基于Linux下的DNS域名解析服务
DNS 高速缓存服务:
DNS服务是一项用于管理和解析域名和IP地址对应关系的技术,简单来说就是能够接受用户输入的域名或IP地址,然后自动查询
匹配对应的IP地址或者域名,即将域名解析为IP地址(正向解析),或将IP地址解析为域名(反向解析)。
DNS域名查询方式:
DNS具有递归查询和迭代查询两种方式。所谓递归查询,是指DNS服务器在收到用户发起的请求时,必须向用户返回一个准确
的查询结果。如果DNS服务器本地没有存储与之对应的信息,则该服务器需要询问其他服务器,并将返回的查询结果返回给用户。
而迭代查询是指,DNS服务器在收到用户发起的请求时,并不直接返回查询结果,而是告诉另外一台DNS服务器的地址,用户再向
这台DNS服务器提交请求,这样依次反复直到返回查询结果。
bind服务程序的三大关键性文件:
主配置文件(/etc/named.conf):这些参数用来定义bind服务程序的运行。
区域配置文件(/etc/named.rfc1912.zones):用来保存域名和IP地址对应关系的所在位置。
数据配置文件目录(/var/named):该目录用来保存域名和IP地址真实对应关系的数据配置文件。
高速缓存服务配置:
将Desktop虚拟机作为服务器进行配置:
[root@foundation176 Desktop]# nm-connection-editor 重置server虚拟机之后进来配置IP
[root@foundation176 Desktop]# ifconfig
eth0: flags=4163 mtu 1500
inet 172.25.254.121 netmask 255.255.255.0 broadcast 172.25.254.255
[root@foundation176 Desktop]# cd /etc/yum.repos.d/
[root@foundation176 yum.repos.d]#rm -fr rhel_dvd.repo
[root@foundation176 yum.repos.d]# vim yum.repo 配置yum源
[root@foundation176 yum.repos.d]# yum install bind.x86_64 -y
服务端安装高速缓存服务
[root@foundation176 yum.repos.d]# hostnamectl set-hostname DNS.service.com 更改名字
[root@foundation176 yum.repos.d]# systemctl start named
服务端开启高速缓存服务 systemctl start named
注意:开启服务时,会因为加密字符不够,无法正常开启;敲击键盘或移动鼠标即可
[root@foundation176 yum.repos.d]# systemctl stop firewalld 停止防火墙
[root@foundation176 yum.repos.d]# rpm -qc bind 寻找配置文件
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@foundation176 yum.repos.d]# vim /etc/named.conf
服务端允许任何访问打开,客户端可以进行实验
[root@foundation176 yum.repos.d]# systemctl restart named 重启服务
打开访问限制:
11行修改表示服务器上面的所有IP地址均可提供DNS域名解析服务。
17行修改表示允许所有人对本服务器发送DNS查询请求。
dns服务打开:
服务端安装高速缓存服务:
服务端修改配置文件:
将真机作为客户端进行配置:
[root@foundation21 ~]# vim /etc/resolv.conf 客户端修改DNS配置文件
[root@foundation21 ~]# dig www.163.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.163.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15297
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.163.com. IN A
;; Query time: 13 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sat May 19 15:26:10 CST 2018
;; MSG SIZE rcvd: 40
客户端配置内容,添加服务端的IP进行访问:
客户端修改配置文件:
本地正向解析配置:
[root@dns ~]# vim /etc/resolv.conf 修改dns解析地址
[root@dns ~]# vim /etc/named.conf 修改named服务配置文件,改为本地解析
[root@dns ~]# vim /etc/named.rfc1912.zones 修改配置文件
[root@dns ~]# cd /var/named/
[root@dns named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.com.zone
[root@dns named]# cp -p named.localhost westos.com.zone 新建文件
[root@dns named]# vim westos.com.zone 修改文件
文件内容含义如下图:
[root@dns named]# systemctl restart named 重启dns服务
[root@dns named]# dig hello.westos.com 本机测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58220
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.222
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sat May 19 04:36:02 EDT 2018
;; MSG SIZE rcvd: 95
[root@dns named]# dig dns.westos.com 测试结果与文件中所给的IP一一对应
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> dns.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37216
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.westos.com. IN A
;; ANSWER SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sat May 19 04:36:13 EDT 2018
;; MSG SIZE rcvd: 73
操作演示:
dns解析设置,轮询式域名解析:
[root@dns named]# systemctl start named 开启服务
[root@dns named]# systemctl enable named 开机自启动
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
[root@dns named]# systemctl stop firewalld 关闭防火墙
[root@dns named]# systemctl disable firewalld 开机自动关闭
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@dns named]# vim westos.com.zone 修改配置文件
[root@dns named]# systemctl restart named
[root@dns named]# dig hello.westos.com 本地解析时,域名解析出现轮询式
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> node1.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55400
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;node1.westos.com. IN A
;; ANSWER SECTION:
node1.westos.com. 86400 IN A 172.25.254.222
