1.正向解析dns
@可以让字符串后自动加上westos.com
不以.结尾的字符串会自动补齐
expire 客户可以查询这个文件的期限(到期日)
refresh 刷新客户缓存时间
minimum 最小缓存时间
retry 查询不到的话一个小时之后可以重新查询
确保环境的纯净
删除之前的forwarder { 114.114.114.114; }; 其他不变
[root@dns-server ~]# vim /etc/named.rfc1912.zones
复制19-23行到25-29行,并修改如下,并记住所修改的westos.com.zone
25 zone “westos.com” IN {
26 type master;
27 file “westos.com.zone”;
28 allow-update { none; };
29 };
cd /var/named
ls
cp -p named.localhost westos.com.zone #将模板复制成刚才记住的westos.com.zone
vim westos.com.zone #编辑此文件
原文件
修改如下
1 $TTL 1D
2 @ IN SOA dns.westos.com. rong.invalid. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com
9 dns A 172.25.254.214
10 www A 172.25.254.111
11 bbs A 172.25.254.222
dig www.westos.com #查看此时是NOERROR,解析也和设置的westos.com.zone中符合
vim westos.com.zone #此次设置轮循两个
1 $TTL 1D
2 @ IN SOA dns.westos.com. rong.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.214
10 www CNAME bbs.a.westos.com.
11 bbs.a A 172.25.254.222
12 bbs.a A 172.25.254.111
systemctl restart named #重启服务
dig www.westos.com #此时172.25.254.111在上面
dig www.westos.com #此时172.25.254.222在上面
这就是轮循
2.测试邮件交换器
vim westos.com.zone
1 $TTL 1D
2 @ IN SOA dns.westos.com. rong.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.214
10 www CNAME bbs.a.westos.com.
11 bbs.a A 172.25.254.222
12 bbs.a A 172.25.254.111
13 westos.com. MX 1 mail.westos.com.
14 mail A 172.25.254.114
systemct restart named #l重启服务
发送邮件
[root@dns-server named]# mail root@westos.com
Subject: hahaha
redhat
EOT
.
EOT
[root@dns-server named]# mail
No mail for root #表示发送成功
[root@dns-server named]# > /var/log/messages #清空日志
[root@dns-server named]# mail root @westos.com #再次发送一个邮件
Subject: hahaha
hahahaha
.
EOT
[root@dns-server named]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
840B217E864 452 Fri Feb 15 22:51:24 root@dns-server.westoscom
(connect to mail.westos.com[172.25.254.114]:25: Connection refused)
root@westos.com
EA24417E878 447 Fri Feb 15 22:52:43 root@dns-server.westoscom
(connect to mail.westos.com[172.25.254.114]:25: Connection refused)
root@westos.com
-- 1 Kbytes in 2 Requests.
删除邮件信息
再次查看
3.反向解析dns
vim /etc/named.rfs1912.zone #设置反向解析
复制43-47行到49-53行并修改记住修改的172.25.254.ptr
pwd #查看是否在/etc/named 目录下
ls #查看目录下的文件
cp -p named.loopback 172.25.254.ptr #复制模板文件到172.25.254.ptr中
查看是否 复制成功
vim 172.25.254.ptr
原文件
修改如下:
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.114
10 100 PTR dns.westos.com.
11 111 PTR www.westos.com.
12 222 PTR bbs.westos.com.
重启服务
测试:
[root@dns-server named]# dig -x 172.25.254.111
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44948
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;177.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
177.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.114
;; Query time: 0 msec
;; SERVER: 172.25.254.1![在这里插入图片描述](https://img-blog.csdnimg.cn/20190217134153402.png)14.#53(172.25.254.114)
;; WHEN: Fri Feb 15 23:12:33 EST 2019
;; MSG SIZE rcvd: 118
4.双向解析
[root@dns-server named]# vim /etc/named.conf
修改添加如下
50 /*
51 zone "." IN {
52 type hint;
53 file "named.ca";
54 };
55 */
56 view localnet {
57 match-clients { localhost;};
58 zone "." IN {
59 type hint;
60 file "named.ca";};
61 include "/etc/named.rfc1912.zones";
62 };
63 view internet {
64 match-clients { any; };
65 zone "." IN {
66 type hint;
67 file "named.ca";
68 };
69 include "/etc/named.rfc1912.inters";
70 };
71 include "/etc/named.root.key";
[root@dns-server named]#cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
[root@dns-server named]#vim /etc/named.rfc1912.inter
复制14-18到20-24,修改如下:
20 zone "westos.com" IN {
21 type master;
22 file "westos.com.inter";
23 allow-update { none; };
24 };
[root@dns-server named]# ls
[root@dns-server named]#cp -p /var/named/westos.com.zone /var/named/westos.com.inter
[root@dns-server named]# ls
[root@dns-server named]#vim /var/named/westos.com.inter
修改如下
1 $TTL 1D
2 @ IN SOA dns.westos.com. kk.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 192.168.0.114
10 www CNAME bbs.a.westos.com.
11 bbs.a A 192.168.0.222
12 bbs.a A 192.168.0.111
13 westos.com. MX 1 mail.westos.com.
