dns服务器的高速缓存、正反双向解析、集群、更新以及ddns
本文共 10701 字,大约阅读时间需要 35 分钟。
dns服务器的高速缓存、正反双向解析、集群、更新以及ddns
1.关于dns的名词解释
-
dns-------domain name service(域名解析服务)
-
#关于客户端:#
/etc/resolv.conf ##dns指向文件 nameserver 172.25.254.20 -
#测试:
host www.baidu.com ##地址解析命令 dig www.baidu.com ##地址详细解析信息命令 -
A记录 ##ip地址叫做域名的Address 记录
SOA ##授权起始主机 dns顶级 . 13 次级 .com .net .edu .org … baidu.com -
#关于服务端#
bind ##安装包 named ##服务名称 /etc/named.conf ##主配置文件 /var/named ##数据目录 端口 ##53 -
关于报错信息:
1.no servers could be reached ##服务无法访问(服务开启?火墙?网络?端口?) 2.服务启动失败 ##配置文件写错 journalctl -xe查询错误 3.dig 查询状态 NOERROR ##表示查询成功 REFUSED ##服务拒绝访问 SERVFAIL ##查询记录失败,(dns服务器无法到达上级,拒绝缓存) NXDOMAIN ##此域名A记录在dns中不存在
2.dns服务的安装与启用
#安装#dnf install bind.x86_64 -yrpm -ql bind | grep -vE "/var|/usr"netstat -antlupe | grep named ##使用的是53端口#启用#systemctl enable --now namedfirewall-cmd --permanent --add-service=dns firewall-cmd --reloadvim /etc/named.conf11 listen-on port 53 { any; }; ##在本地所有网络接口上开启53端口19 allow-query { any; }; ##允许查询A记录的客户端列表34 dnssec-validation no; ##禁用dns检测使dns能够缓存外部信息到本纪systemctl restart named 3.高速缓存dns
vim /etc/named.conf20 forwarders { 114.114.114.114; };## client1 [root@localhost etc]# vim /etc/resolv.conf ##dns指向文件nameserver 172.25.254.112[root@13 ~]# dig www.baidu.com [root@localhost etc]# dig www.163.com ##地址详细解析信息命令[root@localhost etc]# host www.baidu.com ##地址解析命令## client2 [root@westos_student12 Desktop]# vim /etc/resolv.conf nameserver 172.25.254.112[root@localhost etc]# dig www.163.com 
4.dns的正向解析
vim /etc/named.rfc1912.zonezone "westos.com" IN { ##维护的域名 type master; ##当前服务器位主dns file "westos.com.zone"; ##域名A记录文件 allow-update { none; }; ##允许更新主机列表};cd /var/named/cp -p named.localhost westos.com.zone$TTL 1D #TIME-TO-LIVE(dns地址保存时间长度)@ IN SOA dns.westos.com. root.westos.com ( #SOA授权起始(Start of Authority) 0 ; serial #域名版本序列号 1D ; refresh #刷新时间(辅助dns) 1H ; retry #重试时间(辅助dns) 1W ; expire #过期时间(辅助dns,查询失败过期停止对辅助域名的应答) 3H ) ; minimum #A记录最短有效期 NS dns.westos.com.dns A 192.168.0.20www CNAME westos.a.westos.com. ##规范域名westos.a A 192.168.0.111 ##正向解析记录westos.a A 192.168.0.112 westos.com. MX 1 192.168.0.20. ##邮件解析记录systemctl restart named dig www.westos.com #查询正向解析dig -t mx westos.com #邮件解析记录查询 ## client[root@localhost etc]# dig www.westos.org [root@localhost etc]# dig dns.westos.org
[root@node1 named]# vim westos.org.zonebbs CNAME test.westos.org. test A 172.25.254.214 test A 172.25.254.114westos.org. MX 1 172.25.254.112. ##邮件解析记录[root@node1 named]# systemctl restart named## client[root@localhost etc]# dig bbs.westos.org [root@localhost etc]# dnf install mailx postfix -y[root@localhost etc]# firewall-cmd --permanent --add-port=25/tcp[root@localhost etc]# firewall-cmd --reload[root@localhost etc]# mail root@westos.orgSubject: asdfasdfasdf.EOT[root@localhost etc]# mailq[root@localhost etc]# dig -t mx westos.org #邮件解析记录查询
5.dns的反向解析
vim /etc/named.rfc1912.zoneszone "0.168.192.in-addr.arpa" IN { type master; file "192.168.0.ptr"; allow-update { none; };};cd /var/named/cp -p named.loopback 192.168.0.ptrvim 192.168.0.ptr$TTL 1D@ IN SOA dns.westos.com. root.westos.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com.dns A 192.168.0.2011 PTR www.westos.com.12 PTR bbs.westos.com.13 PTR news.westos.com.systemctl restart named 测试: ## clientdig -x 192.168.0.11 
6.dns的双向解析
