1.构建高速缓存dns服务器
前提:虚拟机配置上网
dns-server:
systemctl stop firewalld
systemctl disable firewalld
yum install bind -y
vim /etc/named.conf
11 listen-on port 53 { any; }; #所有人都可以访问我的dns
17 allow-query { any; }; #允许所有人都能访问我
18 forwarders { 114.114.114.114; }; #如果查询不到去问谁
33 dnssec-validation no;
systemctl start named #启动会卡住需要在图形界面敲击键盘
“”"
ll /etc/rndc.key 这个文件在服务启动之前是不存在的
启动服务的时候会去 /dev/random 这个加密文件中拿数据
“”"
vim /etc/reslove.conf
nameserver 172.25.254.64 #访问自己的缓存
dns-client:
vim /etc/reslove.conf
nameserver 172.25.254.64 #访问dns高速缓存器的的缓存
2.dns的正向解析:根据域名查询IP地址,是dns最基本也是最常用的功能
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
#forwarders { 114.114.114.114; };
vim /etc/named.rfc1912.zones
25 zone “westos(自定义).com” IN {
26 type master;
27 file “westos.com.(自定义)zone”;
28 allow-update { none; };
29 };
cd /var/named
cp -p named.localhost westos.com.zone
$TTL 1D
@=westos.com IN SOA dns.westos.com.(维护的区域) root.westos.com.(维护的用户) (
0 ; serial
1D ; refresh #保存一天
1H ; retry #访问我的时候如果我没有地址,请1h后再访问
1W ; expire # 保存你的查询信息最长1周
3H ) ; minimum #保存你的查询信息最短3h
NS dns.westos.com.
dns A 172.25.254.64
www A 172.25.254.12
hello A 172.25.254.13
happy A 172.25.254.99
systemctl restart named
测试:dig www.westos.com
3.DNS轮询
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.64
www A 172.25.254.12
hello A 172.25.254.13
happy A 172.25.254.99
bbs CNAME linux #bbs.westos.com —>linux.westos.com
linux A 172.25.254.16
linux A 172.25.254.17
4.MX记录(邮件交换器)
#MX记录用来定义用于域的邮件交换,这有助于电子邮件正确到达您的邮件服务器
[root@dns-server named]# mail root@westos.com
Subject: casc
cascscsa
csacsa
csacas
EOT
[root@dns-server named]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
7EE9F17E853 464 Wed Aug 7 02:47:47 root@dns-server.example.com
(connect to 172.25.254.14[172.25.254.14]:25: Connection refused)
root@westos.com
#为什么没发出去:因为是172.25.254.14这台主机没有开启邮件服务器 和我们的dns没有关系
– 0 Kbytes in 1 Request.
[root@dns-server named]# cat westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.64
www A 172.25.254.12
hello A 172.25.254.13
happy A 172.25.254.99
bbs CNAME linux
linux A 172.25.254.16
linux A 172.25.254.17
westos.com. MX 1 172.25.254.14
5.dns反向解析
#根据IP地址查询域名 不怎么常用
vim /etc/named.rfc1912.zones
43 zone “0.25.172.in-addr.arpa” IN {
44 type master;
45 file “westos.com.ptr”;
46 allow-update { none; };
47 };
cd /var/named
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
[root@dns-server named]# cat westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.64
111 PTR bbs.westos.com. #172.25.0.111
110 PTR www.westos.com.
6.双向解析
#通过内网和外网访问同一个域名的时候,获取到不同的ip地址
#实现方式:让不同的客户看不同的文件即可
cd /var/named
cp -p westos.com.zone westos.com.localnet #ip
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.localnet #file
vim /etc/named.conf
view localnet {
match-clients { 172.25.254.64; }; #your ip
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.localnet”;
};
view internet {
match-clients { any; };
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.zones”;
};
7.辅助dns
#DNS服务器一般在用的时候,为了缓解服务器的压力,多使用一个主dns服务器 多个副dns服务器 这些dns服务就组成了一个dns集群
1.另起一台虚拟机,配置好
2.安装bind
改listen-on port 53 { any; };
allow-query { any; };
#新虚拟机上设置
3.vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type slave;
masters { 172.25.254.64; };
file “slaves/westos.com.zone”;
allow-update { none; };
};
cd /var/named/slaves
rm -fr westos.com.zone
systemctl restart named
##在主的上面
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
also-notify { 172.25.254.114; }; #允许谁同步我的dns信息
然后更改westos.com.zone文件里www对应的ip
再更改serial值进行同步,值不能大于10位
#注意:每次更改ip后要连同“1 ; serial”这个值得一起改变 然后需要重启服务
8.dns的更新 cp -p westos.com.zone /mnt
普通更新
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { 172.25.254.64; }; ##允许谁更新westos.com.zone的内容
also-notify { 172.25.254.114; };
systemctl restart named
/var/log/messages
肯定更新不成功
[root@foundation2 ~]# nsupdate
server 172.25.254.64
update add hello.westos.com 86400 A 172.25.254.111
send
update failed: SERVFAIL
在172.25.254.64上看日志:/var/log/messages
看到permission denied
更新的内容会更新到/var/named目录中,相当于上传一个文件,上传是权限被拒
/var/named 目录只对超级用户可写
chmod 770 /var/named
再次更新,成功
/var/named目录中多了一个westos.com.zone.jnl文件
westos.com.zone.jnl的内容就是更新的内容
westos.com.zone.jnl文件中的内容会在服务重启时同步到westos.com.zone文件中
key更新:更新之前还原 更新之前的文件
cd /mnt
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
cp -p /etc/rndc.key /etc/westos.key
vim /etc/westos.key
key “westos” {
algorithm hmac-md5;
secret “o3S5MjYk4BALlk9K2WpVDA==”;
};
#[root@dns-server mnt]# cat Kwestos.+157+00465.key
westos. IN KEY 512 3 157 o3S5MjYk4BALlk9K2WpVDA==
#让dns识别这个key
vim /etc/named.conf
include “/etc/westos.key”;
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { key westos; }; #谁拿到钥匙谁更新我
also-notify { 172.25.254.114; };
}
scp /mnt/Kwestos.+157+00465.* root@172.25.0.3:/mnt/
systemctl restart named
测试:
[root@server3 mnt]# nsupdate
server 172.25.254.64
update add lucky.westos.com 86400 A 172.25.254.114
send
update failed: REFUSED
quit
[root@server3 mnt]# nsupdate -k Kwestos.+157+00465.private
server 172.25.254.64
update add lucky.westos.com 86400 A 172.25.254.114
send
quit
[root@server3 mnt]#
扫一扫
687
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
