作业(DNS、SSH)

1.通过dns分离技术解析www.qq.com主机ip地址,实现通过内网主机解析为内网服务主机,外网主机解析到外网主机。

服务端:

【1】挂载、关闭防火墙和selinux以及下载和开启DNS服务

[root@localhost ~]# mount /dev/sr0 /mnt
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install bind -y
[root@localhost ~]# systemctl start named

【2】更改配置自定义解析域

[root@localhost ~]# vim /etc/named.conf 
options {
        listen-on port 53 { 192.168.43.128; };
        directory       "/var/named";
        allow-query     { any; };

};
        acl"内网"{192.168.43.129; };
        acl"外网"{192.168.43.130; };
view"内网"{
        match-clients{"内网"; };
        zone "qq.com" IN {
        type master;
        file "named.qq.com";
        notify yes;
        };
};
view"外网"{
        match-clients{"外网"; };
        zone "qq.com" IN {
        type master;
        file "named.qq1.com";
        };
};

【3】正向解析文件(区域数据文件)资源记录包含的元素

[root@localhost ~]# vim /var/named/named.qq.com
$TTL 1D
@       IN      SOA  @  rname.invalid. (
                                        2021071401       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                NS      dns.qq.com.
dns     IN      A       192.168.43.128
www     IN      A       192.168.43.100
aaa     IN      A       192.168.43.88
bbb     IN      A       192.168.43.66
[root@localhost ~]# vim /var/named/named.qq1.com
$TTL 1D
@       IN      SOA     @       rname.invalid. (
                                        2021071401       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                NS      dns.qq.com.
dns     IN      A       192.168.43.128
www     IN      A       192.168.43.200
aaa     IN      A       192.168.43.188
bbb     IN      A       192.168.43.166

【4】重启DNS服务

[root@localhost ~]# systemctl restart named
客户端:

【1】挂载、关闭防火墙和selinux以及下载和开启DNS服务

[root@localhost ~]# mount /dev/sr0 /mnt
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install bind -y
[root@localhost ~]# systemctl start named

【2】绑定DNS服务器

[root@localhost ~]# nmcli connection modify ens160 ipv4.dns 192.168.43.128
[root@localhost ~]# vim /etc/resolv.conf 
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 192.168.43.128

【3】测试
192.168.43.129:
在这里插入图片描述
192.168.43.130:
在这里插入图片描述
可以看到测试结果两台不同IP地址的客户端解析的IP地址结果不一致,实验成功

2.配置A和B主机实现免密登录

【1】在A主机创建秘钥:

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Y8wufjXZnjZ4+f7vGYyPibEBHwXTBSM/dF42Cs4MYOE root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|       +o. =.+o+o|
|      o   = B.=.o|
|       E   + = . |
|       o    . .  |
|        S. +     |
|       o .* o o  |
|      . .. B + o |
|     . .. . % + o|
|      ..   = *o==|
+----[SHA256]-----+

【2】检查秘钥创建情况

[root@localhost ~]# cd /root/.ssh
[root@localhost .ssh]# ll
总用量 12
-rw-------. 1 root root 2610 717 06:37 id_rsa
-rw-r--r--. 1 root root  580 717 06:37 id_rsa.pub
-rw-r--r--. 1 root root  176 715 23:58 known_hosts

可看出已经创建成功

【3】在B主机上创建.ssh隐藏目录存放对方秘钥

[root@localhost ~]# mkdir .ssh.
[root@localhost ~]# cd .ssh
[root@localhost .ssh]# ll
总用量 0   #通过检查,该隐藏目录一开始为空

【4】传递公钥给B主机并进行改名操作

[root@localhost ~]# scp .ssh/id_rsa.pub root@192.168.43.129:/root/.ssh/authorized_keys  #改名为对方公钥默认名字authorized_keys
root@192.168.43.129's password:   #此处输入redhat(B主机root用户的密码)
id_rsa.pub                                                                    100%  580   459.9KB/s   00:00    #传输成功

【5】查看B主机.ssh隐藏目录接收秘钥后的情况

[root@localhost ~]# cd .ssh
[root@localhost .ssh]# ll
总用量 4
-rw-r--r-- 1 root root 580 717 06:46 authorized_keys

可看出秘钥已经接收成功
【6】在A主机上测试

[root@localhost ~]# ssh 192.168.43.129
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last login: Sat Jul 17 06:42:18 2021 from 192.168.43.128
[root@localhost ~]# exit
注销
Connection to 192.168.43.129 closed.
[root@localhost ~]# 

可看出已实现免密登录
【7】B主机反过来相应步骤一致,不作演示

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值