Linux中DNS服务器的部署

最新推荐文章于 2024-01-27 13:14:08 发布

Eternally☞北巷故人

最新推荐文章于 2024-01-27 13:14:08 发布

阅读量164

点赞数

分类专栏： Linux基础文章标签： linux

本文链接：https://blog.csdn.net/qq_43541622/article/details/104943323

版权

Linux基础专栏收录该内容

45 篇文章 0 订阅

订阅专栏

1.关于dns的名词解释

dns:
domain name service(域名解析服务)

#关于客户端:#
/etc/resolv.conf ##dns指向文件
host www.baidu.com ##地址解析命令
dig www.baidu.com ##地址详细解析信息命令
A记录 #ip地址叫做域名的Address 记录
SOA
dns顶级 #授权起始主机
. 13
次级
.com .net .edu .org …

baidu.com

#关于服务端#
bind ##安装包
named ##服务名称
/etc/named.conf ##数据目录
/var/named ##53
端口

关于报错信息:
1.no servers could be reached ##服务无法访问(服务开启?火墙?网络?端口?)
2.服务启动失败 ##配置文件写错 journalctl -xe查询错误
3.dig 查询状态
NOERROR ##表示查询成功
REFUSED ##服务拒绝访问
SERVFAIL ##查询记录失败 (dns服务器无法到达上级，拒绝缓存)
NXDOMAIN ##此域名A记录在dns中不存在

2.dns服务的安装与启用

#安装#
dnf install bind.x86_64 -y

#启用#
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload

vim /etc/named.conf

11			listen-on port 53 { any; }; 		#在本地所有网络接口上开启53端口
19		allow-query { any; }; 				##允许查询A记录的客户端列表
34 		dnssec-validation no;	##禁用dns检测使dns能够缓存外部信息到本纪

systemctl restart named

3.高速缓存dns

20 forwarders { 114.114.114.114; };

4.dns的正向解析

vim /etc/named.rfc1912.zone zone
“westos.com” IN { ##维护的域名
type master; ##当前服务器位主dns
file “westos.com.zone”; ##域名A记录文件
allow-update { none; }; ##允许更新主机列表
};

cd /var/named/
cp -p named.localhost westos.com.zone
$TTL 1D
在这里插入图片描述

systemctl restart named

dig www.westos.com #查询正向解析
dig -t mx westos.com #邮件解析记录查询

5.dns的反向解析

vim /etc/named.rfc1912.zones

zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.ptr"; allow-update { none; };
};

cd /var/named/
cp -p named.loopback 192.168.0.ptr

vim 192.168.0.ptr
$TTL 1D
在这里插入图片描述

systemctl restart named

测试:
dig -x 192.168.0.11

6.dns的双向解析

实验环境:

客户端2台
192.168.0网段
172.25.254网段 ##ifconfig ens160 172.25.254.30 netmask 255.255.255.0

服务端1台2个网段的ip

192.168.0.20
172.25.254.20 #ifconfig ens160 172.25.254.20 netmask 255.255.255.0

在192.168.0网段的客户主机中
vim /etc/resolv.conf
nameserver 192.168.0.20

在172.25.254网段的客户主机中
vim /etc/resolv.conf
nameserver 172.25.254.20

配置方式:
cd /var/named/
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
$TTL 1D
在这里插入图片描述

cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inters
vim /etc/named.rfc1912.inters

zone "westos.com" IN {
type master;
file "westos.com.inter"; allow-update { none; };
};

vim /etc/named.conf

zone "." IN {
##		type hint;
##		file "named.ca"; 
##};
#
##include "/etc/named.rfc1912.zones"; 
##include "/etc/named.root.key";


view localnet {
				match-clients { 192.168.0.0/24; }; 
				zone "." IN {
							type hint;
							file "named.ca";
			};
			include "/etc/named.rfc1912.zones"; 
			include "/etc/named.root.key";
};
view internet {
		match-clients { any; }; 
		zone "." IN {
				type hint;
				file "named.ca";
				};
			include "/etc/named.rfc1912.inters"; 
			include "/etc/named.root.key";
};

systemctl restart named

测试: 分别在2个网段的主机中作同样域名的地址解析
得到的A记录不同

7.dns集群

主dns:

zone "westos.com" IN {
			type master;
			file "westos.com.zone"; 
			allow-update { none; }; 
			also-notify { 192.168.0.30; };		##主动通知的辅助dns主机
};

vim /var/named/westos.com.zone
$TTL 1D
在这里插入图片描述

slave dns:
dnf install bind -y
firewall-cmd --add-service=dns

vim /etc/named.conf
l

isten-on port 53 { any; }; 
allow-query { any; }; 
dnssec-validation no;
vim /etc/named.rfc1912.zone zone "westos.com" IN {
							type slave;		##dns状态位辅助dns
							masters { 192.168.0.20; };		##主dns
							file "slaves/westos.com.zone"; ##同步数据文件
};

systemctl restart named

8.dns的更新

dns基于ip地址的更新:
在dns中设定:

vim /etc/named.rfc1912.zones

zone "westos.com" IN { 
				type master;
				file "westos.com.zone";
				allow-update { 192.168.0.10; };		##允许指定客户端更新westos域
				also-notify { 192.168.0.30; };
};

在这里插入图片描述

dns基于key更新的方式:
dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westos
cp -p /etc/rndc.key

/etc/wesots.key

key "westos" {
			algorithm hmac-sha256;
			secret "SB1tQcLaWeroU9lGW21zeA==";
};

vim /etc/named.conf
43 include “/etc/wesots.key”; vim /etc/named.rfc1912.zones zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { key westos; };
also-notify { 192.168.0.30; };
};

systemctl restart named

[root@rhel7_node1 ~]# nsupdate -k /mnt/Kwestos.+163+26695.private > server 192.168.0.20
> update add hello.westos.com 86400 A 192.168.0.111
> send
> quit

9.ddns(dhcp+dns)

dnf instsall dhcp-server -y
vim /etc/dhcpd/dhcpd.conf

#dhcpd.conf
#
#Sample configuration file for ISC dhcpd #
#option definitions common to all supported networks... 
option domain-name "westos.com";
option domain-name-servers 192.168.0.20;

default-lease-time 600; 
max-lease-time 7200;
#Use this to enble / disable dynamic dns updates globally.

ddns-update-style interim;
# If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative;
# Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology.
# This is a very basic subnet declaration.

subnet 192.168.0.0 netmask 255.255.255.0 { 
		range 192.168.0.51 192.168.0.80;
		option routers 192.168.0.1;
}
key westos {
			algorithm hmac-sha256;
			secret SB1tQcLaWeroU9lGW21zeA==; 
			};
zone westos.com. {
			primary 127.0.0.1;
			key westos;
}

dns的key更新

测试:
设定测试主机网络工作方式为dhcp
设定主机名称test.westos.com

重启网络

dig test.westos.com

可以得到正确解析

Eternally☞北巷故人

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Linux中DNS服务器的部署

1.关于dns的名词解释dns:domain name service(域名解析服务)#关于客户端:#/etc/resolv.conf ##dns指向文件host www.baidu.com ##地址解析命令dig www.baidu.com ##地址详细解析信息命令A记录 #ip地址叫做域名的Address 记录SOAdns顶级 ...
复制链接

扫一扫