DNS
权威名称服务器
存储并提供某区域 (整个 DNS 域或 DNS 域的一部分) 的实际数据。
权威名称服务器的类型包括
Master : 包含原始区域数据。有时称作 “主要” 名称服务器
Slave : 备份服务器 , 通过区域传送从 Master 服务器获得的区域数据的副本。有时称作 “次要” 名称服务器
非权威 / 递归名称服务器
– 客户端通过其查找来自权威名称服务器的数据。递归名称服务器的类型包括
存名称服务器 : 仅用于查找 , 对于非重要数据之外的任何内容都不具有权威性
DNS 查找
客户端上的 Stub 解析器 将查询发送至 /etc/resolv.conf 中的名称服务器, 如果名称服务器对于请求的信息具有权威性 , 会将权威答案发送至客户端, 否则 , 如果名称服务器在其缓存中有请求的信息 , 则会将非权威答案发送至客户端, 如果缓存中没有信息 , 名称服务器将搜索权威名称服务器以查找信息 , 从根区域开始 , 按照 DNS 层次结构向下搜索, 直至对于信息有具有权威性的名称服务器 , 以此为客户端获得答案。在此情况中, 名称服务器将信息传递至客户端并在自己的缓存中保留一个副本 , 以备以后查找。
DNS 资源记录
• DNS 区域采用资源记录的形式存储信息。每条资源记录均具有一个类型 , 表明其保留的数据类型。
– A : 名称至 IPv4 地址
– AAAA : 名称至 IPv6 地址
– CNAME : 名称至 ” 规范名称 “(包含 A/AAAA 记录的另一个名称)
– PTR : IPv4/IPv6 地址至名称
– MX : 用于名称的邮件交换器 (向何处发送其电子邮件)
– NS : 域名的名称服务器
– SOA :” 授权起始 “, DNS 区域的信息 ( 管理信息)
DNS 排错
• 它显示来自 DNS 查找的详细信息 , 其中包括为什么查询失败 :
– NOERROR : 查询成功
– NXDOMAIN : DNS 服务器提示不存在这样的名称
– SERVFAIL : DNS 服务器停机或 DNSSEC 响应验证失败
– REFUSED : DNS 服务器拒绝回答 (也许是出于访问控制原因)
dig 输出的部分内容
• 标题指出关于查询和答案的信息 , 其中包括响应状态和设置的任何特殊标记 (aa 表示权威答案 , 等等)
– QUESTION : 提出实际的 DNS 查询
– ANSWER : 响应 (如果有)
– AUTHORITY : 负责域 / 区域的名称服务器
– ADDITIONAL : 提供的其他信息 , 通常是关于名称服务器
– 底部的注释指出发送查询的递归名称服务器以及获得响应所花费的时间
缓存 DNS 服务器
BIND 是最广泛使用的开源名称服务器,在 RHEL 中 , 通过 bind 软件包提供防火墙开启端口 53/TCP 和 53/UDP。BIND 的主配置文件是 /etc/named.conf 。/var/named 目录包含名称服务器所使用的其他数据文件
/etc/named.conf 的语法
• // 或 # 至行末尾是注释 ; /* 与 */ 之间的文本也是注释 (可以跨越多行)
• 指令以分号结束 (;)
• 许多指令认为地址匹配列表放在大括号中、以 CIDR 表示法表示的 IP 地址或子网列表中 , 或者命名的 ACL 中 (例如 any; [ 所有主机] 和 none; [无主机] )。
• 文件以 options 块开始 , 其中包含控制 named 如何运作的指令。
• zone 块控制 named 如何查对于其具有权威性的根名称服务器和区域。
一些重要的 options 指令
isten-on 控制 named 侦听的 IPv4 地址
listen-on-v6 控制 named 侦听的 IPv6 地址
allow-query 控制哪些客户端可以向 DNS 服务器询问信息
forwarders 包含 DNS 查询将转发至的名称服务器的列表
( 而不是直接联系外部名称服务器 ; 在设有防火 墙的情况中
很有用 )
• 所有这些指令会将打括号中以分号分隔的元素视为地址匹配
列表 . 如
– listen-on {any;};
– allow-query {127.0.0.1; 10.0.0.0/8};
- 配置名称服务器
• 安装 bind 软件包
– yum install -y bind
• vim /etc/named.conf
listen-on port 53 {any;};
listen-on-v6 port 53 {any;};
allow-query {any;};
forwarders {172.25.254.254;};
• 启动并启用 DNS 服务器
• systemctl start named
• systemctl enable named #开机自动启动
• 从 desktopX 进行测试
– dig www.baidu.com
[root@localhost ~]# hostnamectl set-hostname dns-server.example.com
[root@localhost ~]# hostname
dns-server.example.com
[root@dns-server ~]# yum install bind -y
[root@dns-server ~]# systemctl stop firewalld.service
[root@dns-server ~]# vim /etc/named.conf
1. 10 options {
11 listen-on port 53 {any;}; 修改 接口全部打开
12 listen-on-v6 port 53 {::1;};
13 directory “/var/named”;
14 dump-file “/var/named/data/cache_dump.db”;
15 statistics-file “/var/named/data/named_stats.txt”;
16 memstatistics-file “/var/named/data/named_mem_stats.txt”;
17 allow-query {any;}; 修改 接口对所有人开放
18 forwarders {114.114.114.114;}; 添加 (找不到就去问114)
32 dnssec-enable yes;
33 dnssec-validation no; 修改
34 dnssec-lookaside auto;
[root@dns-server ~]# systemctl restart named 需要敲键盘 因为第一次启动没有key文件
[root@dns-server ~]# netstat -antlpe | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 78526 2931/named
tcp 0 0 172.25.254.163:53 0.0.0.0:* LISTEN 25 78521 2931/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 78519 2931/named
tcp6 0 0 ::1:953 :::* LISTEN 25 78527 2931/named
tcp6 0 0 ::1:53 :::* LISTEN 25 78523 2931/named
[root@dns-server ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8478
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1073 IN CNAME www.a.shifen.com.
