1、DNS简介
dns:域名解析服务器,负责对域名解析成ip
[root@westos_dns ~]# vim /etc/resolv.conf dns指向文件
3 nameserver 114.114.114.114
[root@westos_dns ~]# host www.baidu.com host地址解析命令
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 36.152.44.95
www.a.shifen.com has address 36.152.44.96
[root@westos_dns ~]# dig www.baidu.com dig地址详细解析信息命令
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53814
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 745 IN CNAME www.a.shifen.com.
www.a.shifen.com. 176 IN A 36.152.44.96
www.a.shifen.com. 176 IN A 36.152.44.95
;; Query time: 36 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Sun Nov 07 15:41:51 CST 2021
;; MSG SIZE rcvd: 101
A记录:ip地址叫做域名的address记录
SOA:授权起始主机
DNS等级:. 表示根域名(顶级域名 ) ,点的个数有13台,都在美国
次级 :.com .cn .net .edu
2 DNS服务的安装与启用
关于服务端
| bind | 安装包 |
|---|---|
| named | 服务名称 |
| /etc/named.conf | 主配置文件 |
| /var/named | 数据目录 |
| 端口 | #53 |
[root@westos_dns ~]# dnf install bind -y 安装
[root@westos_dns ~]# systemctl enable --now named.service 启动,服务名称为named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@localhost ~]# vim /etc/resolv.conf 在客户端添加
nameserver 172.25.254.100 添加解析地址
[root@localhost ~]# dig www.baidu.com
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; connection timed out; no servers could be reached no servers could be reached表示服务无法访问
[root@westos_dns ~]# netstat -antlupe | grep named 端口为53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 40446 2570/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 40451 2570/named
tcp6 0 0 ::1:53 :::* LISTEN 25 40448 2570/named
tcp6 0 0 ::1:953 :::* LISTEN 25 40452 2570/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 25 40444 2570/named
udp6 0 0 ::1:53 :::* 25 40447 2570/named
[root@westos_dns ~]# vim /etc/named.conf 编辑主配置文件
11 listen-on port 53 { any; }; 第11行 更改,默认只是监听了本地的回环:127.0.0.1 改成any所有
[root@westos_dns ~]# systemctl restart named 重启服务
[root@westos_dns ~]# netstat -antlupe | grep named 查看端口
tcp 0 0 172.25.254.100:53 0.0.0.0:* LISTEN 25 47446 3112/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 47444 3112/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTE
[root@localhost ~]# dig www.baidu.com 在客户端解析百度
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@localhost ~]# dig www.baidu.com
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 11159 REFUSED表示服务器拒绝访问
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 9d4542a3393d72421de0a5cd6187915b3a187fc46506dded (good)
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Sun Nov 07 16:42:03 CST 2021
;; MSG SIZE rcvd: 70
[root@westos_dns ~]# vim /etc/named.conf 编辑配置文件
19 allow-query { any; }; 第19行 表示允许谁来查询我,默认是localhost本机,更改为any所有
[root@westos_dns ~]# systemctl restart named 重启服务
[root@localhost ~]# dig www.baidu.com
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44678 SERVFAIL表示查询记录失败,无法到达上级,拒绝缓存,只能说明服务端没有数据而以,服务端啥都不知道,但是dns服务已经正常启用了
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fad07238739c8e45295b033e61879559c505988681dbd099 (good)
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 5 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Sun Nov 07 16:59:06 CST 2021
;; MSG SIZE rcvd: 70
3、高速缓存dns的部署
当设定dns,为什么有的主机能解析到,有的解析不到,有的会报错SERVFAIL,因为dns设定了安全检测
[root@westos_dns ~]# vim /etc/named.conf 编辑配置文件
34 dnssec-validation no; yes表示需要dns机构进行校验,因为现在没有申请校验机构,所以将yes改为no
[root@westos_dns ~]# vim /etc/resolv.conf
nameserver 172.25.254.100
[root@westos_dns ~]# dig www.baidu.com 可以发现解析正常
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51936
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0d018e6ec325f7498ce254e56189254ec5530a2f2c546f6d (good)
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
