###DNS###

#1.安装部署dns
yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewalld
systemctl disable firewalld

#主配置文件
vim /etc/named.conf
#子配置文件
/etc/named.rfc1912.zones";
#数据目录
/var/named

#2.高速缓存dns
vim /etc/named.conf

13         listen-on port 53 { any; };		##虚拟机打开端口为所有	
19         allow-query     { any; };		##允许任何用户
20         forwarders{ 114.114.114.114； }；	##地址解析
34         dnssec-validation no;		##不发送给网警机构检测

systemctl restart named

#测试
在客户端主机
vim /etc/resolv.conf
nameserver 172.25.254.238

dig www.baidu.com

#3.权威dns的正向解析

vim /etc/named.rfc1912.zones

zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { none; };
};

cd /var/named
cp -p named.localhost westos.com.zone
vim westos.come.zone

$TTL 1D
@       IN SOA  dns.westos.com. overman.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
          NS        dns.westos.com.
dns       A         172.25.254.238
www	      A         172.25.254.111
jsw	      A         172.25.254.222

systemctl restart named

#测试
在测试主机中
vim /etc/resolv.conf
nameserver 172.25.254.238

dig www.westos.com
dig jsw.westos.com


#4.反向解析
vim /etc/named.rfc1912.zones

zone "254.25.172.in-addr.arpa" IN {
        type master;
        file "westos.com.ptr";
        allow-update { none; };
};

cd /var/name
cp -p named.loopback westos.com.ptr
vim westos.com.ptr

$TTL 1D
@       IN SOA dns.westos.com. overman.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.238
111     PTR     www.westos.com.
222     PTR     jsw.westos.com.

systemctl restart named

#测试
在测试主机中
vim /etc/resolv.conf
nameserver 172.25.254.238

dig -x 172.25.254.111/222

#5.dns双向解析
vim /etc/named.conf

 59 view    localnet {
 60                 match-clients { localhost; };
 61                 zone "." IN {
 62                 type hint;
 63                 file "named.ca";
 64                 };
 65 include "/etc/named.rfc1912.zones";
 66 };
 67 view    internet {
 68                 match-clients { any; };
 69                 zone "." IN {
 70                 type hint;
 71                 file "named.ca";
 72                 };
 73 include "/etc/named.rfc1912.inters";
 74 };

#注意要"."前边的zone注释掉

cp -p named.rfc1912.zones named.rfc1912.inters
vim named.rfc1912.inters

25 zone "westos.com" IN {
26         type master;
27         file "westos.com.inter";
28         allow-update { none; };
29 };

cd /var/named/
cp -p westos.com.zone westos.com.inter
vim westos.com.inter

 $TTL 1D
 @       IN SOA  dns.westos.com. overman.westos.com. (
                                          0       ; serial
                                          1D      ; refresh
                                          1H      ; retry
                                          1W      ; expire
                                          3H )    ; minimum
          NS      dns.westos.com.
 dns     A       192.25.254.238
 www     A       192.25.254.111
 jsw     A       192.25.254.222

#测试
本机：dig www.westos.com
显示为172

其他机器：dig www.westos.com
显示为192

#6.辅助dns
主机dns设定
vim /etc/named.rfc1912.zones

zone "westos.com" IN {
         type master;
         file "westos.com";
         allow-update { none; };
         also-notify { 172.25.254.70; };
};

systemctl restart named
#注意每次改A记录文件后必须更改serial的数值，这个数值最大10位

辅助dns上
yum install bind -y
systemctl restart named
systemctl stop firewalld
vim /etc/named.conf
l

isten-on port 53 { any; };
allow-query     { any; };

vim /etc/name.rfc1912.zones

zone "westos.com" IN {
          type slave;
	  master { 172.25.254.238; };
          file "slaves/westos.com";
          allow-update { none; };
};

systemctl restart named

#测试
vim /etc/resolv.conf
nameserver 172.25.254.70

在主机端：
vim westos.com.zone
systemctl restart named
dig www.westos.com

在客户端：
ystemctl restart named
dig www.westos.com

当主机端更改vim westos.com.zone中的内容时客户端自动同步


#7.dns的远程更新
##基于ip
vim /etc/named.rfc1912.zones

zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { 172.25.254.70; };
        also-notify { 172.25.254.70; };
};

#若selinux为开启则需要开启域的写的权力
#setsebool -P named_write_master_zones on

chmod 770 /var/name

systemctl restart named

#测试
在138这台主机上
nsupdate

> server 172.25.254.238
> update add hello.westos.com 86400 A 172.25.254.222
> send

在主机上重启服务立刻被更新

nsupdate

> server 172.25.254.238
> update delete hello.westos.com 86400 A 172.25.254.222
> send

在主机上重启服务立刻删除更新

##基于key
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
cp /etc/rndc.key /etc/westos.key -p
vim /etc/westos.key

key "westos" {
        algorithm hmac-md5;
        secret "d1MpFBRu80GZUdcHg1PV6g==";

vim /etc/named.conf

42  include "/etc/westos.key";

vim /etc/named.rfc1912.zones

zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { key westos; };
        also-notify { 172.25.254.70; };
};

systemctl restart named

#测试
在138主机上
scp root@172.25.254.238:/var/named/Kwestos.+157+30540.* /mnt/
nsupdate -k Kwestos.+157+30540.key

> server 172.25.254.238
> update add hello.westos.com 86400 A 172.25.254.111
> send
> quit

在主机上重启服务立刻被更新