14 mail A 192.168.0.214
重启服务
测试:
在服务端(虚拟机)
dig www.westos.com
在测试端(真机)
dig www.westos.com
结果分析:
可以看出内网和外网dig相同的地址,地址172.25.254.114给两个机子的解析是不同的,内网给出的是172段的,外网给出的是192段的
5.辅助dns
保证环境的纯净,删除westos.com.inter文件,注释或删除之前做的双向解析,恢复至之前
集群
配置第二台主机的网路和yum源
修改名字(可不做修改),此处设置为dns2-server
修改网络配置文件,看到什么用什么,此处为ens3
cd /etc/sysconf/network-script
ls
vim /etc/ifcfg-ens3
systemctl restart network #重启网络服务
cd /etc/yum.repos.d/
ls
vim yum.repo
此处gpgcheck设置为1,表示安装软件会进行校验扫描,不通过就无法安装
yum clean all
yum install bind -y
配置主配置文件
vim /etc/named.conf
vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type slave;
27 masters { 172.25.254.114; };
28 file "slaves/westos.com.zone";
29 allow-update { none; };
30 };
重启服务
vim /etc/resolv.conf
回到dns-server
[root@dns-server named]# vim westos.com.zone
1 $TTL 1D
2 @ IN SOA dns.westos.com. kk.westos.com. (
3 20190216 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.114
10 www CNAME bbs.a.westos.com.
11 bbs.a A 172.25.254.222
12 bbs.a A 172.25.254.111
13 westos.com. MX 1 mail.westos.com.
14 mail A 172.25.254.114
重启服务
测试:
在dns-server中dig www.westos.com
在dns2-server中
6.远程改变dns
远程添加
在第一台主机上
[root@dns-server named]# cp -p westos.com.zone /mnt
[root@dns-server named]# vim /etc/named.rfc1912.zones
19 zone "westos.com" IN {
20 type master;
21 file "westos.com.zone";
22 also-notify { 172.25.254.214;};
23 allow-update { 172.25.254.214; };
24 };
重启服务
赋权:
在第二台主机上
[root@server named]# nsupdate
> server 172.25.254.114
> update add hello.westos.com 86400 A 172.25.254.111
> send
> quit
dig hello.westos,com #查看是否添加成功
远程删除
[root@server named]# nsupdate
> server 172.25.254.114
> update delete hello.westos.com
> send
> quit
[root@server named]# dig hello.westos.com
7.用key认证做远程dns
准备工作:
在dns服务器上:
将原来做好的dns还原
[root@dns-server named]# rm -fr westos.com.zone westos.com.zone.jnl
[root@dns-server named]# ll /mnt
[root@dns-server named]# cp -p /mnt/westos.com.zone .
[root@dns-server named]# systemctl restart named
建立公钥和私钥
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos #生成密钥
ls #查看生成的密钥
cat Kwestos.+157+49506.private #查看密钥,因为是对称密钥,所以内容是一样的
cp -p /etc/rndc.key /etc/westos.key #复制文件到westos.key文件
[root@dns-server ~]# vim /etc/westos.key #编辑文件
加入以下代码:
1 key "westos" {
2 algorithm hmac-md5;
3 secret "wkSyDTlYGi9uuW9fi2mMEA==";
4 };
vim /etc/named.conf
在49行加入以下代码:
49 include "/etc/westos.key";
[root@dns-server ~]# vim /etc/named.rfc1912.zones
加入以下代码:
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { key westos; };
29 also-notify { 172.25.254.214;};
30 };
重启服务
scp Kwestos.+157+49925.* root@172.25.254.214:/mnt #传送密钥给214
在dns2中:
查看密钥是否传送过来
[root@dns2 mnt]# nsupdate -k Kwestos.+157+49929.private
> server 172.25.254.114
> update add hello.westos.com 86400 A 172.25.254.111
> send
> quit
[root@dns2 mnt]# dig hello.westos.com
可以修改dns表示密钥建立成功
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.114
;; Query time: 0 msec
;; SERVER: 172.25.254.214#53(172.25.254.214)
;; WHEN: Sat Feb 16 04:32:58 EST 2019
;; MSG SIZE rcvd: 95
删除新建的dns
[root@dns2 mnt]# nsupdate -k Kwestos.+157+49929.private
> server 172.25.254.114
> update delete hello.westos.com
> send
> quit
8.dhcp下的dns服务
在dns-server上
先配置好一个dhcp服务器(在dns服务器上)
配置好yum源
下载dhcp
[root@dns-server ~]# vim /etc/dhcp/dhcpd.conf #编辑文件
删除没用的代码,修改以下代码
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.114;
30 subnet 172.25.254.0 netmask 255.255.255.0 {
31 range 172.25.254.60 172.25.254.90;
32 option routers 172.25.254.250
;
33 }
重启dhcp服务
hostnamectl set-hostname news.westos.com #修改主机名称为news.westos.com
ifconfig #查看网络配置信息
编辑网路为dhcp模式
vim /etc/dhcp/dhcpd.conf #修改网关,ip范围等
添加代码如下
(注意:primary 127.0.0.1表示回环接口,如果测试端就在本机可以使用,如果测试端不在本机就写本机的ip )
修改14行代码设置值为interim
重启两个服务
重启网络
ifconfig #查看到分配的动态ip为172.25.254.60
dig news.westos.com
vim /etc/dhcp/dhcpd.conf
修改动态ip范围为172.25.254.65到172.25.254.90
重启服务
重启网络
ifconfig #查看到分配的动态ip为172.25.254.65
dig news.westos.com
此时dhcp下的dns配置成功