解析中,需要先安装好bind
配置好环境:
防火墙:
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
开启dns服务
yum install bind -y
dns正向解析
dns正向解析:通过域名找ip
步骤:
(1) vim /etc/named.conf ##主配置文件
内容:
listen-on port 53 { any; };
allow-query { any; }; 指明允许可以访问的主机
forwarders { 114.114.114.114; };
dnssec-validation no;
(2):vim /etc/named.rfc1912.zones ##在/etc/named.conf主配置文件中
内容:
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
}
(3):cd /var/named
cp -p named.localhost westos.com.zone
## 复制的westos.com.zone在 /var/named/ 路径下
(4):vim westos.com.zone
内容:
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refersh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com
dns A 172.25.254.162 ##(本机)
www A 172.24.254.112
systemctl restart named ##重启服务
vim /etc/resolv.conf
nameserver 172.25.254.162 ##本机的ip
(5)测试:
在测试的主机上:172.254.25.212;
vim /etc/resolv.conf
内容:
nameserver 172.25.254.162 (对方主机的ip)
dig www.westos.com
注:
A:名称至IPV4地址,把域名解析到IP
AAAA:名称至IPV6地址
SOA dns.westos.com. ##(授权起始;以点结尾)
NS:域名的名称服务器
CNAME:把域名解析到另一个域名
1D:保存一天
root.westos.com.:表示由谁维护
1H:失败的时候1小时之后再试
(1)vim /etc/named.conf
(2)vim /etc/named.rfc1912.zones
(3)cd /var/named
cp -p named.localhost westos.com.zone
(4)vim westos.com.zone
vim /etc/resolv.conf
systemctl restart named ##重启服务
(5)测试:在测试的主机上
vim /etc/sysconfig/network-scripts/ifcfg-eth0
vim /etc/resolv.conf
systemctl restart network
CNAME转换
cname是规范域名,将外部域名转化成内部域名,然后作解析
cd /var/named
vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.112
bbs CNAME linux
linux PTR 172.25.254.100
linux PTR 172.25.254.200
systemctl restart named ##重启服务
测试:
dig bbs.westos.com ##转换为linux
测试:dig bbs.westos.com
DNS反向解析
DNS反向解析通过ip找域名
(1) vim /etc/named.rfc1912.zones
内容: zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.com.ptr"
allow-update { none; };
}
ptr:反向解析记录
(2) cp -p named.loopback westos.com.ptr
vim westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.162
111 PTR bbs.westos.com
222 PTR www.westos.com
systemctl restart named ##重启服务
(3) 测试(在测试主机中):
vim /etc/resolv .conf
内容: nameserver 172.25.254.100
dig -x 172.25.254.222
dig -x 172.25.254.111
vim /etc/named.rfc1912.zones
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
systemctl restart named ##重启服务
测试:
dig -x 172.25.254.222
解析中发送邮件
vim westos.com
内容:
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refersh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.westos.com
dns A 172.25.254.162 ##(本机)
www A 172.24.254.112
bbs CNAME linux
linux A 172.25.254.111
linux A 172.25.254.222
westos.com. MX 1 172.25.254.250. ##注意结尾的点
systemctl restart named ##重启服务
mailq:查看邮件
mail root@westos.com ##输入邮件题目及内容
未完。。。。。。。。。。。。。
*********重要:smtp 25:(简单邮件传输协议)邮件所使用的协议;对应端口25
vim westos.com
systemctl restart named ##重启服务
mail root@westos.com ##输入邮件题目及内容
双向解析
注释用:/ /
(1)cp -p westos.com.zone westos.com.localnet
vim westos.com.localnet
内容:
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refersh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.westos.com
dns A 172.25.254.112 ##(本机)
www A 172.24.254.212
bbs CNAME linux
linux A 172.25.254.111
linux A 172.25.254.112
westos.com. MX 1 172.25.254.250. ##注意结尾的点
/%s/172.25.254/192.268.0 ##全文替换172.25.254为192.168.0
(2)cp -p /etc/named.conf /etc/named.rfc1912.localnet
vim /etc/named.rfc1912.localnet
内容:
zone "westos.com" IN {
type master;
file "westos.com.localnet";
allow-update { none; };
};
(3)vim /etc/named.conf
/*
zone "." IN {
...
