linux操作———dns

1.dns部署安装

yum install bind -y

  systemctl start named    ##需要敲击字符，设置加密
  systemctl enable named
  systemctl stop firewalld
  systemctl disable firewalld

主配置文件：/etc/named.conf

子配置文件：/etc/named.rfc1912.zones
数据目录：/etc/named

2.高速缓存dns
vim /etc/named.conf

11 listen-on port 53 { any; };    ##接口完全开放
17 allow-query     { any; };      ##所有人都可访问
18 forwarders { 172.25.254.xx;};  ##有不知道的问题都访问xx主机

systemctl restart named

#测试：
在客户主机
vim /etc/resolv.conf

8 nameserver 172.25.254.xx   ##配置文件的主机ip

dig www.baidu.com     ##第一次访问缓存，第二次直接获取缓存

3.权威dns正向解析

vim /etc/named.conf

18 forwarders { 172.25.254.xx;};    ##去掉这一行

vim /etc/named.rfc1912.zones
     zone "westos.com" IN {
           type master;
           file "westos.com.zone";

           allow-update { none; };

cd /var/named
[root@localhost named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# cp -p named.localhost westos.com.zone    ##由于存在权限问题，所以需要-p
[root@localhost named]# vim westos.com.zone     ##解析文件编写

$TTL 1D
@       IN SOA  dns.westos.com. root.westos.com. (         ##加.是防止后面继续自动添加westos.com
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.       ##在文件名后自动加westos.com
dns     A       172.25.254.xx         ## 配置文件的主机ip       
www     A       172.25.254.111        ##问题寻找答案的ip

systemctl restart named

/etc/named.conf中的内容

/etc/named.rfc1912.zones中的内容

westos.com.zone中的内容

测试：
www.westos.com

4.反向解析
vim /etc/named.rfc1912.zones    
    zone "254.25.172.in-addr.arpa" IN {
          type master;
          file "westos.com.ptr";
          allow-update { none; };
   };


cp -p named.lookback westos.com.ptr

vim westos.com.ptr

$TTL 1D
@       IN SOA  dns.westos.com. root.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.xx
xx     PTR       www.westos.com.    ##访问的问题ip为xx，测试就测试xx

systemctl restart named

/etc/named.rfc1912.zones中的内容

westos.com.ptr中的内容

测试：
dig -x 172.25.254.xx

  

5.dns双向解析
cp -p  westos.com.zone  westos.com.inter
vim westos.com.inter     ##添加外网文件配置

$TTL 1D
@       IN SOA  dns.westos.com. root.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       1.1.1.xx      ##外网访问问题答案ip
www     A       1.1.1.111

cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter -p
vim /etc/named.rfc1912.zones.inter    ##添加外网的子配置文件

 31 zone "westos.com" IN {
 32           type master;
 33           file "westos.com.inter";   ##更改zone为inter
 34           allow-update { none; };
 35   };

vim /etc/named.conf    ##添加到主配置文件中

 52 view localnet {
 51         match-clients { 172.25.254.xx; };     ##只让xx访问，即内网
 52         zone "." IN {
 53             type hint;
 54             file "named.ca";
 55 };
 56 include "/etc/named.rfc1912.zones";    ##内网的子配置文件
 57 include "/etc/named.root.key";
 58 };
 59 view any {
 60           match-clients { any; };
 61           zone "." IN {
 62               type hint;
 63               file "named.ca";
 64 };
 65 include "/etc/named.rfc1912.zones.inter";    ##外网的子配置文件
 66 include "/etc/named.root.key";
 67 };

systemctl restart named

westos.com.inter

/etc/named.rfc1912.zones.inter

/etc/named.conf

测试：
dig www.westos.com    ##分内外网

内网：

外网：

6.辅助dns
主dns的设定
vim /etc/named.rfc1912.zones.inter
   zone "westos.com" IN {
          type master;
          file "westos.com.inter";
          allow-update { none; };
          also-notify { 172.25.254.xxx; };    ##更改后告诉xxx机
   };

systemctl restart named
注意：每次更改A文件后必须更改serial的数值，最大为10位

辅助dns(xx机)设定（先设置yum源，selnux中为disable，reboot）
yum install bind -y
systemctl start named
systemctl stop firewalld

vim /etc/named.conf

//      listen-on port 53 { 127.0.0.1; };   ##注释即开启
//      allow-query     { localhost; };

vim /etc/named.rfc1912.zones
  zone "westos.com" IN {
        type slave;    
        masters { 172.25.254.xxx; };   ##设定辅助为xxx机
        file "slaves/westos.com.inter";
        allow-update { none; };
  };
systemctl restart named

