企业dns服务器搭建(多种解析方式的设置:正向,反向,双向....)

1.dns 服务器部署

1.关于 dns 的名词解释
dns:
domain name service(域名解析服务) #关于客户端:#

域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。DNS使用TCP和UDP端口53。当前,对于每一级域名长度的限制是63个字符,域名总长度则不能超过253个字符。

/etc/resolv.conf ##dns 指向文件
nameserver 172.25.254.20

测试

host www.westos.com地址解析命令
dig www.baidu.com地址详细解析信息命令
A 记录ip 地址叫做域名的 Address 记录
SOA授权起始主机
dns 顶级. 13
次级.com .net .edu .org … baidu.com

关于服务端

blind安装包
named服务名称
/etc/nmaed.conf主配置目录
/var/named数据目录
53端口

关于报错信息

1.no servers could be reached服务无法访问(服务开启?火墙?网络?(配置网关时=一个能上网的ip)端口?)
2服务启动失败.配置文件写错1. journalctl -xe 查询错误2.清空日志,重新启动,查看日志
3. dig 查询状态NOERROR :表示查询成功;REFUSED :服务拒绝访问;SERVFAIL :查询记录失败,(dns 服务器无法到达上级,拒绝缓存);NXDOMAIN :此域名 A 记录在 dns 中不存在

2.dns 服务的安装与启用

客户主机ip:172.25.254.17

#安装# dnf search bind   
[root@localhost Desktop]# dnf install bind.x86_64 -y      
#启用#
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
编辑主配置文件
vim /etc/named.conf
11 listen-on port 53 { any; };              ##在本地所有网络接口上开启 53 端口    
19 allow-query { any; };                      ##允许查询 A 记录的客户端列表
34 dnssec-validation no;                 ##禁用 dns 检测使 dns 能够缓存外部信息到本纪
systemctl restart named

客户端测试

客户端   虚拟机,上网,直接把网关改为老师的ip 172.25.254.250
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0 
TYPE=Ethernet
BOOTPROTO=none
PREFIX=24
NAME=enp1s0
IPADDR=172.25.254.177
GATEWAY=172.25.254.250
DNS1=114.114.114.114
DEVICE=enp1s0
ONBOOT=yes
[root@localhost ~]# vim /etc/resolv.conf
[root@localhost ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
me/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' '/home/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' 
nameserver 172.25.254.17                          ######          服务端主机的ip
[root@localhost ~]# 

[root@localhost ~]# dig www.baidu.com         ######   有解析

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2518
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7c3cba0da4e99359c026cedf5f2d095d3cfb50466cec85b2 (good)
;; QUESTION SECTION:
;www.baidu.com.			IN	A

;; ANSWER SECTION:
www.baidu.com.		741	IN	CNAME	www.a.shifen.com.
www.a.shifen.com.	36	IN	A	14.215.177.39
www.a.shifen.com.	36	IN	A	14.215.177.38

;; AUTHORITY SECTION:
.			241	IN	NS	e.root-servers.net.
.			241	IN	NS	g.root-servers.net.
.			241	IN	NS	c.root-servers.net.
.			241	IN	NS	m.root-servers.net.
.			241	IN	NS	j.root-servers.net.
.			241	IN	NS	d.root-servers.net.
.			241	IN	NS	k.root-servers.net.
.			241	IN	NS	i.root-servers.net.
.			241	IN	NS	a.root-servers.net.
.			241	IN	NS	b.root-servers.net.
.			241	IN	NS	l.root-servers.net.
.			241	IN	NS	f.root-servers.net.
.			241	IN	NS	h.root-servers.net.

;; Query time: 202 msec                        ###第一次解析时间长
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Fri Aug 07 15:57:16 CST 2020
;; MSG SIZE  rcvd: 340

[root@localhost ~]# dig www.baidu.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9865
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 64ff136ed8f882fe818d26ad5f2d095f8c3d76f3c03600ed (good)
;; QUESTION SECTION:
;www.baidu.com.			IN	A

;; ANSWER SECTION:
www.baidu.com.		739	IN	CNAME	www.a.shifen.com.
www.a.shifen.com.	34	IN	A	14.215.177.38
www.a.shifen.com.	34	IN	A	14.215.177.39

;; AUTHORITY SECTION:
.			239	IN	NS	i.root-servers.net.
.			239	IN	NS	b.root-servers.net.
.			239	IN	NS	h.root-servers.net.
.			239	IN	NS	a.root-servers.net.
.			239	IN	NS	m.root-servers.net.
.			239	IN	NS	g.root-servers.net.
.			239	IN	NS	f.root-servers.net.
.			239	IN	NS	l.root-servers.net.
.			239	IN	NS	d.root-dservers.net.
.			239	IN	NS	j.root-servers.net.
.			239	IN	NS	k.root-servers.net.
.			239	IN	NS	e.root-servers.net.
.			239	IN	NS	c.root-servers.net.

