#####1.dns的名词解释 #####
domain name service(
域名解析服务
)
#
关于客户端
:
#
/
etc
/
resolv.conf ##dns
指向文件
nameserver
172.25.254.20
#
测试
:
host www.baidu.com ##
地址解析命令
dig www.baidu.com ##
地址详细解析信息命令
A
记录 ##ip地址叫做域名的
Address
记录
SOA ##授权起始主机
dns
顶级 .
13
次级 .com .net .edu .org ....
baidu.com
#
关于服务端
#
bind ##安装包
named ##服务名称
/
etc
/
named.conf ##主配置文件
/
var
/
named ##数据目录
端口 ##
53
关于报错信息
:
1.
no servers could be reached ##
服务无法访问
(
服务开启
?
火墙
?
网络
?
端口
?)
2.
服务启动失败
##
配置文件写错
journalctl
-
xe
查询错误
3.
dig
查询状态
NOERROR
##
表示查询成功
REFUSED
##
服务拒绝访问
SERVFAIL
##
查询记录失败
,
(
dns
服务器无法到达上级
,
拒绝缓存
)
NXDOMAIN
##
此域名
A
记录在
dns
中不存在
###### 2.dns服务的安装与启用 ######
#
安装
#
###### 3.高速缓存dns ######
###### 4.dns的正向解析 ######
vim
/
etc
/
named.rfc1912.zone
zone "westos.com" IN { ##
维护的域名
type master; ##
当前服务器位主
dns
file "westos.com.zone"; ##
域名
A
记录文件
allow
-
update { none; }; ##
允许更新主机列表
};
cd
/
var
/
named
/
cp
-
p named.localhost westos.com.zone
$TTL 1D #TIME
-
TO
-
LIVE(dns
地址保存时间长度
)
@
IN SOA dns.westos.com. root.westos.com ( #SOA
授权起始
(Start of Authority)
0
; serial #
域名版本序列号
1D ; refresh #
刷新时间
(
辅助
dns
)
1H ; retry #
重试时间
(
辅助
dns
)
1W ; expire #
过期时间
(
辅助
dns,
查询失败过期停止对辅
助域名的应答
)
3H ) ; minimum #A
记录最短有效期
NS dns.westos.com.
dns A
192.168.0.20
www CNAME westos.a.westos.com. ##
规范域名
westos.a A
192.168.0.111
##正向解析记录
westos.a A
192.168.0.112
westos.com. MX
1 192.168.0.20
.
##
邮件解析记录
systemctl restart named
dig www.westos.com #
查询正向解析
dig
-
t mx westos.com #邮件解析记录查询
###### 5.dns的反向解析 ######
vim
/
etc
/
named.rfc1912.zones
zone "
0.168.192
.in
-
addr.arpa" IN {
type master;
file "
192.168.0
.ptr";
allow
-
update { none; };
};
cd
/
var
/
named
/
cp
-
p named.loopback
192.168.0
.ptr
vim
192.168.0
.ptr
$TTL 1D
@
IN SOA dns.westos.com. root.westos.com. (
0
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A
192.168.0.20
11
PTR www.westos.com.
12
PTR bbs.westos.com.
13
PTR news.westos.com.
systemctl restart named
测试
:
dig
-
x
192.168.0.11
###### 6.dns的双向解析 ######
实验环境
:
客户端
2
台
192.168
.0
网段
172.25
.254
网段
##ifconfig ens160
172.25.254.30
netmask
255.255.255.0
服务端
1
台
2
个网段的
ip
192.168.0.20
172.25.254.20
##ifconfig ens160
172.25.254.20
netmask
255.255.255.0
在
192
.168
.0
网段的客户主机中
vim
/
etc
/
resolv.conf
nameserver
192.168.0.20
在
172
.25
.254
网段的客户主机中
vim
/
etc
/
resolv.conf
nameserver
172.25.254.20
配置方式
:
cd
/
var
/
named
/
cp
-
p westos.com.zone westos.com.inter
vim westos.com.inter
$TTL 1D
@
IN SOA dns.westos.com. root.westos.com (
0
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A
172.25.254.20
www CNAME westos.a.westos.com.
