DNS 总揽
权威名称服务器
存储并提供某区域(整个 DNS 域或 DNS 域的一部分)的实际数据
权威名称服务器类型包括;
Master:包含原始区域数据。有时称作“主要”名称服务器
Slave:备份服务器,通过区域传送从 Master 服务器获得的区域数据的副本。有时称作“次要”名称服务器
非权威/递归名称服务器
客户端通过其查找来自权威名称服务器的数据。递归名称服务器的类型包括仅缓存名称服务器:仅用于查找,对于非重要数据之外的任何内容都不具有权威性
DNS 资源记录
DNS 区域采用资源记录的形式存储信息。每条资源记录均具有一个类型,表明其保留的数据类型
A:名称至 IPv4 地址
AAAA:名称至 IPv6 地址
CNAME:名称至“规范名称”(包含 A/AAAA 记录的另一个名称)
PTR:IPv4/IPv6 地址至名称
MX:用于名称的邮件交换器(向何处发送电子邮件)
NS:域名的名称服务器
SOA:“授权起始”,DNS 区域的信息(管理信息)
DNS 高速缓存
首先需要配置yum源以便下载软件
[root@dns-slave ~]# yum install bind.x86_64 下载软件
[root@dns-slave ~]# systemctl start named 打开named
[root@dns-slave ~]# systemctl enable named
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
[root@dns-slave ~]# systemctl stop firewalld 关闭防火墙
[root@dns-slave ~]# systemctl disable firewalld
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
编辑主配置文件/etc/named.conf
[root@dns-slave ~]# vim /etc/named.conf
文件内容如下:
添加网关、设置dns:
[root@dns-slave ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
GATEWAY=172.25.254.69 #文件中添加的网关
[root@dns-slave ~]# vim /etc/resolv.conf 设置所需要的dns
nameserver 192.268.43.1 #文件中添加的内容
[root@dns-slave ~]# systemctl restart named
[root@dns-slave ~]# systemctl restart network
测试端:
[root@dns-server ~]# vim /etc/resolv.conf 将需要测试的主机设置为dns
nameserver 172.25.254.169 #文件添加内容
在测试端查询域名对应ip:
可以查询到则说明DNS的高速缓存已经配置好了
DNS 正向解析
查看主配置文件所访问的子配置文件:
[root@dns-slave ~]# vim /etc/named.conf
文件内容如下:
编辑子配置文件,添加正向解析 zone 文件
[root@dns-slave ~]# vim /etc/named.rfc1912.zones
内容如下:
复制生成名为xxx.com.zone的dns资源记录文件,并编辑dns资源记录文件
[root@dns-slave ~]# cd /var/named
[root@dns-slave named]# cp -p named.localhost haha.com.zone
[root@dns-slave named]# vim haha.com.zone
文件内容如下:
注释:
@ 相当于子配置文件中“ ”中所写的值,SOA相当于授权
1D 表示数据内容自动保存一天
修改本机访问:
[root@dns-slave named]# systemctl restart named
[root@dns-slave named]# vim /etc/resolv.conf
nameserver 172.25.254.169 #文件添加内容
在本机测试:
可以查到 hello 对应的 ip 则 dns 的正向解析已完成。
DNS 轮循
编写资源记录文件:
[root@dns-slave ~]# vim /var/named/haha.com.zone
内容如下:
注释:CNAME 表示把规范名称转化为不规范名称
在本机测试:
[root@dns-slave ~]# systemctl restart named
[root@dns-slave ~]# dig www.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12458
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.haha.com. IN A
;; ANSWER SECTION:
www.haha.com. 86400 IN CNAME node1.haha.com.
node1.haha.com. 86400 IN A 172.25.254.110 #第一次查询的IP为172.25.254.110在上面
node1.haha.com. 86400 IN A 172.25.254.120
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.254.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 08:19:15 EDT 2018
;; MSG SIZE rcvd: 127
[root@dns-slave ~]# dig www.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36775
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.haha.com. IN A
;; ANSWER SECTION:
www.haha.com. 86400 IN CNAME node1.haha.com.
