####################
####配置dns服务器
####################
服务器配置:
yum install bind -y ##安装dns服务
systemctl start named ##开启服务
netstat -antulpe | grep named ##查看端口状态
a all
n 直接使用ip地址而不使用域名
t tcp
u udp
p process
l listen
e 拓展信息
vim /etc/named.conf ##更改配置文件
********
options {
listen-on port 53 { any;}; ##开启所有端口
.
.
allow-query { any ; }; ##允许所有人访问,并且回应
forwarders { 172.25.254.250; }; ##此服务器不知道的,去询问其他dns服务器
********
firewall-cmd --list-all ##防火墙
firewall-cmd --permanent--add-service=dns
firewall-cmd --reload ##重新加载
firewall-cmd --list-all
客户端检测:
vim /etc/resolv.conf
nameserver 172.25.254.112 ##dns服务器ip
dig www.westoslinux.com
配置正向区域数据库文件(正向解析):
vim /etc/named.rfc1912.zones
********* 添加 westoslinux.com 域名
zone "westoslinux.com" IN{
type master;
file"westoslinux.com.zone";
allow-update { none; };
};
*********
cd /var/named
cp -p named.localhostwestoslinux.com.zone
vim westoslinux.com.zone
**************
$TTL 1D
@ IN SOA dns.westoslinux.com.(/dns) root.westoslinux.com.(/root) (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westoslinux.com.(/dns)
dns(/dns.westoslinux.com.) A 172.25.254.112
www(/www.westoslinux.com.) A 172.25.254.222
***************
systemctl restart named
服务端检测:
dig www.westoslinux.com
配置反向区域数据库文件(反向解析):
vim /etc/named.rfc1912.zones
********
zone"254.25.172.in-addr.arpa" IN {
type master;
file"westoslinux.com.ptr";
allow-update { none;};
};
********
cd /var/named
cp -p named.loopbackwestoslinux.com.ptr
vim westoslinux.com.ptr
**********
$TTL 1D
@ IN SOA dns.westoslinux.com.(/www) root.westoslinux.com.(/root) (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westoslinux.com.(/dns)
dns A 172.25.254.112
222 PTR www.westoslinux.com.(/www)
223 PTR www.aaaaaaaa.com.
**********
systemctl restart named
服务端检测:
dig -x 172.25.254.222
=============================
区域数据库文件通常以“授权记录(SOA)”的资源开始,用来表示某区域的授权服务器的相关参数
基本格式:
域名 IN SOA DNS主机名 管理员电子邮件地址 (
序列号
刷新时间
重新时间
过期时间
最小生存期)
=============================
DNS轮询机制:
cd /var/named
cp -p named.localhostwestoslinux.com.zone
vim westoslinux.com.zone
********
$TTL 1D
@ IN SOA dns.westoslinux.com. root.westoslinux.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westoslinux.com.
dns A 172.25.254.112
www CNAME www.a.westoslinux.com.
www.a A 172.25.254.222
www.a A 172.25.254.111
********
DNS邮件解析服务
cd /var/named
cp -p named.localhostwestoslinux.com.zone
vim westoslinux.com.zone
*******************
.
.
westoslinux.com. MX 1 172.25.254.12.
*******************
测试:
服务端:
[root@foundation12 mail]# mailroot@westoslinux.com
Subject: sdmla
dsamld
fcsnakl
nvklsa
.
EOT
[root@foundation12 mail]# mailq ##查看被退回的邮件,此处是172.25.254.12的邮件服务没开,跟DNS服务无关
-Queue ID- --Size-- ----ArrivalTime---- -Sender/Recipient-------
074FD602065B9 491 Sat Feb 25 11:45:37 root@foundation12.ilt.example.com
(connect to 172.25.254.12[172.25.254.12]:25:Connection refused)
root@westoslinux.com
-- 0 Kbytes in 1 Request.
DNS集群,辅助dns
1.主DNS配置 ip:1872.25.254.112
vim /etc/named.rfc1912.zones
*********
.
.
zone "westoslinux.com" IN{
type master;
file"westoslinux.com.zone";
allow-update { none; };
allow-transfer { 172.25.254.212;}; ##允许同步本机A记录文件的辅助主机的ip
};
.
.
*********
2.辅助DNS配置 ip:172.25.254.212
先作一遍服务器配置。
vim /etc/named.conf
********
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1;};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { any; };
forwarders {172.25.254.112;};
.
.
dnssec-validation no; ##
*********
vim /etc/named.rfc1912.zones
**********
.
.
zone "westoslinux.com" IN{
type slave; ##设定本机为辅助DNS
masters { 172.25.254.112;}; ##A记录文件同步主机ip
file"slaves/westoslinux.com.zone"; ##存放A记录文件的位置
allow-update { none; };
};
.
.
**********
3.测试
vim /etc/resolv.conf
******
.
.
nameserver 172.25.254.212
.
.
******
=============
DNS服务器自动同步更改
=============
1>DNS同步:
只在主DNS配置:
vim /etc/named.rfc1912.zones
**********
.
.
zone "westoslinux.com" IN{
type master;
file"westoslinux.com.zone";
allow-update { none; };
allow-transfer { 172.25.254.212;};
also-notify { 172.25.254.212; }; ##自动通知辅助DNS主机
};
.
.