## server[root@13 named]# cd /etc/sysconfig/network-scripts/[root@13 network-scripts]# vim ifcfg-westosBOOTPROTO=noneIPADDR0=172.25.254.212PREFIX0=24IPADDR1=1.1.1.212PREFIX1=24DEFROUTE=yesNAME=westosDEVICE=enp1s0ONBOOT=yes[root@13 network-scripts]# nmcli connection reload[root@13 network-scripts]# nmcli connection down westos[root@13 network-scripts]# nmcli connection up westos[root@13 network-scripts]# ip addr show enp1s0[root@node1 named]# ls[root@node1 named]# cp -p westos.org.zone westos.org.zone.inter[root@node1 named]# vim westos.org.zone.inter ##:%s/172.25.254/1.1.1/g NS dns.westos.org.dns A 1.1.1.112www A 1.1.1.212bbs CNAME test.westos.org.test A 1.1.1.214test A 1.1.1.114westos.org. MX 1 1.1.1.112.[root@node1 named]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter.zones -p[root@node1 named]# vim /etc/named.rfc1912.inter.zones 29 zone "westos.org" IN { type master; file "westos.org.zone.inter"; allow-update { none; };};[root@node1 named]# vim /etc/named.conf 53-58注释59 view localnet { match-clients { 172.25.254.0/24; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones";};view internet { match-clients { any; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.inter.zones";};include "/etc/named.root.key";[root@node1 named]# systemctl restart named[root@node1 named]# vim /etc/resolv.confnameserver 172.25.254.112[root@node1 named]# dig www.westos.org ## client[root@localhost ~]# cd /etc/sysconfig/network-scripts/[root@localhost network-scripts]# lsifcfg-westos[root@localhost network-scripts]# vim ifcfg-westosBOOTPROTO=noneIPADDR=1.1.1.112PREFIX=24NAME=westosDEVICE=enp1s0ONBOOT=yes[root@localhost network-scripts]# nmcli connection reload[root@localhost network-scripts]# nmcli connection down westos[root@localhost network-scripts]# nmcli connection up westos[root@localhost network-scripts]# vim /etc/resolv.conf nameserver 1.1.1.112[root@localhost etc]# dig www.westos.org
7.dns集群
## server主dns:[root@node1 named]# vim /etc/named.rfc1912.zones 29 zone "westos.org" IN { type master; file "westos.org.zone"; allow-update { none; }; also-notify { 172.25.254.212; }; ##主动通知的辅助dns主机};vim /var/named/westos.com.zone$TTL 1D@ IN SOA dns.westos.com. root.westos.com ( 2020031402 ; serial ##每次修改A记录文件需要 1D ; refresh ##变更此参数的值 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com.dns A 192.168.0.20www CNAME westos.a.westos.com.westos.a A 192.168.0.210westos.a A 192.168.0.211westos.com. MX 1 192.168.0.20.[root@node1 named]# systemctl restart named[root@node1 named]# dig www.westos.org ## clientslave dns:[root@localhost slaves]# dnf install bind -y[root@localhost slaves]# firewall-cmd --add-service=dns[root@localhost slaves]# firewall-cmd --reload[root@localhost slaves]# vim /etc/named.conf listen-on port 53 { any; };allow-query { any; };dnssec-validation no;[root@localhost slaves]# vim /etc/named.rfc1912.zones zone "westos.org" IN { type slave; ##dns状态位辅助dns masters { 172.25.254.112; }; ##主dns file "slaves/westos.org.zone"; ##同步数据文件};[root@localhost slaves]# systemctl restart named[root@localhost slaves]# vim /etc/resolv.conf nameserver 172.25.254.212[root@localhost slaves]# dig www.westos.org 
8.dns的更新
dns基于ip地址的更新:
