind-utils.x86_64 : Utilities for querying DNS name servers
c-ares.i686 : A library that performs asynchronous DNS operations
c-ares.x86_64 : A library that performs asynchronous DNS operations
seahorse-sharing.x86_64 : Sharing of PGP public keys via DNS-SD and HKP
unbound.x86_64 : Validating, recursive, and caching DNS(SEC) resolver
Name and summary matches only, use "search all" for everything.
[root@localhost yum.repos.d]# yum install bind.x86_64 ##下载DNS安装包
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-14.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bind x86_64 32:9.9.4-14.el7 rhel_dvd 1.8 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Is this ok [y/d/N]: y
Downloading packages:
bind-9.9.4-14.el7.x86_64.rpm | 1.8 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-9.9.4-14.el7.x86_64 1/1
Verifying : 32:bind-9.9.4-14.el7.x86_64 1/1
Installed:
bind.x86_64 32:9.9.4-14.el7
Complete! ##下载成功
[root@localhost yum.repos.d]# rpm -qc bind ##查找DNS服务系统文件
/etc/logrotate.d/named
/etc/named.conf ##DNS系统文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@localhost yum.repos.d]# vim /etc/named.conf ##编写DNS系统文件
@@@@@@@@@@@编辑内容:
11 listen-on port 53 { any; }; ##端口对任何人都可使用
17 allow-query { any; }; ##对任何人
18 forwarders {114.114.114.114;}; ##查找源地址(一般个人电脑运营商提供查找服务)
32 dnssec-validation no; ##不进行网络认证
[root@localhost yum.repos.d]# systemctl restart named ##重启服务
%%%在真机客户端测试:
打开一个真机:
[root@foundation20 ~]# vim /etc/resolv.conf ##配置文件
# Generated by NetworkManager
search ilt.example.com example.com
nameserver 172.25.254.120 ##高速缓存DNS的IP
[root@foundation20 ~]# dig www.baidu.com ##进行测试
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34732
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 223 msec ##用时长
;; SERVER: 172.25.254.120#53(172.25.254.120)
;; WHEN: Sat May 19 15:28:31 CST 2018
;; MSG SIZE rcvd: 42
打开另一台真机:
[root@foundation28 ~]# vim /etc/resolv.conf ##配置文件
# Generated by NetworkManager
search ilt.example.com example.com
nameserver 172.25.254.120 ##高速缓存DNS的IP
[root@foundation28 ~]# dig www.baidu.com ##进行测试
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34732
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 6 msec ##用时短,说明高速缓存DNS上已经有了‘百度’的网站信息
;; SERVER: 172.25.254.120#53(172.25.254.120)
;; WHEN: Sat May 19 15:31:13 CST 2018
;; MSG SIZE rcvd: 42正向解析
[root@localhost yum.repos.d]#vim /etc/named.conf ##编辑配置文件
18 # forwarders {114.114.114.114;};
[root@localhost yum.repos.d]# vim /etc/named.rfc1912.zones
%%%编辑内容:
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
[root@localhost yum.repos.d]# cd /var/named/ ##移动路径
[root@localhost named]# ls ##查看文件内容
data named.ca named.localhost slaves
dynamic named.empty named.loopback
[root@localhost named]# ll
total 16
drwxrwx--- 2 named named 22 May 19 03:14 data
drwxrwx--- 2 named named 58 May 19 04:15 dynamic
-rw-r----- 1 root named 2076 Jan 28 2013 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Jan 29 2014 slaves
[root@localhost named]# cp -p named.localhost westos.com.zone ##把文件name加权限复制到westos中
[root@localhost named]# vim westos.com.zone ##编辑文件
%%%编辑内容:
$TTL 1D
@ IN SOA dns.westos.com. zgd.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.120
hello A 172.25.254.220
kks A 172.25.254.189
[root@localhost named]# systemctl restart named ##重启服务
[root@localhost named]# dig hello.westos.com ##查询hello的地址
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39582
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.111 ##成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.120
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 19 05:00:21 EDT 2018
;; MSG SIZE rcvd: 95正向解析(轮叫机制)
[root@dns-server ~]# systemctl stop firewalld ##关闭火墙
[root@dns-server ~]# systemctl disable firewalld ##开机关闭火墙
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@dns-server ~]# systemctl start named ##开启dns
[root@dns-server ~]# systemctl enable named ##开机开启dns
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
[root@dns-server ~]# cd /var/named ##移动路径
[root@dns-server named]# vim westos.com.zone ##添加新的轮叫机制
%%编辑内容:
$TTL 1D
@ IN SOA dns.westos.com. zgd.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.120
hello A 172.25.254.220
www CNAME node1.westos.com.