node1.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sat May 19 05:11:39 EDT 2018
;; MSG SIZE rcvd: 111
[root@dns named]# dig hello.westos.com 轮询时需要等待一点时间
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> node1.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17939
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;node1.westos.com. IN A
;; ANSWER SECTION:
node1.westos.com. 86400 IN A 172.25.254.111
node1.westos.com. 86400 IN A 172.25.254.222
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sat May 19 05:11:44 EDT 2018
;; MSG SIZE rcvd: 111
本地反向解析配置:
[root@dns named]# vim /etc/named.rfc1912.zones 修改配置文件。将IP地址反写。
[root@dns named]# cd /var/named
[root@dns named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.com.inter westos.com.zone
[root@dns named]# cp -p named.loopback westos.com.ptr 新建文件
[root@dns named]# vim westos.com.ptr 修改文件
文件内容:PTR为指针记录,仅用于反向解析
[root@dns named]# systemctl restart named 重启
[root@dns named]# dig -x 172.25.254.111 本机测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26864
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR test.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sun May 20 02:15:08 EDT 2018
;; MSG SIZE rcvd: 119
[root@dns named]# dig -x 172.25.254.112 一一对应与文件内容
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.112
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30506
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;112.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
112.254.25.172.in-addr.arpa. 86400 IN PTR hello.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sun May 20 02:15:16 EDT 2018
;; MSG SIZE rcvd: 120
双向域名解析:
在虚拟机进行配置测试:
[root@dns Desktop]# vim /etc/resolv.conf 编辑配置文件
[root@dns named]# ls
data named.ca named.localhost slaves westos.com.zone
dynamic named.empty named.loopback westos.com.ptr
[root@dns named]# cp -p westos.com.zone westos.com.inter新建文件
[root@dns named]# vim westos.com.inter 修改IP地址
[root@dns named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
新建配置文件
[root@dns named]# vim /etc/named.rfc1912.inter 修改zones
[root@dns named]# vim /etc/named.conf 修改主配置文件
注释掉原来的zones:
新增本地(local)域名解析和其他主机(any)域名解析:
[root@dns named]# systemctl restart named 重启named服务后实验
[root@dns named]# dig www.westos.com 本地域名解析时为自己的网段
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16887
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME node1.westos.com.
node1.westos.com. 86400 IN A 172.25.254.222
node1.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sat May 19 22:44:01 EDT 2018
;; MSG SIZE rcvd: 129
在真机进行测试:
[root@foundation21 ~]# vim /etc/resolv.conf 修改配置文件
[root@foundation21 ~]# dig www.westos.com 其他主机域名解析时是192的网段
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49519
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 192.168.0.101
www.westos.com. 86400 IN A 192.168.0.102
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 192.168.0.108
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sun May 20 10:45:03 CST 2018
;; MSG SIZE rcvd: 109
辅助主机解析:实验前将双向域名解析在主配置注释掉的文件解除注释,将添加的内容注释掉即可。
配置辅助主机:
辅助主机配置IP,yum源,安装bind,打开named服务,关闭防火墙。
[kiosk@foundation21 Desktop]$ ssh [email protected] -X
[root@dns-salve ~]#
[root@dns-salve ~]# yum install bind -y 安装bind服务
[root@dns-salve named]# systemctl start named 开启服务
注意:开启服务时,会因为加密字符不够,无法正常开启;敲击键盘或移动鼠标即可
[root@dns-salve named]# systemctl enable named 开机自启动
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
[root@dns-salve named]# systemctl stop firewalld 关闭防火墙
[root@dns-salve named]# systemctl disable firewalld 开机自动关闭
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
更改名字配置yum源,安装bind服务:
开启服务关闭防火墙:
本地主机:
[root@dns named]# vim /etc/named.conf
解除注释:
注释双向域名解析文件:
[root@dns named]# vim /etc/named.rfc1912.zones 本地主机修改配置文件
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
allow-transfer {172.25.254.221;}; 允许221主机同步
also-notify {172.25.254.221;}; 当文件变更时,通知221主机
