DNS

最新推荐文章于 2024-06-07 20:27:12 发布

snlunazzf

最新推荐文章于 2024-06-07 20:27:12 发布

阅读量136

点赞数

文章标签： dns

本文链接：https://blog.csdn.net/snlunazzf/article/details/78697982

版权

#########

###DNS###

#########

1.安装部署

domain name system

yum install bind -y

systemctl start named

systemctl enable named

systemctl stop firewalld

systemctl disable firewalld

主配置文件：/etc/named.conf

子配置文件：/etc/name.rfc1912.zones

数据目录: /var/named

2.高速缓存dns

vim /etc/named.conf

11 listen-on port 53 { any; }; 开启服务端53端口，自己主机的多个ip，内部外部都可用

17 allow-query { any; }; 任何客户端地址都允许使用我的dns

18 forwarders { 172.25.254.250; };

systemctl restart named

测试：

在客户主机

vim /etc/resolv.conf

nameserver 172.25.254.100

dig www.baidu.com

第一次访问需要时间长，第一次访问过后会把你所访问的百度的信息缓存在服务端主机244上，你再次访问或者换一台客户主机访问所需时间会变短。

.com .nat .cn .edu .org

3.权威dns的正向解析

vim /etc/named

[root@localhost ~]# vim /etc/named.conf

[root@localhost ~]# vim /etc/named.rfc1912.zones

zone "westos.com" IN {

type master;

file "westos.com.zone";

allow-update { none; };

};

cd var/named/

cp -p named.localhost westos.com.zone

vim westos.com.zone

$TTL 1D 你所访问的可以缓存一天

@ IN SOA dns.westos.com. root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.244

www A 172.25.254.111

systemctl restart named

测试：

dig www.westos.com

4.反向解析

vim /etc/named.rfc1912.zones

zone "254.25.172.in-addr.arpa" IN {

type master;

file "westos.com.ptr";

allow-update { none; };

};

cd /var/named/

cp -p named.loopback westos.com.ptr

vim /var/named/westos.com.ptr

$TTL 1D

@ IN SOA dns.westos.com. root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.100

100 PTR www.westos.com.

systemctl restart named

测试：

dig -x 172.25.254.100

5.dns双向解析

vim /etc/named.conf 修改主配置文件。

view localnet {

match-clients {172.25.254.44; }; 44用内网登陆

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones.inter";

include "/etc/named.root.key";

};

view any {

match-clients {any; }; 其他人用外网登陆

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter -p

vim /etc/named.rfc1912.zones.inter 修改内网子配置文件

zone "westos.com" IN {

type master;

file "westos.com.inter";

allow-update { none; };

};

vim /etc/named.rfc1912.zones 修改外网子配置文件

zone "westos.com" IN {

type master;

file "westos.com.zone";

allow-update { none; };

};

vim /var/named/westos.com.inter 内网子配置文件的附属文件

$TTL 1D

@ IN SOA dns.westos.com. root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 1.1.1.244

www A 1.1.1.111

vim /var/named/westos.com.zone 外网子配置文件的附属文件

$TTL 1D

@ IN SOA dns.westos.com. root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.244

www A 172.25.254.111

测试：

用44访问到www内网显示1.1.1.111

用其他ip访问到外网显示172.25.254.111

6.辅助dns

主dns的设定

以下ip 200 只是一个辅助主dns的ip 自己设定的

vim /etc/named.rfc1912.zones.inter

zone "westos.com" IN {

type master;

file "westos.com.inter";

allow-update { none; };

also-notify { 172.25.254.200; };

};

systemctl restart named

注意：每次更改A记录文件后必须更改vim /var/named/westos.com.inter里面的serial的数值，此数值最大为10位

辅助dns上

yum install bind -y

systemctl restart named

systemctl stop firewalld

vim /etc/named.conf

恢复最原始的配置文件

vim /etc/named.rfc1912.zones

zone "westos.com" IN {

type slave;

masters { 172.25.254.100; };

file "slaves/westos.com.inter";

allow-update { none; };

};

systemctl restart named

测试

vim /etc/resolv.conf

nameserver 172.25.254.200

dig www.westos.com

vim /etc/resolv.conf

nameserver 172.25.254.100

dig www.westos.com

7.dns的远程更新

基于ip地址的

cp /var/named/westos.com.inter /mnt -p 备份

服务端

vim /etc/named.rfc1912.zone.inter

zone "westos.com" IN {

type master;

file "westos.com.inter";

allow-update { 172.25.254.200; }; 允许200远程更新服务端

also-notify { 172.25.254.200; }; 添加一个辅助的dns

};

systemctl restart named

chmod g+w /var/named

测试

在200这台主机上

nsupdate

>server 172.25.254.100

>update add bbs.westos.com 86400 A 1.1.1.3

>send

>server 172.25.254.100

>update delete bbs.westos.com

>send

200这台主机可以远程更新服务端的内容，别的ip可以访问200在服务端更新的内容

作完之后恢复文件

基于key的

cp -p /etc/rndc.key /etc/westos.key

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST westos

cat Kwestos.+157+24252.key

vim /etc/westos.key

key "westos" {

algorithm hmac-md5;

secret "生成的钥匙"；

}；

vim /etc/named.conf

include "/etc/westos.key";

logging 写在logging前面

vim /etc/named.rfc1912.zones.inter

zone "westos.com" IN {

type master;

file "westos.com.inter";

allow-update { key westos; };

also-notify { 172.25.254.200; };

};

测试

scp Kwestos.+157+24252* root@172.25.254.200:/mnt/

在有key的主机中执行

nsupdate -k Kwestos.+157+24252.private

>server 172.25.254.100

>update add bbs.westos.com 86400 A 1.1.1.3

>send

8.动态域名解析

搭建dhcp服务

yum install dhcp -y

cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

vim /etc/dhcp/dhcpd.conf

7."westos.com"

8.name-servers 172.25.254.100

14 行开启

28 删除

35 之后全部不要

30 设置网段和子网眼码

31 动态获取ip的范围

32 网关

34 key "westos" {

algorithm hmac-md5;

secret "生成的钥匙"；

}；

38 zone westos.com {

primary 127.0.0.1;

key westos;

}

systemctl restart named

systemctl restart dhcpd

客户端

hostnamectl set-hostname www.westos.com

snlunazzf

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