westos.a A
172.25.254.111
westos.a A
172.25.254.112
westos.com. MX
1 172.25.254.20
. #mail exchanger
cp
-
p
/
etc
/
named.rfc1912.zones
/
etc
/
named.rfc1912.inters
vim
/
etc
/
named.rfc1912.inters
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow
-
update { none; };
};
vim
/
etc
/
named.conf
#zone "." IN {
## type hint;
## file "named.ca";
##};
#
##include "
/
etc
/
named.rfc1912.zones";
##include "
/
etc
/
named.root.key";
view localnet {
match
-
clients {
192.168.0.0
/
24
; };
zone "." IN {
type hint;
file "named.ca";
};
include "
/
etc
/
named.rfc1912.zones";
include "
/
etc
/
named.root.key";
};
view internet {
match
-
clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "
/
etc
/
named.rfc1912.inters";
include "
/
etc
/
named.root.key";
};
systemctl restart named
测试
:
分别在
2
个网段的主机中作同样域名的地址解析
得到的A记录不同
###### 7.dns集群 ######
主
dns
:
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow
-
update { none; };
also
-
notify {
192.168.0.30
; }; ##
主动通知的辅助
dns
主机
};
vim
/
var
/
named
/
westos.com.zone
$TTL 1D
@
IN SOA dns.westos.com. root.westos.com (
2020031402
; serial ##
每次修改
A
记录文件需要
1D ; refresh ##
变更此参数的值
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A
192.168.0.20
www CNAME westos.a.westos.com.
westos.a A
192.168.0.210
westos.a A
192.168.0.211
westos.com. MX
1
192.168.0.20
.
slave dns
:
dnf install bind
-
y
firewall
-
cmd
--
add
-
service
=
dns
vim
/
etc
/
named.conf
listen
-
on port
53
{ any; };
allow
-
query { any; };
dnssec
-
validation no;
vim
/
etc
/
named.rfc1912.zone
zone "westos.com" IN {
type slave;
##dns
状态位辅助
dns
masters {
192.168.0.20
; }; ##
主
dns
file "slaves
/
westos.com.zone"; ##
同步数据文件
};
systemctl restart named
###### 8.dns的更新 ######
dns
基于
ip
地址的更新
:
在
dns
中设定
:
vim
/
etc
/
named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow
-
update {
192.168.0.10
; }; ##
允许指定客户端更新
westos
域
also
-
notify {
192.168.0.30
; };
};
测试
:
在
192
.168.0.10
[root
@rhel7_node1
~
]# nsupdate
>
server
192.168.0.20
>
update add hello.westos.com
86400
A
192.168.0.111
##
新曾
A
记录
>
send
>
update delete hello.westos.com
##
删除
A
记录
>
send
dns
基于
key
更新的方式
:
dnssec
-
keygen
-
a HMAC
-
SHA256
-
b
128
-
n HOST westos
cp
-
p
/
etc
/
rndc.key
/
etc
/
westos.key
vim
/
etc
/
westos.key
key "westos" {
algorithm hmac
-
sha256;
secret "SB1tQcLaWeroU9lGW21zeA
==
";
};
vim
/
etc
/
named.conf
43
include "
/
etc
/
wesots.key";
vim
/
etc
/
named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow
-
update { key westos; };
also
-
notify {
192.168.0.30
; };
};
systemctl restart named
[root
@rhel7_node1
~
]# nsupdate
-
k
/
mnt
/
Kwestos
.+
163
+
26695.
private
>
server
192.168.0.20
>
update add hello.westos.com
86400
A
192.168.0.111
>
send
>
quit
###### 9.ddns(dhcp+dns) ######
dnf instsall dhcp
-
server
-
y
vim
/
etc
/
dhcpd
/
dhcpd.conf
# dhcpd.conf
#
# Sample configuration file
for
ISC dhcpd
#
# option definitions common to all supported networks...
option domain
-
name "westos.com";
option domain
-
name
-
servers
192.168.0.20
;
default
-
lease
-
time
600
;
max
-
lease
-
time
7200
;
# Use this to enble
/
disable dynamic dns updates globally.
ddns
-
update
-
style interim;
# If this DHCP server is the official DHCP server
for
the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp
log
messages to a different
log
file (you also
# have to hack syslog.conf to complete the redirection).
log
-
facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
subnet
192.168.0.0
netmask
255.255.255.0
{
range
192.168.0.51 192.168.0.80
;
option routers
192.168.0.1
;
}
key westos {
algorithm hmac
-
sha256;
secret SB1tQcLaWeroU9lGW21zeA
==
;
};
zone westos.com. {
primary
127.0.0.1
;
key westos;
}
dns
的
key
更新
测试
:
设定测试主机网络工作方式为
dhcp
设定主机名称
test.westos.com
重启网络
dig test.westos.com
可以得到正确解析