};
[root@dns named]# vim westos.com.zone 本地主机修改文件
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
44 ; serial 最后一次修改时间
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.121
hello CNAME www
www A 172.25.254.111
www A 172.25.254.222
[root@dns named]# systemctl restart named 本地主机重启named服务
[root@dns named]# dig hello.westos.com 本地主机测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54291
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.111
www.westos.com. 86400 IN A 172.25.254.222
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sun May 20 01:01:53 EDT 2018
;; MSG SIZE rcvd: 129
[root@dns named]# vim westos.com.zone 改变IP同时改变最后一次修改时间
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
45 ; serial 最后一次修改时间
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.121
hello CNAME www
www A 172.25.254.101
www A 172.25.254.202
[root@dns named]# systemctl restart named 本地主机重启named服务
[root@dns named]# dig hello.westos.com 本地主机进行测试已经有变化
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22943
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.202
www.westos.com. 86400 IN A 172.25.254.101
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sun May 20 01:02:53 EDT 2018
;; MSG SIZE rcvd: 129
辅助主机:
[root@dns-salve ~]# vim /etc/named.conf 辅助主机修改主配置文件
改为任意可以连接:
同样打开dns服务:
[root@dns-salve named]# vim /etc/resolv.conf 辅助主机修改DNS配置文件
[root@dns-salve named]# vim /etc/named.rfc1912.zones 辅助主机修改配置文件
[root@dns-salve named]# systemctl restart named 辅助主机重启named服务
[root@dns-salve named]# dig hello.westos.com 辅助主机第一次测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62192
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.111
www.westos.com. 86400 IN A 172.25.254.222
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.221#53(172.25.254.221)
;; WHEN: Sun May 20 01:02:07 EDT 2018
;; MSG SIZE rcvd: 129
[root@dns-salve named]# dig hello.westos.com 当本地主机更改后辅助主机进行第二次测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4942
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:i
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.101
www.westos.com. 86400 IN A 172.25.254.202
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.221#53(172.25.254.221)
;; WHEN: Sun May 20 01:02:56 EDT 2018
;; MSG SIZE rcvd: 129
远程更新:(在上一个实验基础上面操作)
本地主机:##
[root@dns named]# ls
data named.ca named.localhost slaves westos.com.prt
dynamic named.empty named.loopback westos.com.inter westos.com.zone
[root@dns named]# cp -p westos.com.zone /mnt/ 对本地文件进行备份
[root@dns named]# cd
[root@dns ~]# vim /etc/named.rfc1912.zones 修改本地配置文件
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.84; }; 允许84主机远程更新
also-notify {172.25.254.221;};
};
[root@dns ~]# systemctl restart named
[root@dns ~]# ll -ld /var/named/ 此时目录/var/named/中组内用户没有w权限
drwxr-x--- 5 root named 4096 May 20 01:20 /var/named/
远程主机:
[root@foundation84 ~]# nsupdate
> server 172.25.254.121 添加
> update add test.westos.com 86400 A 172.25.254.111 86400为1天秒数,有效期
> send
> update failed: REFUSED 远程主机无法实现更新
[root@dns ~]# chmod 770 /var/named/ 本地主机修改/var/named/权限
[root@dns ~]# ll -ld /var/named/
drwxrwx--- 5 root named 4096 May 20 01:20 /var/named/
远程主机:
[root@foundation84 ~]# nsupdate
> server 172.25.254.121 添加
> update add test.westos.com 86400 A 172.25.254.111 86400为1天秒数,有效期
> send 远程主机可以实现更新
>
本地主机:
[root@dns ~]# dig test.westos.com 测试可以看到更新
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51459
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com. IN A
;; ANSWER SECTION:
test.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Sun May 20 01:50:09 EDT 2018
;; MSG SIZE rcvd: 94
[root@dns named]# cd /var/named
[root@dns named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter westos.com.zone.jnl
named.ca named.loopback westos.com.prt
[root@dns named]# vim westos.com.zone 生成westos.com.zone.jnl文件,且westos.com.zone被改变 查看文件已经被更改
$ORIGIN .
