企业dns服务器搭建(多种解析方式的设置:正向,反向,双向....)
企业dns服务器的搭建
-
- 1.dns 服务器部署
- 2.dns 服务的安装与启用
- 3.高速缓存 dns
- 4.dns 的正向解析 (域名-?ip)
- 5.dns 的反向解析
- 6.dns 的双向解析
- 7.dns 集群
- 8.dns 的更新
- dns 基于 ip 地址的更新:
- dns 基于 key 更新的方式
- 9.ddns(dhcp+dns)
1.dns 服务器部署
1.关于 dns 的名词解释
dns:
domain name service(域名解析服务) #关于客户端:#
域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。DNS使用TCP和UDP端口53。当前,对于每一级域名长度的限制是63个字符,域名总长度则不能超过253个字符。
/etc/resolv.conf ##dns 指向文件
nameserver 172.25.254.20
测试
| host www.westos.com | 地址解析命令 |
|---|---|
| dig www.baidu.com | 地址详细解析信息命令 |
| A 记录 | ip 地址叫做域名的 Address 记录 |
| SOA | 授权起始主机 |
| dns 顶级 | . 13 |
| 次级 | .com .net .edu .org … baidu.com |
关于服务端
| blind | 安装包 |
|---|---|
| named | 服务名称 |
| /etc/nmaed.conf | 主配置目录 |
| /var/named | 数据目录 |
| 53 | 端口 |
关于报错信息
| 1.no servers could be reached | 服务无法访问(服务开启?火墙?网络?(配置网关时=一个能上网的ip)端口?) |
|---|---|
| 2服务启动失败. | 配置文件写错1. journalctl -xe 查询错误2.清空日志,重新启动,查看日志 |
| 3. dig 查询状态 | NOERROR :表示查询成功;REFUSED :服务拒绝访问;SERVFAIL :查询记录失败,(dns 服务器无法到达上级,拒绝缓存);NXDOMAIN :此域名 A 记录在 dns 中不存在 |
2.dns 服务的安装与启用
客户主机ip:172.25.254.17
#安装# dnf search bind
[root@localhost Desktop]# dnf install bind.x86_64 -y
#启用#
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
编辑主配置文件
vim /etc/named.conf
11 listen-on port 53 { any; }; ##在本地所有网络接口上开启 53 端口
19 allow-query { any; }; ##允许查询 A 记录的客户端列表
34 dnssec-validation no; ##禁用 dns 检测使 dns 能够缓存外部信息到本纪
systemctl restart named
客户端测试
客户端 虚拟机,上网,直接把网关改为老师的ip 172.25.254.250
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0
TYPE=Ethernet
BOOTPROTO=none
PREFIX=24
NAME=enp1s0
IPADDR=172.25.254.177
GATEWAY=172.25.254.250
DNS1=114.114.114.114
DEVICE=enp1s0
ONBOOT=yes
[root@localhost ~]# vim /etc/resolv.conf
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
me/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' '/home/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png'
nameserver 172.25.254.17 ###### 服务端主机的ip
[root@localhost ~]#
[root@localhost ~]# dig www.baidu.com ###### 有解析
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2518
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7c3cba0da4e99359c026cedf5f2d095d3cfb50466cec85b2 (good)
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 741 IN CNAME www.a.shifen.com.
www.a.shifen.com. 36 IN A 14.215.177.39
www.a.shifen.com. 36 IN A 14.215.177.38
;; AUTHORITY SECTION:
. 241 IN NS e.root-servers.net.
. 241 IN NS g.root-servers.net.
. 241 IN NS c.root-servers.net.
. 241 IN NS m.root-servers.net.
. 241 IN NS j.root-servers.net.
. 241 IN NS d.root-servers.net.
. 241 IN NS k.root-servers.net.
. 241 IN NS i.root-servers.net.
. 241 IN NS a.root-servers.net.
. 241 IN NS b.root-servers.net.
. 241 IN NS l.root-servers.net.
. 241 IN NS f.root-servers.net.
. 241 IN NS h.root-servers.net.
