本文共 10701 字,大约阅读时间需要 35 分钟。
dns-------domain name service(域名解析服务)
#关于客户端:#
/etc/resolv.conf ##dns指向文件 nameserver 172.25.254.20#测试:
host www.baidu.com ##地址解析命令 dig www.baidu.com ##地址详细解析信息命令A记录 ##ip地址叫做域名的Address 记录
SOA ##授权起始主机 dns顶级 . 13 次级 .com .net .edu .org … baidu.com#关于服务端#
bind ##安装包 named ##服务名称 /etc/named.conf ##主配置文件 /var/named ##数据目录 端口 ##53关于报错信息:
1.no servers could be reached ##服务无法访问(服务开启?火墙?网络?端口?) 2.服务启动失败 ##配置文件写错 journalctl -xe查询错误 3.dig 查询状态 NOERROR ##表示查询成功 REFUSED ##服务拒绝访问 SERVFAIL ##查询记录失败,(dns服务器无法到达上级,拒绝缓存) NXDOMAIN ##此域名A记录在dns中不存在#安装#dnf install bind.x86_64 -yrpm -ql bind | grep -vE "/var|/usr"netstat -antlupe | grep named ##使用的是53端口#启用#systemctl enable --now namedfirewall-cmd --permanent --add-service=dns firewall-cmd --reloadvim /etc/named.conf11 listen-on port 53 { any; }; ##在本地所有网络接口上开启53端口19 allow-query { any; }; ##允许查询A记录的客户端列表34 dnssec-validation no; ##禁用dns检测使dns能够缓存外部信息到本纪systemctl restart named
vim /etc/named.conf20 forwarders { 114.114.114.114; };## client1 [root@localhost etc]# vim /etc/resolv.conf ##dns指向文件nameserver 172.25.254.112[root@13 ~]# dig www.baidu.com [root@localhost etc]# dig www.163.com ##地址详细解析信息命令[root@localhost etc]# host www.baidu.com ##地址解析命令## client2 [root@westos_student12 Desktop]# vim /etc/resolv.conf nameserver 172.25.254.112[root@localhost etc]# dig www.163.com
vim /etc/named.rfc1912.zonezone "westos.com" IN { ##维护的域名 type master; ##当前服务器位主dns file "westos.com.zone"; ##域名A记录文件 allow-update { none; }; ##允许更新主机列表};cd /var/named/cp -p named.localhost westos.com.zone$TTL 1D #TIME-TO-LIVE(dns地址保存时间长度)@ IN SOA dns.westos.com. root.westos.com ( #SOA授权起始(Start of Authority) 0 ; serial #域名版本序列号 1D ; refresh #刷新时间(辅助dns) 1H ; retry #重试时间(辅助dns) 1W ; expire #过期时间(辅助dns,查询失败过期停止对辅助域名的应答) 3H ) ; minimum #A记录最短有效期 NS dns.westos.com.dns A 192.168.0.20www CNAME westos.a.westos.com. ##规范域名westos.a A 192.168.0.111 ##正向解析记录westos.a A 192.168.0.112 westos.com. MX 1 192.168.0.20. ##邮件解析记录systemctl restart named dig www.westos.com #查询正向解析dig -t mx westos.com #邮件解析记录查询
## client[root@localhost etc]# dig www.westos.org [root@localhost etc]# dig dns.westos.org
[root@node1 named]# vim westos.org.zonebbs CNAME test.westos.org. test A 172.25.254.214 test A 172.25.254.114westos.org. MX 1 172.25.254.112. ##邮件解析记录[root@node1 named]# systemctl restart named## client[root@localhost etc]# dig bbs.westos.org [root@localhost etc]# dnf install mailx postfix -y[root@localhost etc]# firewall-cmd --permanent --add-port=25/tcp[root@localhost etc]# firewall-cmd --reload[root@localhost etc]# mail root@westos.orgSubject: asdfasdfasdf.EOT[root@localhost etc]# mailq[root@localhost etc]# dig -t mx westos.org #邮件解析记录查询
vim /etc/named.rfc1912.zoneszone "0.168.192.in-addr.arpa" IN { type master; file "192.168.0.ptr"; allow-update { none; };};cd /var/named/cp -p named.loopback 192.168.0.ptrvim 192.168.0.ptr$TTL 1D@ IN SOA dns.westos.com. root.westos.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com.dns A 192.168.0.2011 PTR www.westos.com.12 PTR bbs.westos.com.13 PTR news.westos.com.systemctl restart named 测试: ## clientdig -x 192.168.0.11