;; Query time: 0 msec     #### 第二次时间快,因为第一次已经完成解析,有缓存数据
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Fri Aug 07 15:57:19 CST 2020
;; MSG SIZE  rcvd: 340

3.高速缓存 dns

20 forwarders { 114.114.114.114; };

4.dns 的正向解析 (域名-?ip)

域名解析
根域名服务器知道所有顶级域名的域名服务器,对应于每个顶级域名,它都有两条资源记录:一条是NS资源记录,域名字段是该顶级域名,值字段是该顶级域名解析的域名服务器的域名;另一条是A资源记录,用来指明该域名服务器的域名对应的IP地址。综合使用这两条记录,就可以知道对该域下的某个域名解析,应该继续去哪个IP地址的域名服务器寻找。第二层的域名服务器类似地存放各个第三层域名服务器的指针。第三层的域名服务器会出现A、CNAME、MX等类型的资源记录。每个域名服务器都有根域名服务器的地址记录。
最后,一个需要域名解析的用户先将该解析请求发往本地的域名服务器。如果本地的域名服务器能够解析,则直接得到结果,否则本地的域名服务器将向根域名服务器发送请求。依据根域名服务器返回的指针再查询下一层的域名服务器,依此类推,最后得到所要解析域名的IP地址。(来自百度百科)

dns A 192.168.0.20
www CNAME westos.a.westos.com. ##规范域名
westos.a A 192.168.0.111 ##正向解析记录
westos.a A 192.168.0.112
westos.com. MX 1 192.168.0.20. ##邮件解析记录
systemctl restart named
dig www.westos.com #查询正向解析
dig -t mx westos.com #邮件解析记录查询
dns的正向解析
注释掉上个实验中  服务端  172.25.254.17
[root@localhost Desktop]# vim /etc/named.conf
20         forwarders {114.114.114.114;};    注释

[root@localhost Desktop]# vim /etc/named.rfc1912.zones 
[root@localhost Desktop]# cat /etc/named.rfc1912.zones 
添加以下内容
zone "westos.com" IN {                        ##维护的域名 
        type master;                                ##当前服务器主dns
        file "westos.com.zone";               ##域名A记录文件
        allow-update { none; };               ##允许更新主机列表
};

[root@localhost Desktop]# cd /var/named
[root@localhost named]# cp named.localhost westos.com.zone -p     ##   复制文件注意权限    
[root@localhost named]# vim /var/named/westos.com.zone
[root@localhost Desktop]# cat /var/named/westos.com.zone    ip对应域名A记录文件,
$TTL 1D
@	IN SOA	dns.westos.com. root.westos.com. (
					0	; serial                     ##域名版本序列号
					1D	; refresh               ##刷新时间(辅助dns)
					1H	; retry                    ##重试时间(辅助dns)
					1W	; expire                  ##过期时间(辅助dns,查询失败,过期停止对辅助域名的应答)
					3H )	; minimum
	        NS	       dns.westos.com   
dns	        A	       172.25.254.17   ##正向解析记录 
www        A	       172.25.254.111
bbs           CNAME   bss.a.westos.com.
bss.a           A       172.25.254.111
bss.a           A       172.25.254.222
westos.com.     MX 1     127.0.0.1.

##############################(文件中不带点,自动补齐westos.com)

客户端检测

[root@localhost ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
me/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' '/home/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' 
nameserver 172.25.254.17                 ####  服务端主机   ip  
[root@localhost ~]# dig www.westos.com   ##### 查询正向解析

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44868
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4431c5666adcd969d5d4403c5f2d162875bb49355fae5d4c (good)
;; QUESTION SECTION:
;www.westos.com.			IN	A

;; ANSWER SECTION:
www.westos.com.		3600	IN	A	103.224.182.230

;; AUTHORITY SECTION:
westos.com.		172799	IN	NS	421.ns1.above.com.
westos.com.		172799	IN	NS	421.ns2.above.com.