node1 A 172.25.254.111
node1 A 172.25.254.121
[root@dns-server named]# systemctl restart named ##重启服务
[root@dns-server named]# dig www.westos.com ##查询地址
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME node1.westos.com.
node1.westos.com. 86400 IN A 172.25.254.111
node1.westos.com. 86400 IN A 172.25.254.121
[root@dns-server named]# dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME node1.westos.com.
node1.westos.com. 86400 IN A 172.25.254.121
node1.westos.com. 86400 IN A 172.25.254.111
注意:dig www.westos.com两次,两次解析到不同的地址反向解析
[root@dns-server named]# vim /etc/named.rfc1912.zones ##编辑文件
%%编辑内容:
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.com.ptr";
allow-update { none; };
};
[root@dns-server named]# cd /var/named ##移动路径
[root@dns-server named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.com.zone
[root@dns-server named]# cp -p named.loopback westos.com.ptr ##带权限复制named.loopback解析模版到westos.com.ptr文件中
[root@dns-server named]# ls
data named.ca named.localhost slaves westos.com.zone
dynamic named.empty named.loopback westos.com.ptr
[root@dns-server named]# vim westos.com.ptr ##编辑文件
%%编辑内容:
$TTL 1D
@ IN SOA dns.westos.com. zgd.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.120
111 PTR www.westos.com.
222 PTR hello.westos.com.
注意:PTR反向解析
[root@dns-server named]# systemctl restart named ##重启服务
[root@dns-server named]# dig -x 172.25.254.111
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37033
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com. ##成功解析
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.120
;; Query time: 0 msec
;; SERVER: 172.25.254.120#53(172.25.254.120)
;; WHEN: Sat May 19 21:07:02 EDT 2018
;; MSG SIZE rcvd: 118
[root@dns-server named]# dig -x 172.25.254.222
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9516
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
222.254.25.172.in-addr.arpa. 86400 IN PTR hello.westos.com. ##成功解析
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.120
;; Query time: 0 msec
;; SERVER: 172.25.254.120#53(172.25.254.120)
;; WHEN: Sat May 19 22:01:07 EDT 2018
;; MSG SIZE rcvd: 120多向解析
[root@dns-server named]# cp -p westos.com.zone westos.com.inter ##带权限复制
[root@dns-server named]# vim westos.com.inter
%%编辑内容:
:%s/172.25.254/192.168.0/g
[root@dns-server named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
[root@dns-server named]# vim /etc/named.rfc1912.inter
%%编辑内容:
22 file "westos.com.inter";
[root@dns-server named]# vim /etc/named.conf
%%编辑内容:
##注释50-58,添加如下:
61 view localnet {
62 match-clients { 172.25.254.120; };
63 zone "." IN{
64 type hint;
65 file "named.ca";
66 };
67 include "/etc/named.rfc1912.zones";
68 };
69
70 view inter {
71 match-clients { any; };
72 zone "." IN{
73 type hint;
74 file "named.ca";
75 };
76 include "/etc/named.rfc1912.inter";
77 };
[root@dns-server named]# systemctl restart named
[root@dns-server named]# vim /etc/resolv.conf
nameserver 172.25.254.120
[root@dns-server named]# dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME node1.westos.com.
