server端
yum search dns 查询dns软件名称
2. yum install -y bind.x86_64 安装dns服务
3. systemctl stop firewalld 关闭火墙
4. systemctl start named 开启dns服务注:第一次开启较慢 缺少加密字符需要在虚拟机界面敲击键盘增加加密字符
5. cat /etc/rndc.key 开启后/etc/rndc.key 会生成字符 未开启前没有这个文件
6. vim /etc/named.conf 修改配置文件
11 listen-on port 53 { any; }; 让53端口可以让任何人访问
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; }; 允许任何人访问这个服务器
18 forwarders {172.25.254.250;};
7. systemctl restart named
8 . ifconfig
查看端口是否对所有人开放
[root@dns-server ~]# netstat -antlpe | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 71229 4142/named
tcp 0 0172.25.254.239 :53 (53端口对 172.25.254.239开放) 0.0.0.0:* LISTEN 25 71224 4142/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 71222 4142/named
tcp6 0 0 ::1:953 :::* LISTEN 25 71230 4142/named
tcp6 0 0 ::1:53 :::* LISTEN 25 71226 4142/named
客户端:
dig baidu.com 没改配子文件前 被拒绝访问
2 vim /etc/resolv.conf 配子文件
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.239 dns问172.25.254.239(服务端的ip)获取dns解析
3 dig baidu.com
[root@dns-desktop ~]# dig baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14656
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com. IN A
;; ANSWER SECTION:
baidu.com. 600 IN A 220.181.57.217
baidu.com. 600 IN A 123.125.114.144
baidu.com. 600 IN A 180.149.132.47
baidu.com. 600 IN A 111.13.101.208
;; AUTHORITY SECTION:
. 512475 IN NS j.root-servers.NET.
. 512475 IN NS f.root-servers.Net.
. 512475 IN NS h.root-servers.net.
. 512475 IN NS k.root-servers.net.
. 512475 IN NS l.root-servers.net.
. 512475 IN NS m.root-servers.net.
. 512475 IN NS a.root-servers.net.
. 512475 IN NS e.root-servers.net.
. 512475 IN NS c.root-servers.net.
. 512475 IN NS g.root-servers.net.
. 512475 IN NS d.root-servers.net.
. 512475 IN NS i.root-servers.net.
. 512475 IN NS b.root-servers.net.
;; Query time: 347 msec ##使用时间347毫秒
;; SERVER: 172.25.254.239#53(172.25.254.239)
;; WHEN: Fri May 05 22:29:28 EDT 2017
;; MSG SIZE rcvd: 313
###建立dns表格
服务端:
vim /etc/named.conf
include "/etc/named.rfc1912.zones"; ##表格包含在这个文件中
include "/etc/named.root.key";
root@dns-server named]# vim /etc/named.rfc1912.zones ##编辑这个文件
##从上面的模版复制
zone "westos.com" IN { ## westos.com是一个域名
type master;
file "westos.com.zone"; ##表格在这个文件案中
allow-update { none; };
[root@dns-server named]# cd /var/named/
[root@dns-server named]# pwd
/var/named
[root@dns-server named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback named.localhost
[root@dns-server named]#cp -p named.localhost westos.com.zone
[root@dns-server named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.com.zone
[root@dns-server named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. ( ##@表示vim /etc/named.rfc1912.zones的\ ( zone "westos.com"中的westos.com
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.139 dns解析
www A 172.25.254.239 westos.com的地址
root@dns-server named]# systemctl restart named
注:不加“.” 会自动补齐@后的westos.com
客户端:
[root@dns-desktop ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@dns-desktop ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57149
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.239
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.139
;; Query time: 1 msec
;; SERVER: 172.25.254.239#53(172.25.254.239)
;; WHEN: Fri May 05 23:05:38 EDT 2017
;; MSG SIZE rcvd: 93
##域名规范
[root@dns-desktop ~]# dig music.westos.com规范前
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> music.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52742
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;music.westos.com. IN A
;; AUTHORITY SECTION:
westos.com. 10800 IN SOA dns.westos.com. root.westos.com. 0 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.25.254.239#53(172.25.254.239)
;; WHEN: Fri May 05 23:27:08 EDT 2017
;; MSG SIZE rcvd: 90
[root@dns-server named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.139
www A 172.25.254.239
music CNAME music.a.westos.com.
music.a A 172.25.254.111
music.a A 172.25.254.222
root@dns-server named]# systemctl restart named
[root@dns-desktop ~]# dig music.westos.com 规范后
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> music.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31672
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;music.westos.com. IN A
;; ANSWER SECTION:
music.westos.com. 86400 IN CNAME music.a.westos.com.#######
music.a.westos.com. 86400 IN A 172.25.254.222
music.a.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.139
;; Query time: 0 msec
;; SERVER: 172.25.254.239#53(172.25.254.239)
;; WHEN: Fri May 05 23:27:38 EDT 2017
;; MSG SIZE rcvd: 133
###邮件服务
服务端
[root@dns-server named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.139
www A 172.25.254.239
music CNAME music.a.westos.com.
westos.com. MX 1 172.25.254.139
root@dns-server named]# systemctl restart named
[root@dns-server named]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32070
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.139.
