不正经运维狗的文档3_3:dns服务器的搭建
来源:互联网 发布:淘宝良心的文具店 编辑:程序博客网 时间:2024/06/06 18:43
################################3_3.DNS服务器
DNS:服务:bind.x86_64 主配置文件:/etc/named.conf
/var/named:包含名称服务器所使用的其他数据文件
A:名称至ipv4地址
AAAA:名称至ipv6地址
CNAME:域名规范
PTR:逆向解析,IP->域名
MX:用于名称的邮件交换器 ( 向何处发送其电子邮件 )
NS:域名的名称服务器
SOA:“授权起始”,DNS区域的管理信息
DNS排错:
它显示来自 DNS 查找的详细信息 , 其中包括为什么查询失败
– NOERROR : 查询成功
– NXDOMAIN : DNS 服务器提示不存在这样的名称
– SERVFAIL : DNS 服务器停机或 DNSSEC 响应
验证失败
– REFUSED : DNS 服务器拒绝回答 ( 也许是出于
访问控制原因 )
dig输出的部分内容:
标题指出关于查询和答案的信息 , 其中包括响应状态和设置的任何特殊标记 ( aa 表示权威答案 , 等等 )
– QUESTION : 提出实际的 DNS 查询
– ANSWER : 响应 ( 如果有 )
– AUTHORITY : 负责域 / 区域的名称服务器
– ADDITIONAL : 提供的其他信息 , 通常是关于名称服务器
– 底部的注释指出发送查询的递归名称服务器以及获得响应所花费的时间
1.搭建高速缓存DNS:
dns-server:
更改网络主配置文件:静态获取IP,IP为172.25.254.223
yum install bind.x86_64 -y ##dns服务
systemctl stop firewalld
systemctl start named
vim /etc/named.conf
options {
listen-on port 53 { any; }; ##开启主机的53端口
allow-query { any; }; ##允许所有人可以访问本台主机
forwarders { 172.25.254.250; }; ##访问250主机解析域名
systemctl restart named
dig www.baidu.com ##第一次获取比较慢,之后其他主机查询baidu.com的IP会很快查到,此时,高速缓存DNS服务器搭建完成
dns-client:
vim /etc/resolv.conf
nameserver 172.25.254.223 ##设置dns服务器为172.25.254.223
dig www.baidu.com ##查询baidu的IP
dns-server:
更改网络主配置文件:静态获取IP,IP为172.25.254.223
yum install bind.x86_64 -y ##dns服务
systemctl stop firewalld
systemctl start named
vim /etc/named.conf
options {
listen-on port 53 { any; }; ##开启主机的53端口
allow-query { any; }; ##允许所有人可以访问本台主机
forwarders { 172.25.254.250; }; ##访问250主机解析域名
systemctl restart named
dig www.baidu.com ##第一次获取比较慢,之后其他主机查询baidu.com的IP会很快查到,此时,高速缓存DNS服务器搭建完成
dns-client:
vim /etc/resolv.conf
nameserver 172.25.254.223 ##设置dns服务器为172.25.254.223
dig www.baidu.com ##查询baidu的IP
2.正向解析,域名-->IP:设置自己为权威dns服务器,并指定www.westos.com的IP为172.25.254.138
dns-server:
vim /etc/named.conf
options {
listen-on port 53 { any; }; ##开启本机所有53端口
allow-query { any; }; ##允许所有人访问
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
cd /var/named/
cp -p named.localhost westos.com.zone
vim westos.com.zone
$TTL 1D ##缓存dns服务器使用期限:1day
@ IN SOA dns.westos.com. root.westos.com. (
##@=westos.com,dns.westos.com.:dns服务器,root.westos.com.:设置可访问用户为root,若此文件中字符结尾不加".",默认以“@”结尾)
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.223 ##dns服务器
www A 172.25.254.138 ##指定www.westos.com的IP为172.25.254.138
music CNAME music.a.westos.com. ##域名规范
music.a A 172.25.254.111
music.a A 172.25.254.222
westos.com. MX 1 172.25.254.223. ##邮件dns,发送邮件到223上,MX 1:邮件等级
dig www.westos.com ##可查询到westos.com的IP为172.25.254.138
dns-client:
dig www.westos.com
dig music.westos.com ##查询music.westos.com的IP
dig -t mx westos.com ##查询邮件接受方的IP
mail root@westos.com ##给westos.com发送邮件
ctrl-D ##结束
mailq ##查看邮件发送状态
dns-server:
vim /etc/named.conf
options {
listen-on port 53 { any; }; ##开启本机所有53端口
allow-query { any; }; ##允许所有人访问
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
cd /var/named/
cp -p named.localhost westos.com.zone
vim westos.com.zone
$TTL 1D ##缓存dns服务器使用期限:1day