node1.westos.com. 86400 IN A 172.25.254.111
node1.westos.com. 86400 IN A 172.25.254.121
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.120
连接另一台主机:
[root@foundation20 ~]# vim /etc/resolv.conf
nameserver 172.25.254.120
[root@foundation20 ~]# dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME node1.westos.com.
node1.westos.com. 86400 IN A 192.168.0.121
node1.westos.com. 86400 IN A 192.168.0.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 192.168.0.120DNS集群
在server虚拟机上:
[root@dns-slave ~]# vim /etc/named.rfc1912.zones ##编辑配置文件
%%编辑内容:
25 zone "westos.com" IN {
26 type slave;
27 masters { 172.25.254.120; };
28 file "slaves/westos.com.zone";
29 allow-update { none; };
30 };
[root@dns-slave ~]# vim /etc/named.conf
%%编辑内容:
11 listen-on port 53 { any; };
17 allow-query { any; };
32 dnssec-validation no;
在desktop虚拟机上:
[root@dns-server named]# vim /etc/named.conf
##将52-59取消注释,将60行后全部注释
[root@dns-server named]# vim /etc/named.rfc1912.inter
%%编辑内容:
24 zone "westos.com" IN {
25 type master;
26 file "westos.com.zone";
27 allow-update { 172.25.254.120; };
28 };
[root@dns-server named]# vim /etc/named.rfc1912.inter
20 zone "westos.com" IN {
21 type master;
22 file "westos.com.zone";
23 allow-update { none; };
24 also-notify { 172.25.254.120; };
25 };
[root@dns-server named]# vim westos.com.zone
第3行 0 ; serial ##每更改一次网段地址就要更改一次数字
[root@dns-server named]# systemctl restart named
[root@dns-server named]# dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME node1.westos.com.
node1.westos.com. 86400 IN A 172.25.254.112
node1.westos.com. 86400 IN A 172.25.254.102
在server虚拟机上:
[root@dns-slave ~]# vim /etc/resolv.conf
%%编辑内容:
nameserver 172.25.254.220
[root@dns-slave ~]# systemctl stop firewalld ##关闭防火墙
[root@dns-slave ~]# dig www.westos.com ##dig解析出来的IP为修改后的IP
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME node1.westos.com.
node1.westos.com. 86400 IN A 172.25.254.102
node1.westos.com. 86400 IN A 172.25.254.112远程更新
[root@localhost named]#cp -p /var/named/westos.com.zone /mnt ##对本地文件进行备份
[root@localhost named]#/etc/named.rfc1912.zones ##更改配置文件
%%编辑内容:
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.220; }; ##允许220主机远程更新
allow-transfer {172.25.254.220;};
also-notify {172.25.254.220;};
};
[root@localhost named]#ll ##查看文件
-rw-r----- 1 root named 229 Apr 26 01:38 westos.com.zone ##此时目录/var/named/中组内用户没有w权限
[root@localhost named]# nsupdate
> server 172.25.254.120
> update delete hello.westos.com
> send
update failed: SERVFAIL ##没有权限无法进行更新
[root@localhost named]# chmod 770 /var/named/ ##修改/var/named/权限
[root@localhost named]# nsupdate
> server 172.25.254.120
> update delete hello.westos.com ##删除
> send
[root@localhost named]# nsupdate
> server 172.25.254.120
> update add hello.westos.com 86400 A 172.25.254.120 ##添加,86400为1天秒数,有效期
> send ##远程主机可以进行更新
生成westos.com.zone.jnl文件,且westos.com.zone被改变
$ORIGIN .