}
*/
view localnet {
match-clients { 172.25.254.112; }; ##本机的ip,本机为内网
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.localnet"; ##本机读取etc文件
};
view internet {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
(4) 测试:
本机设定:
vim /etc/resolv.conf
内容:
nameserver 172.25.254.162 ( 本机的ip)
dig www.westos.com ----------> 结果为 192.168.0.100
非本机设定:
vim /etc/resolv.conf
内容:
nameserver 172.25.254.162
dig www.westos.com ----------> 结果为 172.25.254.112
(1)
cp -p westos.com.zone westos.com.localnet
vim westos.com.localnet
cp -p /etc/named.conf /etc/named.rfc1912.localnet
vim /etc/named.rfc1912.localnet
vim /etc/named.conf
测试:
本机设定:
vim /etc/resolv.conf
内容:
nameserver 172.25.254.162
非本机设定:
vim /etc/resolv.conf
内容:
nameserver 172.25.254.162
辅助dns
作用:保证系统稳定性
1:注释双向dns配置,恢复之前配置(在172.25.254.162主机上)
2:再打开一台虚拟机(server)
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
3:yum install bind -y
vim /etc/named.conf
内容:
listen-on port 53 { any; };
allow-query
4:vim /etc/named.rfc1912.zones
内容:
zone "westos.com" IN {
type slave;
file "named.localhost";
allow-update { none; };
};
systemctl restart named
5: 测试:
(1)主要dns服务器:dig www.westos.com------->172.25.254.100
(2)辅助dns服务器:
vim /etc/resolv.conf
内容:
nameserver 172.25.254.200
dig www.westos.com ------->得到和172.25.254.100相同的结果
(2)
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
3:yum install bind -y
vim /etc/named.conf
(4)vim /etc/named.rfc1912.zones
systemctl restart named
5: 测试:
(1)主要dns服务器:dig www.westos.com------->172.25.254.200
(2)辅助dns服务器:
vim /etc/resolv.conf
内容:
nameserver 172.25.254.200
dig www.westos.com ------->得到和172.25.254.100相同的结果
vim /etc/resolv.conf**
DNS更新
(1)主要dns服务器
vim /etc/named.rfc1912.zones
chmod 770 /var/named
systemctl restart named
主机172.25.254.62
nsupdate
-- server 172.25.254.162
-- update add hello.westos.com 86400 A 172.25.254.12
-- send
dig hello.westos.com
结果: hello.westos.com -----> 172.25.254.12
添加成功
(2)辅助dns服务器
systemctl restart named
dig hello.westos.com
hello.westos.com ----------> 172.25.254.12
vim /etc/named.rfc1912.zones
(3)测试
1)主要dns服务器
dig www.westos.com
www.westos.com ----> 172.25.254.188
2)辅助dns服务器
systemctl restart named
dig www.westos.com
www.westos.com ------> 172.25.254.188
**
步骤:(1) 主要dns服务器
vim /etc/named.rfc1912.zones
(2)辅助dns服务器
systemctl restart named
dig hello.westos.com
vim /etc/named.rfc1912.zones
(3)测试
1)主要dns服务器
dig www.westos.com
2)辅助dns服务器
systemctl restart named
dig www.westos.com
在100:
后面:
发送完毕后,会自动生成 westos.com.zone.jnl
可以在ls /var/named/ 下查看
cp -p westos.com.zone /mnt 备份
vim westos.com.zone.jnl
内容看不了
重启服务
vim westos.com.zone
内容会有172.25.254.123
rm -fr westos.com.zone.jnl
rm -fr westos.com.zone
cp -p /mnt/westos.com.zone . ##将备份的复制回来
重启服务
cat westos.com.zone