$TTL 86400 ; 1 day
westos.com IN SOA dns.westos.com. root.westos.com. (
4 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
$ORIGIN westos.com.
dns A 172.25.254.121
hello CNAME www
www A 172.25.254.105
A 172.25.254.205
远程主机:
[root@foundation84 ~]# nsupdate
> server 172.25.254.121
> update delete test.westos.com 删除远程更新
> send
> quit
本地主机:
[root@dns named]# dig test.westos.com 删除远程更新之后测试丢失
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49545
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com. IN A
;; AUTHORITY SECTION:
westos.com. 10800 IN SOA dns.westos.com. root.westos.com. 47 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Tue May 22 01:46:19 EDT 2018
;; MSG SIZE rcvd: 89
本地主机还原文件:
[root@dns named]# rm -fr westos.com.zone* 还原原来的文件内容
[root@dns named]# ll
total 28
drwxrwx--- 2 named named 22 May 19 03:11 data
drwxrwx--- 2 named named 4096 May 20 01:02 dynamic
-rw-r----- 1 root named 2076 Jan 28 2013 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Jan 29 2014 slaves
-rw-r----- 1 root named 279 May 19 22:52 westos.com.inter
-rw-r----- 1 root named 231 May 20 01:20 westos.com.prt
[root@dns named]# cp -p /mnt/westos.com.zone . 将备份还原
[root@dns named]# ll
total 32
drwxrwx--- 2 named named 22 May 19 03:11 data
drwxrwx--- 2 named named 4096 May 20 01:02 dynamic
-rw-r----- 1 root named 2076 Jan 28 2013 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Jan 29 2014 slaves
-rw-r----- 1 root named 279 May 19 22:52 westos.com.inter
-rw-r----- 1 root named 231 May 20 01:20 westos.com.prt
-rw-r----- 1 root named 284 May 20 01:15 westos.com.zone
[root@dns named]# systemctl restart named
辅助主机进行同步查看测试效果:
[root@dns-salve named]# dig test.westos.com 添加之后可以正常看到IP
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29569
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com. IN A
;; ANSWER SECTION:
test.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.221#53(172.25.254.221)
;; WHEN: Sun May 20 01:50:11 EDT 2018
;; MSG SIZE rcvd: 94
[root@dns-salve named]# dig test.westos.com 删除远程更新后无法显示IP
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31443
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com. IN A
;; AUTHORITY SECTION:
westos.com. 10800 IN SOA dns.westos.com. root.westos.com. 4 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.25.254.221#53(172.25.254.221)
;; WHEN: Sun May 20 01:50:48 EDT 2018
;; MSG SIZE rcvd: 89
远程更新加密:(在上一个实验基础操作)
| 参数 | 作用 |
|---|---|
| -a | 指定加密算法,包括RSAMD5(RSA),RSASHAI,DSA,NSEC3RSASHAI,NSEC3DSA等 |
| -b | 指定密钥长度(HMAC-MD5的密钥长度在1-512位之间) |
| -n | 密钥的类型 (HOST表示与主机相关) |
本地主机:
[root@dns ~]# cd /mnt/
[root@dns mnt]# ls
westos.com.zone
[root@dns mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
生成加密钥匙,实验环境为/mnt
-a 加密方式 -b 密码大小bits -n nametype,域名解析
Kwestos.+157+23890
[root@dns mnt]# ls
Kwestos.+157+23890.key Kwestos.+157+23890.private westos.com.zone
[root@dns mnt]# cat Kwestos.+157+23890.key 对称将加密,所以内容相同
westos. IN KEY 512 3 157 qx+h1pSr6F/nxeIdUflx1g== 密钥
[root@dns mnt]# cat Kwestos.+157+23890.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: qx+h1pSr6F/nxeIdUflx1g== 密钥
Bits: AAA=
Created: 20180522061820
Publish: 20180522061820
Activate: 20180522061820
[root@dns mnt]# cp -p /etc/rndc.key /etc/westos.key 编辑密钥文件
[root@dns mnt]# vim /etc/westos.key 编辑密钥文件
[root@dns mnt]# vim /etc/named.conf 修改主配置文件
[root@dns mnt]# vim /etc/named.rfc1912.zones 修改配置文件
[root@dns mnt]# cd /mnt/ 把密钥文件传送给远程主机,实验环境为/mnt
[root@dns mnt]# ls
Kwestos.+157+23890.key Kwestos.+157+23890.private westos.com.zone
[root@dns mnt]# scp Kwestos.+157+23890.* [email protected]:/mnt/
[root@dns mnt]# systemctl restart named 本地主机重启后,远程主机可以更新dns
远程主机:
[root@dns-slave ~]# cd /mnt/ 密钥已经发送成功
[root@dns-slave mnt]# ls
Kwestos.+157+23890.key Kwestos.+157+23890.private
[root@dns-slave mnt]# nsupdate -k Kwestos.+157+23890.private 可以远程更新
> server 172.25.254.121
> udate add hello.westos.com 86400 A 172.25.254.111
incorrect section name: udate
> update add hello.westos.com 86400 A 172.25.254.111
> send
> quit
动态域名解析 :
花生壳是一个动态域名解析软件。
本地主机(服务端)安装dhcp:
[root@dns mnt]# yum install dhcp -y 安装dhcp
[root@dns named]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf 有覆盖提示,说明文件正确
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
[root@dns named]# vim /etc/dhcp/dhcpd.conf 编辑文件
[root@dns named]# systemctl restart dhcpd 重启dhcpd服务
文件内容的更改:
option definitions common to all supported networks...