@ IN SOA dns.westos.com. root.westos.com. (
##@=westos.com,dns.westos.com.:dns服务器,root.westos.com.:设置可访问用户为root,若此文件中字符结尾不加".",默认以“@”结尾)
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.223 ##dns服务器
www A 172.25.254.138 ##指定www.westos.com的IP为172.25.254.138
music CNAME music.a.westos.com. ##域名规范
music.a A 172.25.254.111
music.a A 172.25.254.222
westos.com. MX 1 172.25.254.223. ##邮件dns,发送邮件到223上,MX 1:邮件等级
dig www.westos.com ##可查询到westos.com的IP为172.25.254.138
dns-client:
dig www.westos.com
dig music.westos.com ##查询music.westos.com的IP
dig -t mx westos.com ##查询邮件接受方的IP
mail root@westos.com ##给westos.com发送邮件
ctrl-D ##结束
mailq ##查看邮件发送状态
3.多项解析dns服务器:(不同网段的客户机解析出的IP也不同)
dns-server:
给server增加一块网卡eth1,ip为172.25.23.223
systemctl restart network
cd /var/named
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.23.223
www A 172.25.23.138
music CNAME music.a.westos.com.
music.a A 172.25.23.111
music.a A 172.25.23.222
westos.com. MX 1 172.25.23.223.
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
vim /etc/named.rfc1912.inter
zone "westos.com" IN {
type master;
file "westos.com.inter"; ##原来的zone改为inter
allow-update { none; };
};
dns-server:
给server增加一块网卡eth1,ip为172.25.23.223
systemctl restart network
cd /var/named
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.23.223
www A 172.25.23.138
music CNAME music.a.westos.com.
music.a A 172.25.23.111
music.a A 172.25.23.222
westos.com. MX 1 172.25.23.223.
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
vim /etc/named.rfc1912.inter
zone "westos.com" IN {
type master;
file "westos.com.inter"; ##原来的zone改为inter
allow-update { none; };
};
vim /etc/named.conf
原来的zone "."那一段注释掉
view localnet {
match-clients { 172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
原来的zone "."那一段注释掉
view localnet {
match-clients { 172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view inter {
match-clients { 172.25.23.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.23.223
dig www.westos.com ##查询的结果是172.25.23.138
真机:ip为172.25.254.23
vim /etc/resolv.conf
nameserver 172.25.254.223
dig www.westos.com ##查询的结果是172.25.254.138
match-clients { 172.25.23.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.23.223
dig www.westos.com ##查询的结果是172.25.23.138
真机:ip为172.25.254.23
vim /etc/resolv.conf
nameserver 172.25.254.223
dig www.westos.com ##查询的结果是172.25.254.138
4.反向解析:
dns-server:
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN { ##网段为172.25.254
type master;
file "westos.com.ptr"; ##反向解析文件
allow-update { none; };
};
cp -p /var/named/named.loopback /var/named/westos.com.ptr
vim /var/named/westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.223
134 PTR dss.westos.com. ##172.25.254.134为dss.westos.com
111 PTR www.westos.com. ##172.25.254.111为www.westos.com
systemctl restart named
测试:dns-client:
vim /etc/resolv.conf
nameserver 172.25.254.223
dig -x 172.25.254.111 ##结果:www.westos.com.
dig -x 172.25.254.134 ##结果:dss.westos.com.
