|
一、安装,测试
服务器
dnf install bind -y
systemctl enable --now named
netstat -antlupe | grep named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
##编辑named的配置文件
vim /etc/named.conf:
options {
??????
??listen-on port 53 { any; }; ##开放端口面向所有
????????listen-on-v6 port 53 { ::1; };
????????directory???????"/var/named";
????????dump-file???????"/var/named/data/cache_dump.db";
????????statistics-file "/var/named/data/named_stats.txt";
????????memstatistics-file "/var/named/data/named_mem_stats.txt";
????????secroots-file???"/var/named/data/named.secroots";
????????recursing-file??"/var/named/data/named.recursing";
????????allow-query?????{ any; }; ##允许所有地址的请求另外一台客户端中设置dns
vim /etc/resolv.conf:
nameserver:172.25.254.137(服务器的ip)
测试: ping www.baidu.com二、dns高速缓存
服务器:
vim /etc/named.conf:
10 options {
11???????? listen-on port 53 { any; };
12???????? listen-on-v6 port 53 { ::1; };
13???????? directory?????? "/var/named";
14???????? dump-file?????? "/var/named/data/cache_dump.db";
15???????? statistics-file "/var/named/data/named_stats.txt";
16???????? memstatistics-file "/var/named/data/named_mem_stats.txt";
17???????? secroots-file?? "/var/named/data/named.secroots";
18???????? recursing-file? "/var/named/data/named.recursing";
19???????? allow-query???? { any; };
20???????? forwarders????? {114.114.114.114;};
?34???????? dnssec-validation no;
!!!!!注意文件的20行是我们需要编辑的
客户端:
vim /etc/resolv.conf:
nameserver 172.25.254.137(服务器ip)
三、正向解析(把ip转换成域名)
编辑子配置文件(正向解析):
vim /etc/named.rfc1912.zones:
zone "westos.org" IN {?????????? ##维护的域名
???????? type master;??????????? ##当前服务器主dns
???????? file "westos.org.zone"; ##指定域名记录文件
???????? allow-update { none; }; ##允许更新主机列表
};
cp -p named.localhost /var/named/westos.org.zones ##复制本地域A名记录到指定域名记录文件以及权限。
编辑域名A记录文件:
vim /var/named/westos.org.zones:
$TTL 1D
@?????? IN SOA? dns.westos.org. root.westos.org. (
??????????????????????????????????????? 0?????? ; serial
??????????????????????????????????????? 1D????? ; refresh
??????????????????????????????????????? 1H????? ; retry
??????????????????????????????????????? 1W????? ; expire
??????????????????????????????????????? 3H )??? ; minimum
??????? NS????? dns.westos.org.
dns???? A?????? 172.25.254.137 ##dns指向电脑
www???? A?????? 172.25.254.37?
systemctl restart named ##重启服务
测试:
dns指向的电脑
dig www.westos.org
四、反向解析(ip转换成域名)
编辑域名A记录文件:
vim /var/named/westos.org.zone :
$TTL 1D
@?????? IN SOA? dns.westos.org. root.westos.org. (
??????????????????????????????????????? 0?????? ; serial
??????????????????????????????????????? 1D????? ; refresh
??????????????????????????????????????? 1H????? ; retry
??????????????????????????????????????? 1W????? ; expire
??????????????????????????????????????? 3H )??? ; minimum
??????????????? NS????? dns.westos.org.
dns???????????? A?????? 172.25.254.137
www???????????? CNAME?? lee.a
lee.a?????????? A?????? 172.25.254.37
lee.a?????????? A?????? 172.25.254.137
westos.org.???? MX 1??? 172.25.254.137.
编辑反向解析域名记录文件:
vim /var/named/172.25.254.ptr
$TTL 1D
$TTL 1D
@?????? IN SOA? dns.westos.org. rname.invalid. (
??????????????????????????????????????? 0?????? ; serial
??????????????????????????????????????? 1D????? ; refresh
??????????????????????????????????????? 1H????? ; retry
??????????????????????????????????????? 1W????? ; expire
??????????????????????????????????????? 3H )??? ; minimum
??????? NS????? dns.westos.org.
dns???? A?????? 172.25.254.137
137???? PTR???? mail.westos.org.
配置子配置文件(反向解析):???????
vim /etc/named.rfc1912.zones:
zone "254.25.172.in-addr.arpa" IN {
???????? type master;
???????? file "172.25.254.ptr";
???????? allow-update { none; };
};
systemctl restart named
测试:
(dns指向电脑)
dig -x 172.25.254.137
实验五、双向解析
nmcli connection up System\ ens3
ip addr show ens3
dns主机添加一块网卡,配置新的ip:
DEVICE=ens3
ONBOOT=yes
BOOTPROTO=none
IPADDR0=172.25.254.137
PERFIX0=24
IPADDR1=1.1.1.137
PERFIX=24
虚拟机:
DEVICE=ens3
ONBOOT=yes
BOTPROTO=none
IPADDR=1.1.1.237
PERFIX=24
DNS1=1.1.1.137
??????????????? ####dns主机编辑配置文件####
vim /etc/named.conf:
zone "." IN {
???????? type hint;
???????? file "named.ca";
};
include "/etc/named.rfc1912.zones"
include "/etc/named.root.key";
*/
view localnet {
???????? match-clients{ 1.1.1.237/24; };
???????? zone "." IN {
???????????????? type hint;
???????????????? file "named.ca";
???????? };
???????? include "/etc/named.rfc1912.inter";
};
view anyone {
???????? match-clients{ any; };
???????? zone "." IN {
????????????????? type hint;
????????????????? file "named.ca";
???????? };
???????? include "/etc/named.rfc1912.zones";
};
对内网文件:
vim /var/named/westos.zone:
$TTL 1D
@ IN SOA dns.westos.org. root.westos.org. (
???? 0 ; serial
???? 1D ; refresh
???? 1H ; retry
???? 1W ; expire
???? 3H ) ; minimum
? NS dns.westos.org.
