一、安装部署dns

yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewlld systemctl disable firewalld
图示:安装bind
Screenshot from 2017-11-26 21-14-57.png
图示:开启服务关闭火墙
Screenshot from 2017-11-26 21-16-07.png
主配置文件: /etc/named.conf
子配置文件: /etc/name.rfc1912.zones
数据目录:  /var/named
二、高速缓存dns
vim /etc/named.conf
11       listen-on port 53 { any; };         #让所有用户IP可以访问
17       allow-query     { any; };          #客户群体
18       forwarders      {172.25.254.250; };   #访问中介
图示:修改配置文件
Screenshot from 2017-11-26 21-19-43.png
cat /etc/services | grep domain
图示:查看
Screenshot from 2017-11-26 21-20-43.png systemctl restart named
测试:
在客户主机
vim /etc/resolv.conf
nameserver 172.25.254.121
dig www.baidu.com
图示:测试结果
Screenshot from 2017-11-26 21-24-00.png
三、权威DNS的正向解析
vim /etc/named.rfc.1912.zone
25 zone "westos.com" IN {
 26         type master;
 27         file "westos.com.zone";
 28         allow-update { none; };
 29 };
cd /var/named/
cp -p named.localhost westos.com.zone
vim westos.com.zone
1 $TTL 1D
  2 @       IN SOA  dns.westos.com. root.westos.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.westos.com
  9 dns     A       172.25.254.121
 10 www     A       172.25.254.111
systemctl restart named
图示:修改配置文件
Screenshot from 2017-11-26 21-29-28.png
Screenshot from 2017-11-26 21-32-32.png
测试:
dig www.westos.com
cat /etc/resolv.conf
# Generated by NetworkManager
search ilt.example.com example.com
nameserver 172.25.254.121
图示:测试结果
Screenshot from 2017-11-26 21-39-26.png
四、反向解析
vim /etc/named.rfc.1912.zone
 48 zone "254.25.172.in-addr.arpa" IN {
 49         type master;
 50         file "westos.com.ptr";
 51         allow-update { none; };
 52 };
ls
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
  1 $TTL 1D
  2 @       IN SOA  dns.westos.com. root.westos.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.westos.com.
  9 dns     A       172.25.254.100
 10 100     PTR     www.westos.com.
systemctl restart named
图示:配置文件及操作
Screenshot from 2017-11-26 21-42-26.png
Screenshot from 2017-11-26 21-45-03.png

Screenshot from 2017-11-26 21-45-30.png

测试:

dig -x 172.25.254.121

图示:测试结果
Screenshot from 2017-11-26 21-46-59.png
                                     
五、dns双向解析
vim /etc/named.conf
 50 view localnet {
 51          match-clients { 172.25.254.221; };
 52          zone "." IN {
 53                      type hint;
 54                      file "named.ca";
 55 };
 56
 57 include "/etc/named.rfc1912.zones";
 58 include "/etc/named.root.key";
 59 };
 60
 61 view any {
 62          match-clients { any; };
 63          zone "." IN {
 64                      type hint;
 65                      file "named.ca";
 66 };
 67
 68 include "/etc/named.rfc1912.zones";
 69 include "/etc/named.root.key";
 70 };
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter -p
vim /etc/named.rfc1912.zones.inter
 25 zone "westos.com" IN {
 26         type master;
 27         file "westos.com.inter";
 28         allow-update { none; };
 29 };
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
  1 $TTL 1D
  2 @       IN SOA   dns.westos.com. root.westos.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      dns.westos.com.
  9 dns     A       1.1.1.121
 10 www     A       1.1.1.111
%s/172.25.254/1.1.1/g
systemctl restart named
图示:修改配置内容

Screenshot from 2017-11-27 12-43-24.pngScreenshot from 2017-11-27 13-05-04.png

Screenshot from 2017-11-27 13-43-15.png 测试:在221主机上  dig www.westos.com.inter

图示:测试结果

Screenshot from 2017-11-27 14-23-57.png

                                                                              
六、辅助dns
主dns的设定
vim /etc/named.rfc1912.zones
 25 zone "westos.com" IN {
 26         type master;
 27         file "westos.com.zone";
 28         allow-update { none; };
 29         also-notify { 172.25.254.221; };
systemctl restart named

注意:每次更改A记录文件后必须更改辅助serial的值,最高为10位。

vim /var/named/westos.com.inter

  4                                 0          ; serial
辅助dns主机中的设定
yum install bind -y
systemctl restart named
systemctl stop firewalld
vim /etc/sysconfig/selinux
disabled
vim /etc/named.conf
#       listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
#       allow-query     { localhost; };
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
        type slave;
        masters {172.25.254.121; };
        file "slaves/westos.com.inter";
        allow-update { none; };
};
systemctl restart named
测试:
vim /etc/resolv.conf
nameserver 172.25.254.221
 
dig www.westos.com
图示:修改配置文件
Screenshot from 2017-11-27 14-31-34.png
Screenshot from 2017-11-27 20-17-41.png 

