回环借口:自身内部的
1.DNS
1.1 设置服务端口
42 yum install bind -y ##安装DNS服务
43 systemctl start named ##开启服务(开启后需要不断的输入字符)
44 ll /dev/random
45 cat /dev/random
46 netstat -a(有效链接信息表)n(显示所有已建立的有效连接)t(TCP)u(UDP)lpe | grep named ##
[root@dns ~]# netstat -antulpe | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 87032 4589/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 87027 4589/named
tcp6 0 0 ::1:953 :::* LISTEN 25 87033 4589/named
tcp6 0 0 ::1:53 :::* LISTEN 25 87029 4589/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 25 87026 4589/named
udp6 0 0 ::1:53 :::* 25 87028 4589/named
47 vim /etc/named.conf
48 systemctl restart named
49 netstat -antulpe | grep named
50 systemctl start firewalld
51 firewall-cmd --list-all ##查看允许在防火墙开启时通过的服务
52 firewall-cmd --permanent --add-service=dns ##添加DNS服务
54 firewall-cmd --reload ##重新加载
55 firewall-cmd --list-all
客户端口设置:
vim /etc/resolv.conf
# Generated by NetworkManager
search ilt.example.com example.com
nameserver 172.25.254.124 ##服务端口IP
测试:
dig www.baidu.com
1.2 高速缓存
服务端:
[root@dns ~]# vim /etc/named.conf
....
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; ##允许任何人去使用这个借口
forwarders { 172.25.254.250; }; ##他不知道的,回去向这个IP去查询
....
[root@dns ~]# systemctl restart named
客户端查询:
选用另一台主机测试,将其nameserver改为服务端IP,再次查询同样的地址,其解析速度很快。正是由于服务端得到结果后缓存起来,所以再次有客户端查询速度就会特别块
1.3 自己创建一个不存在的域名解析地址(客户dig不出来的域名,自己在服务段添加)(正向解析)
服务端口设置:
62 vim /etc/named.conf ##查看该配置文件,可以编辑下面的文件可以创建自己的
63 vim /etc/named.rfc1912.zones
....
zone "westoslinux.com"(域名) IN {
type master(主配置文件);
file "westoslinux.com.zone";
allow-update { none; };
};
....
64 cd /var/named/
65 ls
66 cp -p named.localhost westoslinux.com.zone
67 ll
68 vim westoslinux.com.zone
$TTL 1D ##解答时效
@ IN SOA dns.westoslinux.com. root.westoslinux.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westoslinux.com. ##com后的.特别注意
dns A 172.25.254.124
www A 172.25.254.238 ##该ip可以随便写,与服务无关
69 systemctl restart named
客户端测试:未添加之前是查询不到了
设置完成后:
[root@foundation24 Desktop]# dig www.westoslinux.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westoslinux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6407
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westoslinux.com. IN A
;; ANSWER SECTION:
www.westoslinux.com. 86400 IN A 172.25.254.238 ##配置文件中添加的IP
;; AUTHORITY SECTION:
westoslinux.com. 86400 IN NS dns.westoslinux.com.
;; ADDITIONAL SECTION:
dns.westoslinux.com. 86400 IN A 172.25.254.124 ##DNS服务端IP
;; Query time: 1 msec
;; SERVER: 172.25.254.124#53(172.25.254.124)
;; WHEN: Sat Feb 25 10:37:52 CST 2017
;; MSG SIZE rcvd: 98
1.4 反向查找(dig -x 172.25.254.257)
服务端口设置:
82 vim /etc/named.rfc1912.zones
....
zone "254.25.172.in-addr.arpa" IN { ##网段为172.25.254
type master;
file "qinyuhuo.com.ptr"; ##域名
allow-update { none; };
};
....
83 cd /var/named/
84 ls
85 cp -p named.loopback qinyuhuo.com.ptr
86 vim qinyuhuo.com.ptr
$TTL 1D
@ IN SOA dns.qinyuhuo.com. root.qinyuhuo.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.qinyuhuo.com.
dns A 172.25.254.124
257 PTR www.qintuhuo.com.
258 PTR www.qinyuruo.com.
87 systemctl restart named
客户端:
dig -x 172.25.254.257
#########################################
1.5 DNS轮寻与转换域名与邮件解析
服务端:
93 vim westoslinux.com.zone
$TTL 1D
@ IN SOA dns.westoslinux.com. root.westoslinux.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westoslinux.com.
dns A 172.25.254.124
www CNAME www.wula.westoslinux.com. ##域名转换
www.wula A 172.25.254.211 ##域名1
www.wula A 172.25.254.212 ##域名2
westoslinux.com.(邮箱) MX 1 172.25.254.124. ##邮件接受方IP
~
94 systemctl restart named
客户端:
邮件发送:
[root@foundation24 Desktop]# mail root@westoslinux.com
Subject: sda
safdsf
sfdsf
sfsfd
.
EOT
[root@foundation24 Desktop]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
B9B13601EF649 486 Sat Feb 25 11:41:44 root@foundation24.ilt.example.com
(connect to 172.25.254.124[172.25.254.124]:25: Connection refused)
root@westoslinux.com
-- 0 Kbytes in 1 Request.
