#########
###DNS###
#########
1.安装部署
domain name system
yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewalld
systemctl disable firewalld
主配置文件:/etc/named.conf
子配置文件:/etc/name.rfc1912.zones
数据目录: /var/named
2.高速缓存dns
vim /etc/named.conf
11 listen-on port 53 { any; }; 开启服务端53端口,自己主机的多个ip,内部外部都可用
17 allow-query { any; }; 任何客户端地址都允许使用我的dns
18 forwarders { 172.25.254.250; };
systemctl restart named
测试:
在客户主机
vim /etc/resolv.conf
nameserver 172.25.254.100
dig www.baidu.com
第一次访问需要时间长,第一次访问过后会把你所访问的百度的信息缓存在服务端主机244上,你再次访问或者换一台客户主机访问所需时间会变短。
.com .nat .cn .edu .org
3.权威dns的正向解析
vim /etc/named
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
cd var/named/
cp -p named.localhost westos.com.zone
vim westos.com.zone
$TTL 1D 你所访问的 可以缓存一天
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.244
www A 172.25.254.111
systemctl restart named
测试:
dig www.westos.com
4.反向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.com.ptr";
allow-update { none; };
};
cd /var/named/
cp -p named.loopback westos.com.ptr
vim /var/named/westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.100
100 PTR www.westos.com.
systemctl restart named
测试:
dig -x 172.25.254.100
5.dns双向解析
vim /etc/named.conf 修改主配置文件。
view localnet {
match-clients {172.25.254.44; }; 44用内网登陆
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones.inter";
include "/etc/named.root.key";
};
view any {
match-clients {any; }; 其他人用外网登陆
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter -p
vim /etc/named.rfc1912.zones.inter 修改内网子配置文件
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
vim /etc/named.rfc1912.zones 修改外网子配置文件
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
vim /var/named/westos.com.inter 内网子配置文件的附属文件
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 1.1.1.244
www A 1.1.1.111
vim /var/named/westos.com.zone 外网子配置文件的附属文件
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.244
www A 172.25.254.111
测试:
用44访问到www内网显示1.1.1.111
用其他ip访问到外网显示172.25.254.111
6.辅助dns
主dns的设定
以下ip 200 只是一个辅助主dns的ip 自己设定的
vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
also-notify { 172.25.254.200; };
};
systemctl restart named
注意:每次更改A记录文件后必须更改vim /var/named/westos.com.inter里面的serial的数值,此数值最大为10位
辅助dns上
yum install bind -y
systemctl restart named
systemctl stop firewalld
vim /etc/named.conf
恢复最原始的配置文件
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters { 172.25.254.100; };
file "slaves/westos.com.inter";
allow-update { none; };
};
systemctl restart named
测试
vim /etc/resolv.conf
nameserver 172.25.254.200
dig www.westos.com
vim /etc/resolv.conf
nameserver 172.25.254.100
dig www.westos.com
7.dns的远程更新
基于ip地址的
cp /var/named/westos.com.inter /mnt -p 备份
服务端
vim /etc/named.rfc1912.zone.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { 172.25.254.200; }; 允许200远程更新服务端
also-notify { 172.25.254.200; }; 添加一个辅助的dns
};
systemctl restart named
chmod g+w /var/named
测试
在200这台主机上
nsupdate
>server 172.25.254.100
>update add bbs.westos.com 86400 A 1.1.1.3
>send
>server 172.25.254.100
>update delete bbs.westos.com
>send
200这台主机可以远程更新服务端的内容,别的ip可以访问200在服务端更新的内容
作完之后 恢复文件
基于key的
cp -p /etc/rndc.key /etc/westos.key
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST westos
cat Kwestos.+157+24252.key
vim /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "生成的钥匙";
};
vim /etc/named.conf
include "/etc/westos.key";
logging 写在logging前面
vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { key westos; };
also-notify { 172.25.254.200; };
};
测试
scp Kwestos.+157+24252* root@172.25.254.200:/mnt/
在有key的主机中执行
nsupdate -k Kwestos.+157+24252.private
>server 172.25.254.100
>update add bbs.westos.com 86400 A 1.1.1.3
>send
8.动态域名解析
搭建dhcp服务
yum install dhcp -y
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
y
vim /etc/dhcp/dhcpd.conf
7."westos.com"
8.name-servers 172.25.254.100
14 行开启
27
28 删除
35 之后全部不要
30 设置网段和子网眼码
31 动态获取ip的范围
32 网关
34 key "westos" {
algorithm hmac-md5;
secret "生成的钥匙";
};
38 zone westos.com {
primary 127.0.0.1;
key westos;
}
systemctl restart named
systemctl restart dhcpd
客户端
hostnamectl set-hostname www.westos.com