www.a.shifen.com. 300 IN A 36.152.44.96
www.a.shifen.com. 300 IN A 36.152.44.95
;; AUTHORITY SECTION:
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
;; ADDITIONAL SECTION:
ns1.a.shifen.com. 1200 IN A 110.242.68.42
ns2.a.shifen.com. 1200 IN A 220.181.33.32
ns3.a.shifen.com. 1200 IN A 112.80.255.253
ns4.a.shifen.com. 1200 IN A 14.215.177.229
ns5.a.shifen.com. 1200 IN A 180.76.76.95
;; Query time: 1437 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Mon Nov 08 21:25:34 CST 2021
;; MSG SIZE rcvd: 299
如何实现当企业中有一台主机访问了地址时,其他主机在访问相同地址的过程中并不消耗时间。
[root@westos_dns ~]# vim /etc/named.conf 在dns服务器上编辑配置文件
20 forwarders {114.114.114.114; }; 第20行添加参数,表示别人在问我问题时我没有,我不去上级拿了,去指定的位置去拿
[root@westos_dns ~]# systemctl restart named 重启服务
[root@localhost ~]# vim /etc/resolv.conf 在客户端1添加dns服务器地址解析 这些主机需要能上网
nameserver 172.25.254.100
[root@localhost 2~]# vim /etc/resolv.conf 在客户端2添加dns服务器地址解析 需要能上网
nameserver 172.25.254.100
[root@localhost ~]# dig www.qq.com 在第1个客户端主机上解析地址
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47112
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d21d67b302300e264ed5dc4a61892dd77544b8a69b2ce1fd (good)
;; QUESTION SECTION:
;www.qq.com. IN A
;; ANSWER SECTION:
www.qq.com. 94 IN CNAME ins-r23tsuuf.ias.tencent-cloud.net.
ins-r23tsuuf.ias.tencent-cloud.net. 62 IN A 183.194.238.117
ins-r23tsuuf.ias.tencent-cloud.net. 62 IN A 183.194.238.19
;; AUTHORITY SECTION:
net. 172349 IN NS e.gtld-servers.net.
net. 172349 IN NS k.gtld-servers.net.
net. 172349 IN NS a.gtld-servers.net.
net. 172349 IN NS j.gtld-servers.net.
net. 172349 IN NS h.gtld-servers.net.
net. 172349 IN NS i.gtld-servers.net.
net. 172349 IN NS b.gtld-servers.net.
net. 172349 IN NS m.gtld-servers.net.
net. 172349 IN NS d.gtld-servers.net.
net. 172349 IN NS c.gtld-servers.net.
net. 172349 IN NS l.gtld-servers.net.
net. 172349 IN NS f.gtld-servers.net.
net. 172349 IN NS g.gtld-servers.net.
;; ADDITIONAL SECTION:
a.gtld-servers.net. 172342 IN A 192.5.6.30
b.gtld-servers.net. 172342 IN A 192.33.14.30
c.gtld-servers.net. 172342 IN A 192.26.92.30
d.gtld-servers.net. 172342 IN A 192.31.80.30
e.gtld-servers.net. 172342 IN A 192.12.94.30
f.gtld-servers.net. 172342 IN A 192.35.51.30
g.gtld-servers.net. 172342 IN A 192.42.93.30
h.gtld-servers.net. 172342 IN A 192.54.112.30
i.gtld-servers.net. 172342 IN A 192.43.172.30
j.gtld-servers.net. 172342 IN A 192.48.79.30
k.gtld-servers.net. 172342 IN A 192.52.178.30
l.gtld-servers.net. 172342 IN A 192.41.162.30
m.gtld-servers.net. 172342 IN A 192.55.83.30
a.gtld-servers.net. 172342 IN AAAA 2001:503:a83e::2:30
b.gtld-servers.net. 172342 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 172342 IN AAAA 2001:503:83eb::30
d.gtld-servers.net. 172342 IN AAAA 2001:500:856e::30
e.gtld-servers.net. 172342 IN AAAA 2001:502:1ca1::30
f.gtld-servers.net. 172342 IN AAAA 2001:503:d414::30
g.gtld-servers.net. 172342 IN AAAA 2001:503:eea3::30
h.gtld-servers.net. 172342 IN AAAA 2001:502:8cc::30
i.gtld-servers.net. 172342 IN AAAA 2001:503:39c1::30
j.gtld-servers.net. 172342 IN AAAA 2001:502:7094::30
k.gtld-servers.net. 172342 IN AAAA 2001:503:d2d::30
l.gtld-servers.net. 172342 IN AAAA 2001:500:d937::30
m.gtld-servers.net. 172342 IN AAAA 2001:501:b1f9::30
;; Query time: 56 msec 花费了56msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Mon Nov 08 22:01:58 CST 2021
;; MSG SIZE rcvd: 940
时
[root@localhost ~]# dig www.qq.com 在第2个客户端主机同样解析相同的地址qq
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47112
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d21d67b302300e264ed5dc4a61892dd77544b8a69b2ce1fd (good)
;; QUESTION SECTION:
;www.qq.com. IN A
;; ANSWER SECTION:
www.qq.com. 94 IN CNAME ins-r23tsuuf.ias.tencent-cloud.net.
