配置dns服务的正反向解析
目录
任务前准备:
预处理关闭selinux及防火墙
[root@server ~]# setenforce 0
setenforce: SELinux is disabled
[root@server ~]# systemctl stop firewalld
[root@node1~]# setenforce 0
setenforce: SELinux is disabled
[root@node1~]# systemctl stop firewalld
下载安装软件:BIND:Berkeley Internet Name Domain ,伯克利因特网域名解析服务是一种全球使用最广泛的、最高效的、最安全的域名解析服务程序
[root@server ~]# yum install bind -y
[root@node1 ~]# yum install bind -y
将服务端和客户端设置为静态IP地址
# 服务端设置为静态IP地址
[root@server ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.119.138/24 ipv4.gateway 192.168.119.2 ipv4.dns 192.168.119.138
[root@server ~]# nmcli connection reload
[root@server ~]# nmcli connection up ens160
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/2)
# 客户端设置为静态IP
[root@node1 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.119.139/24 ipv4.gateway 192.168.119.2 ipv4.dns 192.168.119.138
[root@node1 ~]# nmcli connection reload
[root@node1 ~]# nmcli connection up ens160
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/2)
一、正向解析
服务器IP | 客户端IP | 解析网站为 |
192.168.119.138 | 192.168.119.139 | www.openlab.com ftp.openlab.com bbs.openlab.com |
第一步:服务端操作,修改DNS主配置文件
[root@server ~]# vim /etc/named.conf
10 options {
11 # listen-on port 53 { 127.0.0.1; };
12 listen-on port 53 { any; };
13 listen-on-v6 port 53 { ::1; };
14 directory "/var/named";
15 dump-file "/var/named/data/cache_dump.db";
16 statistics-file "/var/named/data/named_stats.txt";
17 memstatistics-file "/var/named/data/named_mem_stats.txt";
18 secroots-file "/var/named/data/named.secroots";
19 recursing-file "/var/named/data/named.recursing";
20 # allow-query { localhost; };
21 allow-query { any; };
第二步:服务端操作,编辑区域配置文件,可以在会后添加,也可以清空后重写,建议复制一份模版,修改局部
[root@server ~]# vim /etc/named.rfc1912.zones
47 zone "openlab.com" IN {
48 type master;
49 file "openlab.com.zone";
50 allow-update { none; };
51 };
第三步:服务端操作,编辑数据配置文件,使用拷贝命令将正向解析模版文件(named.localhost)复制一份,打开后修改局部即可
[root@server ~]# cd /var/named/
[root@server named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@server named]# cp -a named.localhost openlab.com.zone
[root@server named]# vim openlab.com.zone
$TTL 1D
openlab.com. IN SOA ns.openlab.com. 2297373285.openlab.com. (
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 openlab.com. IN NS ns.openlab.com.
9 ns.openlab.com. IN A 192.168.119.138
10 www.openlab.com. IN A 192.168.119.138
11 ftp.openlab.com. IN A 192.168.119.138
12 bbs.openlab.com. IN A 192.168.119.138
13 www1.openlab.com. IN CNAME www.openlab.com.
[root@server named]# systemctl restart named
第四步:重启服务:
[root@server named]# systemctl restart named
第五步:客户端测试
# 客户端测试
[root@node1 ~]# nslookup
> www.openlab.com
Server: 192.168.119.138
Address: 192.168.119.138#53
Name: www.openlab.com
Address: 192.168.119.138
> bbs.openlab.com
Server: 192.168.119.138
Address: 192.168.119.138#53
Name: bbs.openlab.com
Address: 192.168.119.138
> ftp.openlab.com
Server: 192.168.119.138
Address: 192.168.119.138#53
Name: ftp.openlab.com
Address: 192.168.119.138
> www1.openlab.com
Server: 192.168.119.138
Address: 192.168.119.138#53
www1.openlab.com canonical name = www.openlab.com.