node1.haha.com. 86400 IN A 172.25.254.120 #第二次查询的IP为172.25.254.120在上面
node1.haha.com. 86400 IN A 172.25.254.110
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.254.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 08:21:56 EDT 2018
;; MSG SIZE rcvd: 127
测试中查询的ip是有所变化的,说明了dns的轮循
DNS 反向解析
编辑子配置文件,添加反向解析文件
[root@dns-slave ~]# cd /var/named
[root@dns-slave named]# vim /etc/named.rfc1912.zones
内容如下:
复制生成名为haha.com.ptr的dns资源记录文件,编辑dns资源记录文件
[root@dns-slave named]# ls #查看named下的文件
data haha.com.zone named.empty named.loopback
dynamic named.ca named.localhost slaves
[root@dns-slave named]# cp -p named.loopback haha.com.ptr
[root@dns-slave named]# ls
data haha.com.ptr named.ca named.localhost slaves
dynamic haha.com.zone named.empty named.loopback
[root@dns-slave named]# vim haha.com.ptr
资源记录文件内容如下:
在本机测试:
[root@dns-slave named]# systemctl restart named #重启
[root@dns-slave named]# dig -x 172.25.254.210 #查看ip为172.25.254.210的域名
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.210
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15049
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;210.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
210.254.25.172.in-addr.arpa. 86400 IN PTR xixi.haha.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.254.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 08:30:11 EDT 2018
;; MSG SIZE rcvd: 117
可以查看到对应域名,则dns的反向解析已完成。
DNS 双向解析
不改变权限复制生成dns资源记录的 .inter 文件,并修改文件里面IP的网络位,以便之后的测试
[root@dns-slave ~]# cd /var/named
[root@dns-slave named]# cp -p haha.com.zone haha.com.inter
[root@dns-slave named]# ls
data haha.com.inter haha.com.zone named.empty named.loopback
dynamic haha.com.ptr named.ca named.localhost slaves
[root@dns-slave named]# vim haha.com.inter
修改内容如下:
不改变权限复制生成子配置文件,并编辑文件内容,添加双向解析文件
[root@dns-slave named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
[root@dns-slave named]# vim /etc/named.rfc1912.inter
内容如下:
修改配置文件,编写添加本地访问和其他访问的双向解析文件
[root@dns-slave named]# vim /etc/named.conf
内容如下:
添加本地访问,并进行测试:
[root@dns-slave named]# systemctl restart named
[root@dns-slave named]# vim /etc/resolv.conf
nameserver 172.25.254.169 #添加内容
[root@dns-slave named]# dig www.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46457
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.haha.com. IN A
;; ANSWER SECTION:
www.haha.com. 86400 IN CNAME node1.haha.com.
node1.haha.com. 86400 IN A 172.25.254.110
node1.haha.com. 86400 IN A 172.25.254.120
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.254.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 08:51:28 EDT 2018
;; MSG SIZE rcvd: 127
在其他主机测试:
[root@dns-server ~]# vim /etc/resolv.conf
nameserver 172.25.254.169 #文件添加内容
[root@dns-server ~]# dig www.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24389
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.haha.com. IN A
;; ANSWER SECTION:
www.haha.com. 86400 IN CNAME node1.haha.com.
node1.haha.com. 86400 IN A 122.22.0.110
node1.haha.com. 86400 IN A 122.22.0.120
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 122.22.0.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 08:52:36 EDT 2018
;; MSG SIZE rcvd: 127
在本机和其他主机测试到的域名所对应IP不同,则说明dns正向解析已完成。
dns的集群
主机1:
编写配置文件,将双向解析注释掉
[root@dns-slave ~]# vim /etc/named.conf
内容如下:
在子配置文件中添加同步ip
[root@dns-slave ~]# vim /etc/named.rfc1912.zones
文件内容如下:
[root@dns-slave ~]# systemctl restart named
主机2(是主机1同步dns资源的客户端):
编辑添加dns资源记录
[root@dns-server ~]# vim /etc/named.rfc1912.zones
内容如下:
修改主配置文件
[root@dns-server ~]# vim /etc/named.conf
文件内容如下:
[root@dns-server ~]# systemctl restart named
测试(查看主机2是否可以在主机1缓存):
在主机1测试:
编写dns资源记录
[root@dns-slave ~]# vim /var/named/haha.com.zone
内容如下:
[root@dns-slave ~]# dig www.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25554
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.haha.com. IN A
;; ANSWER SECTION:
www.haha.com. 86400 IN CNAME node1.haha.com.
node1.haha.com. 86400 IN A 172.25.254.110
node1.haha.com. 86400 IN A 172.25.254.120
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.254.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 10:43:26 EDT 2018
;; MSG SIZE rcvd: 127
在主机2测试:
[root@dns-server ~]# dig www.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57347
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.haha.com. IN A
;; ANSWER SECTION:
www.haha.com. 86400 IN CNAME node1.haha.com.
node1.haha.com. 86400 IN A 172.25.254.110
node1.haha.com. 86400 IN A 172.25.254.120
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.254.111
;; Query time: 1 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 10:44:21 EDT 2018
;; MSG SIZE rcvd: 127
查看对应ip,和主机1中的一样,说明是在主机1的资源记录文件中缓存的
测试(查看dns是否会同步):
在主机1测试:
修改dns资源记录
[root@dns-slave ~]# vim /var/named/haha.com.zone
内容如下:
查看是否修改:
[root@dns-slave ~]# systemctl restart named
[root@dns-slave ~]# dig www.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62401
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.haha.com. IN A
;; ANSWER SECTION:
www.haha.com. 86400 IN CNAME node1.haha.com.