ins-r23tsuuf.ias.tencent-cloud.net. 62 IN A 183.194.238.117
ins-r23tsuuf.ias.tencent-cloud.net. 62 IN A 183.194.238.19
;; AUTHORITY SECTION:
net. 172349 IN NS e.gtld-servers.net.
net. 172349 IN NS k.gtld-servers.net.
net. 172349 IN NS a.gtld-servers.net.
net. 172349 IN NS j.gtld-servers.net.
net. 172349 IN NS h.gtld-servers.net.
net. 172349 IN NS i.gtld-servers.net.
net. 172349 IN NS b.gtld-servers.net.
net. 172349 IN NS m.gtld-servers.net.
net. 172349 IN NS d.gtld-servers.net.
net. 172349 IN NS c.gtld-servers.net.
net. 172349 IN NS l.gtld-servers.net.
net. 172349 IN NS f.gtld-servers.net.
net. 172349 IN NS g.gtld-servers.net.
;; ADDITIONAL SECTION:
a.gtld-servers.net. 172342 IN A 192.5.6.30
b.gtld-servers.net. 172342 IN A 192.33.14.30
c.gtld-servers.net. 172342 IN A 192.26.92.30
d.gtld-servers.net. 172342 IN A 192.31.80.30
e.gtld-servers.net. 172342 IN A 192.12.94.30
f.gtld-servers.net. 172342 IN A 192.35.51.30
g.gtld-servers.net. 172342 IN A 192.42.93.30
h.gtld-servers.net. 172342 IN A 192.54.112.30
i.gtld-servers.net. 172342 IN A 192.43.172.30
j.gtld-servers.net. 172342 IN A 192.48.79.30
k.gtld-servers.net. 172342 IN A 192.52.178.30
l.gtld-servers.net. 172342 IN A 192.41.162.30
m.gtld-servers.net. 172342 IN A 192.55.83.30
a.gtld-servers.net. 172342 IN AAAA 2001:503:a83e::2:30
b.gtld-servers.net. 172342 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 172342 IN AAAA 2001:503:83eb::30
d.gtld-servers.net. 172342 IN AAAA 2001:500:856e::30
e.gtld-servers.net. 172342 IN AAAA 2001:502:1ca1::30
f.gtld-servers.net. 172342 IN AAAA 2001:503:d414::30
g.gtld-servers.net. 172342 IN AAAA 2001:503:eea3::30
h.gtld-servers.net. 172342 IN AAAA 2001:502:8cc::30
i.gtld-servers.net. 172342 IN AAAA 2001:503:39c1::30
j.gtld-servers.net. 172342 IN AAAA 2001:502:7094::30
k.gtld-servers.net. 172342 IN AAAA 2001:503:d2d::30
l.gtld-servers.net. 172342 IN AAAA 2001:500:d937::30
m.gtld-servers.net. 172342 IN AAAA 2001:501:b1f9::30
;; Query time: 56 msec 花费了1msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Mon Nov 08 22:01:58 CST 2021
;; MSG SIZE rcvd: 940
原理是第一台主机访问时,dns服务器主机已经从114拿回来了数据,并放入了缓存,剩下的客户端访问同样地址时,直接将缓存数据给他
4、dns的正向解析记录
[root@westos_dns ~]# vim /etc/named.conf
20 # forwarders {114.114.114.114; }; 搭建自己的dns,所以不去问别人,先注释掉
[root@westos_dns ~]# vim /etc/named.rfc1912.zones 添加参数,编辑子配置文件
29 zone "westos.org" IN { 表示访问带westos.org域名某台主机ip时,去询问westos.org.zone这个文件
30 type master;
31 file "westos.org.zone";
32 allow-update { none; };
33 };
[root@westos_dns ~]# cd /var/named/
[root@westos_dns named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@westos_dns named]# cp -p named.localhost westos.org.zone 将named.localhost这个文件复制为westos.org.zone文件 ,一定要加-p
[root@westos_dns named]# vim westos.org.zone 编辑文件
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org. NS =nameserver 服务名
9 dns A 172.25.254.100 表示访问 dns.westos.org 时 ip为 172.25.254.100
10 www A 172.25.254.111 表示访问www.westos.org时ip为172.25.254.111
注意:@ 表示 zone引号里的域名,名词后面没有加. 表示dns.westos.org 后面自动跟域名
[root@westos_dns named]# systemctl restart named 重启服务
[root@westos_dns named]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61488