/etc/named.conf

/etc/named.rfc1912.zones

测试：

vim /etc/resolv.conf
    nameserver 172.25.254.xx    ##主
dig www.westos.com

vim /etc/resolv.conf
    nameserver 172.25.254.xxx      ##辅
dig www.westos.com

7.dns的远程更新
基于ip的:
vim /etc/named.rfc1912.zones.inter
  zone "westos.com" IN {
          type master;
          file "westos.com.inter";
          allow-update { 172.25.254.xxx; };
          also-notify { 172.25.254.xxx; };
    };

systemctl restart named
chmod g+w /var/named/
systemctl restart named

测试：
在113主机上
[root@desktop113 ~]# nsupdate
> server 172.25.254.xx     ##添加
> update add bbs.westos.com 86400 A 1.1.1.x
> send                    
> server 172.25.254.xx     ##删除
> update delete bbs.westos.com
> send

基于key的:（先删掉基于ip生成更新的）

cp -p /etc/rndc.key /etc/westos.key
dnssec-keygen -a HMAC-MD5 -b 218 -n HOST westos      ##生成公钥私钥
cat Kwestos.+157+40661.key
vim /etc/westos.key

key "westos" {
        algorithm hmac-md5;
        secret "Qrk1DSSofXb3rll40i4MkIDgE1nfROQnAxD0tg==";
};

vim /etc/named.conf

include "/etc/westos.key";   ##添加这一行即可
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

vim /etc/named.rfc1912.zones.inter

  zone "westos.com" IN {
          type master;
          file "westos.com.inter";
          allow-update { key westos; };    ##更改更新方式
          also-notify { 172.25.254.xxx; };
    };

systemctl restart named

/etc/westos.key

/etc/named.conf

/etc/named.rfc1912.zones.inter

测试：
[root@localhost mnt]# ls
Kwestos.+157+40661.key  Kwestos.+157+40661.private  westos.com.inter
[root@localhost mnt]# scp Kwestos.+157+40661* root@172.2vim5.254.xxx:/mnt/

在有key的主机中执行
[root@desktop113 mnt]# nsupdate -k Kwestos.+157+40661.private
> server 172.25.254.xx
> update add bbs.westos.com 86400 A 1.1.1.x
> send
>

[root@localhost mnt]# dig bbs.westos.com

8.动态dns
主dns上：
yum install dhcp -y  
cp /usr/share/
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf

 7 option domain-name "xxxxxx.com";    ##辅助dns的机名
 8 option domain-name-servers 172.25.254.xx;     ##主dns的ip
 14 ddns-update-style interim;
 24 # No service will be given on this subnet, but declaring it helps the
 25 # DHCP server to understand the network topology.
 26
 27
 28 # This is a very basic subnet declaration.
 29
 30 subnet 172.25.254.0 netmask 255.255.255.0 {
 31   range 172.25.254.10 172.25.254.20;
 32   option routers 172.25.254.xx;     ##主dns的ip
 33 }
 34
 35 key "westos" {
 36         algorithm hmac-md5;
 37         secret "tcc2czhAKAjVnZwP/USO4gAxXHiX6M7SDJPuLw==";     ##取钥匙，来自文件/etc/westos.key
 38 };
 39 zone westos.com. {
 40            primary 172.0.0.1;
 41            key westos;
 42 }

systemctl restart dhcpd
systemctl restart named

辅dns上：
修改network为dns     vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=none----->dhcp

修改名字为xxxxxx.com     hostnamectl set-hostname www.xxxxxx.com
systemctl restart network

检测：

dig www.westos.com  ##主辅