;; Query time: 202 msec ###第一次解析时间长
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Fri Aug 07 15:57:16 CST 2020
;; MSG SIZE rcvd: 340
[root@localhost ~]# dig www.baidu.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9865
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 64ff136ed8f882fe818d26ad5f2d095f8c3d76f3c03600ed (good)
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 739 IN CNAME www.a.shifen.com.
www.a.shifen.com. 34 IN A 14.215.177.38
www.a.shifen.com. 34 IN A 14.215.177.39
;; AUTHORITY SECTION:
. 239 IN NS i.root-servers.net.
. 239 IN NS b.root-servers.net.
. 239 IN NS h.root-servers.net.
. 239 IN NS a.root-servers.net.
. 239 IN NS m.root-servers.net.
. 239 IN NS g.root-servers.net.
. 239 IN NS f.root-servers.net.
. 239 IN NS l.root-servers.net.
. 239 IN NS d.root-dservers.net.
. 239 IN NS j.root-servers.net.
. 239 IN NS k.root-servers.net.
. 239 IN NS e.root-servers.net.
. 239 IN NS c.root-servers.net.
;; Query time: 0 msec #### 第二次时间快,因为第一次已经完成解析,有缓存数据
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Fri Aug 07 15:57:19 CST 2020
;; MSG SIZE rcvd: 340
3.高速缓存 dns
20 forwarders { 114.114.114.114; };
4.dns 的正向解析 (域名-?ip)
域名解析
根域名服务器知道所有顶级域名的域名服务器,对应于每个顶级域名,它都有两条资源记录:一条是NS资源记录,域名字段是该顶级域名,值字段是该顶级域名解析的域名服务器的域名;另一条是A资源记录,用来指明该域名服务器的域名对应的IP地址。综合使用这两条记录,就可以知道对该域下的某个域名解析,应该继续去哪个IP地址的域名服务器寻找。第二层的域名服务器类似地存放各个第三层域名服务器的指针。第三层的域名服务器会出现A、CNAME、MX等类型的资源记录。每个域名服务器都有根域名服务器的地址记录。
最后,一个需要域名解析的用户先将该解析请求发往本地的域名服务器。如果本地的域名服务器能够解析,则直接得到结果,否则本地的域名服务器将向根域名服务器发送请求。依据根域名服务器返回的指针再查询下一层的域名服务器,依此类推,最后得到所要解析域名的IP地址。(来自百度百科)
dns A 192.168.0.20
www CNAME westos.a.westos.com. ##规范域名
westos.a A 192.168.0.111 ##正向解析记录
westos.a A 192.168.0.112
westos.com. MX 1 192.168.0.20. ##邮件解析记录
systemctl restart named
dig www.westos.com #查询正向解析
dig -t mx westos.com #邮件解析记录查询
dns的正向解析
注释掉上个实验中 服务端 172.25.254.17
[root@localhost Desktop]# vim /etc/named.conf
20 forwarders {114.114.114.114;}; 注释
[root@localhost Desktop]# vim /etc/named.rfc1912.zones
[root@localhost Desktop]# cat /etc/named.rfc1912.zones
添加以下内容
zone "westos.com" IN { ##维护的域名
type master; ##当前服务器主dns
file "westos.com.zone"; ##域名A记录文件
allow-update { none; }; ##允许更新主机列表
};
[root@localhost Desktop]# cd /var/named
[root@localhost named]# cp named.localhost westos.com.zone -p ## 复制文件注意权限
[root@localhost named]# vim /var/named/westos.com.zone
[root@localhost Desktop]# cat /var/named/westos.com.zone ip对应域名A记录文件,
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial ##域名版本序列号
1D ; refresh ##刷新时间(辅助dns)
1H ; retry ##重试时间(辅助dns)
1W ; expire ##过期时间(辅助dns,查询失败,过期停止对辅助域名的应答)
3H ) ; minimum
NS dns.westos.com
dns A 172.25.254.17 ##正向解析记录
www A 172.25.254.111
bbs CNAME bss.a.westos.com.
bss.a A 172.25.254.111
bss.a A 172.25.254.222
westos.com. MX 1 127.0.0.1.