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b439000767f2e9aaf5a6e2ef618939348410fe91e8979db0 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Mon Nov 08 22:50:28 CST 2021
;; MSG SIZE rcvd: 121
5 dns的各种数据类型
cname记录:
[root@westos_dns ~]# dig www.baidu.com
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26002
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8a55e80111e888fa0812b09c6189dda8ca7e1b45325f001d (good)
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 42 IN CNAME www.a.shifen.com. 百度的域名只有一个,不是所有服务器都叫baidu,要转换成内部的一个域名再做解析
www.a.shifen.com. 67 IN A 36.152.44.96
www.a.shifen.com. 67 IN A 36.152.44.95
[root@westos_dns ~]# cd /var/named/
[root@westos_dns named]# vim westos.org.zone 编辑文件
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.254.100
10 www CNAME lee.a 访问www.westos.org 转到 lee.a.westos.org上
11 lee.a A 172.25.254.100
12 lee.a A 172.25.254.200
[root@westos_dns named]# systemctl restart named
[root@westos_dns named]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56909
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 766dc48e31d1a7efe70e10476189e6216bb7a4c07ba8c9c7 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME lee.a.westos.org.
lee.a.westos.org. 86400 IN A 172.25.254.100
lee.a.westos.org. 86400 IN A 172.25.254.200 可以进行轮询 ,100在前,200在后
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue Nov 09 11:08:17 CST 2021
;; MSG SIZE rcvd: 157
[root@westos_dns named]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14551
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 07f3641c27e3fb7a9f8cd08a6189e62aeb73bd0fde41ea67 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME lee.a.westos.org.
lee.a.westos.org. 86400 IN A 172.25.254.200
lee.a.westos.org. 86400 IN A 172.25.254.100 可以进行轮询 200在前,100在后
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue Nov 09 11:08:26 CST 2021
;; MSG SIZE rcvd: 157
mx记录:
[root@westos_dns named]# dnf install postfix mailx -y 安装
[root@westos_dns named]# systemctl enable --now postfix.service
Created symlink /etc/systemd/system/multi-user.target.wants/postfix.service → /usr/lib/systemd/system/postfix.service.
[root@westos_dns named]# mail root@westos.org 发邮件,邮件被退回,westos.org查无此地址
Subject: fdhhh
jjhhh
[root@westos_dns ~]# cd /var/named/
[root@westos_dns named]# vim westos.org.zone 编辑文件
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.254.100
10 www CNAME lee.a
11 lee.a A 172.25.254.100
12 lee.a A 172.25.254.200
13 westos.org MX 1 172.25.254.100 添加解析
[root@westos_dns named]# systemctl restart named 重启服务
[root@westos_dns named]# dig -t mx westos.org 查看mx记录
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> -t mx westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59707
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 88a0c6741050a90fb2daf1d7618a3af7500c9341a88cfba8 (good)
;; QUESTION SECTION:
;westos.org. IN MX
;; ANSWER SECTION:
westos.org. 86400 IN MX 1 172.25.254.100. 添加成功
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue Nov 09 17:10:15 CST 2021
;; MSG SIZE rcvd: 131
[root@westos_dns named]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
7AFC8FAC97 448 Tue Nov 9 17:08:26 root@westos_dns.westos.org 邮件队列已经有了
(connect to 172.25.254.100[172.25.254.100]:25: Connection refused)
root@westos.org
-- 0 Kbytes in 1 Request.