www.a.shifen.com. 178 IN A 220.181.111.188
www.a.shifen.com. 178 IN A 220.181.112.244
;; AUTHORITY SECTION:
a.shifen.com. 1078 IN NS ns4.a.shifen.com.
a.shifen.com. 1078 IN NS ns3.a.shifen.com.
a.shifen.com. 1078 IN NS ns2.a.shifen.com.
a.shifen.com. 1078 IN NS ns1.a.shifen.com.
a.shifen.com. 1078 IN NS ns5.a.shifen.com.
;; Query time: 4 msec
;; SERVER: 192.168.199.1#53(192.168.199.1)
;; WHEN: Wed May 23 11:22:07 CST 2018
;; MSG SIZE rcvd: 191
/etc/resolv.conf 是 DNS 客户机配置文件,用于设置 DNS 服务器的 IP 地址及 DNS 域名,还包含了主机的域名搜索顺序。
该文件是由域名解析 器(resolver,一个根据主机名解析 IP 地址的库)使用的配置文件。它的格式很简单,每行以一个关键字开头,后接一个或多个由空格隔开的参数
在另一台主机上
高速缓存DNS
[root@localhost ~]# vim /etc/resolv.conf
# Generated by NetworkManager
domain example.com
search example.com
nameserver 114.114.114.114
nameserver 172.25.254.163 指向缓存,实现高速缓存目的
[root@localhost ~]# dig www.baidu.com
配置DNS正向解析
[root@dns-server ~]# vim /etc/named.conf 打开主配置文件删除 forwarders { 114.114.114.114; };
10 options {
11 listen-on port 53 {any;};
12 listen-on-v6 port 53 {::1;};
13 directory “/var/named”;
14 dump-file “/var/named/data/cache_dump.db”;
15 statistics-file “/var/named/data/named_stats.txt”;
16 memstatistics-file “/var/named/data/named_mem_stats.txt”;
17 allow-query {any;};
[root@dns-server ~]# systemctl restart named
[root@dns-server ~]# vim /etc/named.rfc1912.zones
添加这段代码
13 zone “westos.com” IN {
14 type master;
15 file “westos.com.zone”;
16 allow-update {none;};
17 };
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# cp -p named.localhost westos.com.zone
[root@dns-server named]# vim westos.com.zone 写的时候注意.com后有.
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.101
www A 172.25.254.111
[root@server named]# systemctl restart named
[root@server named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30044
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.101
;; Query time: 1 msec
;; SERVER: 172.25.254.163#53(172.25.254.163)
;; WHEN: Tue May 22 23:44:47 EDT 2018
;; MSG SIZE rcvd: 93
dns反向解析
从主机名查询到 IP 和方式,称为:正解;
从 IP 反解析到主机名的方式,称为:反解;
不管是正解还是反解,每个领域的记录就是一个 zone(区域)
[root@localhost ~]# vim /etc/named.rfc1912.zones
36 zone "1.0.0.127.in-addr.arpa" IN {
37 type master;
38 file "named.loopback";
39 allow-update { none; };
40 };
41
42 zone "0.in-addr.arpa" IN {
43 type master;
44 file "named.empty";
45 allow-update { none; };
46 };
47
48 zone "254.25.172.in-addr.arpa" IN {
49 type master;
50 file "westos.com.ptr";
51 allow-update { none; };
52 };
53
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.com.zone
[root@localhost named]# cp -p named.loopback westos.com.ptr
[root@localhost named]# vim westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. hehe.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.100
