DNS相关配置
dig -t NS|MX|A NAME
dig -x IP 反向解析
IXFR增量区域传送
AXFT完全区域传送
dig -t IXFR=2013040202 mageedu.com (做这个之前需要更改对区域数据进行增加一条数据和更改计数)
dig -t axfr mageedu.com
allow-recursion { };允许递归的客户端
allow-query { };允许查询的客户端
allow-transfer { };允许传送的客户端
/etc/named.conf 可以使用configtest测试
/etc/rndc.key秘钥文件
/etc/rndc.conf配置文件
/var/named/区域数据文件,需要创建
named-checkconf
named-checkzone
dig 客户端工具
dig -t NS.获取根域服务器(必须能上网)
53/udp
53/tcp 从服务器同步数据时使用tcp协议53端口
953/tcp,rndc
区域定义:
zone "ZONE NAME" IN {
type master|slave|hint|forward;
};
若是主区域还需要配置:
file "区域数据文件";
若是从区域:
file "区域数据文件";
masters {masters1_ip;};
netstat -utnpl
首先安装bind文件
yum install bind
DNS的简单设定
Yum install bind -y
1. 端口号的查询
[root@student116 ~]# netstat -antlpe | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 40524 2422/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 40519 2422/named
tcp6 0 0 ::1:953 :::* LISTEN 25 40525 2422/named
tcp6 0 0 ::1:53 :::* LISTEN 25 40521 2422/named
2.systemctl start named
3.vim /etc/named.conf
修改下列:
listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;
添加--> forwarders {172.25.254.250;}; #能连接到外网的ip地址
例:dig www.baidu.com
#################客户端###################
1.vim /etc/resolv.com
nameserver 172.25.254.139 ######使其指向提供服务的dns服务器
2.dig www.baidu.com ######会看到139主机提供解析
##################DNS相关实验#####################################
服务器ip:172.25.39.10
172.25.254.139
客户端ip:172.25.39.11
DNS正向解析
在之前的步骤完成后
1.vim /etc/named.rfc1912.zones
2.复制6行并修改:
zone "westos.com" IN {
type master;
file "westos.com.zone"; ######自己维护的域###
allow-update { none; };
};
3.cd /var/named
4.cp -p named.localhost westos.com.zone
5.vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root. ( ######和自己维护的域相同
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com. ####和自己维护的域相同
dns A 172.25.254.139 ####dns域名
www A 172.25.254.1 ####随意
6.systemctl restart named
.在客户端 dig www.westos.com
结果:
[root@student16 kiosk]# dig www.westos.com
#################################################
1.修改:
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.139
www CNAME bbs.westos.com. ###########修改部分
bbs A 172.25.254.111 ###########修改部分
bbs A 172.25.254.112 ###########修改部分
2.在客户端dig www.westos.com
DNS的反向解析
1.vim /etc/named.rfc1912.zones
增加内容
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.comNaNr";
allow-update { none; };
};
2.创建westos.com文件
1.cd /var/named/
2.cp -p wetos.com.zone westos.com.ptr
3.vim westos.com.ptr
修改如下:
$TTL 1D
@ IN SOA dns.westos.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.139
199 PTR www.westos.com.
234 PTR bbs.westos.com.
2.systemctl resatrt named
############################在客户端验证################################
1.dig -x 172.25.39.199
DNS双向解析(内外网的不同解析)
1.vim /etc/named.conf
注释以下内容
并加入如下内容:
view localhost {
match-clients {localhost;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet {
match-clients { any;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1913.zones";
};
2.cd /etc/named/
3. cp -p named.rfc1912.zones named.rfc1912.zones.inter
4.vim named.rfc1912.zones.inter
增加内容:
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
5.systemctl restart named
建立westos.com.inter文件:
1.cd /var/named
2.cp -ap westos.com.zone westos.com.inter
3.vim westos.com.inter #########
修改如下:
$TTL 1D
@ IN SOA dns.westos.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.39.139
www A 192.168.1.1 #########此处添加要访问的外网地址###
4.systemctl restart named
###########################验证结果####################
注意将服务器本身的dns指向自己;客户端的dns指向服务器
1.在服务器本身:
dig www.westos.com 结果为:172.25.254.*
2.在客户端为:
dig www.westos.com 结果为:192.168.1.*
DNS集群
#################从服务器的设定#################
主服务器:10(desktop) ---> "master"; 辅助服务器:11(server) --> slave
1.安装dns服务:
2.systemctl restart named;systmectl stop firewalld
3.vim /etc/resolv.conf ---> nameserver 172.25.39.11 ;改为自己的ip;
4.修改从服务器的配置:
vim /etc/named.conf
修改:listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;
5.vim /etc/named.rfc1912.zones
复制并修改:
zone "westos.com" IN { ##########维护的域要相同
type slave;
masters {172.25.39.10;}; ##########指向10,说明10是他的主服
file "slaves/westos.com.zone"; ##########指出路径
allow-update { none; };
};
6.systemctl restart named
7.dig www.westos.com ###查看内容
######主服务器的配置修改##################################
1.vim /etc/named.rfc1913.zone
修改并添加:
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
allow-transfer {172.25.39.11;}; ########添加上辅助dns服务器的ip;
also-notify {172.25.39.11;};
};
2.systemctl restart named;
systemctl stop firewalld;
3.修改 /var/named/westos.com.zone
从 bbs A 172.25.254.222 ---> 172.25.254.255 时 ,要注意每次修改 " 2016251601" ; serial
改变一次解析地址,改变一次serial,保存退出,刷新后在从服务器上dig www.westos.com 时会看到新的已更改的ip地址。
DNS更新
#########################主服务器部分######################
1.vim /etc/named.rfc1913.com.zone
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.39.11;}; ##将 none --> 指定更新的从服务器的ip()172.25.254.11;
allow-transfer {172.25.39.11;};
also-notify {172.25.39.11;};
};
2.cd /var/named
3.getsebool -a | grep named
[root@foundation116 doc]# getsebool -a | grep named
named_tcp_bind_http_port --> off
named_write_master_zones --> on
4.setsebool -P named_write_master_zones on
5.cd /var/named ;
ll -d ;
chmod g+w /var/named
6.cp -p westos.com.zone /mnt/ ##备份,为后续实验准备,因为从服务器更新会改变该文件内容
####################主服务器配置完成##########
#########从服务器的改变####################
向主服务器申请更新主服务器的dns的域名和ip;
服务器的dns的域名和ip就是其他从服务器的dns的域名
和ip;因为他们是集群关系!