接收邮件时只知道ip172.25.254.100不知道是那个邮箱发过来的,将ip解析成域名,就知道是那个邮箱发的,这种叫反相解析
[root@westos_dns named]# vim /etc/named.rfc1912.zones 编辑子配置文件
47 zone "254.25.172.in-addr.arpa" IN { 网段反向写
48 type master;
49 file "172.25.254.ptr";
50 allow-update { none; };
51 };
[root@westos_dns named]# cd /var/named/
[root@westos_dns named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.org.zone
[root@westos_dns named]# cp -p named.loopback 172.25.254.ptr
[root@westos_dns named]# vim 172.25.254.ptr 编辑文件
1 $TTL 1D
2 @ IN SOA dns.westos.org. rname.invalid. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.254.100
10 100 PTR mail.westos.org.
[root@westos_dns named]# dig -x 172.25.254.100 反向解析
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> -x 172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28829
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2076072ee4482b8f0f2a0f9e618a447be351d2b5b1723471 (good)
;; QUESTION SECTION:
;100.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.254.25.172.in-addr.arpa. 86400 IN PTR mail.westos.org.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue Nov 09 17:50:51 CST 2021
;; MSG SIZE rcvd: 147
6、dns的双向解析
[root@westos_dns network-scripts]# vim ifcfg-enp1s0 编辑网络配置文件
1 BOOTPROTO=none
2 NAME=enp1s0
3 DEVICE=enp1s0
4 ONBOOT=yes
5 IPADDR0=172.25.254.100
6 PREFIX0=24
7 IPADDR1=1.1.1.200 添加两个ip
8 PREFIX1=24
[root@localhost network-scripts]# vim ifcfg-enp1s0
BOOTPROTO=none
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
IPADDR=1.1.1.200 将ip设置为1网段
NETMASK=255.255.255.0
DNS1=1.1.1.100
[root@westos_dns ~]# cd /var/named/
[root@westos_dns named]# ls
172.25.254.ptr dynamic named.empty named.loopback westos.org.zone
data named.ca named.localhost slaves
[root@westos_dns named]# cp westos.org.zone westos.org.inter 重新复制一个做双向解析
[root@westos_dns named]# ls -l westos.org.inter
-rw-r-----. 1 root root 301 Nov 9 21:21 westos.org.inter
[root@westos_dns named]# chgrp named westos.org.inter 更改组的权限为named
[root@westos_dns named]# ls -l westos.org.inter
-rw-r-----. 1 root named 301 Nov 9 21:21 westos.org.inter
[root@westos_dns named]# vim westos.org.inter 编辑文件
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 1.1.1.100
10 www CNAME lee.a
11 lee.a A 1.1.1.100
12 lee.a A 1.1.1.200
13 westos.org. MX 1 1.1.1.100.
[root@westos_dns named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter重新复制一个新的子配置文件
[root@westos_dns named]# vim /etc/named.rfc1912.inters
zone "westos.org" IN {
30 type master;
31 file "westos.org.inter"; 此处zone改为inter
32 allow-update { none; };
33 };
[root@westos_dns named]# vim /etc/named.conf 编辑dns主配置文件
60 view localhost {
61 match-clients{ 1.1.1.0/24; }; match-clients表示匹配的客户
62 zone "." IN {
63 type hint;
64 file "named.ca"; 当访问1.1.1网段时访问/etc/named.rfc1912.inter文件
65 };
66 include "/etc/named.rfc1912.inter";
67 };
68
69 view anyone {
70 match-clients{ any; };
71 zone "." IN {
72 type hint;
73 file "named.ca";
74 };
75 include "/etc/named.rfc1912.zones"; 当不符合1.1.1网段时访问named.rfc1912.zones文件
76 };
[root@westos_dns named]# systemctl restart named 重启服务
[root@localhost Desktop]# dig www.westos.org 1.1.1网段主机dns解析出的地址为1.1.1网段
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9158
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e72b112fa58802c868e8793f618a845e20b4fe25b4fb9529 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME lee.a.westos.org.