111 PTR www.westos.com.
222 PTR hello.westos.com.
[root@dns-server named]# dig -x 172.25.254.100
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51693
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;100.254.25.172.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 10800 IN SOA dns.westos.com. hehe.westos.com. 0 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.25.254.163#53(172.25.254.163)
;; WHEN: Wed May 23 00:11:35 EDT 2018
;; MSG SIZE rcvd: 111
DNS双向解析
[root@dns-server ~]# vim /etc/named.conf
/*
zone "." IN { 将前面zone开头的注释掉
type hint;
file "named.ca";
};
*/
view localnet {
match-clients{172.25.254.163;}; 添加内网
zone"." IN{
type hint;
file"named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view any {
match-clients{any;}; 其他的为外网
zone"." IN{
type hint;
file"named.ca";
};
include "/etc/named.rfc1912.zones.inter";
include "/etc/named.root.key";
};
[root@dns-server ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
[root@dns-server ~]# vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN { 更改为这样
type master;
file "westos.com.inter";
allow-update { none; };
};
[root@dns-server named]# cp -p named.localhost westos.com.inter
[root@dns-server named]# vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 1.1.1.1
www A 172.25.254.163
[root@dns-server named]# systemctl restart named
本机dig 内网
[root@dns-server named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52937
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.101
;; Query time: 1 msec
;; SERVER: 172.25.254.163#53(172.25.254.163)
;; WHEN: Wed May 23 01:18:51 EDT 2018
;; MSG SIZE rcvd: 93
其他dig
[root@localhost ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52293
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.163
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 1.1.1.1
;; Query time: 1 msec
;; SERVER: 172.25.254.163#53(172.25.254.163)
;; WHEN: Wed May 23 01:19:56 EDT 2018
;; MSG SIZE rcvd: 93
即实现了内网主机和外网主机访问同一网站域名,却会定义到不同服务器的效果。
主从dns的配置(dns集群)
辅助dns可以缓解主dns的压力,当外网主机访问主dns所维护的域名时,都可以看到域名针对外网解析的ip。
[root@dns-server named]# vim /etc/named.rfc1912.zones.inter
此实验针对的是域名所解析的外网ip,所以要配置记录外网域名解析的子配置文件。
做以下修改:
zone "westos.com" IN {
type master;
file "westos.com.inter";westos.com.inter对外网用户所制定的域名解析文件
allow-update { none; };
also-notify{172.25.254.236;}; 指定同步辅助dns,辅助dns为172.25.254.236
};
在辅助dns上即236上
systemctl stop firewalld
vim /etc/syscofig/selinux #设置selinux为disabled
reboot #重启生效
yum install -u bind
vim /etc/named.conf
11 listen-on port 53 { any; };
17 allow-query { any; };
[root@localhost ~]# vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type slave;
27 file "slaves/westos.com.inter";
28 allow-update { none; };
29 masters {172.25.254.163;};
30 };
[root@localhost ~]# cd /var/named/slaves/
[root@localhost slaves]# ls
[root@localhost slaves]# systemctl restart named
[root@localhost slaves]# ls
westos.com.inter
在另一台主机
测试主dns
[root@foundation63 ~]# vim /etc/resolv.conf
添加nameserver 172.25.254.163
[root@foundation63 ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36364
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.163 显示为主dns
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 1.1.1.1
;; Query time: 15 msec
;; SERVER: 172.25.254.163#53(172.25.254.163)
;; WHEN: Wed May 23 16:49:44 CST 2018
;; MSG SIZE rcvd: 93
将nameserver改为辅助dnsip再次测试
dns远程更新
[root@dns-server named]# vim /etc/named.rfc1912.zones.inter
13 zone "westos.com" IN {
14 type master;
15 file "westos.com.inter";
16 allow-update { 172.25.254.236; };
17 also-notify{172.25.254.236;};
18 };
[root@dns-server named]# chmod g+w /var/named/
[root@dns-server named]# ls -ld /var/named/
drwxrwx--- 5 root named 4096 May 23 04:58 /var/named/
[root@dns-server named]# systemctl restart named
在236上
[root@localhost slaves]# nsupdate
> server 172.25.254.163
> update add root.westos.com 86400 A 1.1.1.22
> send
> quit
尝试dig显示添加成功
[root@localhost slaves]# dig root.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> root.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28975
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;root.westos.com. IN A