Screenshot from 2017-11-27 20-31-00.png

图示:测试结果

Screenshot from 2017-11-27 20-35-18.png
七、dns的远程更新

实验前需先备份

Screenshot from 2017-11-27 15-40-34.png

基于ip

vim /etc/name.rfc1912.zone.inter
 25 zone "westos.com" IN {
 26         type master;
 27         file "westos.com.inter";
 28         allow-update { 172.25.254.244; };
 29         also-notify {172.25.254.244; };
 30 };
systemctl restart named
图示:修改配置文件

Screenshot from 2017-11-27 15-43-48.png

测试
在221主机上 
[root@localhost ~]# nsupdate
> server 172.25.254.121
> update add bbs.westos.com 86400 A 1.1.1.2 #添加
> send
> server 172.25.254.121
> update delete bbs.westos.com          #删除
> send
[root@dns-server named]# ls
data      named.empty      slaves                westos.com.ptr
dynamic   named.localhost  westos.com.inter      westos.com.zone
named.ca  named.loopback   westos.com.inter.jnl   <-----更新在121主机上生成 

图示:记录生成过程Screenshot from 2017-11-27 15-59-29.png

dig bbs.westos.com
;; ANSWER SECTION:
bbs.westos.com.     86400   IN  A   1.1.1.2 

图示:测试结果 

blob.png      

###

还原

[root@dns-server named]# rm -fr westos.com.inter westos.com.inter.jnl  
[root@dns-server named]# ls
data     named.ca     named.localhost  slaves          westos.com.zone
dynamic  named.empty  named.loopback   westos.com.ptr
[root@dns-server named]# cp -p /mnt/westos.com.inter .

###                     

*基于key的
cd /mnt
cp -p /etc/rndc.key /etc/westos.key  ##‘-p’复制所有
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
vim /etc/westos.key
  1 key "westos" {
  2         algorithm hmac-md5;
  3         secret "ujuIHzR74r3ikunB3OblMQ==";
  4 };
图示:更改文件内容

Screenshot from 2017-11-27 23-04-36.png 

vim /etc/named.conf

 41 include "/etc/westos.key";
 42 logging {
 43         channel default_debug {
 44                 file "data/named.run";
图示:修改配置文件

Screenshot from 2017-11-27 23-05-50.png

vim /etc/named.rfc1912.zones.inter
 25 zone "westos.com" IN {
 26         type master;
 27         file "westos.com.inter";
 28         allow-update { key westos; };
 29         also-notify {172.25.254.221; };
 30 };
systemctl restart named
图示:修改配置文件

Screenshot from 2017-11-27 23-06-57.png测试

测试:

发送钥匙给测试主机

scp Kwestos.+157+60830.* root@172.25.254.121:/mnt

图示:发送钥匙
Screenshot from 2017-11-27 23-09-44.png
在有key 的主机中执行
[root@localhost mnt]# nsupdate -kKwestos.+157+60830.private
> update add bbs.westos.com 8000 A 1.1.1.0
> send
[root@localhost mnt]# nsupdate
> server 172.25.254.121
> update add ss.westos.com 8000 A 1.1.1.1
> send
update failed: REFUSED
图示:没钥匙更新失败

Screenshot from 2017-11-27 23-48-33.png ddns

八、DDNS的配置
1.辅助设备
[root@dns-slave mnt]# hostnamectl set-hostname www.westos.com  ##修改主机名

[root@dns-slave mnt]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

图示:编辑配置使得更改为动态获取ip

Screenshot from 2017-11-30 09-43-19.png

[root@dns-slave mnt]# systemctl restart network

2.设置dns主机

vim /etc/named.rfc1912.zones

 25 zone "westos.com" IN {
 26         type master;
 27         file "westos.com.zone";
 28         allow-update { none; };
 29         also-notify { key westos; };
图示:修改配置文件

安装dhcp服务

[root@dns-server ~]# yum install dhcp -y              ##安装dhcp服务

[root@dns-server ~]# systemctl stop firewalld       ##关闭防火墙

[root@dns-server ~]# systemctl disable firewalld   ##设置开机不启动

[root@dns-server ~]#  cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
[root@dns-server mnt]# cd /etc/dhcp/
[root@dns-server dhcp]# ls
dhclient.d  dhcpd6.conf  dhcpd.conf

图示:复制以及修改配置文件

Screenshot from 2017-11-27 18-48-42.png Screenshot from 2017-11-27 23-53-54.png

 Screenshot from 2017-11-27 23-54-01.png

[root@dns-server named]# vim westos.com.zone

图示 :修改配置文件

Screenshot from 2017-11-27 19-04-49.png[root@dns-server named]# systemctl restart named

监控测试

 watch -n 1 dig

图示:测试结果

Screenshot from 2017-11-27 11-27-47.png

  ##end##