######dns######
1.安装部署DNS
yum insatll bind.x86_64 -y
systemctl start named (敲键盘)
sytemctl enable named
systemctl stop firewalld
systemctl disable firewalld
主配置文件: /etc/named.conf
子配置文件: /etc/named.rfc1912.zones
数据目录: /var/named
vim /etc/named.conf
options {
11 listen-on port 53 { any; }; 53端口允许任何人访问这个dns(原本端口是只在内部开启) ss -anutple | grep named
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt" ;
17 allow-query { any; }; 查询当前dns的客户群体
18 forwarders {172.25.254.250;}; 若本机不知道,去向250主机寻找
systemctl restart named
在客户主机
vim /etc/resolv.conf
nameserver 172.25.254.150
dig www.baidu.com
#3.权威dns的正象解析
vim /etc/named.rfc1912.zones
42 zone "westos.com" IN {
43 type master;
44 file "westos.com.zone";
45 allow-update { none; };
46 };
cd /var/named
cp -p named.localhost westos.com.zone
vim westos.com.zone
1 $TTL 1D #一天
2 @ IN SOA dns.westos.com. root.westos.com. ( #@表示后面没有.的均表示为westos.com 即若写为root.westos.com=westos.com
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.126
10 www A 172.25.254.111
dig www.westos.com
#4.反向解析
vim /etc/named.rfc1912.zones
49 zone "254.25.172.in-addr.arpa" IN {
50 type master;
51 file "westos.com.ptr";
52 allow-update { none; };
53 };
cd /var/namedcp -p named.localhost westos.com.ptr
vim westos.com.ptr
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.126
10 126 PTR www.westos.com.
dig -x 172.25.254.150
#5.双向解析
vim /etc/named.conf
48 view localnet {
49 match-clients { 172.25.254.150; }; #内网能连接的人是172.25.254.150
50 zone "." IN {
51 type hint;
52 file "named.ca";
53 };
54
55 include "/etc/named.rfc1912.zones"; #访问的是/etc/named.rfc1912.zones这个文件
56 include "/etc/named.root.key";
57 };
58 view any {
59 match-clients { any; }; #其他人都能访问
60 zone "." IN {
61 type hint;
62 file "named.ca";
63 };
65 include "/etc/named.rfc1912.zones.inter"; #访问的是/etc/named.rfc1912.zones.inter
66 include "/etc/named.root.key";
67 };
vim /etc/named.rfc1912.zones.inter
42 zone "westos.com" IN {
43 type master;
44 file "westos.com.inter";
45 allow-update { none; };
46 };
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 1.1.1.150
10 www A 1.1.1.161
测试:
172.25.254.151主机
dig www.westos.com
www.westos.com. 86400 IN A 172.25.254.161
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.150
172.25.254.50主机,即外网
dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN A 1.1.1.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 1.1.1.126
#6.辅助dns
主dns的设定
vim /etc/named.rfc1912.zones.inter
42 zone "westos.com" IN {
43 type master;
44 file "westos.com.inter";
45 allow-update { none; };
46 also-notify { 172.25.254.151; };
47 };
systemctl restart named
辅助dns
yum install bind -y
systemctl stop firewalls
systemctl start named
vim /etc/named.conf
options {
// #listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// #allow-query { localhost; }; ##注释掉这两行
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters { 172.25.254.150; };
file "slavec/westos.com.inter";
allow-update { none; };
};
systemctl restart named
####注意westos.com.inter里面的serial值最大为10位
若/var/named/slaves中没有改有的文件,则是selinux没有关闭
测试
vim /etc/resoly.conf
nameserver 172.25.254.150
dig www.westos.com
vim /etc/resoly.conf
nameserver 172.25.254.151
dig www.westos.com
#7.dns的远程更新
主dns机子:
vim /etc/named.rfc1912.zones.inter
42 zone "westos.com" IN {
43 type master;
44 file "westos.com.inter";
45 allow-update { 172.25.254.151; }; #允许151主机远程更新
46 also-notify { 172.25.254.151; };
47 };
#测试
在151主机上: (注意:此时的151主机不能是前面双向解析内网的ip)
[root@dns-slave ~]# nsupdate
> server 172.25.254.126
> update add bbs.westos.com 86400 A 1.1.1.111 #添加
> send
> quit
[root@dns-slave ~]# nsupdate
> server 172.25.254.126
> update delete bbs.westos.com #删除
> send
#基于key的更新
vim /etc/named.conf
systemctl restart named
vim /etc/rndc.key
cd /mnt/
cp -p /etc/rndc.key /etc/westos.key
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
dhasDFJAKwestos.+157+32278
cat Kwestos.+157+32278.key
westos. IN KEY 512 3 157 4+hrJmz578PBd2tTNtlpCA==
vim /etc/westos.key
cat /etc/westos.key
key "westos" {+
algorithm hmac-md5;
secret "4+hrJmz578PBd2tTNtlpCA==";
};
[root@localhost mnt]# vim /etc/named.conf
include "/etc/westos.key";
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { key westos; };
also-notify { 172.25.254.151; };
};
#测试
scp Kwestos.+157+32278* root@172.25.254.151:/mnt/
nsupdate -k Kwestos.+157+24252.private
# ddns
yun install dhcpd -y
systemctl start dhcpd
systemctl stop firewalld
systemctl disable firewalld
cd /var/named
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp:是否覆盖"/etc/dhcp/dhcpd.conf"? yes
vim /etc/dhcp/dhcpd.conf
7 option domain-name "westos.com"; #设置dns主域,一定要设置正确
8 option domain-name-servers 172.25.254.150;#DNS 服务器地址
13 # Use this to enble / disable dynamic dns updates globally.
14 ddns-update-style interim; #加密认证方式
21 # have to hack syslog.conf to complete the redirection).
22 log-facility local7;
#This is a very basic subnet declaration.
设置动态获取ip的网段和地址范围及路由
28 subnet 172.25.254.0 netmask 255.255.255.0 {
29 range 172.25.254.190 172.25.254.199;
30 option routers 172.25.254.150;
31 }
#设置认证信息
32 key "westos" {
33 algorithm hmac-md5;
34 secret"4+hrJmz578PBd2tTNtlpCA==";#将key更新时生成的钥匙复制过来
35 };
#配置与域进行认证的信息
36 zone westos.com. {
37 primary 127.0.0.1;
38 key westos;
39 }
chmod 777 /etc/named
chmod 777 /var/named
systemctl restart named
systemctl restart dhcp
测试:
hostnamectl set-name haha
nm-connection-editor
systemctl restart network
dig haha.westos.com