Linux DNS赛题配置

主DNS服务部署

yum -y install bind bind-chroot bind-utils
systemctl start named    //开启named
systemctl enable named   //开机自启动
ss -tnl |grep 53   //查看端口是否正常启动
vim /etc/named.conf     //编辑全局配置文件
	listen-on port 53 {any;};    //监听所有
	allow-query	{any;}//允许所有用户查询
vim /etc/named.rfc1912.zone     //默认区域配置文件,可以自行修改
    zone "sdskills.net"	IN {
        type master;
        file "sdskills.net.zone";
        allow-update {none;};
    };
	 zone "0.168.192.in-addr.arpa"	IN {
        type master;
        file "0.168.192.zone";
        allow-update {none;};
    };
cp -p /var/named/named.localhost /var/named/sdskills.net.zone   //复制正向区域模板
vim /var/named/sdskills.net.zone
    $TTL 1D
	@       IN SOA  @ root.sdskills.net. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
    @  		IN	 NS      Server01.sdskills.net.
	Server01   IN     A       192.168.0.2
	www   IN  A       192.168.0.7

systemctl restart named   //重启服务
cp -p /var/named/named.loopback /var/named/0.168.192.zone   //复制反向区域模板
vim /var/named/0.168.192.zone
    $TTL 1D
	@       IN SOA  @ root.sdskills.net. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
	@       IN      NS      Server01.sdskills.net.
	2       IN      PTR     Server01.sdskills.net.
	2       IN      PTR     www.sdskills.net.

客户端查看

cat /etc/resolv.conf   
    search sdskills.net
    nameserver 192.168.0.2

委派DNS服务器部署

主DNS服务器

vim /etc/named.conf
    #dnssec-enable yes;           //注释掉以下三行
    #dnssec-validation yes;
    #include "/etc/named.root.key";

委派服务器

yum -y install bind bind-chroot bind-utils
systemctl restart named
systemctl enable named
vim /etc/named.conf
    listen-on port 53 {any;};    //监听所有
	allow-query	{any;}//允许所有用户查询
vim /etc/named.rfc1912.zone     //默认区域配置文件,可以自行修改
    zone "skills.net"	IN {
        type master;
        file "skills.net.zone";
        allow-update {none;};
    };
cp -p /var/named/named.localhost /var/named/sdskills.net.zone   //复制正向区域模板
vim /var/named/skills.net.zone
    $TTL 1D
	@       IN SOA  @ root.skills.net. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
       	 NS      Server02.skills.net.
	Server02        A       192.168.0.7
	www     A       192.168.0.10

在委派DNS上创建辅助DNS

vim /etc/named.rfc1912.zones
    zone "sdskills.net"	IN {
        type slave;
        file "slaves/sdskills.net.zone";
        masters {192.168.0.2;};
    };
systemctl restart named
systemctl status named   //查看状态
ll /var/named/slaves   //查看是否由在主DNS服务器上复制到的文件

比赛

安装DNS相关服务软件;
建立sdskills.org域,为所有除Internet区域的主机或服务器建立正\反的域名解析;
当出现无法解析的域名时,向域skills.org申请更高层次的解析。

setenforce 0
systemctl stop firewalld    //关闭防火墙
yum -y install bind    //安装DNS服务
vim /etc/named.conf
	listen-on port 53 {any;};    //监听所有
	allow-query	{any;}//允许所有用户查询
	forwarders {192.168.10.4;};     //向192.168.10.4域转发申请解析
	recursion yes;  //开启递归,向更高域申请请求

    dnssec-enable no;   //不认证
    dnssec-validation no;

	
	#zone "." IN {   //把本地根域去掉
	#       type hint;
	#       file "named.ca";
	#};

	#include "/etc/named.rfc1912.zones"; //可以把区域配置写下面,那样就不需要在这个文件上配置了
	include "/etc/named.root.key";

	zone "sdskills.com" IN {
        type master;
        file "sdskills.com.zone";
	};

	zone "100.16.172.in-addr.arpa" IN {
        type master;
        file "100.16.172.zone";
	};

vim /etc/named.rfc1912.zones    //默认区域配置文件,可以自行修改   
	zone "sdskills.org" IN {           //正向解析域
        type master;
        file "sdskills.org.zone";
        allow-update { none;};
	};

	zone "100.16.172.in-addr.arpa" IN {   //反向解析域
        type master;
        file "100.16.172.zone";
        allow-update { none;};
	};
cd /var/named    //去DNS区域配置文件目录
cp -p named.loopback sdskills.org.zone    //复制模板
cp -p named.loopback 100.16.172.zone
vim sdskills.org.zone     //配置正向解析域
	$TTL 1D
	@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum

	@       IN	    NS      www.sdskills.org.
	@       IN      MX      10      mail
	www     IN      A       172.16.100.201
	ftp     IN      A       172.16.100.202
	mail    IN      A       172.16.100.202    
    imap	IN		A		172.16.100.202
    smtp	IN		A		172.16.100.202
    *.sdskills.org		IN		A		172.16.100.201
vim 100.16.172.zone     //配置反向解析域
    $TTL 1D
	@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum

	@		NS      www.sdskills.org.
	201     IN      PTR     www.sdskills.org.
	202     IN      PTR     ftp.sdskills.org.
	202     IN      PTR     mail.sdskills.org. 
    202		IN		PTR		imap.sdskills.org.
    202		IN		PTR		smtp.sdskills.org.
chmod 777 sdskills.com.zone 172.16.100.zone    //赋予权限,不然internet服务器无法申请本服务器解析
systemctl  restart named    //重启DNS服务

客户端查看

cat /etc/resolv.conf
# Generated by NetworkManager
search sdskills.org
nameserver 172.16.100.201
nameserver 192.168.10.4

UOS比赛

安装DNS相关服务软件包;

为域skills.org提供必要的域名解析;

当非skills.org域的解析时,统一解析到Rserver连接Internet网段的IP地址或Rserver.skills.org。

apt -y install bind9 dnsutils   //安装DNS服务跟DNS调试工具
cd /etc/bind/
    db.127    //反向区域数据库,用于将IP解析为对应的域名
    db.local	//正向区域数据库,用于将域名解析为对于的IP地址
    named.conf.default-zones	//默认区域
    named.conf.local	//用于定义解析域,也可以直接在named.conf中直接划定解析域
    named.conf.options   //配置文件,全局选项配置
    named.conf    //Bind的主配置文件,不包含DNS数据

定义解析域

vim named.conf.local
    zone "." {        //根域
        type master;
        file "/etc/bind/root.zone";
	};


	zone "skills.org" {     //正向解析域
		type master;
		file "/etc/bind/skills.org.zone";
	};

	zone "10.168.192.in-addr.arpa" {   //方向解析域
        type master;
        file "/etc/bind/10.168.192.zone";
	};

cp -a db.local root.zone
cp -a db.local skills.org.zone
cp -a db.local 10.168.192.zone
vim skills.org.zone
    ;
	; BIND data file for local loopback interface
	;
	$TTL    604800
	@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
	;
	@       IN      NS      www.skills.org.
	www     IN      A       192.168.10.4
    Server02	IN	A		192.168.10.4
    *.skills.com		IN		A		192.168.10.4
vim root.zone
    ;
	; BIND data file for local loopback interface
	;
	$TTL	604800
	@	IN	SOA	localhost. root.localhost. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
	;
	@	IN	NS	www.skills.com.
	*	IN	A	192.168.10.2     //解析其他域时,统一解析到192.168.10.2
vim 10.168.192.zone
	;
	; BIND data file for local loopback interface
	;
	$TTL    604800
	@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
	;
	@       IN      NS      www.skills.com.
	3       IN      PTR     www.skills.com.
	3       IN      PTR     Server02.skills.com.

systemctl restart bind9    //重启bind9服务
vim named.conf.options
    dnssec-validation no;    //不验证
	dnssec-enable no;
	listen-on { any; };   
	allow-query { any; };  //允许所有主机访问

客户端

vim /etc/resolv.conf     //配置DNS域
    nameserver 192.168.10.4

[root@localhost ~]# nslookup www.skills.org
Server:		192.168.10.4
Address:	192.168.10.4#53

Name:	www.skills.org
Address: 192.168.10.4


[root@localhost ~]# nslookup any.any.any
Server:		192.168.10.4
Address:	192.168.10.4#53

Name:	any.any.any
Address: 192.168.10.2

DNS

为 chinaskills.cn 域提供域名解析。

为 www.chinaskills.cn、download.chinaskills.cn 和 mail.chinaskills.cn 提供解析。

启用内外网解析功能,当内网客户端请求解析的时候,解析到对应的 内部服务器地址,当外部客户端请求解析的时候,请把解析结果解析 到提供服务的公有地址。

请将 IspSrv 作为上游 DNS 服务器,所有未知查询都由该服务器处理。

yum -y install bind bind-utils
vim /etc/named.conf 
	listen-on port 53 { any; };
	allow-query     { any; };
    forwarders { 81.6.63.100;};
    recursion yes;
    dnssec-enable no;
    dnssec-validation no;
	#zone "." IN {
	#       type hint;
	#       file "named.ca";
	#};

	#include "/etc/named.rfc1912.zones";
	include "/etc/named.root.key";

	view insidecli {
        match-clients { 192.168.0.0/16;};
        zone "chinaskills.cn" IN {
                type master;
                file "chinaskills.cn.insidecli";
        };
	};

	view  outsidecli {
        match-clients { 0.0.0.0/0;};
        zone "chinaskills.cn" IN {
                type master;
                file "chinaskills.cn.outsidecli";
        };
	};
cd /var/named
cp name.localhost chinaskills.cn.insidecli -p
	       	 NS      @
       	 A       127.0.0.1
    @	IN	MX	10	mail
	www     A       192.168.100.100
	mail    A       192.168.100.100
	appsrv  A       192.168.100.100
	download        A       192.168.100.100
	ftp     A       192.168.100.200
	~                                  
cp chinaskills.cn.insidecli chinaskills.cn.outsidecli -p 
            NS      @
        A       127.0.0.1
	www     A       81.6.63.254
	mail    A       81.6.63.254
	appsrv  A       81.6.63.254
	download        A       81.6.63.254
	ftp     A       81.6.63.254
chmod 777 chinaskills.cn.insidecli chinaskills.cn.outsidecli
named-checkconf   //检查是否有语法错误

你可能感兴趣的:(网络系统管理,linux,服务器)