lee.a.westos.org. 86400 IN A 1.1.1.100
lee.a.westos.org. 86400 IN A 1.1.1.200
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 1.1.1.100
;; Query time: 0 msec
;; SERVER: 1.1.1.100#53(1.1.1.100)
;; WHEN: Tue Nov 09 22:23:26 CST 2021
;; MSG SIZE rcvd: 157
[root@westos_dns ~]# dig www.westos.org 172.25.254网段主机解析的ip地址为 172.25.254
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49667
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8d6bcde30641c2dc80c0d5df618a855d23b8503ee82d237d (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME lee.a.westos.org.
lee.a.westos.org. 86400 IN A 172.25.254.200
lee.a.westos.org. 86400 IN A 172.25.254.100
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue Nov 09 22:27:41 CST 2021
;; MSG SIZE rcvd: 157
7、dns集群
一台dns主机满足不了庞大的客户群体,需要用多台主机,多台主机的数据是同步的
[root@localhost ~]# dnf install bind -y 安装dns
[root@localhost ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@localhost ~]# firewall-cmd --permanent --add-service=dns
success
root@localhost ~]# vim /etc/named.conf 编辑主配置文件
options {
listen-on port 53 { any; }; 更改为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; }; 更改为any
[root@localhost ~]# vim /etc/named.rfc1912.zones 编辑子配置文件
zone "westos.org" IN {
type slave;
masters { 172.25.254.100; }; 主dns
file "slaves/westos.org.zone";
};
[root@localhost ~]# systemctl restart named 重启服务
[root@localhost named]# ls slaves/
westos.org.zone
[root@localhost named]# vim /etc/resolv.conf 添加解析
nameserver 172.25.254.200
[root@localhost named]# dig www.westos.org 解析成功
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36404
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 05e4caf1082e6a1828f14d8f618b37f078c06beceb44f93c (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME lee.a.westos.org.
lee.a.westos.org. 86400 IN A 172.25.254.200
lee.a.westos.org. 86400 IN A 172.25.254.100
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.200#53(172.25.254.200)
;; WHEN: Wed Nov 10 11:09:36 CST 2021
;; MSG SIZE rcvd: 157
[root@westos_dns named]# vim westos.org.zone
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.254.100
10 www CNAME lee.a
11 lee.a A 172.25.254.110 在主dns服务器更改A记录ip
12 lee.a A 172.25.254.220 在主dns服务器更A记录ip
13 westos.org. MX 1 172.25.254.100.
root@westos_dns named]# systemctl restart named 重启服务
[root@localhost named]# dig www.westos.org 查看辅助dns解析
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 346
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ae960ace2f22424448f148ef618b6448352d25135d798617 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME lee.a.westos.org.
lee.a.westos.org. 86400 IN A 172.25.254.200 辅助dnsA记录ip没有改变,
lee.a.westos.org. 86400 IN A 172.25.254.100 辅助dnsA记录ip没有改变,
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.200#53(172.25.254.200)
;; WHEN: Wed Nov 10 14:18:48 CST 2021
;; MSG SIZE rcvd: 157
主dns服务器A记录ip更改,辅助dns服务器ip没有改变数据不同步,该如何解决?
[root@localhost named]# rm slaves/westos.org.zone 删除westos.org.zone 文件
rm: remove regular file 'slaves/westos.org.zone'? y
[root@localhost named]# systemctl restart named 重新启动
[root@localhost named]# dig www.westos.org 查看解析
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32333
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 5809c714367d6add276b577d618b66918ee4d2ce7b7900ad (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME lee.a.westos.org.
lee.a.westos.org. 86400 IN A 172.25.254.220 数据和主dns服务器就同步了
lee.a.westos.org. 86400 IN A 172.25.254.110 数据和主dns服务器就同步了
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.200#53(172.25.254.200)
;; WHEN: Wed Nov 10 14:28:33 CST 2021
;; MSG SIZE rcvd: 157
这样手动删除不方便,需要自动同步
[root@westos_dns named]# vim /etc/named.rfc1912.zones 编辑子配置文件
29 zone "westos.org" IN {
30 type master;
31 file "westos.org.zone";
32 allow-update { none; };
33 also-notify { 172.25.254.200; }; 添加参数 ,表示同步通知172.25.254.200,可以添加多个,用空格隔开
34 };
[root@westos_dns named]# vim westos.org.zone 编辑文件
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 1 ; serial 辅助dns看数据是否变化主要是看serial直,serial直变了辅助dns才认定为数据改变
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.254.100
10 www CNAME lee.a
11 lee.a A 172.25.254.100 更改ip,记住还要更改serial直,不然辅助dns不能识别数据改变
12 lee.a A 172.25.254.200 更改ip
13 westos.org. MX 1 172.25.254.100.