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.139
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri May 05 23:47:16 EDT 2017
***************************************
客户端发邮件
[root@dns-desktop ~]# mail root@wstos.com
Subject: fwaf
fsafaf
EOT
You have mail in /var/spool/mail/root
服务端
[root@dns-server named]# mailq
Mail queue is empty
------添加网卡---------
[root@foundation41 ~]# virt-manager ####添加网卡
[root@dns-server named]# cd /etc/sysconfig/network-scripts/
[root@dns-server network-scripts]# ifconfig
[root@dns-server network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@dns-server network-scripts]# vim ifcfg-eth1
1 DEVICE=eth1
3 IPADDR=172.25.41.141
[root@dns-server network-scripts]# systemctl restart network
[root@dns-server network-scripts]# systemctl restart named
[root@dns-server network-scripts]# ifconfig
----------dns---------
[root@dns-server named]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p
[root@dns-server named]# vim /etc/named.rfc1912.inter
19 zone "westos.com" IN {
20 type master;
21 file "westos.com.inter";
22 allow-update { none; };
23 };
[root@dns-server named]# vim /etc/named.conf
/*zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/
view localnet {
match-clients { 172.25.254.0/24; };####匹配172.25.254网段
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet {
match-clients { 172.25.41.0/24; };####匹配172.25.41网段
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
[root@dns-server named]# ls
data named.ca named.localhost slaves westos.com.zone
dynamic named.empty named.loopback westos.com.inter
[root@dns-server named]# cp -p /var/westos.com.zone /var/westos.com.inter
[root@dns-server named]# vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
41 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.41.141
www A 172.25.41.241
music CNAME music.a.westos.com.
music.a A 172.25.41.111
music.a A 172.25.41.123
westos.com. MX 1 172.25.41.141.
[root@dns-server named]# systemctl restart named
client端:
ifconfig eth0 172.25.41.254 netmask 255.255.255.0
systemctl restart network
vim /etc/resolve.conf
nameserver 172.25.254.141 ####服务端IP
dig www.westos.com
[root@dns-server named]# vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.com.ptr";
allow-update { none; };
};
[root@dns-server named]# cp -p named.loopback westos.com.ptr
[root@dns-server named]# vim westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.141
111 PTR www.westos.com.
123 PTR bbs.westos.com.
[root@dns-server named]# systemctl restart named
----------dns更新-----------
[root@dns-server named]# cp -p westos.com.zone /mnt
[root@dns-server named]# cd /mnt
[root@dns-server mnt]# ls
westos.com.zone
[root@dns-server mnt]# cd
[root@dns-server ~]# vim /etc/named.rfc1912.zones
19 zone "westos.com" IN {
20 type master;
21 file "westos.com.zone";
22 allow-update { 172.25.254.241; };
23 };
[root@dns-server ~]# chmod 770 /var/named/
[root@dns-server ~]# setsebool -P named_write_master_zones 1
[root@dns-server ~]# systemctl restart named
测试:
[root@dns-server ~]# dig hello.westos.com
server端:
[root@dns-client ~]# nsupdate
> server 172.25.254.141
> update add hello.westos.com 86400 A 172.25.254.222
> send
> server 172.25.254.141
> update delete hello.westos.com
> send
恢复
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter westos.com.zone.jnl
named.ca named.loopback westos.com.ptr
[root@dns-server named]# vim westos.com.zone
[root@dns-server named]# systemctl restart named
[root@dns-server named]# vim westos.com.zone
[root@dns-server named]# rm -fr westos.com.zone westos.com.zone.jnl
[root@dns-server named]# cp -p /mnt/westos.com.zone /var/named/
[root@dns-server named]# systemctl restart named
-------dns更新加密------
server端
[root@dns-server network-scripts]# cd /mnt
[root@dns-server mnt]# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST westoskey
Kwestoskey.+157+57222 ####-a表示加密类型 -b表示加密的字符的大小 -n表示加密名称
[root@dns-server mnt]# ls
Kwestoskey.+157+57222.key Kwestoskey.+157+57222.private westos.com.zone
[root@dns-server mnt]# cat Kwestoskey.+157+57222.key
westoskey. IN KEY 512 3 157 DEl4Xt4XibiIhcfjHgNyGbRXLAQr+HLMe4ZXn1eQYxU=
[root@dns-server mnt]# cp -p /etc/rndc.key /etc/westos.key
[root@dns-server mnt]# vim /etc/westos.key
1 key "westoskey" { ####key名称
2 algorithm hmac-md5;
3 secret "DEl4Xt4XibiIhcfjHgNyGbRXLAQr+HLMe4ZXn1eQYxU="; ####加密字符
4 };
[root@dns-server mnt]# vim /etc/named.conf
43 include "/etc/westos.key";
[root@dns-server mnt]# vim /etc/named.rfc1912.zones
19 zone "westos.com" IN {
20 type master;
21 file "westos.com.zone";
22 allow-update { key westoskey; };####key加密更新
23 };
[root@dns-server mnt]# systemctl restart named
[root@dns-server mnt]# scp Kwestoskey.+157+57222.* root@172.25.254.241:/mnt/