## server[root@13 named]# cd /etc/sysconfig/network-scripts/[root@13 network-scripts]# vim ifcfg-westosBOOTPROTO=noneIPADDR0=172.25.254.212PREFIX0=24IPADDR1=1.1.1.212PREFIX1=24DEFROUTE=yesNAME=westosDEVICE=enp1s0ONBOOT=yes[root@13 network-scripts]# nmcli connection reload[root@13 network-scripts]# nmcli connection down westos[root@13 network-scripts]# nmcli connection up westos[root@13 network-scripts]# ip addr show enp1s0[root@node1 named]# ls[root@node1 named]# cp -p westos.org.zone westos.org.zone.inter[root@node1 named]# vim westos.org.zone.inter ##:%s/172.25.254/1.1.1/g NS dns.westos.org.dns A 1.1.1.112www A 1.1.1.212bbs CNAME test.westos.org.test A 1.1.1.214test A 1.1.1.114westos.org. MX 1 1.1.1.112.[root@node1 named]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter.zones -p[root@node1 named]# vim /etc/named.rfc1912.inter.zones 29 zone "westos.org" IN { type master; file "westos.org.zone.inter"; allow-update { none; };};[root@node1 named]# vim /etc/named.conf 53-58注释59 view localnet { match-clients { 172.25.254.0/24; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones";};view internet { match-clients { any; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.inter.zones";};include "/etc/named.root.key";[root@node1 named]# systemctl restart named[root@node1 named]# vim /etc/resolv.confnameserver 172.25.254.112[root@node1 named]# dig www.westos.org
## client[root@localhost ~]# cd /etc/sysconfig/network-scripts/[root@localhost network-scripts]# lsifcfg-westos[root@localhost network-scripts]# vim ifcfg-westosBOOTPROTO=noneIPADDR=1.1.1.112PREFIX=24NAME=westosDEVICE=enp1s0ONBOOT=yes[root@localhost network-scripts]# nmcli connection reload[root@localhost network-scripts]# nmcli connection down westos[root@localhost network-scripts]# nmcli connection up westos[root@localhost network-scripts]# vim /etc/resolv.conf nameserver 1.1.1.112[root@localhost etc]# dig www.westos.org
## server主dns:[root@node1 named]# vim /etc/named.rfc1912.zones 29 zone "westos.org" IN { type master; file "westos.org.zone"; allow-update { none; }; also-notify { 172.25.254.212; }; ##主动通知的辅助dns主机};vim /var/named/westos.com.zone$TTL 1D@ IN SOA dns.westos.com. root.westos.com ( 2020031402 ; serial ##每次修改A记录文件需要 1D ; refresh ##变更此参数的值 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com.dns A 192.168.0.20www CNAME westos.a.westos.com.westos.a A 192.168.0.210westos.a A 192.168.0.211westos.com. MX 1 192.168.0.20.[root@node1 named]# systemctl restart named[root@node1 named]# dig www.westos.org
## clientslave dns:[root@localhost slaves]# dnf install bind -y[root@localhost slaves]# firewall-cmd --add-service=dns[root@localhost slaves]# firewall-cmd --reload[root@localhost slaves]# vim /etc/named.conf listen-on port 53 { any; };allow-query { any; };dnssec-validation no;[root@localhost slaves]# vim /etc/named.rfc1912.zones zone "westos.org" IN { type slave; ##dns状态位辅助dns masters { 172.25.254.112; }; ##主dns file "slaves/westos.org.zone"; ##同步数据文件};[root@localhost slaves]# systemctl restart named[root@localhost slaves]# vim /etc/resolv.conf nameserver 172.25.254.212[root@localhost slaves]# dig www.westos.org
## server 172.25.254.112配置dhcp 开启dhcpd服务[root@node1 named]# vim /etc/named.rfc1912.zones29 zone "westos.org" IN { type master; file "westos.org.zone"; allow-update { 172.25.254.12; }; also-notify { 172.25.254.212; };};[root@node1 named]# systemctl restart named## client 172.25.254.11[root@localhost network-scripts]# vim ifcfg-westosBOOTPROTO=dhcpNAME=westosDEVICE=enp1s0ONBOOT=yes
## 172.25.254.12[root@westos_student12 Desktop]# nsupdate> server 172.25.254.112 > update add linux.westos.org 86400 A 172.25.254.11 ##新曾A记录> send> update delete linux.westos.org ##删除A记录> quit
[root@node1 named]# vim /etc/named.conf ##注释59以后的 还原以前的注释53-58[root@node1 named]# dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westosKwestos.+163+03845[root@node1 named]# ls[root@node1 named]# cat Kwestos.+163+03845.private[root@node1 named]# cat Kwestos.+163+03845.keywestos. IN KEY 512 3 163 fGf6Lh8kMgzLhNunLsFrrQ==[root@node1 named]# cp /etc/rndc.key /etc/westos.key -p[root@node1 named]# vim /etc/westos.keykey "westos" { algorithm hmac-sha256; secret "fGf6Lh8kMgzLhNunLsFrrQ==";};[root@node1 named]# vim /etc/named.conf 45 include "/etc/westos.key";[root@node1 named]# vim /etc/named.rfc1912.zones29 zone "westos.org" IN { type master; file "westos.org.zone"; allow-update { key westos; }; also-notify { 172.25.254.212; };};[root@node1 named]# systemctl restart named[root@node1 named]# nsupdate -k Kwestos.+163+03845.private> server 172.25.254.112> update add linux.westos.org 86400 A 172.25.254.11> send> quit
dnf instsall dhcp-server -yvim /etc/dhcpd/dhcpd.conf# dhcpd.conf## Sample configuration file for ISC dhcpd## option definitions common to all supported networks...option domain-name "westos.com";option domain-name-servers 192.168.0.20;default-lease-time 600;max-lease-time 7200;# Use this to enble / disable dynamic dns updates globally.ddns-update-style interim;# If this DHCP server is the official DHCP server for the local# network, the authoritative directive should be uncommented.#authoritative;# Use this to send dhcp log messages to a different log file (you also# have to hack syslog.conf to complete the redirection).log-facility local7;# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology.# This is a very basic subnet declaration.subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.51 192.168.0.80; option routers 192.168.0.1;}key westos { algorithm hmac-sha256; secret SB1tQcLaWeroU9lGW21zeA==; };zone westos.com. { primary 127.0.0.1; key westos;}[root@node1 named]# systemctl restart dhcpd[root@node1 named]# systemctl enable --now dhcpd[root@node1 named]# systemctl status dhcpddns的key更新测试:设定测试主机网络工作方式为dhcp设定主机名称test.westos.com重启网络dig test.westos.com可以得到正确解析## client[root@localhost slaves]# hostnamectl set-hostname node1.westos.org[root@localhost slaves]# dig node1.westos.org[root@localhost slaves]# nmcli connection reload[root@localhost slaves]# nmcli connection down westos[root@localhost slaves]# nmcli connection up westos
转载地址:http://ynhzi.baihongyu.com/