;; ADDITIONAL SECTION:
421.ns1.above.com.	172799	IN	A	103.224.182.5
421.ns1.above.com.	172799	IN	A	103.224.212.5
421.ns2.above.com.	172799	IN	A	103.224.212.6
421.ns2.above.com.	172799	IN	A	103.224.182.6

;; Query time: 1785 msec
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Fri Aug 07 16:51:51 CST 2020
;; MSG SIZE  rcvd: 201

邮件解析记录查询

[root@lzy Desktop]# dig -t mx westos.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8760
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 412253f8a76ef16ed1a44b335f2f99bce1b1373d33ba5c7f (good)
;; QUESTION SECTION:
;westos.com.			IN	MX

;; ANSWER SECTION:
westos.com.		86400	IN	MX	1 127.0.0.1.

;; AUTHORITY SECTION:
westos.com.		86400	IN	NS	dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.		86400	IN	A	172.25.254.17

;; Query time: 15 msec
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Sun Aug 09 02:37:47 EDT 2020
;; MSG SIZE  rcvd: 126

5.dns 的反向解析

域名反解
域名反解是指给出一个IP地址,找出其对应的域名,这也是利用DNS来实现的。举个例子,假设一个要反解的IP地址为202.120.225.9,系统将其改写为9.225.120.202. in-addr.arpa,然后按域名解析的方式查询。这需要在被查询主机的本地域名服务器上有一条对应于9.225.120.202.in-addr.arpa的资源记录,类型是PTR,值是其域名。(来自百度百科)

服务端
1.vim /etc/named.rfc1912.zones      ###添加如下内容
zone "254.25.172in-addr.arpa" IN {       ######主机的IP是172.25.254.17 在172.25.254网段
type master;
file "172.25.254ptr";
allow-update { none; };
};
2.cd /var/named/  
   cp -p named.loopback 172.25.254.ptr   ########配置指定的A记录文件进行解析
    #####进行复制的时候一定要加-p,权限影响
vim 172.25.254.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. ( 0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.0.20
11 PTR www.westos.com.
12 PTR bbs.westos.com.
13 PTR news.westos.com

systemctl restart named

测试:dig -x 172.25.254.17

[root@localhost ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
me/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' '/home/westos/Pictures/Screenshot from 2020-08-07 15-03-39.png' 
nameserver 172.25.254.17         ####设定为服务端的ip

在这里插入图片描述

6.dns 的双向解析

https://blog.csdn.net/ninimino/article/details/110878965

7.dns 集群

主dns,辅dns,主dns通过搭建named服务,辅dns通过配置named服务。与主dns同步解析信息,将主dns的解析信息传给自己。把自己当作一个解析客户端。

主 dns:ip:192.168.3.11

1.vim /etc/named.rfc1912.zone ------->
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
also-notify { 192.168.3.22; }; ##主动通知的辅助 dns 主机
};

2.vim /var/named/westos.com.zone

$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
        增量加----->           2; serial ##每次修改 A 记录文件需要
                                     1D ; refresh ##变更此参数的值
                                      1H ; retry
                                     1W ; expire
                                     3H ) ; minimum  
	     NS	  dns.westos.com.
dns   	 A	  192.168.3.11  
www	     A   192.168.3.16   ###正向解析记录

3.cat /etc/resolv.conf
nameserver 192.168.3.11

辅助dns:ip:172.25.254.117

1.dnf install bind -y ###安装named.service 服务
2.firewall-cmd --add-service=dns

3.vim /etc/named.conf ###跟之前的主dns的基本配置方式一致
listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;

4.vim /etc/named.rfc1912.zone 按照以下方式编辑文件
zone “westos.com” IN {
type slave; ##dns 状态位辅助 dns
masters { 192.168.3.11; }; ##主 dns
file “slaves/westos.com.zone”; ##同步数据文件
};
systemctl restart named

  1. cat /etc/resolv.conf
    nameserver 192.168.3.22 ##自己的ip,辅助的dns 主机ip
    辅助dns的dig www.westos.com时,解析到的ip与主dns的A记录中的内容一致,但主dns的A记录发生改变时,其解析到的IP依然不变,只有2020031402 ; serial ##每次修改 A 记录文件需要 修改时,才能通知到辅助dns,其解析到的ip才会随主dns的A记录改变而改变。

主dns

[root@localhost named]# cat /var/named/westos.com.zone 
$TTL 1D
@	IN SOA	 dns.westos.com. root.westos.com. (
					0; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	dns.westos.com.
dns   	A	192.168.3.11
www	    A   192.168.3.15

在这里插入图片描述辅dns
在这里插入图片描述当主dns的A记录文件中,只改IP时

[root@localhost named]# cat /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.3.11
www A 192.168.3.16
在这里插入图片描述辅助dns还是显示之前的缓存信息