## server 172.25.254.112配置dhcp 开启dhcpd服务[root@node1 named]# vim /etc/named.rfc1912.zones29 zone "westos.org" IN { type master; file "westos.org.zone"; allow-update { 172.25.254.12; }; also-notify { 172.25.254.212; };};[root@node1 named]# systemctl restart named## client 172.25.254.11[root@localhost network-scripts]# vim ifcfg-westosBOOTPROTO=dhcpNAME=westosDEVICE=enp1s0ONBOOT=yes ## 172.25.254.12[root@westos_student12 Desktop]# nsupdate> server 172.25.254.112 > update add linux.westos.org 86400 A 172.25.254.11 ##新曾A记录> send> update delete linux.westos.org ##删除A记录> quit
dns基于key更新的方式:
[root@node1 named]# vim /etc/named.conf ##注释59以后的 还原以前的注释53-58[root@node1 named]# dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westosKwestos.+163+03845[root@node1 named]# ls[root@node1 named]# cat Kwestos.+163+03845.private[root@node1 named]# cat Kwestos.+163+03845.keywestos. IN KEY 512 3 163 fGf6Lh8kMgzLhNunLsFrrQ==[root@node1 named]# cp /etc/rndc.key /etc/westos.key -p[root@node1 named]# vim /etc/westos.keykey "westos" { algorithm hmac-sha256; secret "fGf6Lh8kMgzLhNunLsFrrQ==";};[root@node1 named]# vim /etc/named.conf 45 include "/etc/westos.key";[root@node1 named]# vim /etc/named.rfc1912.zones29 zone "westos.org" IN { type master; file "westos.org.zone"; allow-update { key westos; }; also-notify { 172.25.254.212; };};[root@node1 named]# systemctl restart named[root@node1 named]# nsupdate -k Kwestos.+163+03845.private> server 172.25.254.112> update add linux.westos.org 86400 A 172.25.254.11> send> quit 9.ddns(dhcp+dns)
dnf instsall dhcp-server -yvim /etc/dhcpd/dhcpd.conf# dhcpd.conf## Sample configuration file for ISC dhcpd## option definitions common to all supported networks...option domain-name "westos.com";option domain-name-servers 192.168.0.20;default-lease-time 600;max-lease-time 7200;# Use this to enble / disable dynamic dns updates globally.ddns-update-style interim;# If this DHCP server is the official DHCP server for the local# network, the authoritative directive should be uncommented.#authoritative;# Use this to send dhcp log messages to a different log file (you also# have to hack syslog.conf to complete the redirection).log-facility local7;# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology.# This is a very basic subnet declaration.subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.51 192.168.0.80; option routers 192.168.0.1;}key westos { algorithm hmac-sha256; secret SB1tQcLaWeroU9lGW21zeA==; };zone westos.com. { primary 127.0.0.1; key westos;}[root@node1 named]# systemctl restart dhcpd[root@node1 named]# systemctl enable --now dhcpd[root@node1 named]# systemctl status dhcpddns的key更新测试:设定测试主机网络工作方式为dhcp设定主机名称test.westos.com重启网络dig test.westos.com可以得到正确解析## client[root@localhost slaves]# hostnamectl set-hostname node1.westos.org[root@localhost slaves]# dig node1.westos.org[root@localhost slaves]# nmcli connection reload[root@localhost slaves]# nmcli connection down westos[root@localhost slaves]# nmcli connection up westos 
转载地址:http://ynhzi.baihongyu.com/
你可能感兴趣的文章
接触OSPF
查看>>
TCP/IP之一
查看>>
TCP/IP之二
查看>>
VMware 之 虚拟系统上网(Ubuntu 10.0.4)
查看>>
Ruby on Rails 新版本
查看>>
一个关于radrails的问题
查看>>
ubuntu之——用户管理
查看>>
Ruby1.9.2之——Require
查看>>
Ruby1.9.2之——关联Excel
查看>>
Ruby1.9.2之——生成HTML文件
查看>>
Watir2.0.1之——简介及实例
查看>>
Watir2.0.1之——屏幕截图
查看>>
Ruby+Watir经验谈: Understanding Watir
查看>>
watir + autoit3
查看>>
Ruby+Watir安装
查看>>
(原博客转移)诺基亚手机成板砖无法开机后,强刷修复手机系统的方法!本人亲测
查看>>
Ruby使用Win32API来操作鼠标
查看>>
代替Watir中click_no_wait的方法——left_click
查看>>
autoit3 ie.au3 函数之——_IE_Example、_IE_Introduction
查看>>
Android开发之——自定义标题栏titlebar
查看>>