一.安装部署DNS
DNS(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。
**主配置文件: /etc/named.conf
子配置文件: /etc/named.rfc1912.zones
数据目录: /var/named**
yum install bind.x86_64 -y ##安装提供dns服务的软件
systemctl start named ##开启named服务
systemctl enable named
systemctl stop firewalld ##关闭防火墙
systemctl disable firewalld
二.高速缓存DNS
1.基本配置
vim /etc/named.conf ###配置dns服务端口以及查询控制
listen-on port 53 { any; }; ##any表示开在任意服务的53端口
allow-query { any; }; ##any表示允许所有可达主机从这台dns服务器获取解析
forwarders { 172.25.254.(真机IP); };
systemctl restart named ##重启服务
测试:
vim /etc/resolv.conf #配置dns解析服务器为本机
nameserver 172.25.254.虚拟机IP
dig www.baidu.com
2.设置不同ip查询时DNS解析结果相异
1)配置vim /etc/named.conf
vim /etc/named.conf ##增加分类解析的配置
>view locahost {
match-clients { 172.25.254.136; };
zone "." IN{
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};< ##分类一的配置,设置136主机查询时指向的解析文件
>view any {
match-clients { any; };
zone "." IN{
type hint;
file "named.ca";
};
include "/etc/named.rfc1900.zones";
};< ##分类二的配置,设置除136外的主机查询时指向的解析文件
2).添加DNS解析文件指向
vim /etc/named.rfc1900.zones
zone "westos.com" IN {
type master;
file "westos.com.zone1"; ##新加的解析文件指向
allow-update { key westos; };
also-notify { 172.25.254.(虚拟机IP); };
};
3)修改指向文件
vim /var/named/westos.com.zone1
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.103
halo A 172.25.254.123
hi A 172.25.254.124
news A 172.25.254.125
www A 172.25.254.126
三.权威DNS的正向解析
vim /etc/named.conf ##配置DNS的域
>zone "westos.com" IN {
type master; ##域的类型为权威域
file "westos.com.zone"; ##域读文件
allow-update { none; };
};<
cd /var/named
cp -p named.localhost westos.com.zone ##配置域读文件
vim westos.com.zone ##编辑域读文件
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.103 ##dns服务器IP
10 www A 172.25.254.111
systemctl restart named ##重启服务
dig www.westos.com ##测试
四.反向解析
vim /etc/named.conf
>zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.com.ptr";
allow-update { none; };
};<
cd /var/var/named
cp named.loopback westos.com.ptr -p ##配置反向解析的指向文件
vim westos.com.ptr ##编辑域读文件
systemctl restart named$TTL 1D
@ IN SOA dns.lockey.com. root.lockey.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.103
103 PTR www.westos.com.
dig -x 172.25.254.103 ##测试
五.DNS双向解析
主DNS配置
vim /etc/named.conf
50 view localnet {
51 match-clients { 172.25.254.33; };
52 zone "." IN {
53 type hint;
54 file "named.ca";
55 };
56 include "/etc/named.rfc1912.zones";
57 include "/etc/named.root.key";
58 };
59 view any {
60 match-clients { any; };
61 zone "." IN {
62 type hint;
63 file "named.ca";
64 };
65 include "/etc/named.rfc1912.zones.inter";
66 include "/etc/named.root.key";
67 };
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter -p
24 zone "westos.com" IN {
25 type master;
26 file "westos.com.inter";
27 allow-update { none; };
28 };
cp -p westos.com.zone westos.com.iter
vim westos.com.inter
$TTL 1D
@ IN SOA dns.lockey.com. root.lockey.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 1.1.1.100
www A 1.1.1.111
六.辅助DNS
主DNS的设定
vim /etc/name.rfc1912.zone.inter
24 zone "westos.com" IN {
25 type master;
26 file "westos.com.inter";
27 allow-update { none; };
28 also-notify { 172.25.254.200; };
29 };
systemctl restart named
辅助DNS
yum install bind -y
systemctl restart named
systemctl stop firewalld
vim /etc/named.conf
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters { 172.25.254.103; };
file "slaves/westos.com.inter";
allow-update { none; };
};
systemctl restart named
测试:
vim /etc/resolv.conf
nameserver 172.25.254.200
dig www.westos.com
vim /etc/resolv.conf
nameserver 172.25.254.100
dig www.westos.com
七.DNS的远程更新
基于IP
vim /etc/named.rfc1912.zone.inter
24 zone "westos.com" IN {
25 type master;
26 file "westos.com.inter";
27 allow-update { 172.25.254.200; };
28 also-notify { 172.25.254.200; };
29 };
systemctl restart named
nsupdate
> server 172.25.254.100
> update add bbs.westos.com 86400 A 1.1.1.3
> send
> server 172.25.254.100
> update delete bbs.westos.com
> send
基于key
cp -p /etc/rndc.key /etc/westos.key
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST westos
Kwestos.+157+24252.key
cat Kwestos.+157+24252.key
vim /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "hNSjcO3w/ZXSJo9TYoiIdFnzrOETFq74Smy9dlD3QhI09uj7tvtJdBSAV84L2KLhvDaM1wrI0leV5ti+VFByfQ==";
};
vim /etc/named.conf
include "/etc/westos.key";
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { key westos; };
also-notify { 172.25.254.200; };
测试
scp Kwestos.+157+24252* root@172.25.254.200:/mnt/
在有key的主机中执行
nsupdate -k Kwestos.+157+24252.private