##############################(文件中不带点,自动补齐westos.com)
客户端检测
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
me/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' '/home/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png'
nameserver 172.25.254.17 #### 服务端主机 ip
[root@localhost ~]# dig www.westos.com ##### 查询正向解析
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44868
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4431c5666adcd969d5d4403c5f2d162875bb49355fae5d4c (good)
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 3600 IN A 103.224.182.230
;; AUTHORITY SECTION:
westos.com. 172799 IN NS 421.ns1.above.com.
westos.com. 172799 IN NS 421.ns2.above.com.
;; ADDITIONAL SECTION:
421.ns1.above.com. 172799 IN A 103.224.182.5
421.ns1.above.com. 172799 IN A 103.224.212.5
421.ns2.above.com. 172799 IN A 103.224.212.6
421.ns2.above.com. 172799 IN A 103.224.182.6
;; Query time: 1785 msec
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Fri Aug 07 16:51:51 CST 2020
;; MSG SIZE rcvd: 201
邮件解析记录查询
[root@lzy Desktop]# dig -t mx westos.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8760
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 412253f8a76ef16ed1a44b335f2f99bce1b1373d33ba5c7f (good)
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 127.0.0.1.
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.17
;; Query time: 15 msec
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Sun Aug 09 02:37:47 EDT 2020
;; MSG SIZE rcvd: 126
5.dns 的反向解析
域名反解
域名反解是指给出一个IP地址,找出其对应的域名,这也是利用DNS来实现的。举个例子,假设一个要反解的IP地址为202.120.225.9,系统将其改写为9.225.120.202. in-addr.arpa,然后按域名解析的方式查询。这需要在被查询主机的本地域名服务器上有一条对应于9.225.120.202.in-addr.arpa的资源记录,类型是PTR,值是其域名。(来自百度百科)
服务端
1.vim /etc/named.rfc1912.zones ###添加如下内容
zone "254.25.172in-addr.arpa" IN { ######主机的IP是172.25.254.17 在172.25.254网段
type master;
file "172.25.254ptr";
allow-update { none; };
};
2.cd /var/named/
cp -p named.loopback 172.25.254.ptr ########配置指定的A记录文件进行解析
#####进行复制的时候一定要加-p,权限影响
vim 172.25.254.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. ( 0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.0.20
11 PTR www.westos.com.
12 PTR bbs.westos.com.
13 PTR news.westos.com
systemctl restart named
测试:dig -x 172.25.254.17
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
me/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' '/home/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png'
nameserver 172.25.254.17 ####设定为服务端的ip
6.dns 的双向解析
https://blog.csdn.net/ninimino/article/details/110878965
7.dns 集群
主dns,辅dns,主dns通过搭建named服务,辅dns通过配置named服务。与主dns同步解析信息,将主dns的解析信息传给自己。把自己当作一个解析客户端。
主 dns:ip:192.168.3.11
1.vim /etc/named.rfc1912.zone ------->
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
also-notify { 192.168.3.22; }; ##主动通知的辅助 dns 主机
};
2.vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
增量加-----> 2; serial ##每次修改 A 记录文件需要
1D ; refresh ##变更此参数的值
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.3.11
www A 192.168.3.16 ###正向解析记录
3.cat /etc/resolv.conf