###################
1.6 DNS集群
主服务端配置:
vim /etc/named.rfc1912.zones
....
zone "westoslinux.com" IN {
type master;
file "westoslinux.com.zone";
allow-update { none; };
allow-transfer { 172.25.254.224; }; ##允许同步本机文件的ip
};
....
副服务端配置:
yum install bind -y
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
firewall-cmd --list-all
vim /etc/resolv.conf
systemctl start named ##这次开启服务不需要输入加密字符
vim /etc/named.conf
....
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
....
dnssec-enable yes;
dnssec-validation no; ##关闭外网连接
dnssec-lookaside auto;
....
vim /etc/named.rfc1912.zones
....
zone "westoslinux.com" IN {
type slave;
masters { 172.25.254.124; }; ##主服务IP
file "slaves/westoslinux.com.zone"; ##会将主服务文件下载到该位置
allow-update { none; };
};
....
测试端口:
vim /etc/resolv.conf
nameserver 172.25.254.224
1.7 同步主DNS服务器
主DNS服务端配置:
vim /etc/named.rfc1912.zones
....
zone "westoslinux.com" IN {
type master;
file "westoslinux.com.zone";
allow-update { none; };
allow-transfer { 172.25.254.224; };
also-notify { 172.25.254.224; };
};
....
vim /var/named/westoslinux.com.zone
$TTL 1D
@ IN SOA dns.westoslinux.com. root.westoslinux.com. (
2017022501 ; serial ##每次更改域名对应的IP时,都得更改这个数字
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westoslinux.com.
dns A 172.25.254.124
www CNAME www.wula.westoslinux.com.
www.wula A 172.25.254.11 ##域名对应IP
www.wula A 172.25.254.12
westoslinux.com. MX 1 172.25.254.124.
systemctl restart named
测试端口:
dig www.westoslinux.com
1.8 更新DNS
主服务端口配置:
vim /etc/named.rfc1912.zones
....
zone "westoslinux.com" IN {
type master;
file "westoslinux.com.zone";
allow-update { 172.25.254.224; }; ##允许该IP用户更新数据
allow-transfer { 172.25.254.224; };
also-notify { 172.25.254.224; };
};
....
chmod 770 /var/named/ ##更改该目录权限,使得可以写进入
setsebool -P named_write_master_zones 1 ##设置sexlinux
cp -p westoslinux.com.zone /mnt/ ##将该文件拷贝一份,留用
在实验后可把备份的还回来
副服务端口:
更改:
[root@dns2 named]# nsupdate
> server 172.25.254.124
> update add hello.westoslinux.com 86400 A 172.25.254.124
> send
> quit
删除之前更改:
[root@dns2 named]# nsupdate
> server 172.25.254.124
> update delete hello.westoslinux.com
> send
> quit
1.9 加密更新DNS(通过密钥加密,可以保证他人不会盗用IP更新)
主服务端配置
dnssec-keygen -a(密钥类型) HMAC-MD5 -b(密钥字长) 128 -n HOST jets(密钥的名字) ##生成密钥
cat Kjets.+157+30066.private
cp /etc/rndc.key /etc/jets.key -p ##将该文件拷贝创建一新的密钥文件
vim /etc/jets.key ##编辑密钥文件
key "jets" { ##密钥的名字
algorithm hmac-md5;
secret "XlkFe2QDBH8Q5Z+TGeDZJQ=="; ##密钥内容,将Kjets.+157+30066.private内的Key添加进去
};
vim /etc/named.conf
....
include "/etc/jets.key"; ##密钥文件位置(该语句切忌不可写的第一个大括号内)
....
vim /etc/named.rfc1912.zones
zone "westoslinux.com" IN {
type master;
file "westoslinux.com.zone";
allow-update { key jets; }; ##key+密钥名字
allow-transfer { 172.25.254.224; };
also-notify { 172.25.254.224; };
};
scp /mnt/Kjets.+157+30066.* root@172.25.254.224:/mnt/ ##将密钥发送给副DNS服务器(需将两个密码文件都发送过去)
systemctl restart named
副DNS服务器配置:
添加域名:
[root@dns2 mnt]# nsupdate -k Kjets.+157+30066.key
> server 172.25.254.124
> update add hello.westoslinux.com 86400 A 172.25.254.124
> send
> quit
删除域名:
[root@dns2 mnt]# nsupdate -k Kjets.+157+30066.key
> server 172.25.254.124
> update delete hello.westoslinux.com
> send
> quit
1.10 “花生壳”ddns
主服务端配置:
162 yum install dhcp -y
163 systemctl start dhcpd
167 cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example dhcpd.conf
168 vim dhcpd.conf
.....
option domain-name "jetslinux.com";
option domain-name-servers 172.25.254.25;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim; ##该功能必须开启
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.16 172.25.254.20;
option routers 172.25.254.254;
}
key jets {
algorithm hmac-md5;
secret 7ztmLz1TCEamq5b2N1kDag==;
};
zone jetslinux.com. {
primary 127.0.0.1;
key jets;
}
.....
171 systemctl restart dhcpd.service
176 rm -fr jetslinux.com.zone
177 cp -p /mnt/jetslinux.com.zone .
测试端:
hostnamectl set-hostname wula.jetslinux.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
......
BOOTPROTO=dhcp
......
systemctl restart network
dig wula.jetslinux.com