$TTL 86400 ; 1 day
westos.com IN SOA westos.com. root.westos.com. (
42603 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
$ORIGIN westos.com.
dns A 172.25.254.120
hello A 172.25.254.220
www A 172.25.254.101
A 172.25.254.102远程更新加密
**在虚拟机desktop:**
[root@dns-server named]# rm -fr westos.com.zone* ##删除上一个实验建立配置的文件
[root@dns-server named]# cp -p /mnt/westos.com.zone . ##重新带权限复制
[root@dns-server named]# cd /mnt ##移动到/mnt下(实验环境)
[root@dns-server mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos ##生成加密钥匙(-a ##加密方式 -b ##密码大小bits -n ##nametype域名解析)
Kwestos.+157+02732
[root@dns-server mnt]# ls ##查看文件内容
Kwestos.+157+02732.key Kwestos.+157+02732.private westos.com.zone
[root@dns-server mnt]# cp /etc/rndc.key /etc/westos.key -p ##编辑密钥文件
[root@dns-server mnt]# cat Kwestos.+157+02732.key ##查看密钥
westos. IN KEY 512 3 157 wLb7wlj95YfZFUK8nZ1Oqw==
[root@dns-server mnt]# vim /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "wLb7wlj95YfZFUK8nZ1Oqw==";
};
[root@dns-server mnt]# vim /etc/named.conf
43 include "/etc/westos.key"; ##新增密钥文件
[root@dns-server mnt]# vim /etc/named.rfc1912.zones
23 allow-update { key westos; };
[root@dns-server mnt]# systemctl restart named ##重启服务
[root@dns-server mnt]# cd /var/named ##移动路径
[root@dns-server named]# ls
data named.ca named.localhost slaves westos.com.ptr
dynamic named.empty named.loopback westos.com.inter westos.com.zone
[root@dns-server named]# cd /mnt
[root@dns-server mnt]# ls
Kwestos.+157+02732.key Kwestos.+157+02732.private westos.com.zone
[root@dns-server mnt]# scp Kwestos.+157+02732.* [email protected]:/mnt/ ##把密钥文件传送给远程主机
**在虚拟机server:**本地主机重启后,远程主机可以更新dns
[root@dns-slave ~]# cd /mnt
[root@dns-slave mnt]# ls
Kwestos.+157+02732.key Kwestos.+157+02732.private
[root@dns-slave mnt]# nsupdate -k Kwestos.+157+02732.private
> server 172.25.254.120
> update add hello.westos.com 86400 A 172.25.254.169
> send动态域名解析(花生壳)
**在server虚拟机上:**
[root@dns-slave Desktop]# hostnamectl set-hostname linux.westos.com ##修改名称
[root@dns-slave Desktop]# hostname ##查看名称
linux.westos.com
[root@dns-slave Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 ##修改网络为动态
[root@dns-slave Desktop]# systemctl restart network ##重启不起来
[root@dns-slave Desktop]# ifconfig ##显示动态网络IP
在desktop虚拟机上:
[root@dns-server named]# yum install dhcp -y ##安装dhcp服务
[root@dns-server named]# rm -fr westos.com.zone* ##删除文件,还原实验内容
[root@dns-server named]# cp -p /mnt/westos.com.zone .
[root@dns-server named]# systemctl restart named ##重启服务
[root@dns-server ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y ####有覆盖提示,说明文件正确
[root@dns-server ~]# cat /etc/westos.key ##把文件复制到下一个文件内
[root@dns-server ~]# vim /etc/dhcp/dhcpd.conf ##编辑配置文件
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.120; ##destop虚拟机IP
14 ddns-update-style interim;
##删除27.28行,34行后面所有
30 subnet 172.25.254.0 netmask 255.255.255.0 { ##子网、子网掩码
31 range 172.25.254.80 172.25.254.90; ##动态IP网段(自己设置)
32 option routers 172.25.254.120; ##destop虚拟机IP
33 }
34 key westos {
35 algorithm hmac-md5; ##key的加密方式
36 secret wLb7wlj95YfZJ/dxCNgOZQ==; ##key的密码
37 };
38 zone westos.com. {
39 primary 127.0.0.1; ##主机内部回环接口
40 key westos; ##读取的加密文件为westos
41 }
[root@dns-server ~]# systemctl restart dhcpd ##重启dhcpd服务
**在server虚拟机上:**
[root@dns-slave Desktop]# dig linux.westos.com
;; ANSWER SECTION:
linux.westos.com. 300 IN A 172.25.254.86