nameserver 192.168.3.11
辅助dns:ip:172.25.254.117
1.dnf install bind -y ###安装named.service 服务
2.firewall-cmd --add-service=dns
3.vim /etc/named.conf ###跟之前的主dns的基本配置方式一致
listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;
4.vim /etc/named.rfc1912.zone 按照以下方式编辑文件
zone “westos.com” IN {
type slave; ##dns 状态位辅助 dns
masters { 192.168.3.11; }; ##主 dns
file “slaves/westos.com.zone”; ##同步数据文件
};
systemctl restart named
- cat /etc/resolv.conf
nameserver 192.168.3.22 ##自己的ip,辅助的dns 主机ip
辅助dns的dig www.westos.com时,解析到的ip与主dns的A记录中的内容一致,但主dns的A记录发生改变时,其解析到的IP依然不变,只有2020031402 ; serial ##每次修改 A 记录文件需要 修改时,才能通知到辅助dns,其解析到的ip才会随主dns的A记录改变而改变。
主dns
[root@localhost named]# cat /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.3.11
www A 192.168.3.15
辅dns
当主dns的A记录文件中,只改IP时
[root@localhost named]# cat /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.3.11
www A 192.168.3.16
辅助dns还是显示之前的缓存信息
只由serial之前的值发生改变时,才能同步更新改变解析信息
主dns的A记录文件
[root@localhost named]# cat /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
1; serial ##值改变
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.3.11
www A 192.168.3.16 ##ip改变
8.dns 的更新
dns 基于 ip 地址的更新:
在 dns 中设定:
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { 172.25.254.117; }; ##允许指定客户端更新 westos.com 域
also-notify { 172.25.254.117; };
};
测试:
在 172.25.254.117
[root@localhost~]# nsupdate
server 172.25.254.17
update add hello.westos.com 86400 A 172.25.254.17##新曾 A 记录
send
update delete hello.westos.com ##删除 A 记录
send
dns 基于 key 更新的方式
:(如果允许任何人随意更新,新增A记录,则存在风险,)
生成钥匙 真机中
虚拟机中
[root@localhost named]# dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westoskey ###生成密钥
Kwestoskey.+163+19726
[root@localhost named]# pwd
/var/named
[root@localhost named]# cp /etc/rndc.key /etc/westos.key -p
[root@localhost named]# cat Kwestoskey.+163+19726.key
westoskey. IN KEY 512 3 163 nxdgGTWcIZYSxrHlxv9lXA==
[root@localhost named]# vim /etc/westos.key
key “westoskey” {
algorithm hmac-sha256;
secret " nxdgGTWcIZYSxrHlxv9lXA==";
};
[root@localhost named]# vim /etc/named.conf
[root@localhost mnt]# cat /etc/named.conf
include “/etc/westos.key”; ##加上此行内容
[root@localhost named]# systemctl restart named
[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost mnt]# cat /etc/named.rfc1912.zones (需要修改的部分)
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { key westoskey; }; 允许有密钥客户端更新 westos 域
also-notify {172.25.254.117;};
};
[root@localhost named]# systemctl restart named ###重启服务
[root@localhost named]# cp /var/named/Kwestoskey.+163+19726.* /mnt -p 为了方便复制文件,放到/mnt/
[root@localhost named]# cd /mnt
[root@localhost mnt]# ls
Kwestoskey.+163+19726.key Kwestoskey.+163+19726.private
[root@localhost mnt]# scp /mnt/* [email protected]:/mnt 将密钥传输到客户端主机中。
The authenticity of host ‘172.25.254.117 (172.25.254.117)’ can’t be established.
ECDSA key fingerprint is SHA256:v7kSZzGx/kilKfJgwQGbxpRxl5KeVBJ0EFVQoC1CIao.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added ‘172.25.254.117’ (ECDSA) to the list of known hosts.