[root@westos_dns named]# systemctl restart named 重启服务
[root@localhost named]# systemctl stop firewalld.service 停止辅助dns主机火墙
[root@localhost named]# dig www.westos.org 在辅助dns主机解析
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15282
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 3f5b1c445203423da9d2e49a618b7b346b3a993a5c9777de (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME lee.a.westos.org.
lee.a.westos.org. 86400 IN A 172.25.254.200 和主dns服务器a记录ip同步
lee.a.westos.org. 86400 IN A 172.25.254.100 和主dns服务器a记录ip同步
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.200#53(172.25.254.200)
;; WHEN: Wed Nov 10 15:56:36 CST 2021
;; MSG SIZE rcvd: 157
8、dns的动态域名解析
[root@localhost network-scripts]# vim ifcfg-enp1s0 将网络变成dhcp
BOOTPROTO=dhcp
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
[root@localhost network-scripts]# nmcli connection reload
[root@localhost network-scripts]# nmcli connection up enp1s0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15)
在dns服务器上搭建dhcp服务
[root@westos_dns ~]# dnf install dhcp-server -y 在dns服务器上安装dhcp
[root@westos_dns ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf 复制模板生成主配置文件
[root@westos_dns ~]# vim /etc/dhcp/dhcpd.conf 编辑配置文件
7 option domain-name "westos.org"; 更改
8 option domain-name-servers 172.25.254.100; 更改
32 subnet 172.25.254.0 netmask 255.255.255.0 { 更改
33 range 172.25.254.60 172.25.254.99; 更改
34 option routers 172.25.254.100;
删除34行之后
t@westos_dns ~]# systemctl restart dhcpd 重启dhcp服务
[root@westos_dns named]# vim westos.org.zone 编辑文件
$TTL 1D
@ IN SOA dns.westos.org. root.westos.org. (
6 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.100
www CNAME lee.a
lee.a A 172.25.254.100
lee.a A 172.25.254.200
westos.org. MX 1 172.25.254.100.
localhost A 172.25.254.60 添加主机与ip
[root@localhost Desktop]# dig localhost.westos.org 解析
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> localhost.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25054
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6e6912fea965896ec5c44109618bc728195c4cbed7e53b1b (good)
;; QUESTION SECTION:
;localhost.westos.org. IN A
;; ANSWER SECTION:
localhost.westos.org. 86400 IN A 172.25.254.60 已经出现了a记录
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed Nov 10 21:20:41 CST 2021
;; MSG SIZE rcvd: 127
如果dhcp获取的ip不是60?解析会怎样
[root@westos_dns ~]# vim /etc/dhcp/dhcpd.conf
32 subnet 172.25.254.0 netmask 255.255.255.0 {
33 range 172.25.254.71 172.25.254.99; 更改ip范围最低71起始
34 option routers 172.25.254.100;
35 }
[root@westos_dns ~]# systemctl restart dhcpd 重启dhcp服务
[root@localhost Desktop]# nmcli connection up enp1s0 重启网络
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
[root@localhost Desktop]# ifconfig 查看ip,ip变为172.25.254.71
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.71 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe64:7452 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:64:74:52 txqueuelen 1000 (Ethernet)
RX packets 217 bytes 36424 (35.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 300 bytes 42010 (41.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 106 bytes 8732 (8.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 106 bytes 8732 (8.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:74:db:dd txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# dig localhost.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> localhost.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27616
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7fd4a491775fc110498c95cc618bc95a714fd6ee750399ab (good)
;; QUESTION SECTION:
;localhost.westos.org. IN A
;; ANSWER SECTION:
localhost.westos.org. 86400 IN A 172.25.254.60 但是发现解析出的地址还是60,是因为在文件里面写死了60
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed Nov 10 21:30:03 CST 2021
;; MSG SIZE rcvd: 127
上诉问题该如何解决,需要dhcp去更新dns
[root@westos_dns named]# vim westos.org.zone 编辑文件
$TTL 1D
@ IN SOA dns.westos.org. root.westos.org. (
6 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.100
www CNAME lee.a
lee.a A 172.25.254.100
lee.a A 172.25.254.200
westos.org. MX 1 172.25.254.100.
