DNS
为了降低用户访问网络资源的门槛,DNS(Domain Name System,域名系统)技术应运而生。这是一项用于管理和解析域名与IP地址对应关系的技术,简单来说,就是能够接受用户输入的域名或IP地址,然后自动查找与之匹配(或者说具有映射关系)的IP地址或域名,即将域名解析为IP地址(正向解析),或将IP地址解析为域名(反向解析)。这样一来,我们只需要在浏览器中输入域名就能打开想要访问的网站了。DNS域名解析技术的正向解析也是我们最常使用的一种工作模式。
yum install bind-chroot 安装服务
vim /etc/named.conf 修改主配置文件
11 listen-on port 53 { any; };
17 allow-query { any; };
vim /etc/named.rfc1912.zones 修改从配置文件
#正向解析
zone "linuxprobe.com" IN {
type master;
file "linuxprobe.com.zone";
allow-update {192.168.10.20;};
};
#反向解析
zone "10.168.192.in-addr.arpa" IN {
type master;
file "192.168.10.arpa";
allow-update { 192.168.10.20; };
};
cd /var/named/ 进入模板配置文件
#正向解析模板文件
$TTL 1D
@ IN SOA linuxprobe.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.linuxprobe.com.
ns IN A 192.168.10.10
IN MX 10 mail.linuxprobe.com.
mail IN A 192.168.10.10
www IN A 192.168.10.10
bbs IN A 192.168.10.20
#反向解析模板文件
$TTL 1D
@ IN SOA linuxprobe.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.linuxprobe.com.
ns A 192.168.10.10
10 PTR ns.linuxprobe.com.
10 PTR mail.linuxprobe.com.
10 PTR www.linuxprobe.co
20 PTR bbs.linuxprobe.com.
~
iptables -F
firewall-cmd --permanent --zone=public --add-service=dns
firewall-cmd --reload
systemctl restart named
systemctl enable named
从服务器配置文件
vim /etc/named.rfc1912.zones
zone "linuxprobe.com" IN {
type slave;
masters { 192.168.10.10; };
file "slaves/linuxprobe.com.zone";
};
zone "10.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.10.10; };
file "slaves/192.168.10.arpa";
};
systemctl restart named
systemctl enable named
cd /var/named/slaves 从主服务器同步下来的模板文件
安全的加密传输
在主服务器中生成密钥。
#获取加密字符串
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST master-slave
cat Kmaster-slave.+157+46845.private
w1KhW33ApYl/HkUJJMZYhg==
cd /var/named/chroot/etc/
vim transfer.key 修改配置文件
key "master-slave" {
algorithm hmac-md5;
secret "w1KhW33ApYl/HkUJJMZYhg==";
};
chown root:named transfer.key 修改所属组
chmod 640 transfer.key 赋值权限
ln transfer.key /etc/transfer.key 创建硬链接
vim /etc/named.conf 修改主配置文件
9 include "/etc/transfer.key";
18 allow-transfer { key master-slave; };
客户端
rm -rf /var/named/slaves/*
cd /var/named/chroot/etc
vim transfer.key 修改密钥文件
key "master-slave" {
algorithm hmac-md5;
secret "w1KhW33ApYl/HkUJJMZYhg==";
};
chown root:named transfer.key 修改所属组
chmod 640 transfer.key 赋值权限
ln transfer.key /etc/transfer.key 创建硬链接
vim /etc/named.conf 修改主配置文件
9 include "/etc/transfer.key";
43 server 192.168.10.10
44 {
45 keys { master-slave; };
46 };
systemctl restart named 重启服务即可
部署缓存服务器
服务器添加两块网卡
一块为192.168.10.10
另一块为DHCP获取
1.关机
poweroff
2.添加网卡
点击确定,开启虚拟机
nm-connection-editor 配置网卡命令
mcli connection up ens160
nmcli connection up ens192
服务器主机能上网即可
3.yum -y install bind-chroot 安装dns
4.vim /etc/named.conf 修改主配置文件
11 listen-on port 53 { any; };
19 allow-query { any; };
20 forwarders {8.8.8.8;};:
- iptables -F 清空防火墙规则
- firewall-cmd --permanent --zone=public --add-service=dns 防火墙放行
- firewall-cmd --reload 防火墙生效
- systemctl restart named 重启服务
- systemctl enable named 将服务添加到启动项
客户端
nmcli connection up ens160
ping www.qq.com 查看是否缓存成功
分离解析
添加两个IP
nm-connection-editor
122.71.115.1
106.185.25.1
查看本机是否能ping通
yum -y install bind-chroot 安装dns服务
vim /etc/named.conf 修改主配置文件
11 listen-on port 53 { any; };
19 allow-query { any; };
52 #zone "." IN {
53 # type hint;
54 # file "named.ca";
55 #};
vim /etc/named.rfc1912.zones 修改区域配置文件
acl "china" { 122.71.115.0/24; };
acl "american" { 106.185.25.0/24;};
view "china"{
match-clients { "china"; };
zone "linuxprobe.com" {
type master;
file "linuxprobe.com.china";
};
};
view "american" {
match-clients { "american"; };
zone "linuxprobe.com" {
type master;
file "linuxprobe.com.american";
};
};
cd /var/named
cp -a named.localhost linuxprobe.com.china
cp -a named.localhost linuxprobe.com.american
vim linuxprobe.com.china
$TTL 1D
@ IN SOA linuxprobe.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.linuxprobe.com.
ns IN A 122.71.115.1
www IN A 122.71.115.1
vim linuxprobe.com.american
$TTL 1D
@ IN SOA linuxprobe.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.linuxprobe.com.
ns IN A 106.185.25.1
www IN A 106.185.25.1
iptables -F 清空防火墙
firewall-cmd --permanent --zone=public --add-service=dns 防火墙放行
firewall-cmd --reload 防火墙生效
systemctl restart named 重启服务
systemctl enable named 加入启动项