更新完毕之后可在主服务器的 /var/named/westos.com.zone; 中发现:会有从服务器更新的dns域名和ip;
实验:
先删除www.westos.com
然后dig www.westos.com测试,则不会显示域名和ip
添加
1.[root@slave mnt]# nsupdate
> server 172.25.39.10 ##########主服务器的ip
> update add test.westos.com 86400 A 172.25.39.111 ##########新的dns域名和ip
> send ##########发送命令
> quit ##########推出
2.dig test.westos.com
[root@slave mnt]# dig test.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com.INA
;; ANSWER SECTION:
test.westos.com.86400INA172.25.39.111 #######自己申请的域名和ip(test.westos.com;172.25.39.111)
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172,25,44.10
;; Query time: 1 msec
;; SERVER: 172.25.39.10#53(172.25.39.10)
;; WHEN: Sat Aug 15 11:33:09 CST 2015
;; MSG SIZE rcvd: 94
3.此为验证成功!
4.可在主服务器的 /var/named/westos.com.zone 中查看更新的dns的域名和ip;
DNS的加密更新
####################主服务器配置########################
1.rm -fr /var/named/westos.com.zone ;westos.com.inter,jnl;
2.cp -p /mnt/westos.com.zone /var/named/
3.cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "F1qtiCvSQ+itJqgSdG5uqw==";
};
4. cd /mnt
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
###生成加密密码########
5.[root@foundation116 mnt]# cat Kwestos.+157+25331.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: QJL7Jx0/H6UGu/H2iI9jdg== ###########对密码:QJL7Jx0/H6UGu/H2iI9jdg== ##进行复制
Bits: AAA=:
Created: 20150815071748
Publish: 20150815071748
Activate: 20150815071748
6.cp -p /etc/rndc.key /etc/westos.key
7.vim /etc/westos.key
key "westos" { #######改名字#####
algorithm hmac-md5;
secret "QJL7Jx0/H6UGu/H2iI9jdg=="; ####粘贴之前复制的密码
};
8.vim /etc/named.conf
添加: dnssec-enable yes;
dnssec-validation no;
dnssec-lookaside auto;vim
forwarders {172.25.254.250;};
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
include "/etc/westos.key"; #########添加的语句###
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
9.vim /etc/named.rfc1913.zones
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { key westos; }; ########修改为key westos ;
allow-transfer {172.25.39.11;};
also-notify {172.25.39.11;};
10.systemctl restart named
11.cd /mnt;
scp Kwestos.+157+41687.* [email protected]:/mnt
###############从服务器################
1.cd /mnt
2.[root@slave mnt]# nsupdate -k Kwestos.+157+53788.private
> server 172.25.254.139 ##主服务器ip
> update add test.westos.com 86400 A 172.25.254.123 ###新的域名和ip
> send
> quit
[root@slave mnt]# dig test.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9145
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com.INA
;; ANSWER SECTION:
test.westos.com.86400INA172.25.254.123
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA192.168.1.1
;; Query time: 1 msec
;; SERVER: 172.25.254.116#53(172.25.254.116)
;; WHEN: Sat Aug 15 16:03:05 CST 2015
;; MSG SIZE rcvd: 94
###################验证完毕#####################
DNS动态解析(ddns)
#####主服务器配置##############
基于dns加密更新配置的基础上
配置DHCP服务
yum install dhcp -y
systemctl stop firewalld
systemctl start dhcpd
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
删除37行以下,并删除27行,然后做以下配置的编写
7 option dimian-name "westos.com"; ##要填写的本机域名
8 option dimian-name-severs 172.25.254.139 ###dns地址
增加语句:ddns-update-style interim
30 subnet 172.25.39.0 netmask 255.255.255.0 ##网段和子网掩码
31 range 172.25.39.100 172.25.39.150 ###dhcp分配ip的范围
32 option routers 172.25.254.139 #网关
密码信息就是生成的密码文件中的信息,不要写错
zone 后面的名字就是在dns配置文件中写入的,域名
cd /var/named
rm -fr westos.com.zone westos.com.zone.jnl ##删除原来的zone配置文件
cp -p /mnt/westos.com.zone . ####将之前备份的/westos.com.zone复制到当前位置。或者重新写一个westos.com.zone
systemc restart named
systemctl retstart dhcpd.service
#############从服务器##############
systemctl stop firewalld
将ip改成动态获取
vim /etc/sysconfig/network-script/eth0
更改配置后
systemctl restart network
ifconfig
vim /etc/resolv.comf
确认dns指向服务器的ip
并且域名必须与主服务器一置(本实验域名为westos.com)
域名不一致则需更改主机名(hostnamectl set-hostname client.westos.com)
sysetmctl restart named
dig client.westos.com 测试
取此时解析的ip则为当前客户主机所获的动态ip
本次所有实验在更改完配置文件后一定要重启服务。