内容恢复过来
dns的key更新
(1)systemctl restart named
(2)rm -fr westos.com.zone
cp -p /mnt/wetsos.com.zone /var/named (将之前备份dns的文件cp到/var/named下)
(3)systemctl restart named
(4)dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos ##生成钥匙
-a:加密方式
-b:weishu
-n:以什么去识别
对称加密
(5)cp -p /etc/rndc.key /etc/westos.key
(6)vim /etc/westos.key
内容:
key "westos" {
algorithm hmac-md5
secret "生成的key"
};
(7)vim /etc/named.conf
##在option语句块外
加入: include "/etc/westos.key";
(8)vim /etc/named.rfc1912.zones
内容:
zone "wetsos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify { 172.24.254.212; };
};
systemctl restart named
(9)scp Kwestos.* root@172.25.254.x:/opt ##把钥匙锁发送给谁谁就可以更新
测试
nsupdate -k Kwestos.+xxx.key (不加 -k 的话会更新失败)
> server 172.25.254.162
> update add hello.westos.com 86400 A 172.25.254.250
> send
在162主机:dig hello.westos.com
结果hello.westos.com -----------> 172.25.254.250
(1)(2)
(3)(4)
(5)cp -p /etc/rndc.key /etc/westos.key
(6)vim /etc/westos.key
(7)vim /etc/named.conf
(8)vim /etc/named.rfc1912.zones
*systemctl restart named
(9)scp Kwestos. root@172.25.254.x:/opt **
测试
ddns动态域名解析
ddns动态域名解析:dns解析随着ip地址变化,ip是多少,解析就是多少
搭建dhcp网络:
服务主机:162 测试(客户)主机212
在162主机安装dhcp,使其让dhcp给212分配ip
在162主机将dhcp添加在防火墙中;
防火墙是开启的状态
cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim dhcpd.conf
编写完以后重启服务
在物理机关闭dhcpd,以免给两台主机分配ip
在服务端162:
vim /etc/resolv.conf
内容:nameserver 172.25.254.162 (本机ip)
步骤:
搭建dhcp网络:
(1): yum install dhcp -y ##安装好的dhcp,vim dhcpd.conf 内容是空的
(2): firewall-cmd --permanent --add-service=dhcp
firewall-cmd --reload
(3): cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
(4): vim /etc/dhcp/dhcpd.conf
内容:
14行: ddns-update-style interim;
systemctl rsetart dhcpd
(5):vim /var/named/westos.com.zone
注:以下部分可以在man 5 dhcpd.conf中搜索ddns找到
key westos{
algorithm hmac-md5;
secret'自己生成的';
};
zone westos.com.{
primary 172.25.254.100;
key westos;
}
测试:
在测试客户212端上:
(1):hostnamectl set-hostname test.westos.com
vim /etc/resolv.conf
内容:nameserver 172.25.254.162 (服务端ip)
(2):修改网络为dhcp
vim /etc/sysconfig/network-scripts/ifcfg-eth0
内容:将BOOTPROTO=dhcp
(3):systemctl restart network
(4): dig test.westos.com ##看到服务主机对应的IP
在162主机再修改dhcp的地址池(即ip范围),让客户端的IP可以改变
systemctl rsetart dhcpd
在212主机重启网络systemctl restart network
dig test.westos.com ##可以看到IP变为重新分配的ip。
(1): yum install dhcp -y
(2):
firewall-cmd --permanent --add-service=dhcp
firewall-cmd --reload
vim dhcpd.conf
(3): cp /usr/share/doc/dhcp */dhcpd.conf.example /etc/dhcp/dhcpd.conf
(4): vim /etc/dhcp/dhcpd.conf
(5): systemctl rsetart dhcpd
vim /var/named/westos.com.zone
测试:
(1):hostnamectl set-hostname test.westos.com
vim /etc/resolv.conf
(2):修改网络为dhcp
vim /etc/sysconfig/network-scripts/ifcfg-eth0
(3):systemctl restart network
(4): dig test.westos.com