;; ANSWER SECTION:
root.westos.com. 86400 IN A 1.1.1.22
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 1.1.1.1
;; Query time: 1 msec
;; SERVER: 172.25.254.163#53(172.25.254.163)
;; WHEN: Wed May 23 05:43:41 EDT 2018
;; MSG SIZE rcvd: 94
[root@localhost named]# cd /mnt/
[root@localhost mnt]# ls
westos.com.zone
[root@localhost mnt]# vim /etc/rndc.key
[root@localhost mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+18145
[root@localhost mnt]# ls
Kwestos.+157+18145.key Kwestos.+157+18145.private westos.com.zone
[root@localhost mnt]# cat Kwestos.+157+18145.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: EZInOecEDITzAD/WGYnIjw==
Bits: AAA=
Created: 20180520063535
Publish: 20180520063535
Activate: 20180520063535
[root@localhost mnt]# cat Kwestos.+157+18145.key
westos. IN KEY 512 3 157 EZInOecEDITzAD/WGYnIjw==
[root@localhost mnt]# cp /etc/rndc.key /etc/westos.key -p
[root@localhost mnt]# vim /etc/westos.key
[root@localhost mnt]# vim /etc/named.conf
[root@localhost mnt]# vim /etc/named.rfc1912.zones
[root@localhost mnt]# systemctl restart named
[root@localhost mnt]# ls
Kwestos.+157+18145.key Kwestos.+157+18145.private westos.com.zone
[root@localhost mnt]# scp Kwestos.+157+18145.* root@172.25.254.236:/mnt/
The authenticity of host '172.25.254.236 (172.25.254.236)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.236' (ECDSA) to the list of known hosts.
root@172.25.254.236's password:
Kwestos.+157+18145.key 100% 50 0.1KB/s 00:00
Kwestos.+157+18145.private 100% 165 0.2KB/s 00:00
[root@localhost mnt]# cat westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. hehe.westos.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.100
hello A 172.25.254.101
www CNAME node1.westos.com.
node1 A 172.25.254.112
node1 A 172.25.254.211
有钥匙主机
[root@node2 slaves]# cd /mnt/
[root@node2 mnt]# ls
Kwestos.+157+18145.key Kwestos.+157+18145.private
[root@node2 mnt]# nsupdate -k Kwestos.+157+18145.private
> server 172.25.254.136
> update add hello.westos.com 86400 A 172.25.254.101
> send
> quit
无钥匙主机
[kiosk@foundation36 Desktop]$ nsupdate
> server 172.25.254.136
> update add hello.westos.com 86400 A 172.25.254.101
> send
update failed: REFUSED
>
智能解析
动态域名解析
虚拟机更改名称为linux.westos.com
并配置dhcp
[root@localhost mnt]# cd /var/named
[root@localhost named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter westos.com.zone.jnl
named.ca named.loopback westos.com.ptr
[root@localhost named]# cd /mnt/
[root@localhost mnt]# ls
Kwestos.+157+18145.key Kwestos.+157+18145.private westos.com.zone
[root@localhost mnt]# cd /var/named
[root@localhost named]# rm -rf westos.com.zone*
[root@localhost named]# ls
data named.ca named.localhost slaves westos.com.ptr
dynamic named.empty named.loopback westos.com.inter
[root@localhost named]# cp -p /mnt/westos.com.zone .
[root@localhost named]# ls
data named.ca named.localhost slaves westos.com.ptr
dynamic named.empty named.loopback westos.com.inter westos.com.zone
[root@localhost named]# systemctl restart named
在localhost 安装dhcp
[root@localhost mnt]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
配置dhcp
[root@localhost named]# vim /etc/dhcp/dhcpd.conf
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.136;
14 ddns-update-style interim;
28 # This is a very basic subnet declaration.
29
30 subnet 172.25.254.0 netmask 255.255.255.0 {
31 range 172.25.254.60 172.25.254.70;
32 option routers 172.25.254.136;
33 }
34 key westos {
35 algorithm hmac-md5;
36 secret EZInOecEDITzAD/WGYnIjw==;
37 };
38 zone westos.com. {
39 primary 127.0.0.1;
40 key westos;
41 }
~
[root@localhost dhcp]# cd /mnt/
[root@localhost mnt]# ls
Kwestos.+157+18145.key Kwestos.+157+18145.private westos.com.zone
[root@localhost mnt]# cat Kwestos.+157+18145.key
westos. IN KEY 512 3 157 EZInOecEDITzAD/WGYnIjw==
[root@localhost mnt]# cat Kwestos.+157+18145.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: EZInOecEDITzAD/WGYnIjw==
Bits: AAA=
Created: 20180520063535
Publish: 20180520063535
Activate: 20180520063535
重启dhcp服务
[root@localhost dhcp]# systemctl restart dhcpd
更改ip再次尝试
“`