DNS
DNS简介
- DNS(Domin Name System),由解析器和域名服务器组成。
- 域名服务器保存该网络中所有的主机的域名和相对应的IP地址 ,并且将域名转换成IP的功能。
- 将域名映射为IP成为域名解析。
- DNS服务器在域名解析过程中的查询顺序:本地缓存、区域记录、转发域名服务器、根域名服务器。
DNS相关概念
- www.baidu.com. # 最后一个点就是根域,通常大家都会忽略
正向解析
- 服务端:
-
yum install bind -y ##下载相关软件包
systemctl enable named ##开机使能
systemctl start named ##启用
firewall-cmd --list-all ##列出正在启用的
firewall-cmd --permanent -add-service=dns##永久性
netstat -antulpe |grep named ##列出含有named 的
rpm -qc bind ##查源包
vim /etc/named.conf ##编辑named的配置文件
-
修改如下:
10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };
31 dnssec-enable yes;
32 dnssec-validation no;
33 dnssec-lookaside auto;
- 客户端
-
vim /etc/resov.conf
添加如下:
nameserver 服务端ip
服务端:
vim /etc/vim /etc/named.rfc1912.zones
zone "liu.com" IN {
26 type master;
27 file "liu.com.zone";
28 allow-update { none; };
29 };
cd /var/named
cp -p named.localhost liu.com.zone
1 $TTL 1D
2 @ IN SOA dns.liu.com. root.liu.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.liu.com.
9 dns A 172.25.254.105
10 www A 172.25.254.104
-
双向解析
- 服务端:
-
cp -p /etc/named.rfc1912.zones /etc/named.rfc19212.zones.inter
vim /etc/named.rfc19212.zones.inter
25 zone "liu.com" IN {
26 type master;
27 file "liu.com.inter";
28 allow-update { none; };
29 };
cp -p /var/named/liu.com.zone /var/named/liu.com.ptr
1 $TTL 1D
2 @ IN SOA dns.liu.com. root.liu.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.liu.com.
9 dns A 172.25.0.105
10 www A 172.25.0.104
11 bili CNAME www.liu.com.
12 liu.com. MX 1 172.25.0.105.
vim /etc/named.conf
50 /*
51 zone "." IN {
52 type hint;
53 file "named.ca";
54 };
55
56 include "/etc/named.rfc1912.zones";
57 include "/etc/named.root.key";
58 */
60 view localnet{
61 match-clients {172.25.254.105;};
62 zone "." IN {
63 type hint;
64 file "named.ca";
65 };
66 include "/etc/named.rfc1912.zones";
67 };
68 view internet{
69 match-clients {any;};
70 zone "." IN{
71 type hint;
72 file "named.ca";
73 };
74 include "/etc/named.rfc1912.zones.inter";
75 };
systemctl restart named
主从DNS
-
vim /etc/yum.repos.d/rhe...
http://172.25.254.250/rhel7
yum clean all
server:
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
vim /etc/named.rfc1912.zones
25 zone "liu.com" IN {
26 type master;
27 file "liu.com.zone";
28 allow-update { none; };
29 allow-transfer { 172.25.254.205; };
30 also-notify {172.25.254.205;};
vim /var/named/liu.com.zone
1 $TTL 1D
2 @ IN SOA dns.liu.com. root.liu.com. (
3 2016112602 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.liu.com.
9 dns A 172.25.254.105
10 www A 172.25.254.102
client:
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;
vim /etc/named.rfc1912.zones
25 zone "liu.com" IN {
26 type slave;
27 masters { 172.25.254.105; };
28 file "slaves/liu.com.zone";
vim /etc/resolv.conf
nameserver 172.25.254.105
- 2.
-
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
cp -p /etc/
vim /etc/named.conf
include "/etc/liu.key";
setenforce 0
-
[root@server5 ~]# cat /etc/dhcp/dhcpd.conf
# dhcpd.conf
# #
# # Sample configuration file for ISC dhcpd
# #
#
# # option definitions common to all supported networks...
# option domain-name "liu.com";
# option domain-name-servers 172.25.254.105;
# max-lease-time 7200;
# default-lease-time 600;
# key liu {
# algorithm hmac-md5;
# secret zYrB7Z5Zo/0=;
# };
# zone liu.com. {
# primary 127.0.0.1;
# key liu;
# }
#
## Use this to enble / disable dynamic dns updates globally.
#ddns-update-style interim;
#
## If this DHCP server is the official DHCP server for the local
## network, the authoritative directive should be uncommented.
##authoritative;
#
## Use this to send dhcp log messages to a different log file (you also
## have to hack syslog.conf to complete the redirection).
#log-facility local7;
#
## No service will be given on this subnet, but declaring it helps the
## DHCP server to understand the network topology.
## This is a very basic subnet declaration.
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.71 172.25.254.75;
option routers 172.25.254.105;
}
扫一扫
1054
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
