企业dns服务器搭建

 dns服务器部署

1.关于dns的名词解释 
dns:
domain name service(域名解析服务)

#关于客户端:#
/etc/resolv.conf        ##dns指向文件
nameserver 172.25.254.20

#测试：

#关于服务端#

        

  2.dns服务的安装与启用

#安装与启用 #

 3.高速缓存dns

20         forwarders { 114.114.114.114; };

检测方法

 

4.dns的正向解析

 

6.dns的双向解析

搭建实验环境：

1.1.1网段（客户端）

vim /etc/sysconfig/network-scripts/ifcfg-westosbBOOTPROTO=none
IPADDR=1.1.1.209
PREFIX=24
NAME=westosb
DEVICE=ens3
ONBOOT=yes
DNS1=1.1.1.118

172.25.254网段（客户端，172.25.254网段即可）

172.25.254.18

[双网卡主机]（服务端）

vim /etc/sysconfig/network-scripts/ifcfg-westosaBOOTPROTO=none

BOOTPROTO=none
IPADDR0=172.25.254.128
PREFIX0=24
GATEWAY=172.25.24.250
DNS1=114.114.114.114
DEVICE=ens3
ONBOOT=yes
IPADDR1=1.1.1.118
PREFIX1=24
NAME=enss3

在客户端中

vim /etc/resolv.conf

添加nameserver 1.1.1.118

在172.25.254网段的客户主机中

vim /etc/resolv.conf
nameserver 172.25.254.118

需要配置的文件cd /var/named/
cp -p westos.org.zone westos.org.inter        
vim westos.org.inter

$TTL 1D
@    IN SOA    dns.westos.org. root.westos.org (
                    0    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
        NS    dns.westos.org.
dns                 A                 1.1.1.118
www               CNAME    westos.a.westos.org.
westos.a         A                1.1.1.118
westos.a         A                1.1.1.18
westos.org.    MX 1          1.1.1.118.    #mail exchanger

cp -p /etc/named.rfc1912.zones  /etc/named.rfc1912.inters
vim /etc/named.rfc1912.inters
zone "westos.org" IN {
    type master;
    file "westos.org.inter";
    allow-update { none; };

vim /etc/named.conf

#zone "." IN {
##       type hint;
##       file "named.ca";
##};
#
##include "/etc/named.rfc1912.zones";
##include "/etc/named.root.key";

view localnet {
        match-clients { 1.1.1.0/24; };
        zone "." IN {
                type hint;
                file "named.ca";
        };
        include "/etc/named.rfc1912.inters";
};

view anyone {
        match-clients { any; };
        zone "." IN {
                type hint;
                file "named.ca";
        };
        include "/etc/named.rfc1912.zones";
};
      
systemctl restart named

7.dns集群

##关闭主机火墙

 

8.dns的更新 

测试

 9.ddns（dhcp+dns）

dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westoskey    

##生成key -a，加密方式；-b 加密长度；-n 指定密钥的名称类型

dnf instsall dhcp-server -y
vim /etc/dhcpd/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "westos.com";
option domain-name-servers 192.168.0.20;

default-lease-time 600;
max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

# This is a very basic subnet declaration.

 测试：
westosa:
dig westosa.westos.org
可以得到本身的IP