option domain-name "westos.com"; 域名
option domain-name-servers 172.25.254.121; dns服务器
default-lease-time 600;
max-lease-time 7200;
Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim; dns的更新工作方式
ad-hoc interim none
This is a very basic subnet declaration.
subnet 172.25.254.0 netmask 255.255.255.0 { 子网、子网掩码
range 172.25.254.50 172.25.254.60; IP地址池
option routers 172.25.254.121; 网关
}
key westos {
algorithm hmac-md5; key的加密方式
secret qx+h1pSr6F/nxeIdUflx1g==; key的密码
};
zone westos.com. {
primary 127.0.0.1; 主机内部回环接口
key westos; 读取的加密文件为westos
}
这里配置中的密码使用远程加密的密码即可
远程主机访问dns:(客户端)
客户端的网卡工作模式为dhcp,修改主机名为linux.westos.com。
后缀必须为远程加密使用的名字相同。
[root@linux Desktop]# hostnamectl set-hostname linux.westos.com 更改名字
[root@linux Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 配置动态网络
[root@linux Desktop]# systemctl restart network 重启网络拔掉网线进行测试看是否获取IP成功
[root@linux Desktop]# ifconfig 查看IP获取成功
eth0: flags=4163 mtu 1500
inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe0c:254a prefixlen 64 scopeid 0x20
ether 52:54:00:0c:25:4a txqueuelen 1000 (Ethernet)
RX packets 5990 bytes 8632908 (8.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10946 bytes 729243 (712.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 5617 bytes 502502 (490.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5617 bytes 502502 (490.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@linux Desktop]# dig linux.westos.com dig本机进行测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> linux.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29874
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;linux.westos.com. IN A
;; ANSWER SECTION:
linux.westos.com. 300 IN A 172.25.254.50
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Tue Jul 03 05:24:57 EDT 2018
;; MSG SIZE rcvd: 95
服务端修改地址池进行测试:
[root@dns named]# vim /etc/dhcp/dhcpd.conf 更改文件,也就是更改了IP范围,查看实验效果
[root@dns named]# systemctl restart dhcpd 重启dhcpd服务
客户端进行测试:
[root@linux Desktop]# systemctl restart network 重启网络
[root@linux Desktop]# ifconfig 查看动态获取的IP
eth0: flags=4163 mtu 1500
inet 172.25.254.54 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe0c:254a prefixlen 64 scopeid 0x20
ether 52:54:00:0c:25:4a txqueuelen 1000 (Ethernet)
RX packets 6043 bytes 8637872 (8.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11076 bytes 741113 (723.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 5650 bytes 505474 (493.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5650 bytes 505474 (493.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@linux Desktop]# dig linux.westos.com dig本机进行测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> linux.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57738
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;linux.westos.com. IN A
;; ANSWER SECTION:
linux.westos.com. 300 IN A 172.25.254.54
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.121
;; Query time: 0 msec
;; SERVER: 172.25.254.121#53(172.25.254.121)
;; WHEN: Tue Jul 03 05:26:05 EDT 2018
;; MSG SIZE rcvd: 95