[email protected]’s password:
Kwestoskey.+163+19726.key 100% 53 93.4KB/s 00:00
Kwestoskey.+163+19726.private 100% 168 389.3KB/s 00:00
客户端
[root@localhost named]# cd /mnt
[root@localhost mnt]# ls
Kwestoskey.+163+19726.key Kwestoskey.+163+19726.private ###允许更新wetos域的钥匙
[root@localhost mnt]# ll
total 8
-rw------- 1 root root 53 Aug 8 04:20 Kwestoskey.+163+19726.key
-rw------- 1 root root 168 Aug 8 04:20 Kwestoskey.+163+19726.private
[root@localhost mnt]# nsupdate -k Kwestoskey.+163+19726.private ##用所得到的钥匙去更新A记录,没有钥匙的用户依然被拒绝。
> server 172.25.254.17
> update add hello.westos.com 86400 A 172.25.254.111
> send
> quit
结果;服务端主机中
[root@localhost mnt]# dig hello.westos.com 查看是否能解析,解析成功则证实密码破解,这条A记录发送成功
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60208
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 77c5297ff850995cece77db75f2e610e8537536712b88fa4 (good)
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.17
;; Query time: 0 msec
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Sat Aug 08 16:23:42 CST 2020
;; MSG SIZE rcvd: 123
9.ddns(dhcp+dns)
https://editor.csdn.net/md/?articleId=110938363
动态域名解析(Dynamic DNS,简称DDNS)是把互联网域名指向可变IP地址的系统。DNS只是提供了域名和IP地址之间的静态对应关系,当IP地址发生变化时,DNS无法动态的更新域名和IP地址之间的对应关系,从而导致访问失败。但是DDNS系统是将用户的动态IP地址映射到一个固定的域名解析服务上,用户每次连接网络时,客户端程序通过信息传递把该主机的动态IP地址传送给位于服务商主机上的服务器程序,实现动态域名解析。DDNS用来动态更新DNS服务器上域名和IP地址之间的对应关系,从而保证通过域名访问到正确的IP地址。很多机构都提供了DDNS服务,在后台运行并且每隔数分钟来检查电脑的IP地址,如果IP发生变更,就会向DNS服务器发送更新IP地址的请求
客户端配置dhcpd服务,修改主配置文件
dnf instsall dhcp-server -y
[root@localhost Desktop]# cat /mnt/Kwestoskey.+163+19726.private
Private-key-format: v1.3
Algorithm: 163 (HMAC_SHA256)
Key: nxdgGTWcIZYSxrHlxv9lXA==
Bits: AAA=
Created: 20200808080421
Publish: 20200808080421
Activate: 20200808080421
[root@localhost mnt]# cat /etc/dhcp/dhcpd.conf 如下方式配置dhcpd服务
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "westos.com";
option domain-name-servers 172.25.254.17;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
subnet 172.25.254.0 netmask 255.255.255.0{
range 172.25.254.101 172.25.254.200;
option routers 172.25.254.250;
# next-server 172.25.254.17;
# filename "pxelinux.0";
}
key westoskey{
algorithm hmac-sha256;
secret nxdgGTWcIZYSxrHlxv9lXA==;
};
zone westos.com. {
primary 127.0.0.1;
key westoskey;
}
################################A记录文件
[root@localhost named]# cat /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.17
www A 172.25.254.113
bbs CNAME bss.a.westos.com.
bss.a A 172.25.254.111
bss.a A 172.25.254.222
westos.com. MX 1 127.0.0.1.
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westoskey; }; ############更新的时候需要密钥
also-notify {172.25.254.117;};
};
dns 的 key 更新 测试: 1.设定测试主机网络工作方式为 dhcp 2.设定主机名称 test.westos.com 3.重启网络 4.dig test.westos.com 可以得到正确解析
虚拟机中
[root@news network-scripts]# cat ifcfg-enp1s0
TYPE=Ethernet
BOOTPROTO=dhcp ##动态获取IP的方式
IPADDR=172.25.254.117
PREFIX=24
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
测试ip的时候拔掉网线
[root@news network-scripts]# nmcli connection reload
[root@news network-scripts]# nmcli connection down enp1s0
Connection 'enp1s0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@news network-scripts]# nmcli connection up enp1s0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@news network-scripts]# ip addr show enp1s0
2: enp1s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:d5:15:ce brd ff:ff:ff:ff:ff:ff
inet 172.25.254.130/24 brd 172.25.254.255 scope global dynamic noprefixroute enp1s0
valid_lft 523sec preferred_lft 523sec
inet 172.25.254.117/24 brd 172.25.254.255 scope global secondary noprefixroute enp1s0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fed5:15ce/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@news network-scripts]# cat /etc/resolv.conf
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.17 ####真机的ip :服务端
hostname ---->news.westos.com
最终测试结果
[root@news network-scripts]# dig news.westos.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> news.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65483
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b8e8958e32d7ca3a1b0cfecc5f2e6d0dc7437b4c150cf022 (good)
;; QUESTION SECTION:
;news.westos.com. IN A
;; ANSWER SECTION:
news.westos.com. 300 IN A 172.25.254.130
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.17
;; Query time: 0 msec
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Sat Aug 08 05:14:52 EDT 2020
;; MSG SIZE rcvd: 122