1 高速缓存dns
(1)dns的安装部署
yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewall
(2)修改配置文件
主配置文件:/etc/named.conf
vim /etc/named.conf
11 listen-on port 53 { any; };
17 allow-query { any; }; ##允许所有人访问##
18 forwarders { 114.114.114.114; }; ##如果dns解析不到信息,则访问114.114.114.114来获取解析信息##
32 dnssec-validation no; ##不进行有效性检测##
测试:打开另一台虚拟机,在解析文件中添加解析地址
vim /etc/resolv.conf
nameserver 172.25.20.120
dig www.baidu.com
2 授权DNS的正向解析
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
};
cd /var/named
cp -p named.localhost westos.com.zone
vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.20.120
www A 172.25.20.120
systemctl restart named
测试:在解析文件中添加解析地址
vim /etc/resolv.conf
nameserver 172.25.20.120
dig www.westos.com
3 授权DNS的反向解析
vim /etc/named.rfc1912.zones
zone “20.25.172.in-addr.arpa” IN {
type master;
file “172.25.20.ptr”;
allow-update { none; };
};
cd /var/named
cp -p named.loopback 172.25.20.ptr
vim 172.25.20.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.20.120
111 PTR www.westos.com.
systemctl restart named
测试: 在解析文件中添加解析地址
vim /etc/resolv.conf
nameserver 172.25.20.120
dig -x 172.25.20.120
4 DNS的多项解析
给当前虚拟机再加一个地址1.1.1.120
cd /var/named/
cp -p westos.org.zone westos.com.local.zone
vim westos.com.local.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 1.1.1.120
www CNAME bbs.westos.com.
bbs A 1.1.1.111
bbs A 1.1.1.222
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.local.zones
zone “westos.com” IN {
type master;
file “westos.com.local.zone”;
allow-update { none; };
};
vim /etc/named.conf
##注释原来写的内容##
view localnet {
match-clients { 1.1.1.0/24; };
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.local.zones”;
};
view anyclient {
match-clients { any; };
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.zones”;
};
include “/etc/named.root.key”;
systemctl restart named
测试:在当前主机中 vim /etc/resolv.conf
nameserver 172.25.20.120
然后dig www.westos.com
在server中 vim /etc/resolv.conf
nameserver 1.1.1.120
然后dig www.westos.com
5 DNS的集群
在主DNS中
vim /etc/named.rfc1912.zones (先注释掉之前实验的参数,将原来被注释的参数去掉注释)
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
also-notify {172.25.20.220; };
};
cd /var/named
vim westos.com.zone (修改以下参数)
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
2019112903 ; serial 每修改一次内容,这个数字必须增加,否则辅助DNS不会同步主DNS的数据
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.20.120
www A 172.25.20.121
测试:在另外一台虚拟机中,修改网络为172段的,然后配置好yum仓库 安装好DNS
修改DNS中主配置文件的参数
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;
systemctl start named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type slave;
masters{ 172.25.254.120; };
file “slaves/westos.com.zone”;
allow-update { none; };
};
vim /etc/resolv.conf
nameserver 172.25.20.220
更改主DNS
cd /var/named
vim westos.com.zone中的内容
在辅助DNS的虚拟机中 dig www.westos.com 看是否和主DNS同步
DNS的更新(需要将主DNS这台服务器的selinux状态更改为不是Enforcing模式)
6 DNS的更新
##基于IP的更新## (先备份好,之前编写的/var/named/westos.com.zone 可以备份到/mnt/下)
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { 172.25.20.220; };
also-notify {172.25.20.220; };
};
chmod 770 /var/named/
systemctl restart named
测试:
在测试虚拟机上:
nsupdate
然后后在权威DNS上重启DNS,将/etc/resolv.conf中更改nameserver 172.25.20.120
然后输入 dig hello.westos.com 观察有没有更新的内容
vim /var/named/westos.com.zone 观察里面的内容是否有更新的内容产生
##基于key的更新##
做此实验要确定selinux状态不能为Enforce
生成一个密钥
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
复制一个密钥的配置文件模板
cp -p /etc/rndc.key /etc/westos.key
cat Kwestos.+157+09837.key
修改密钥的配置文件
vim /etc/westos.key
key “westos” ##文件名称##
secret “6H0GPnAYsTPF81GoeyB+Cw==”; ##这个根据cat Kwestos.+157+09837.key中获得的信息填写##
修改主配置文件
vim /etc/named.conf
include “/etc/westos.key”;
修改子配置文件
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { key westos; }; ##将更新方式更改为密钥,以及名称##
also-notify {172.25.254.220; };
};
将密钥发送给将更新DNS的服务器
scp Kwestos.+157+09837.* root@172.25.254.220:/mnt/
重启服务 systemctl restart named
测试:在测试虚拟机中:
nsupdate -k Kwestos.+157+09837.private
然后后在权威DNS上重启DNS,然后输入 dig hello.westos.com 观察有没有更新的内容
vim /var/named/westos.com.zone 观察里面的内容是否有更新的内容产生