dns? A 1.1.1.137
www? CNAME?? lee.a
lee.a??? A?????? 1.1.1.37
lee.a??? A?????? 1.1.1.137
westos.org.???? MX 1? 1.1.1.137.
对外网文件:
vim /var/named/westos.inter:
$TTL 1D
@?????? IN SOA? dns.westos.org. root.westos.org. (
??????????????????????????????????????? 0?????? ; serial
??????????????????????????????????????? 1D????? ; refresh
??????????????????????????????????????? 1H????? ; retry
??????????????????????????????????????? 1W????? ; expire
??????????????????????????????????????? 3H )??? ; minimum
??????????????? NS????? dns.westos.org.
dns???????????? A?????? 172.25.254.137
www???????????? CNAME?? xue.a
xue.a?????????? A?????? 172.25.254.37
xue.a?????????? A?????? 172.25.254.137
westos.org.???? MX 1??? 172.25.254.137.
cp -p /etc/named.rfc1912.zone /etc/named.rfc1912.inter
chgrp named /etc/named.rfc1912.inter
vim /etc/named.rfc1912.inter:
?zone "westos.org" IN {
? ? ? ? ? type master;
? ? ? ? ? file "westos.org.inter";
? ? ? ? ? allow-update { none; };
?};
systemctl restart named 重启服务
测试:
dns真机:dig www.westos.org
虚拟机:dig www.westos.org
六、dns集群
客户端:vim /etc/named.conf:
两个any 一个no
vim /etc/named.rfc1912.zones:
zone "westos.org" IN {
??????? type slave;
??????? masters { 172.252.54.137;};
??????? file "slaves/westos.org.zone";
};
关闭防火墙。
vim /etc/named.rfc1912.westos
nameserver 172.25.254.137
dns主机:
/named.rfc1912.inter
zone "westos.org" IN {
??????? type master;
??????? file "westos.org.zone";
??????? allow-update { none; };
??????? also-notify { 172.25.254.237; };
};
vim /etc/
增量变化:
$TTL 1D
@?????? IN SOA? dns.westos.org. root.westos.org. (
??????????????????????????????????????? (增加)?????? ; serial
??????????????????????????????????????? 1D????? ; refresh
??????????????????????????????????????? 1H????? ; retry
??????????????????????????????????????? 1W????? ; expire
??????????????????????????????????????? 3H )??? ; minimum
??????????????? NS????? dns.westos.org.
dns????????????????????A?????? 172.25.254.137
www??????????????????CNAME?? lee.a
lee.a??????????????????A?????? 172.25.254.137
lee.a?????????? ???????A?????? 172.25.254.66
westos.org.???? ??MX 1??? 172.25.254.137.
实验七、dns的更新(注意:域名解析、文件编译,不要手残)
dns基于ip地址的更新:
在dns中设定:
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
??????? type master;
??????? file "westos.com.zone";
??????? allow-update { 172.25.254.137; };? ##允许指定客户端更新westos域
??????? also-notify { 172.25.254.237; };
};
测试:
在1172.25.254.237
[root@rhel7_node1 ~]# nsupdate
> server 172.25.254.237
> update add hello.westos.org 86400 A 172.25.254.137 ##新曾A记录
> send
> update delete hello.westos.com?? ##删除A记录
> send?
dns基于key更新的方式:
dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westos
cp -p /etc/rndc.key /etc/westos.key
vim /etc/westos.key
key "westos" {
algorithm hmac-sha256;
secret "SB1tQcLaWeroU9lGW21zeA=="; ##注意钥匙生成的是什么就用什么
};
vim /etc/named.conf
43 include "/etc/wesots.key";
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
??????? type master;
??????? file "westos.org.zone";
??????? allow-update { key westos; };
?????? also-notify { 172.25.254.237; }; ##被通知的主机ip
};
systemctl restart named?
[root@rhel7_node1 ~]# nsupdate -k /mnt/Kwestos.+163+26695.private
> server 192.168.0.20
> update add hello.westos.org 86400 A 172.25.254.137
> send
> quitdnf instsall dhcp-server -y
vim /etc/dhcpd/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "westos.org";
option domain-name-servers 172.25.254.137;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
subnet 172.25.254.137 netmask 255.255.255.0 {
? range 172.25.254.70 172.25.254.90;
? option routers 172.25.254.137;
}
key westos {
???????? algorithm hmac-sha256;
???????? secret SB1tQcLaWeroU9lGW21zeA==;
?????? };
zone westos.org. {
primary 172.25.254.137;
key westos;
}
dns的key更新
测试:
设定测试主机网络工作方式为dhcp
设定主机名称test.westos.com
重启网络
dig test.westos.com
可以得到正确解析
|