**********
vim/var/named/westoslinux.com.zone
*********
$TTL 1D
@ IN SOA dns.westoslinux.com. root.westoslinux.com. (
2017022502 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westoslinux.com.
dns A 172.25.254.112
www CNAME www.a.westoslinux.com.
www.a A 172.25.254.22
www.a A 172.25.254.11
westoslinux.com. MX 1 172.25.254.12.
**************
当serial更改时,辅助DNS才会进行同步
2>DNS更新:
(1)主DNS指定ip的更新:
主DNS配置:
vim /etc/named.rfc1912.zones
**********
.
.
zone "westoslinux.com"IN {
type master;
file"westoslinux.com.zone";
allow-update { 172.25.254.212;}; ##允许172.25.254.212去更新westoslinux.com.zone文件
allow-transfer { 172.25.254.212;};
also-notify { 172.25.254.212;}; ##自动通知辅助DNS主机
};
.
.
**********
chmod 770 /var/named
setsebool -Pnamed_write_master_zones 1
systemctl restart named
测试:
在172.25.254.212上:(添加域名)
[root@dns-server2 ~]# nsupdate
> server 172.25.254.112
> update addhello.westoslinux.com 86400 A 172.25.254.123
> send
> quit
在DNS主机上 dig hello.westoslinux.com 看结果
如果一直 > update add hello.westoslinux.com 86400A 172.25.254.???
加ip的话,它会自动添加成轮询配置
如果向删除轮询的某个ip,执行:
[root@dns-server2 ~]# nsupdate
> server 172.25.254.112
> update deletehello.westoslinux.com 86400 A 172.25.254.123
> send
> quit
如果想删除这个域,执行:
[root@dns-server2 ~]# nsupdate
> server 172.25.254.112
> update deletehello.westoslinux.com
> send
> quit
这些更改在主DNS执行过 systemctl restartnamed 之前,
会自动保存在/var/named/westoslinux.com.zone.jnl 文件中,
在执行过 systemctl restart named 之后,
/var/named/westoslinux.com.zone.jnl中的内容会覆盖掉 /var/named/westoslinux.com.zone中的内容
(2)主DNS指定密钥的更新:
在主dns上作配置:
做这个之前先查看/var/named/ 下有没有 filename.jnl文件 如果有的话,就将这个文件以及 filename删去,
重新制作 filename,不然,带回测试时会报错: response to SOA query wasunsuccessful
1 dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos ##生成密钥
-a HMAC-MD5 密钥类型
-b 128 密钥字长
-n HOST westos 密钥名字
生成两个文件 Kwestos.+157+?????.key Kwestos.+157+?????.private
2 [root@localhost mnt]# cat Kwestos.+157+38595.key
westos. IN KEY 512 3 157rxXbnsL9Fldt6BTHJeqEgw==
3 cp -p /etc/rndc.key /etc/westos.key ##制作密钥配置文件
4 vim /etc/westos.key
[root@localhost mnt]# cat/etc/westos.key
key "westos"{ ##密钥名字
algorithmhmac-md5;
secret"rxXbnsL9Fldt6BTHJeqEgw=="; ##密钥
};
5 vim /etc/named.rfc1912.zones
--------------------
.
.
zone "westoslinux.com"IN {
type master;
file"westoslinux.com.zone";
allow-update { keywestos; }; ##允许密钥更新 (key 密钥名字)
allow-transfer {172.25.254.212;};
also-notify {172.25.254.212;};
};
.
.
---------------------
6 vim /etc/named.conf
-----------------------
.
.
include"/etc/westos.key"; ##注意不要加在大括号里
.
.
-----------------------
7 scp /mnt/Kwestos.+157+38595.* root@172.25.254.212:/mnt/ ##将密钥传给辅助dns
8 systemctl restart named
测试: 在辅助DNS上 (172.25.254.212)
添加域名:
[root@dns-server2 ~]# nsupdate -k Kwestos.+157+?????.key
> server 172.25.254.112
> update addhello.westoslinux.com 86400 A 172.25.254.123
> send
> quit
删除域名:
[root@dns-server2 ~]# nsupdate -kKwestos.+157+?????.key
> server 172.25.254.112
> update deletehello.westoslinux.com
> send
> quit
============
DDNS (花生壳)
============
通过dhcp服务去自动配置用户端的dns
1 yum install dhcpd -y
2 cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
-----------------
option domain-name"westoslinux.com";
option domain-name-servers172.25.254.112;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamicdns updates globally.
ddns-update-style interim; ##必须要打开这个
.
.
.
subnet 172.25.254.0 netmask255.255.255.0 {
range 172.25.254.102172.25.254.199;
option routers 172.25.254.250;
}
key westos {
algorithm hmac-md5;
secret"rxXbnsL9Fldt6BTHJeqEgw=="; ###与上面指定密钥更新中的密钥生成方式一样
};
zone westoslinux.com. {
primary 127.0.0.1;
key westos; ###与上面指定密钥更新中密钥文件一样
}
-------------------------
3 systemctl restart dhcpd
4 rm -fr westoslinux.com.zone
5 cp -p /mnt/westoslinux.com.zone /var/named/westoslinux.com.zone
测试端:
1 vim/etc/sysconfig/network-scripts/ifcfg-eth0
-------------
BOOTPROTO=dhcp
.
.
--------------
2 systemctl restart network
3 ifconfig
4 hostnamectl set-hostname hello.westoslinux.com
5 dig hello.westoslinux.com
redhatEL7下的dns服务搭建以及ddns配置
最新推荐文章于 2022-04-26 18:02:08 发布