Name: www.openlab.com
Address: 192.168.119.138
>
[root@node1 ~]# host www.openlab.com
www.openlab.com has address 192.168.119.138
[root@node1 ~]# host bbs.openlab.com
bbs.openlab.com has address 192.168.119.138
[root@node1 ~]# host ftp.openlab.com
ftp.openlab.com has address 192.168.119.138
[root@node1 ~]# host www1.openlab.com
www1.openlab.com is an alias for www.openlab.com.
www.openlab.com has address 192.168.119.138
[root@node1 ~]# dig @192.168.119.138 www.openlab.com
; <<>> DiG 9.16.23-RH <<>> @192.168.119.138 www.openlab.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22295
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 46bc92c46a6ed07e01000000647ddd5712e5ed281a437d75 (good)
;; QUESTION SECTION:
;www.openlab.com. IN A
;; ANSWER SECTION:
www.openlab.com. 86400 IN A 192.168.119.138
;; Query time: 2 msec
;; SERVER: 192.168.119.138#53(192.168.119.138)
;; WHEN: Mon Jun 05 21:04:23 CST 2023
;; MSG SIZE rcvd: 88
[root@node1 ~]#
二、反向解析
服务器IP | 解析网站为 | 客户端IP |
192.168.119.138 | www.openlab.com ftp.openlab.com bbs.openlab.com | 192.168.119.139 |
第一步:服务端操作,继续上例,主配置文件按上例设置不变,直接编辑区域配置文件,添加反向解析记录,注意:IP地址必须反向书写
[root@server named]# cd ~
[root@server ~]# vim /etc/named.rfc1912.zones
53 zone "119.168.192.in-addr.arpa" IN {
54 type master;
55 file "192.168.119.arpa";
56 allow-update { none; };
57 };
第二步:服务端操作,编辑方向解析的数据配置文件,根据模版(named.loopback)复制一份,修改文件名,在修改局部数据
[root@server ~]# cd /var/named/
[root@server named]# ls
data named.ca named.localhost open.com.zone slaves
dynamic named.empty named.loopback openlab.com.zone
[root@server named]# cp -a named.loopback 192.168.119.arpa
[root@server named]# vim 192.168.119.arpa
1 $TTL 1D
2 @ IN SOA ns.openlab.com. 2297373285.openlab.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS ns.openlab.com
9 138 IN PTR ns.openlab.com.
10 138 IN PTR www.openlab.com.
11 138 IN PTR ftp.openlab.com.
12 138 IN PTR bbs.openlab.com.
第三步:服务端操作,重启服务
[root@server named]# systemctl restart named
第四步:定位客户端,测试
# 客户端测试
[root@node1 ~]# nslookup 192.168.119.138
138.119.168.192.in-addr.arpa name = ftp.openlab.com.
138.119.168.192.in-addr.arpa name = bbs.openlab.com.
138.119.168.192.in-addr.arpa name = ns.openlab.com.
138.119.168.192.in-addr.arpa name = www.openlab.com.
[root@node1 ~]# host 192.168.119.138
138.119.168.192.in-addr.arpa domain name pointer ns.openlab.com.
138.119.168.192.in-addr.arpa domain name pointer ftp.openlab.com.
138.119.168.192.in-addr.arpa domain name pointer www.openlab.com.
138.119.168.192.in-addr.arpa domain name pointer bbs.openlab.com.
[root@node1 ~]# dig -x 192.186.119.138
; <<>> DiG 9.16.23-RH <<>> -x 192.186.119.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20069
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 93001f42bc5c55ce01000000647de69297445d7d3ff84200 (good)
;; QUESTION SECTION:
;138.119.186.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
138.119.186.192.in-addr.arpa. 86400 IN PTR d192-186-119-138.static.comm.cgocable.net.
;; Query time: 1722 msec
;; SERVER: 192.168.119.138#53(192.168.119.138)
;; WHEN: Mon Jun 05 21:43:46 CST 2023
;; MSG SIZE rcvd: 140