5.更新dns:
dns-server:
cp -p /var/named/westos.com.zone /mnt/
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.123; }; ##允许123这台机子更新DNS
};
chmod 770 /var/named ##给/var/named770权限
setsebool -P named_write_master_zones 1 ##开启named可写功能
systemctl restart named
dns-client: ##ip为172.25.254.123
nsupdate
> server 172.25.254.223
> update add hello.westos.com 86400 A 172.25.254.135 ##增加域名,86400s=1D
> send
> server 172.25.254.223
> update delete hello.westos.com ##删除域名
> send
dns-server:
dig hello.westos.com ##查询到IP为172.25.254.135
此时westos.com.zone里面并没有同步,若要同步的话重启named
systemctl restart named
cat /var/named/westos.com.zone ##此时已经同步
dns-server:
cp -p /var/named/westos.com.zone /mnt/
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.123; }; ##允许123这台机子更新DNS
};
chmod 770 /var/named ##给/var/named770权限
setsebool -P named_write_master_zones 1 ##开启named可写功能
systemctl restart named
dns-client: ##ip为172.25.254.123
nsupdate
> server 172.25.254.223
> update add hello.westos.com 86400 A 172.25.254.135 ##增加域名,86400s=1D
> send
> server 172.25.254.223
> update delete hello.westos.com ##删除域名
> send
dns-server:
dig hello.westos.com ##查询到IP为172.25.254.135
此时westos.com.zone里面并没有同步,若要同步的话重启named
systemctl restart named
cat /var/named/westos.com.zone ##此时已经同步
6.dns更新加密:
dns-server:
cd /mnt
dnssec-keygen -a HMAC-MD5 -b 256 -n HOST dnskey ##-a加密类型,-b字符长度,-n用途
ls
cp -p /etc/rndc.key /etc/dns.key
[root@dns-server mnt]# cat Kdnskey.+157+64619.key ##查询密码
dnskey. IN KEY 512 3 157 AJBz6JkPzxI6wU4TzPHi7ihZbXlK5fpmKT/zuwRH5R0=
dns-server:
cd /mnt
dnssec-keygen -a HMAC-MD5 -b 256 -n HOST dnskey ##-a加密类型,-b字符长度,-n用途
ls
cp -p /etc/rndc.key /etc/dns.key
[root@dns-server mnt]# cat Kdnskey.+157+64619.key ##查询密码
dnskey. IN KEY 512 3 157 AJBz6JkPzxI6wU4TzPHi7ihZbXlK5fpmKT/zuwRH5R0=
vim /etc/dns.key
key "dnskey" { ##名字为指定的dnskey
algorithm hmac-md5;
secret "AJBz6JkPzxI6wU4TzPHi7ihZbXlK5fpmKT/zuwRH5R0="; ##密码
};
vim /etc/named.conf
include "/etc/dns.key"; ##43行加入此命令
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key dnskey; }; ##名字为指定的dnskey
};
systemctl restart named
scp Kdnskey.+157+64619.* root@172.25.254.123:/mnt/ ##分发钥匙
dns-client:
[root@dns-desktop mnt]# nsupdate -k Kdnskey.+157+64619.private
> server 172.25.254.223
> update add hello.westos.com 86400 A 172.25.254.156
> send
server:
dig hello.westos.com ##结果:172.25.254.156
key "dnskey" { ##名字为指定的dnskey
algorithm hmac-md5;
secret "AJBz6JkPzxI6wU4TzPHi7ihZbXlK5fpmKT/zuwRH5R0="; ##密码
};
vim /etc/named.conf
include "/etc/dns.key"; ##43行加入此命令
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key dnskey; }; ##名字为指定的dnskey
};
systemctl restart named
scp Kdnskey.+157+64619.* root@172.25.254.123:/mnt/ ##分发钥匙
dns-client:
[root@dns-desktop mnt]# nsupdate -k Kdnskey.+157+64619.private
> server 172.25.254.223
> update add hello.westos.com 86400 A 172.25.254.156
> send
server:
dig hello.westos.com ##结果:172.25.254.156