在这里插入图片描述

只由serial之前的值发生改变时,才能同步更新改变解析信息
主dns的A记录文件

[root@localhost named]# cat /var/named/westos.com.zone 
$TTL 1D
@	IN SOA	 dns.westos.com. root.westos.com. (
					1; serial      ##值改变
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	dns.westos.com.
dns 	A	192.168.3.11
www	    A   192.168.3.16   ##ip改变

在这里插入hi1片描述

8.dns 的更新

dns 基于 ip 地址的更新:

在 dns 中设定:
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { 172.25.254.117; }; ##允许指定客户端更新 westos.com 域
also-notify { 172.25.254.117; };
};

测试:
在 172.25.254.117
[root@localhost~]# nsupdate

server 172.25.254.17
update add hello.westos.com 86400 A 172.25.254.17##新曾 A 记录
send
update delete hello.westos.com ##删除 A 记录
send

dns 基于 key 更新的方式

:(如果允许任何人随意更新,新增A记录,则存在风险,)

生成钥匙 真机中
虚拟机中

[root@localhost named]# dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westoskey ###生成密钥
Kwestoskey.+163+19726
[root@localhost named]# pwd
/var/named

[root@localhost named]# cp /etc/rndc.key /etc/westos.key -p
[root@localhost named]# cat Kwestoskey.+163+19726.key
westoskey. IN KEY 512 3 163 nxdgGTWcIZYSxrHlxv9lXA==

[root@localhost named]# vim /etc/westos.key
key “westoskey” {
algorithm hmac-sha256;
secret " nxdgGTWcIZYSxrHlxv9lXA==";
};

[root@localhost named]# vim /etc/named.conf
[root@localhost mnt]# cat /etc/named.conf
include “/etc/westos.key”; ##加上此行内容
[root@localhost named]# systemctl restart named

[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost mnt]# cat /etc/named.rfc1912.zones (需要修改的部分)
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { key westoskey; }; 允许有密钥客户端更新 westos 域
also-notify {172.25.254.117;};
};

[root@localhost named]# systemctl restart named ###重启服务
[root@localhost named]# cp /var/named/Kwestoskey.+163+19726.* /mnt -p 为了方便复制文件,放到/mnt/
[root@localhost named]# cd /mnt
[root@localhost mnt]# ls
Kwestoskey.+163+19726.key Kwestoskey.+163+19726.private
[root@localhost mnt]# scp /mnt/* root@172.25.254.117:/mnt 将密钥传输到客户端主机中。
The authenticity of host ‘172.25.254.117 (172.25.254.117)’ can’t be established.
ECDSA key fingerprint is SHA256:v7kSZzGx/kilKfJgwQGbxpRxl5KeVBJ0EFVQoC1CIao.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added ‘172.25.254.117’ (ECDSA) to the list of known hosts.
root@172.25.254.117’s password:
Kwestoskey.+163+19726.key 100% 53 93.4KB/s 00:00
Kwestoskey.+163+19726.private 100% 168 389.3KB/s 00:00

客户端

[root@localhost named]# cd /mnt
[root@localhost mnt]# ls
Kwestoskey.+163+19726.key Kwestoskey.+163+19726.private ###允许更新wetos域的钥匙
[root@localhost mnt]# ll
total 8
-rw------- 1 root root 53 Aug 8 04:20 Kwestoskey.+163+19726.key
-rw------- 1 root root 168 Aug 8 04:20 Kwestoskey.+163+19726.private

[root@localhost mnt]# nsupdate -k Kwestoskey.+163+19726.private ##用所得到的钥匙去更新A记录,没有钥匙的用户依然被拒绝。

> server 172.25.254.17
> update add hello.westos.com 86400 A 172.25.254.111
> send
> quit

结果;服务端主机中
[root@localhost mnt]# dig hello.westos.com 查看是否能解析,解析成功则证实密码破解,这条A记录发送成功

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60208
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 77c5297ff850995cece77db75f2e610e8537536712b88fa4 (good)
;; QUESTION SECTION:
;hello.westos.com.		IN	A

;; ANSWER SECTION:
hello.westos.com.	86400	IN	A	172.25.254.111

;; AUTHORITY SECTION:
westos.com.		86400	IN	NS	dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.		86400	IN	A	172.25.254.17

;; Query time: 0 msec
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Sat Aug 08 16:23:42 CST 2020
;; MSG SIZE  rcvd: 123
 

