dns服务器部署
#关于dns的名词解释
dns: domain name service (域名)
##关于客户端
/etc/resolv.conf dns 指向文件
nameserver 172.25.254.74
测试:
dig/host www.baidu.com 地址解析命令
A记录 Address记录
S0A 授权起始主机
dns顶级
. 13
次级
.com .net …
baidu.com
#关于服务器端
bind 安装包
named 服务名称
/etc/named.conf 主配置文件
/var/named 数据目录
53 端口
关于报错信息:
no servers could be reached 服务器无法访问(服务开启,火墙,网络,端口)
dig 查询状态
NOERROR 表示查询成功
REFUSED 服务拒绝访问
SERVFAIL 查询记录失败
NXDOMAIN 此域名A记录在dns中不存在
##dns服务的安装与启用
A:
配置网络
安装
dns install bind -y
启用+高速缓存dns
systemctl enable --now named.service
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
vim /etc/named.conf
systemctl restart named
B :
配置网络
vim /etc/resolv.conf
nameserver 172.25.254.74
测试:
dig www.baidu.com
速度快
###dns的正向解析
要打开postfix服务
vim /etc/named.rfc1912.zone
zone "westos.org" IN { 维护的域名
type master; 当前服务器位主dns
file "westos.com.zone"; 域名A 记录文件
allow-update { none; }; 允许主机更新主机列表
};
cd /var/named/
cp -p named.localhost westos.org.zone
vim westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org root.westos.org ( S0A授权起始
0 ; serial 域名版本序列号
1D ; refresh 刷新时间
1H ; retry 重试时间
1W ; expire 过期时间
3H ) ; minimum A记录最短有效期
NS dns.westos.org.
dns A 172.25.254.74
www CNAME www.a.westos.org. 规范域名
www.a A 172.25.254.111 正向解析记录
www.a A 172.25.254.222
westos.org. MX 1 172.25.254.100. 邮件解析记录
systemctl restart named
dig www.westos.com 查询正向解析
dig -t mx westos.com 邮件解析记录查询
测试:
在b主机上安装postfix mailx
#dns反向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "172.25.254.ptr";
allow-update { none; };
};
cp -p /var/named/named.loopback /var/named/172.25.254.ptr
vim /var/named/172.25.254.ptr
$TTL 1D
@ IN SOA dns.westos.org. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.74
111 PTR www.westos.org.
~
systemctl restart named
测试:
dig -x www.westos.org
##dns的双向解析
环境:
A:172.25.0.74 172.25.254.74
B:172.25.254.174
A:
cd /var/named
vim /etc/named.conf
#zone "." IN {
# type hint;
# file "named.ca";
# };
#include "/etc/named.rfc1912.zones";
view localnet {
match-clients { 172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones.inter";
};
#include "/etc/named.root.key";
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
vim /etc/named.rfc1912.zones.inter
29 zone "westos.org" IN {
30 type master;
31 file "westos.org.inter";
32 allow-update { none; };
cp westos.org.zone westos.org.inter
chgrp named westos.org.inter
vim westos.org.inter
$TTL 1D
@ IN SOA dns.westos.org root.westos.org (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.0.74
www CNAME www.a.westos.org.
www.a A 172.25.0.111
www.a A 172.25.0.222
westos.org. MX 1 172.25.0.100.
~
systemctl restart named
测试:
分别在两个网段的主机中做同样域名的地址解析
得到的A 记录不同
##dns集群
主dns A:
把之前做的 删除掉
vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { none; };
also-notify { 172.25.254.174; };
};
systemctl restart named
slave dns B:
dnf install bind -y
firewall-cmd --add-service=dns
firewall-cmd --reload
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/namzed/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
dnssec-validation no;
vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type slave;
masters { 172.25.254.74; };
file "slaves/westos.org.zone";
};
systemctl restart named
测试:
A:
vim westos.org.zone
改变
serial 1/2/ 2021053001
111 11
222 —> 22
systemctl restart named
B:
dig www.westos.org
跟着一起改变 成功
####dns 的更新
dns 基于key的更新方式:
在dns中设定:
cd /mnt
dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST lcfkey
cp /etc/rndc.key /etc/lcf.key -p
vim /etc/lcf.key
key "lcfkey" {
algorithm hmac-sha256;
secret "TFav8Ajqm1wnbejCgCOqTw==";
};
~
vim /etc/named.conf
43 include "/etc/lcf.key";
vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { key lcfkey; };
also-notify { 172.25.254.74; };
};
systemctl restart named
测试:
[root@westoslinux named]# nsupdate -k /var/named/Klcfkey.+163+57555.private
server 172.25.254.74
update add hello.westos.org 86400 A 172.25.254.72
send
##ddns (dhcp+dns)
vim /var/named/westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org root.westos.org (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.74
www CNAME www.a.westos.org.
www.a A 172.25.254.11
www.a A 172.25.254.22
westos.org. MX 1 172.25.254.100.
dnf install dhcp-server -y
vim /etc/dhcp/dhcpd.conf
option domain-name "westos.org";
option domain-name-servers 172.25.254.74;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.77 172.25.254.101;
option routers 172.25.254.250;
}
key lcfkey {
algorithm hmac-sha256;
secret TFav8Ajqm1wnbejCgCOqTw==;
};
zone westos.org. {
primary 127.0.0.1;
key lcfkey;
}
dns的key更新:
测试:
设定B 的测试主机网络工作方式为dhcp
设定主机名称test.westos.com
重启网络
dig test.westos.org
可以得到正确解析
扫一扫
1832
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