7.动态dns域名解析:
随着IP获取的不同,域名解析出来的IP随着IP获取而改变(每获取新的IP,域名解析出来的IP就是新的IP)
dns-server:
前提:
/var/named/的权限为770
setsebool -P named_write_master_zones 1
删除/var/named/里的westso.com.zone.jnl和westso.com.zone,复制/mnt/westos.com.zone到/var/named
随着IP获取的不同,域名解析出来的IP随着IP获取而改变(每获取新的IP,域名解析出来的IP就是新的IP)
dns-server:
前提:
/var/named/的权限为770
setsebool -P named_write_master_zones 1
删除/var/named/里的westso.com.zone.jnl和westso.com.zone,复制/mnt/westos.com.zone到/var/named
yum install dhcp -y ##安装dhcp服务
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim dhcpd.conf
option domain-name "westos.com"; ##域名
option domain-name-servers 172.25.254.223; ##dns服务器IP
default-lease-time 600;
max-lease-time 7200;
ddns-update-style interim; ##允许通过钥匙更新dns
log-facility local7;
subnet 172.25.254.0 netmask 255.255.255.0 { ##网段
range 172.25.254.162 172.25.254.165; ##网池,IP从160到165随意分配
option routers 172.25.254.250; ##网关
}
key dnskey {
algorithm hmac-md5;
secret DUxcUSMjFqU++8vbN1FLXIJ6GhZujLAs6L6OvR67RUI=;
};
algorithm hmac-md5;
secret DUxcUSMjFqU++8vbN1FLXIJ6GhZujLAs6L6OvR67RUI=;
};
zone westos.com. {
primary 127.0.0.1; ##采用回环接口IP,提升效率,安全性
key dnskey;
}
vim /etc/named.conf
view localnet {
match-clients { 172.25.254.0/24; 127.0.0.1; }; ##增加127.0.0.1
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
primary 127.0.0.1; ##采用回环接口IP,提升效率,安全性
key dnskey;
}
vim /etc/named.conf
view localnet {
match-clients { 172.25.254.0/24; 127.0.0.1; }; ##增加127.0.0.1
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view inter {
match-clients { 172.25.23.0/24; 127.0.0.1; }; ##增加127.0.0.1
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
systemctl restart named
systemctl restart dhcpd
dns-client测试:
hostnamectl set-hostname test.westos.com ##设置主机名
vim /etc/sysconfig/network-scripts/ifcfg-eth0 ##动态获取IP
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
systemctl restart network
ifconfig
dig test.westos.com ##得到的IP是dhcp给的IP
match-clients { 172.25.23.0/24; 127.0.0.1; }; ##增加127.0.0.1
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
systemctl restart named
systemctl restart dhcpd
dns-client测试:
hostnamectl set-hostname test.westos.com ##设置主机名
vim /etc/sysconfig/network-scripts/ifcfg-eth0 ##动态获取IP
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
systemctl restart network
ifconfig
dig test.westos.com ##得到的IP是dhcp给的IP
0 0
- 不正经运维狗的文档3_3:dns服务器的搭建
- 不正经运维狗的文档5
- 不正经运维狗的文档6
- 不正经运维狗的文档7
- 不正经运维狗的文档8
- 不正经运维狗的文档9
- 不正经运维狗的文档10
- 不正经运维狗的文档11
- 不正经运维狗的文档12
- 不正经运维狗的文档13
- 不正经运维狗的文档2_4
- 不正经运维狗的文档2_5
- 不正经运维狗的文档2_9
- 不正经运维狗的文档2_7
- 不正经运维狗的文档2_8
- 不正经运维狗的文档2_10
- 不正经运维狗的文档2_11
- 不正经运维狗的文档2—3
- [windows]工作中常用的命令
- 实现DUBBO服务环境隔离
- Button点击事件绑定中如何传递带参数的方法
- 爬楼梯问题
- 用集合实现RadioButton的添加
- 不正经运维狗的文档3_3:dns服务器的搭建
- Ubuntu 14.04安装teamviewer
- xcode中如何单独设置某个文件启动/关闭arc
- Picasso加载圆角图片
- html播放视频的一种方式(推荐)
- 【eclipse】安装maven时出现的错误
- Java里如何实现线程间通信?
- 验证日期格式是否合法
- unity_android工程和android_studio工程合并