9.ddns(dhcp+dns)

https://editor.csdn.net/md/?articleId=110938363

动态域名解析(Dynamic DNS,简称DDNS)是把互联网域名指向可变IP地址的系统。DNS只是提供了域名和IP地址之间的静态对应关系,当IP地址发生变化时,DNS无法动态的更新域名和IP地址之间的对应关系,从而导致访问失败。但是DDNS系统是将用户的动态IP地址映射到一个固定的域名解析服务上,用户每次连接网络时,客户端程序通过信息传递把该主机的动态IP地址传送给位于服务商主机上的服务器程序,实现动态域名解析。DDNS用来动态更新DNS服务器上域名和IP地址之间的对应关系,从而保证通过域名访问到正确的IP地址。很多机构都提供了DDNS服务,在后台运行并且每隔数分钟来检查电脑的IP地址,如果IP发生变更,就会向DNS服务器发送更新IP地址的请求

客户端配置dhcpd服务,修改主配置文件

dnf instsall dhcp-server -y
[root@localhost Desktop]# cat /mnt/Kwestoskey.+163+19726.private 
Private-key-format: v1.3
Algorithm: 163 (HMAC_SHA256)
Key: nxdgGTWcIZYSxrHlxv9lXA==
Bits: AAA=
Created: 20200808080421
Publish: 20200808080421
Activate: 20200808080421
[root@localhost mnt]# cat /etc/dhcp/dhcpd.conf    如下方式配置dhcpd服务
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "westos.com";
option domain-name-servers 172.25.254.17;

default-lease-time 600;
max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
subnet 172.25.254.0  netmask 255.255.255.0{
  range 172.25.254.101 172.25.254.200;
  option routers 172.25.254.250;
 # next-server 172.25.254.17;
 # filename "pxelinux.0";
}

key westoskey{
    algorithm hmac-sha256;
    secret  nxdgGTWcIZYSxrHlxv9lXA==;       
};
zone westos.com. {
     primary 127.0.0.1;
     key westoskey;
}
################################A记录文件
[root@localhost named]# cat /var/named/westos.com.zone
$TTL 1D
@	IN SOA	dns.westos.com.  root.westos.com. (
					1	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
        	NS	dns.westos.com.
dns      	A	172.25.254.17
www             A       172.25.254.113
bbs           CNAME   bss.a.westos.com.
bss.a           A       172.25.254.111
bss.a           A       172.25.254.222
westos.com.     MX 1     127.0.0.1.
[root@localhost named]# vim /etc/named.rfc1912.zones       

zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { key westoskey; };   ############更新的时候需要密钥
       also-notify {172.25.254.117;};
};

dns 的 key 更新 测试: 1.设定测试主机网络工作方式为 dhcp 2.设定主机名称 test.westos.com 3.重启网络 4.dig test.westos.com 可以得到正确解析

虚拟机中
[root@news network-scripts]# cat ifcfg-enp1s0 
TYPE=Ethernet
BOOTPROTO=dhcp    ##动态获取IP的方式
IPADDR=172.25.254.117
PREFIX=24
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
测试ip的时候拔掉网线
[root@news network-scripts]# nmcli connection reload
[root@news network-scripts]# nmcli connection down enp1s0 
Connection 'enp1s0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@news network-scripts]# nmcli connection up enp1s0 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@news network-scripts]# ip addr show enp1s0 
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:d5:15:ce brd ff:ff:ff:ff:ff:ff
    inet 172.25.254.130/24 brd 172.25.254.255 scope global dynamic noprefixroute enp1s0
       valid_lft 523sec preferred_lft 523sec
    inet 172.25.254.117/24 brd 172.25.254.255 scope global secondary noprefixroute enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fed5:15ce/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@news network-scripts]# cat /etc/resolv.conf 
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.17    ####真机的ip  :服务端
hostname ---->news.westos.com
最终测试结果
[root@news network-scripts]# dig news.westos.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> news.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65483
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b8e8958e32d7ca3a1b0cfecc5f2e6d0dc7437b4c150cf022 (good)
;; QUESTION SECTION:
;news.westos.com.		IN	A

;; ANSWER SECTION:
news.westos.com.	300	IN	A	172.25.254.130

;; AUTHORITY SECTION:
westos.com.		86400	IN	NS	dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.		86400	IN	A	172.25.254.17

;; Query time: 0 msec
;; SERVER: 172.25.254.17#53(172.25.254.17)
;; WHEN: Sat Aug 08 05:14:52 EDT 2020
;; MSG SIZE  rcvd: 122
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值