文章目录
1、关于DNS的名词解释
DNS:domain name service (域名解析服务)
关于客户端:
/etc/resolv.conf #DNS指向文件
host www.baidu.com #地址解析
dig www.baidu.com #地址详细解析信息命令
A记录 #IP地址叫做域名的Address记录
SOA #授权起始主机
DNS顶级 .
次级 .com .net .edu .org ……
baidu.com
关于服务端:
bind #安装包
named #服务名称
/etc/named.conf #主配置文件
/var/named #数据目录
端口 #53
关于报错信息:
1、no servers could be reached #服务无法访问(服务开启?火墙?网络?端口?)
2、服务启动失败 #配置文件写错 journalctl -xe查询错误
3、dig查询状态
NOERROR #表示查询成功
REFUSED #服务拒绝访问
SERVFAIL #查询记录失败(DNS服务器无法到达上级,拒绝缓存)
NXDOMAIN #此域名A记录在DNS中不存在
2、DNS服务的安装与启用
安装
dnf install bind.x86_64 -y
启用
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
vim /etc/named.conf
11 listen-on port 53 { any; }; #在本地所有网络接口上开启53端口
19 allow-query { any; }; #允许查询A记录的客户端列表
34 dnssec-validation no; #禁用DNS检测使DNS能够缓存外部信息到本机
systemctl restart named
测试服务器服务是否启动
3、高速缓存DNS
vim /etc/named.conf
20 forwarders { 114.114.114.114;};
systemctl restart named
4、DNS的正向解析
vim /etc/named.rfc1912.zones
zone "westos.com" IN { #维护的域名
type master; #当前服务器为主DNS
file "westos.com.zone"; #域名A记录文件
allow-update { none; }; #允许更新主机列表
};
cd /var/named
cp -p named.localhost westos.com.zone
vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.1.20
www CNAME westos.a.westos.com. #规范域名
westos.a A 192.168.1.111 #正向解析记录
westos.a A 192.168.1.112
westos.com. MX 1 192.168.1.20. #邮件解析记录
systemctl restart named
dig www.westos.com #查询正向解析
dig -t mx westos.com #邮件解析记录查询
发邮件
5、DNS的反向解析
vim /etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.ptr";
allow-update { none; };
};
cd /var/named
cp -p named.loopback 192.168.1.ptr
vim 192.168.1.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.1.20
11 PTR www.westos.com.
12 PTR bbs.westos.com.
13 PTR news.westos.com.
systemctl restart named
测试:
dig -x 192.168.1.11
dig -x 192.168.1.12
dig -x 192.168.1.13
6、DNS的双向解析
实验环境:
客户端2台
192.168.1.0网段
172.25.254.0网段ifconfig ens160:0 172.25.254.30 netmask 255.255.255.0
服务端1台2个网段的ip
192.168.1.20
172.254.254.20ifconfig ens160:0 172.25.254.20 netmask 255.255.255.0
在192.168.1.0网段的客户主机中
vim /etc/resolv.conf
nameserver 192.168.1.20
在172.25.254.0网段的客户主机中
vim /etc/resolv.conf
nameserver 172.25.254.20
配置方式
cd /var/named
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.20
www CNAME westos.a.westos.com.
westos.a A 172.25.254.111
westos.a A 172.25.254.112
westos.com. MX 1 172.25.254.20.
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inters
vim /etc/named.rfc1912.inters
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
vim /etc/named.conf
#zone "." IN {
# type hint;
# file "named.ca";
# };
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
view localnet {
match-clients { 192.168.1.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view internet {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inters";
include "/etc/named.root.key";
};
systemctl restart named
测试:
分别在两个网段的主机中做同样域名的地址解析
得到的A记录不同
设定临时网卡:
给ens160设定子接口
假设172为公网地址
内网
7、DNS集群
主DNS:
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
also-notify { 192.168.1.30;}; #主动通知的辅助DNS主机
};
vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
2020031401 ; serial
#每次修改A记录文件需要变更此参数的值
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.1.20
www CNAME westos.a.westos.com.
westos.a A 192.168.1.211
westos.a A 192.168.1.212
westos.com. MX 1 192.168.1.20.
systemctl restart named
slave DNS:
dnf install bind.x86_64 -y
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
vim /etc/named.conf
11 listen-on port 53 { any; };
19 allow-query { any; };
34 dnssec-validation no;
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave; #DNS状态为辅助DNS
masters { 192.168.1.20; }; #主DNS
file "slaves/westos.com.zone"; #同步数据文件
};
systemctl restart named
可看出该文件已同步,该文件为加密文件。
rhel7中
辅助DNS没有更新
8、DNS的更新
DNS基于IP地址的更新:
在DNS中设定:
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 192.168.1.10; }; #允许指定客户端更新westos域
also-notify { 192.168.1.30;};
};
测试:
在192.168.1.10中:
nsupdate
> server 192.168.1.20
> update add hello.westos.com 86400 A 192.168.1.111 #新增A记录
> send
> update delete hello.westos.com #删除A记录
> send
DNS基于key更新的方式:
dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westos
cp -p /etc/rndc.key /etc/westos.key
vim /etc/westos.key
key "westos" {
algorithm hmac-sha256;
secret "fP690+VPLStGk+OPF8OAkA==";
};
vim /etc/named.conf
include "/etc/westos.key";
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify { 192.168.1.30;};
};
systemctl restart named
测试:
nsupdate -k /mnt/Kwestos.+163+05479.private
> server 192.168.1.20
> update add hello.westos.com 86400 A 192.168.1.111
> send
> quit
设定还原
9、DDNS(DHCP+DNS)
dnf install dhcp-server -y
cd /etc/dhcp/
cat dhcpd.conf
cp /usr/share/doc/dhcp-server/dhcpd.conf.example dhcpd.conf
vim /etc/dhcp/dhcpd.conf
7 option domain-name "westos.com";
8 option domain-name-servers 192.168.1.20;
14 ddns-update-style interim;
30 subnet 192.168.1.0 netmask 255.255.255.0 {
31 range 192.168.1.51 192.168.1.80;
32 option routers 192.168.1.1;
33 }
35 key westos {
36 algorithm hmac-sha256;
37 secret fP690+VPLStGk+OPF8OAkA==;
38 };
40 zone westos.com. {
41 primary 127.0.0.1;
42 key westos;
43 }
systemctl restart dhcpd
DNS的key更新
测试:
设定测试主机网络工作方式为DHCP
设定主机名DNS2.westos.com
重启网络
dig DNS2.westos.com
可以得到正确解析
DNS1