node1.haha.com. 86400 IN A 172.25.250.110
node1.haha.com. 86400 IN A 172.25.250.120
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.250.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 10:48:31 EDT 2018
;; MSG SIZE rcvd: 127
在主机2测试:
查看是否同步:
[root@dns-server ~]# dig www.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34539
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.haha.com. IN A
;; ANSWER SECTION:
www.haha.com. 86400 IN CNAME node1.haha.com.
node1.haha.com. 86400 IN A 172.25.250.120
node1.haha.com. 86400 IN A 172.25.250.110
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.250.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 10:49:27 EDT 2018
;; MSG SIZE rcvd: 127
两个主机查询ip相同表示dns是同步的
DNS 的更新
用 ip 的方式更新dns
主机1:
编写dns可更新:
[root@dns-slave ~]# cd /var/named
[root@dns-slave named]# ls
data haha.com.inter haha.com.zone named.empty named.loopback
dynamic haha.com.ptr named.ca named.localhost slaves
[root@dns-slave named]# cp -p haha.com.zone /mnt/ #备份haha.com.zone
[root@dns-slave named]# vim /etc/named.rfc1912.zones
文件内容如下:
[root@dns-slave named]# systemctl restart named
在主机3对dns进行更新:
[kiosk@foundation69 Desktop]$ nsupdate
> server 172.25.254.169
> update add hihi.haha.com 86400 A 172.25.254.100
> send
update failed: SERVFAIL #提醒更新失败,可能是对文件没有写入权限
> quit
在主机2:
[root@dns-slave named]# ll -d /var/named/ #查看权限
drwxr-x--- 5 root named 4096 May 22 10:48 /var/named/
[root@dns-slave named]# chmod 775 /var/named/ #修改权限
在主机3对dns更新:
[kiosk@foundation69 Desktop]$ nsupdate
> server 172.25.254.169
> update add hihi.haha.com 86400 A 172.25.254.100
> send
> quit
在主机2测试是否dns更新:
[root@dns-slave named]# systemctl restart named #在更新后必须重启,否则查看不到更新内容
[root@dns-slave named]# dig hihi.haha.com #查看有更新的ip
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hihi.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16914
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hihi.haha.com. IN A
;; ANSWER SECTION:
hihi.haha.com. 86400 IN A 172.25.254.100
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.250.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 11:06:33 EDT 2018
;; MSG SIZE rcvd: 92
[root@dns-slave named]# cat haha.com.zone #查看dns资源记录文件已被更新
$ORIGIN .
$ORIGIN .
$TTL 86400 ; 1 day
haha.com IN SOA dns.haha.com. ying.haha.com. (
2018052202 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.haha.com.
$ORIGIN haha.com.
dns A 172.25.250.111
hello A 172.25.250.222
hihi A 172.25.254.100
node1 A 172.25.250.110
A 172.25.250.120
www CNAME node1
在主机3删除dns的A记录:
[kiosk@foundation69 Desktop]$ nsupdate
> server 172.25.254.169
> update delete hihi.haha.com
> send
> quit
在主机2测试是否被删除:
[root@dns-slave named]# systemctl restart named
[root@dns-slave named]# cat haha.com.zone #查看到资源记录文件中的dns的A记录被删除
$ORIGIN .
$TTL 86400 ; 1 day
haha.com IN SOA dns.haha.com. ying.haha.com. (
2018052203 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.haha.com.
$ORIGIN haha.com.
dns A 172.25.250.111
hello A 172.25.250.222
node1 A 172.25.250.110
A 172.25.250.120
www CNAME node1
用加密的方式进行更新
首先需要删除用ip进行更新的文件/var/named/haha.com.zone* ,因为两个方式会有冲突。
在主机1:
生成秘钥,并编写dns加密文件
注释:dnssec-keygen --help //查看加密方式
-a //加密类型
-b //加密字节
-n //名称类型
[root@dns-slave ~]# cd /mnt/
[root@dns-slave mnt]# dnssec-keygen -a HMAC-MD5 -b 100 -n HOST haha
Khaha.+157+26166 #生成dns秘钥
[root@dns-slave mnt]# ls
haha.com.zone Khaha.+157+26166.key Khaha.+157+26166.private
[root@dns-slave mnt]# cp -p /etc/rndc.key /etc/haha.key #将dns加密文件复制到新的文件里
[root@dns-slave mnt]# cat Khaha.+157+26166.key
haha. IN KEY 512 3 157 n8ROI3yi+4kIndHnIA==
[root@dns-slave mnt]# vim /etc/haha.key #编写密钥文件
内容如下:
编辑配置文件,添加访问秘钥文件
[root@dns-slave mnt]# vim /etc/named.conf
内容如下:
编写子配置文件,添加以加密方式更新dns的内容
[root@dns-slave mnt]# vim /etc/named.rfc1912.zones
内容如下:
[root@dns-slave mnt]# systemctl restart named
更改成加密方式更新dns后,在主机3测试是不能用IP方式更新
[kiosk@foundation69 Desktop]$ nsupdate
> server 172.25.254.169
> update add lala.haha.com 86400 A 172.25.254.123
> send
update failed: REFUSED #提示不能以IP方式更新
> quit
在主机2:
[root@dns-slave mnt]# scp Khaha.+157+26166.* root@172.25.254.196:/mnt/ #将秘钥传给主机2,在主机2上面测试以加密方式更新dns
The authenticity of host '172.25.254.196 (172.25.254.196)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.196' (ECDSA) to the list of known hosts.
