7.24(dns逆向解析，主从服务，多域名访问（穿插ntp服务器))

最新推荐文章于 2024-07-24 19:29:12 发布

柯南暴打怪兽

最新推荐文章于 2024-07-24 19:29:12 发布

阅读量589

点赞数 21

文章标签： centos 运维 linux

本文链接：https://blog.csdn.net/m0_71589190/article/details/140670582

版权

一、回顾

域名解析：

正向解析：将域名解析为ip

反向解析：将ip解析为域名

设置解析方式都是在zone文件中设置的

named.conf 解决权限

named.rfc1912.zone 解决解析方式

关闭动态IP

systemctl stop NetworkManager
systemctl disable NetworkManager

二、逆向解析

yum -y install bind-utils.x86_64
yum search nslookup

nslookup www.hamugua.com #域名返回ip

配置反向解析
DNS服务器：

vim /etc/named.rfc1912.zones

:set number

:30,36 co 49

zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-update { none; };
};

cd /var/named

cp -p named.loopback 192.168.1.zone
ls
named.loopback

vim 192.168.1.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.
11 PTR www.hamigua.com
systemctl restart named #重启服务

named-checkconf /etc/named.rfc1912.zones

named-checkzone 192.168.1.zone 192.168.1.zone

client客户端：

每次重启后dns数据都会被/etc/sysconfig/network-scripts/ifcfg-ens33中的dns1和dns2所覆盖

[root@client ~]# echo "nameserver 192.168.1.22" > /etc/resolv.conf
[root@client ~]# cat /etc/resolv.conf
nameserver 192.168.1.22
[root@client ~]# nslookup 192.168.1.11
11.1.168.192.in-addr.arpa name = www.hamigua.com.1.168.192.in-addr.arpa.

[root@client ~]# nslookup www.hamigua.com
Server: 192.168.1.22
Address: 192.168.1.22#53

Name: www.hamigua.com
Address: 192.168.1.11

三、多域名解析
DNS-server配置：

vim /etc/named.rfc1912.zones #最后一行加

zone "apples.com" IN {
type master;
file "apples.com.zone";
allow-update { none; };
};
zone "xigua.com" IN {
type master;
file "xigua.com.zone";
allow-update { none; };
};

named-checkconf /etc/named.rfc1912.zones
cd /var/named
cp -p named.localhost xigua.com.zone
cp -p named.localhost apples.com.zone
vim apples.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www A 192.168.1.11
vim xigua.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www A 192.168.1.11
systemctl restart named

client主机测试：

echo "nameserver 192.168.1.22" > /etc/resolv.conf
nslookup www.apples.com
Server: 192.168.1.22
Address: 192.168.1.22#53

Name: www.apples.com
Address: 192.168.1.11

nslookup www.xigua.com
Server: 192.168.1.22
Address: 192.168.1.22#53

Name: www.xigua.com
Address: 192.168.1.11

四、NTP时间服务器搭建
client主机：

yum search ntpdate

systemctl restart network #重启网络服务，确保dns为114.114.114.114或者8.8.8.8

yum -y install ntpdate.x86_64

ntpdate cn.ntp.org.cn

date

新建一台主机——NTP-server：

要求集群服务器主机的时间同步

只放一台主机做内网

yum -y install ntp

vim /etc/ntp.conf

15 restrict 192.168.1.0 msak 255.255.255.0

ntpdate cn.ntp.org.cn
24 Jul 15:06:18 ntpdate[1231]: adjust time server 14.29.218.92 offset 0.131286 sec
systemctl start ntpd #启动ntpd服务
which ntpdate
/usr/sbin/ntpdate
crontab -e

* 4 * * * /usr/sbin/ntpdate cn.ntp.org.cn

client客户端测试：

ntpdate 192.168.1.44 #同步时间

date -s "2007-7-30 12:34:56" #修改时间

五、DNS主从配置
1、DNS主从架构服务的要求
（1）master 和 slave 的系统时间保持一致
（2）slave 服务器上安装相应的软件（系统版本，软件版本）保持一致
（3）根据需求修改相应的配置文件 master 和 slave 都应修改
（4）主从同步的核心是 slave 同步 master 上的区域文件
2、DNS主从服务器配置
主服务器 DNS-server 192.168.1.22
从服务器 slave 192.168.1.55
slave从服务器配置：

yum -y install ntpdate

ntpdate 192.168.1.44 #和NTP服务器同步时间

（DNS-server（主服务器）进行一样的操作）

安装bind，因为slave服务器需要在主服务器下线的时候工作

yum -y install bind #安装bind

vim /etc/named.conf

options {
listen-on port 53 { 127.0.0.1;any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost;any; };
named-checkconf /etc/named.conf

zones修改

vim /etc/named.rfc1912.zones

：set number

：12，18 co 42

44 zone "hamigua.com" IN {
45 type slave;
46 file "slaves/www.hamigua.com.zone";
47 masters { 192.168.1.22; };
48 };
named-checkconf /etc/named.rfc1912.zones
systemctl start named

ls -l /var/named/slaves/

DNS-server主服务器配置：

设置允许从服务器同步文件

vim /etc/named.conf

options {
listen-on port 53 { 127.0.0.1;any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-transfer {192.168.1.55;}; #添加
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost;any; };

named-checkconf /etc/named.conf #检查是否出错

systemctl restart named

client主机测试：

echo "nameserver 192.168.1.55" > /etc/resolv.conf
nslookup www.hamigua.com
Server: 192.168.1.22
Address: 192.168.1.22#53

Name: www.hamigua.com
Address: 192.168.1.11