localhost A 172.25.254.60 将这个删除
用man 5 dhcp.conf 取查看文档
做dns的key更新:
[root@westos_dns ~]# dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westoskey -a表示指定加密方式 -b 表示加密长度,-n 表示名称类型 westoskey表示名称
Kwestoskey.+163+40935
[root@westos_dns ~]# ls
anaconda-ks.cfg Downloads Music Videos
dead.letter initial-setup-ks.cfg Pictures
Desktop Kwestoskey.+163+40935.key Public
Documents Kwestoskey.+163+40935.private Templates
[root@westos_dns ~]# mv Kwestoskey.+163+40935.private Kwestoskey.+163+40935.key /mnt/ 生成的加密文件移动到mnt里
[root@westos_dns ~]# cd /mnt/
[root@westos_dns mnt]# cat Kwestoskey.+163+40935.key
westoskey. IN KEY 512 3 163 1SOyc6KBjUTi6BCRBx/oTQ== 获得加密字符串
[root@westos_dns mnt]# cp /etc/rndc.key /etc/westos.key -p 复制加密配置文件
1 key "westoskey" {
2 algorithm hmac-sha256;
3 secret "1SOyc6KBjUTi6BCRBx/oTQ=="; 添加获得的寂密字符串
4 };
[root@westos_dns mnt]# vim /etc/named.conf 编辑dns配置文件
44 include "/etc/westos.key"; 添加,让dns知道有key这个文件
[root@westos_dns mnt]# vim /etc/named.rfc1912.zones 编辑dns子配置文件
29 zone "westos.org" IN {
30 type master;
31 file "westos.org.zone";
32 allow-update { key westoskey; }; 将none改为westoskey ,表示
33 also-notify { 172.25.254.200; };
34 };
[root@westos_dns mnt]# systemctl restart named 重启dns服务
[root@westos_dns mnt]# vim /etc/dhcp/dhcpd.conf 编辑dhcp配置文件
14 ddns-update-style interim; dhcp更新dns功能打开
37 key westoskey { 添加,key更新
38 algorithm hmac-sha256;
39 secret 1SOyc6KBjUTi6BCRBx/oTQ==;
40 };
41 zone westos.org. {
42 primary 127.0.0.1; 当数据给谁的时后,他就会用这个key去更新 westos.org 域里面的主机
43 key westoskey;
44 }
[root@westos_dns mnt]# systemctl restart named 重启服务
[root@westos_dns mnt]# systemctl restart dhcpd 重启服务
测试:
[root@localhost Desktop]# dig localhost.westos.org 解析
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> localhost.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11546
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 5085fd86eacfe0bf1895bb37618bdef09b396ea415bd6eaf (good)
;; QUESTION SECTION:
;localhost.westos.org. IN A
;; ANSWER SECTION:
localhost.westos.org. 300 IN A 172.25.254.71
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed Nov 10 23:02:09 CST 2021
;; MSG SIZE rcvd: 127
[root@westos_dns named]# vim /etc/dhcp/dhcpd.conf
32 subnet 172.25.254.0 netmask 255.255.255.0 {
33 range 172.25.254.75 172.25.254.99; 将网段改成最低75
34 option routers 172.25.254.100;
35 }
[root@westos_dns named]# systemctl restart dhcpd
[root@localhost Desktop]# nmcli connection reload
[root@localhost Desktop]# nmcli connection up enp1s0
[root@localhost Desktop]# ifconfig ip变为172.25.254.75
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.75 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe64:7452 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:64:74:52 txqueuelen 1000 (Ethernet)
RX packets 130 bytes 16849 (16.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 275 bytes 30879 (30.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# dig localhost.westos.org 解析也变成了75
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> localhost.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46107
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 046703817831a617903bfdd8618be08a5af20484928bffbe (good)
;; QUESTION SECTION:
;localhost.westos.org. IN A
;; ANSWER SECTION:
localhost.westos.org. 300 IN A 172.25.254.75
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed Nov 10 23:08:59 CST 2021
;; MSG SIZE rcvd: 127
注意解析的域名必须是root@localhost 这台客户主机westos.org这个域的主机localhost