高速缓存DNS
将虚拟机desktop设置为高速缓存DNS服务器
yum install bind
systemctl start named ##若无法启动则按键盘 生成加密内容
systemctl stop firewalld
systemctl disable firewalld
设置desktop的网关为真机ip
vim /etc/sysconfig/network-scripts/ifcfg-eth0
GATEWAY=172.25.254.76
注释掉DNS
vim /etc/named.conf
listen-on port 53 { any; }; ##使此主机上任意IP都可打开53端口提供服务
allow-query { any; }; ##使其他主机IP可以连接此DNS服务
forwarders { 114.114.114.114; }; ##设置解析域名地址为 114.114.114.114
dnsses-validation no; ##取消dns验证
systemctl restart named
netstat -antlupe | grep named ##查看服务named
a:所有
n:不解析,拒绝显示别名
t:tcp
l:处于Listen状态的服务
u:udp
p:进程名
e:扩展信息
dig www.baidu.com
在真机中测试:
真机应开启防火墙地址伪装功能使虚拟机可以链接网络
vim /etc/resolve.conf
nameserver 172.25.254.160 ##将DNS设置为虚拟机ip
dig www.baidu.com
dns的正向解析
vim /etc/named.rfc1912.zone
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-upadte { none; };
};
cd /var/named/
cp -p named.localhost westos.com.zone
vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. ( ##@表示westos.com SOA记录表明了谁是这个区域的所有者可以修改这个区域 此 DNS 名称服务器是为该 DNS 域中的数据的信息的最佳来源
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com. ##NS表明谁对某个区域有解释权 用来指定该域名由哪个DNS服务器来进行解析
dns A 172.25.254.160
www A 172.25.254.111
##NS记录和SOA记录是任何一个DNS区域都不可或缺的两条记录,NS记录也叫名称服务器记录,用于说明这个区域有哪些DNS服务器负责解析,SOA记录说明负责解析的DNS服务器中哪一个是主服务器。
systemctl restart named
测试:
在测试主机中
vim /etc/resolv.conf
nameserver 172.25.254.160
dig www.westos.com
NS dns.westos.com.
www CNAME bbs.a.westos.com.
bbs.a A 172.25.254.222
bbs.a A 172.25.254.111 ##完成轮换
westos.com. MX 1 mail.westos.com.
mail A 172.25.254.200 ##给westos.com 发送邮件将发送给172.25.254.200
测试轮换:
测试邮件:
反向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "172.25.254.ptr";
allow-update { none; };
};
cd /var/named
cp -p named.loopback 172.25.254.ptr
vim 172.25.254.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.160
100 PTR dns.westos.com.
111 PTR www.westos.com.
systemctl restart named
测试:
dig -x 172.25.254.111
DNS双向解析
vim /etc/named.conf
view localnet {
match-clients { localhost; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inters";
};
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.initers
vim /etc/named.rfc1912.zones.inters
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
:%s/172.25.254/192.168.0/g
systemctl restart named
其他主机IP登陆时:
本机IP登陆时:
辅助DNS
主DNS的设定
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
also-notify { 172.25.254.80; }; ##告诉 172.25.254.80 修改
};
systemctl restart named
注意:每次更改A记录文件后必须更改serial的数值,这个数值最大10位
辅助DNS上
yum install bind -y
systemctl restart named
systemctl stop firewalld
vim /etc/named.conf
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters { 172.25.254.160; };
file "slaves/westos.com.zone"; ##同步172.25.254.160中的westos.com.zone文件
allow-update { none; };
};
systemctl restart named
测试
vim /etc/resolv.conf
nameserver 172.25.254.80
dig www.westos.com
7.DNS的远程更新
基于IP的
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.80; };
also-notify { 172.25.254.80; };
};
chmod 770 /var/named/
systemctl restart named
测试:
在80这台主机上
nsupdate
> server 172.25.254.160 ##添加
> update add hello.westo.com 86400 A 172.25.254.111
> send
> server 172.25.254.160 ##删除
> update delete hello.westos.com
> send
基于key:
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
cp /etc/rndc.key /etc/westos.key -p
vim /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "ndsadasdadsa==";
};
vim /etc/named.conf
include "/etc/westos.key";
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify { 172.25.254.80; };
};
systemctl restart named
测试:
scp Kwestos.+157+59719.* root@172.25.254.80:/mnt/
在172.25.254.80
nsupdate -k Kwestos.+157+59719.key
>server 172.25.254.160
>update add hello.westos.com 86400 A 172.25.254.222
>send
>quit
dhcpd 配置
vim /etc/dhcp/dhcpd.conf
6 # option definitions common to all supported networks...
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.160;
14 ddns-update-style interim; ##开启dhcp更新dns功能
20 # Use this to send dhcp log messages to a different log file (you also
21 # have to hack syslog.conf to complete the redirection).
22 log-facility local7;
30 subnet 172.25.254.0 netmask 255.255.255.0 {
31 range 172.25.254.90 172.25.254.99;
32 option routers 172.25.254.160;
33 }
34
key westos { ##dhcp更新dns时用到的key
algorithm hmac-md5;
secret djalsjdasajdlkaj==;
}
zone westos.com. { ##指定dhcp更新的域名
primary 127.0.0.1; ##指定dns所在的主机ip
key westos; ##指定更新这个域时用到的key名称
}
测试
设定一台主机网络的工作方式位dhcp
设定这台主机名位news.westos.com,这个名称在原有的dns服务中是没有解析的
重启网络看ip 和主机名称的解析
1163
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