root@172.25.254.196's password:
Khaha.+157+26166.key 100% 44 0.0KB/s 00:00
Khaha.+157+26166.private 100% 161 0.2KB/s 00:00
在主机2:
[root@dns-server ~]# cd /mnt/
[root@dns-server mnt]# ls #查看秘钥文件
Khaha.+157+26166.key Khaha.+157+26166.private
[root@dns-server mnt]# nsupdate -k Khaha.+157+26166.private #以加密方式进行更新
> server 172.25.254.169
> update add lala.haha.com 86400 A 172.25.254.123
> send
> quit
在主机2则可以查看到秘钥更新的dns资源记录,如下所示:
[root@dns-slave mnt]# dig lala.haha.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> lala.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16850
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lala.haha.com. IN A
;; ANSWER SECTION:
lala.haha.com. 86400 IN A 172.25.254.123
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.250.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 11:26:34 EDT 2018
;; MSG SIZE rcvd: 92
DDNS 智能解析
dns要记录多个主机的ip,而主机的ip是通过dhcpd服务自动获取的,在dns设置时无法得知主机具体ip,而ddns就是ip地址发生变化时实现dns映射信息的及时更新,具体是ddns捕获用户每次变化的ip地址,然后将其与域名相对应,这样其他上网用户就可以通过域名来进行交流,客户只需要记住给予的域名即可
在主机2:
修改主机名,设置动态获取ip
[root@dns-server Desktop]# hostnamectl set-hostname linux.haha.com
[root@dns-server Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@dns-server Desktop]# systemctl restart network
[root@dns-server Desktop]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::5054:ff:fe00:450b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:45:0b txqueuelen 1000 (Ethernet)
RX packets 1888 bytes 8297823 (7.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4008 bytes 279529 (272.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:3b:61:01 txqueuelen 1000 (Ethernet)
RX packets 2755 bytes 123741 (120.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 1720 bytes 151578 (148.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1720 bytes 151578 (148.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在主机1:
ddns配置时需要生成dns的加密文件,并指定dns读取key文件,和指定域能够被keydns更新
下载dhcp,并编写dhcp配置文件,编写dhcp可以通过加密方式更新dns:
用man dhcpd.conf查看编写内容及规则
[root@dns-slave ~]# yum install dhcp #下载dhcp
[root@dns-slave ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf #复制文件
[root@dns-slave ~]# vim /etc/dhcp/dhcpd.conf
文件内容如下:
[root@dns-slave ~]# systemctl restart dhcpd
在主机2:
[root@dns-server Desktop]# systemctl restart network
[root@dns-server Desktop]# ifconfig #查看IP,是在主机1获取的
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:450b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:45:0b txqueuelen 1000 (Ethernet)
RX packets 1941 bytes 8302808 (7.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4443 bytes 316188 (308.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@dns-server Desktop]# dig linux.haha.com #查看测试主机ip的主机名
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> linux.haha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64536
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;linux.haha.com. IN A
;; ANSWER SECTION:
linux.haha.com. 300 IN A 172.25.254.10
;; AUTHORITY SECTION:
haha.com. 86400 IN NS dns.haha.com.
;; ADDITIONAL SECTION:
dns.haha.com. 86400 IN A 172.25.250.111
;; Query time: 0 msec
;; SERVER: 172.25.254.169#53(172.25.254.169)
;; WHEN: Tue May 22 12:02:27 EDT 2018
;; MSG SIZE rcvd: 93
可以查看到测试主机ip的主机名,则完成dhcpd对dns服务数据的同步,即完成了ddns智能分析
注意:
当执行 systemctl restart named 提示失败时
首先 > /var/messages 清空日志
然后 systemctl restart named 重启产生日志
cat var/messages 查看日志里面的报错对配置文件进行更改,则可以重启
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
