所有实验都是关掉防火墙或者向其中添加服务的,推荐前者。使selinux的工作模式为disabled
一、高速DNS缓存配置
1、服务器端配置
1、下载域名解析软件
yum install bind.x86_64
2、配置named服务
vim /etc/named.conf
11 listen-on {any;}; 开放本机53端口
17 allow-query {any;}; 控制哪些主机可以向DNS服务器询问信息
18 forwarders{114.114.114.114;};如果本机没有查到,下一个域名服务器ip
32 dnssec-validation no; 关闭安全检测
3、查看服务服务端口是否开启
netstat -antlupe | grep named 查看53端口是否开启
systemctl restart named 重启服务
4、在火墙中加入服务
firewall-cmd --permanent --add-service=dns 让防火墙允许DNS服务
firewall-cmd --reload 重新加载数据
/etc/named.conf
服务器端口
2、客户端测试
1、vim /etc/resolv.conf
nameserver ip 设置域名解析的服务器ip
2、dig 域名 测试服务器是否配置完
第一次访问
第二次访问
二、DNS正向解析
1、服务器端配置
1、更改配置文件,添加westos域
vim /etc/named.rfc1912.zones
zone "westos.com" IN{
type=master;
file "westos.com.zone";
allow-update{none;};
};
2、新建并编辑数据文件(即对应域名,ip对应关系)
cp -p /var/named/named.localhost /var/named/westos.com.zone
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. lee.westos.com.(
0 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H ) ;minimum
NS dns.westos.com.
dns A 172.25.254.118
bbs A 172.25.254.119
www CNAME node1.westos.com.
node1 A 172.25.254.120
node1 A 172.25.254.121
westos.com. MX 1 172.25.254.122.
2、客户端测试
vim /etc/resolv.conf
nameserver ip 添加域名解析服务器ip
A记录测试
dig bbs.westos.com 将返回172.25.254.119
CNAME记录测试
dig node1.westos.com 172.25.254.120
172.25.254.121
MX记录测试
>/var/log/maillog 清空邮件日志
mail root@westos.com 发送邮件
. enter 结束邮件
mailq 查看邮件队列
mail
dig -t mx westos.com 测试
>/var/spool/mail/root 清空记录
A记录:
CNAME记录:
MX记录:
三、反向解析
1、服务器端配置
1、更改配置文件
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN{
type=master;
file "172.25.254.ptr";
allow-update{none;};
};
2、新建并编辑数据文件(即对应域名,ip对应关系)
cp -p /var/named/named.loopback /var/named/172.25.254.ptr
vim /var/named/172.25.254.ptr
$TTL 1D
@ IN SOA dns.westos.com. lee.westos.com.(
0 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H ) ;minimum
NS dns.westos.com.
dns A 172.25.254.118
111 PTR hello.westos.com.
222 PTR node.westos.com.
2、客户端测试
1、vim /etc/resolv.conf
nameserve ip 指定域名解析服务器
2、dig -x 172.25.254.111 返回域名hello.westos.com
四、内外网解析
1、服务器端配置
1、新建外网配置文件
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter.zones
named.rfc1912.zones 内网解析
rfc1912.inter.zones 外网解析
2、修改配置文件
将原来的注释,新添加如下:
man 5 named.conf 查看帮助
vim /etc/named.conf
本地解析:
view localnet{
match-cilents{ localhost;}
zone "." IN{
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
}
外网解析:
view internet{
match-cilents{any;}
zone "." IN{
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter.zones";
};
3、创建并配置/etc/named.rfc1912.inter.zones
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter.zones
vim /etc/named.rfc1912.inter.zones
zone "westos.com" IN {
type master;
file "westos.com.inter.zone";
allow-update { none; };
};
4、创建并配置/var/named/westos.com.inter.zone
cp -p westos.com.zone westos.com.inter.zone
vim westos.com.inter.zone %s/172.25.254/1.1.1/g
$TTL 1D
@ IN SOA dns.westos.com. lee.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 1.1.1.120
bbs A 1.1.1.111
www CNAME node1.westos.com.
node1 A 1.1.1.99
node1 A 1.1.1.199
westos.com. MX 1 1.1.1.120.
2、客户端测试
本机:dig dns.westos.com
172.25.254.120
其他:dig dns.westos.com
1.1.1.120
五、辅助DNS配置
1、DNS配置
1、主DNS配置
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
also-notify {172.25.254.118;};
allow-update { none; };
};
2、辅DNS配置
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters {172.25.254.218;};
file "slaves/westos.com.zone";
allow-update { none; };
};
2、测试
主DNS端:(nameserver 172.25.254.120)
更改解析文件/var/named/westos.com.zone
systemctl restart named
dig node1.westos.com 更新后的ip
辅助DNS:(nameserver 172.25.254.220)
dig node1.westos.com 同步到更新后的ip
六、辅助NDS更新
1、实时更新
主DNS端:
修改westos.com.zone的serial前边的数值(只能增大)
systemctl restart named 重启服务
2、远程命令更新
1)、主DNS端:
cp -p westos.com.zone /opt/
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
also-notify {172.25.254.118;};
allow-update { 172.25.254.218; };
};
systemctl restart named
chmod /var/named 775
2)、辅助端:
chmod 775 /var/named
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters {172.25.254.218;};
file "slaves/westos.com.zone";
allow-update { none; };
};
3)、测试
添加新的主机到westos.com域里边:
nsupdate
>server 172.25.254.218
>update add test.westos.com 86400 A 172.25.254.11
>send
>quit
删掉新的主机到westo.com域里边:
nsupdate
>server 172.25.254.218
>update delete test.westos.com
>send
>quit
在辅助DNS端测试:
vim /etc/resolve.conf
namedserver 172.25.254.11
dig test.westos.com 得到172.25.254.11
七、辅助DNS key更新
1、在主DNS端配置
rm -rf /var/named/ westos.com.zone westos.com.zone.jnl
cp -p /etc/rndc.key /etc/westos.key
cd /mnt
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
cat /mnt/Kwestos.+....private
vim /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "IPp+hDvSXfbFWtsJo1w3Dg==";
};
vim /etc/named.conf
include "/etc/westos.key"
vim /etc/named.rfc
update { key westos; };
systemctl restart named
2、在辅DNS端测试
nsupdate -k /mnt/Kwestos...private
>server 172.25.254.218
>update add test.westos.com 86400 A 172.25.254.10
>send
>quit
dig test.westos.com 得到172.25.254.10
八、DDNS配置
环境: 将上个实验/var/named下的westos.com和westos.com.jnl删除,并将/opt下的westos.com搞回来,在上个实验的基础上,主DNS已经生效,不用更改。
1、DHCP基本配置
vim /etc/dhcpd.conf
option domain-name "westos.com";
option domain-name-servers 172.25.254.222;
ddns-update-style interim;
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.10 172.25.254.20;
option routers 172.25.254.100;
}
key westos {
algorithm hmac-md5;
secret /mnt/Key...private;
}
zone westos.com. {
primary 127.0.0.1;
key westos;
}
2、辅DNS端测试
hostnamectl set-hostname news.westos.com 改为westos.com域
nm-connection-editor 改为动态ip
systemctl restart network 从服务器端重启获得动态ip
dig news.westos.com 测试
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
