1.yum install bind -y
2.firewall-cmd –permanent –add-service=dns
firewall-cmd –reload ——防火墙开启dns
3.vim /etc/named.conf
options {
listen-on port 53 { any; }; ###开启53端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; ###任何主机都可访问
4.vim /etc/resolv.conf
nameserver 自己的IP
正向解析
vim /etc/named.rfc1912.zones
zone "ppp.com" IN { (指定本地域)
type master;
file "ppp.com.zone";
allow-update { none; };
};
cp -p named.localhost ppp.com.zone
vim ppp.com.zone
$TTL 1D
@ IN SOA dns.ppp.com. root.ppp.com. (
0 ; serial (序列号)
1D ; refresh (1小时更新)
1H ; retry (1小时重试)
1W ; expire (1周)
3H ) ; minimum (1天)
NS dns.ppp.com.
bbs CNAME news.ppp.com.
dns A 172.25.254.100
www A 172.25.254.123
news A 172.25.254.66
news A 172.25.254.77
SOA:起始授权记录(Start Of Authority ),定义数据文件是为哪个区域说明:TTL是某个解析记录保存在DNS服务器上面的有效时长,可以省略。如果每个资源记录的TTL一样,可以在该文件中的最前面这样声明即可:TTL 600
切记SOA记录必须是文件中的第一个资源记录条目,可以出现在正解和反解区域文件中这里的邮件地址不能使用@符号,@符号在这里表示为域名。因此邮一般这样写:
www.ppp.com.
A:Address,A记录是定义某个主机(FQDN)到ipv4的过程
AAAA:这个也是A记录,不过定义的是FQDN到ipv6的过程
MX:Mail eXchanger,这是邮件资源记录。由于邮件服务器可能有多个,因此我们使用优先级pri来判断优先选择使用哪个邮件服务器。优先级pri范围是0-99,数字越小越优先
CNAME:改变名称,一般之出现在正解区域文件中
PTR:domain name pointer ,这是一个反向解析的资源记录,只能出现在反解区域文件中。
systemctl restart named
逆向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN { (指定反向域)
type master;
file "ppp.com.ptr";
allow-update { none; };
};
cp -p named.loopback ppp.com.ptr
vim ppp.com.ptr
$TTL 1D
@ IN SOA dns.ppp.com. root.ppp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.ppp.com.
dns A 172.25.254.100
101 PTR hhh.westos.com.
102 PTR bbb.westos.com.
systemctl restart named
dig -x 172.25.254.101
DNS分配
vim /etc/named.conf
view one {
match-clients { 172.25.254.38; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view other {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1911.zones";
};
/*
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/
cp /etc/named.rfc1912.zones /etc/named.rfc1911.zones -p
vim /etc/named.rfc1911.zones
zone "ppp.com" IN {
type master;
file "ppp.com.inter";
allow-update { none; };
};
cp ppp.com.zone ppp.com.inter -p
vim ppp.com.inter
$TTL 1D
@ IN SOA dns.ppp.com. root.ppp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.ppp.com.
bbs CNAME news.ppp.com.
dns A 6.6.6.100
www A 6.6.6.123
news A 6.6.6.66
news A 6.6.6.77
systemctl restart named
用不同的主机进行测试
刚刚说个区域分为正解和反解区域。这只不过是从查询角度来说的,如果从传输数据的角度来划分,那么区域类型可以这么划分:
主区域:Master,定义主服务器的区域
从区域:Slave,定义从服务器的区域
提示区域:hint,定义根域DNS服务器的区域
转发区域:forword,定义转发到某个DNS服务器的区域
如果访问人数过多,怎么办呢?
再开一台虚拟机(172.25.254.238)做负载均衡
vim /etc/named.rfc1912.zones
zone "ppp.com" IN {
type slave;
masters { 172.25.254.138; };
file "slaves/ppp.com.zone";
allow-update { none; };
};
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
systemctl restart named
dig www.ppp.com
若要修改dns怎么同步呢?
关闭selinux
1.rm -fr slaves/*
systemctl restart named
就可以了
2.vim /etc/named.rfc1911.zones
zone "ppp.com" IN {
type master;
file "ppp.com.inter";
allow-update { none; };
also-notify{ 172.25.254.238; };
};
vim /var/named/ppp.com.inter
2 ; serial
再修改dns
systemctl restart named
通过dhcp动态分配dns(花生壳)
dns key 更新
@1@
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST ppp ##生成密匙
[root@dns-server ~]# cat Kppp.+157+56099.key
ppp. IN KEY 512 3 157 s+H6JDPUEoAboSbwBQyZjg==
@2@
cp /etc/rndc.key /etc/ppp.key -p ##生成dns的加密文件
vim /etc/ppp.key
key "ppp" { ##key名称
algorithm hmac-md5;
secret "s+H6JDPUEoAboSbwBQyZjg=="; ##key的加密字符
};
@3@
vim /etc/named.conf
43 include "/etc/ppp.key"; ##指定dns服务读取的key文件
cp /etc/named.rfc1912.zones /etc/named.rfc1913.zones -p
vim /etc/named.rfc1913.zones
zone "ppp.com" IN {
type master;
file "ppp.com.inter";
allow-update { key ppp; }; ##指定ppp域可以被pppkey 更新
also-notify{ 172.25.254.238; };
};
@4@
scp Kppp.+157+56099.* root@172.25.254.238:/mnt #拷贝公钥和私钥
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
更新(dns2)
nsupdate -k Kppp.+157+56099.private
>server (dns1的IP)
>update add music.ppp.com 86400 A 172.24.254.230
>send
>quit
添加dns,dig可以查看
!!!一定要关闭selinux
dhcpd 配置
dns1:
yum install dhcp -y
cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "ppp.com";
option domain-name-servers 172.25.254.138;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.140 172.25.254.160;
option routers 172.25.254.138;
}
key "ppp" {
algorithm hmac-md5;
secret "s+H6JDPUEoAboSbwBQyZjg==";
};
zone ppp.com.{
primary 127.0.0.1;
key ppp;
}
systemctl restart dhcpd
测试
设定一台主机网络的工作方式为dhcp
设定这台主机的主机名music.ppp.com,这个名称在原有的dns服务中是没有解析的
重启网络看ip 和主机名称的解析