一、安装部署dns yum install bind -y systemctl start named systemctl enable named systemctl stop firewlld systemctl disable firewalld图示:安装bind图示:开启服务关闭火墙 主配置文件: /etc/named.conf 子配置文件: /etc/name.rfc1912.zones 数据目录: /var/named二、高速缓存dns vim /etc/named.conf 11 listen-on port 53 { any; }; #让所有用户IP可以访问 17 allow-query { any; }; #客户群体 18 forwarders {172.25.254.250; }; #访问中介图示:修改配置文件 cat /etc/services | grep domain图示:查看 systemctl restart named测试: 在客户主机 vim /etc/resolv.conf nameserver 172.25.254.121 dig www.baidu.com图示:测试结果三、权威DNS的正向解析 vim /etc/named.rfc.1912.zone 25 zone "westos.com" IN { 26 type master; 27 file "westos.com.zone"; 28 allow-update { none; }; 29 }; cd /var/named/ cp -p named.localhost westos.com.zone vim westos.com.zone 1 $TTL 1D 2 @ IN SOA dns.westos.com. root.westos.com. ( 3 0 ; serial 4 1D ; refresh 5 1H ; retry 6 1W ; expire 7 3H ) ; minimum 8 NS dns.westos.com 9 dns A 172.25.254.121 10 www A 172.25.254.111 systemctl restart named图示:修改配置文件 测试: dig www.westos.com cat /etc/resolv.conf # Generated by NetworkManager search ilt.example.com example.com nameserver 172.25.254.121图示:测试结果四、反向解析 vim /etc/named.rfc.1912.zone 48 zone "254.25.172.in-addr.arpa" IN { 49 type master; 50 file "westos.com.ptr"; 51 allow-update { none; }; 52 }; ls cp -p named.loopback westos.com.ptr vim westos.com.ptr 1 $TTL 1D 2 @ IN SOA dns.westos.com. root.westos.com. ( 3 0 ; serial 4 1D ; refresh 5 1H ; retry 6 1W ; expire 7 3H ) ; minimum 8 NS dns.westos.com. 9 dns A 172.25.254.100 10 100 PTR www.westos.com. systemctl restart named图示:配置文件及操作
测试:
dig -x 172.25.254.121图示:测试结果 五、dns双向解析 vim /etc/named.conf 50 view localnet { 51 match-clients { 172.25.254.221; }; 52 zone "." IN { 53 type hint; 54 file "named.ca"; 55 }; 56 57 include "/etc/named.rfc1912.zones"; 58 include "/etc/named.root.key"; 59 }; 60 61 view any { 62 match-clients { any; }; 63 zone "." IN { 64 type hint; 65 file "named.ca"; 66 }; 67 68 include "/etc/named.rfc1912.zones"; 69 include "/etc/named.root.key"; 70 }; cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter -p vim /etc/named.rfc1912.zones.inter 25 zone "westos.com" IN { 26 type master; 27 file "westos.com.inter"; 28 allow-update { none; }; 29 }; cp -p westos.com.zone westos.com.inter vim westos.com.inter 1 $TTL 1D 2 @ IN SOA dns.westos.com. root.westos.com. ( 3 0 ; serial 4 1D ; refresh 5 1H ; retry 6 1W ; expire 7 3H ) ; minimum 8 NS dns.westos.com. 9 dns A 1.1.1.121 10 www A 1.1.1.111 %s/172.25.254/1.1.1/g systemctl restart named图示:修改配置内容
测试:在221主机上 dig www.westos.com.inter图示:测试结果
六、辅助dns主dns的设定 vim /etc/named.rfc1912.zones 25 zone "westos.com" IN { 26 type master; 27 file "westos.com.zone"; 28 allow-update { none; }; 29 also-notify { 172.25.254.221; }; systemctl restart named
注意:每次更改A记录文件后必须更改辅助serial的值,最高为10位。
vim /var/named/westos.com.inter 4 0 ; serial 辅助dns主机中的设定 yum install bind -y systemctl restart named systemctl stop firewalld vim /etc/sysconfig/selinux disabled vim /etc/named.conf # listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; # allow-query { localhost; }; vim /etc/named.rfc1912.zones zone "westos.com" IN { type slave; masters {172.25.254.121; }; file "slaves/westos.com.inter"; allow-update { none; }; }; systemctl restart named测试: vim /etc/resolv.conf nameserver 172.25.254.221 dig www.westos.com图示:修改配置文件
图示:测试结果七、dns的远程更新
(实验前需先备份)
基于ip vim /etc/name.rfc1912.zone.inter 25 zone "westos.com" IN { 26 type master; 27 file "westos.com.inter"; 28 allow-update { 172.25.254.244; }; 29 also-notify {172.25.254.244; }; 30 }; systemctl restart named图示:修改配置文件
测试 在221主机上 [root@localhost ~]# nsupdate > server 172.25.254.121 > update add bbs.westos.com 86400 A 1.1.1.2 #添加 > send > server 172.25.254.121 > update delete bbs.westos.com #删除 > send[root@dns-server named]# lsdata named.empty slaves westos.com.ptrdynamic named.localhost westos.com.inter westos.com.zonenamed.ca named.loopback westos.com.inter.jnl <-----更新在121主机上生成
图示:记录生成过程
dig bbs.westos.com ;; ANSWER SECTION: bbs.westos.com. 86400 IN A 1.1.1.2
图示:测试结果
###
还原
[root@dns-server named]# rm -fr westos.com.inter westos.com.inter.jnl [root@dns-server named]# ls data named.ca named.localhost slaves westos.com.zone dynamic named.empty named.loopback westos.com.ptr [root@dns-server named]# cp -p /mnt/westos.com.inter .### *基于key的 cd /mnt cp -p /etc/rndc.key /etc/westos.key ##‘-p’复制所有 dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos vim /etc/westos.key 1 key "westos" { 2 algorithm hmac-md5; 3 secret "ujuIHzR74r3ikunB3OblMQ=="; 4 };图示:更改文件内容
vim /etc/named.conf 41 include "/etc/westos.key"; 42 logging { 43 channel default_debug { 44 file "data/named.run";图示:修改配置文件
vim /etc/named.rfc1912.zones.inter 25 zone "westos.com" IN { 26 type master; 27 file "westos.com.inter"; 28 allow-update { key westos; }; 29 also-notify {172.25.254.221; }; 30 }; systemctl restart named图示:修改配置文件
测试测试:
发送钥匙给测试主机
scp Kwestos.+157+60830.* root@172.25.254.121:/mnt 图示:发送钥匙 在有key 的主机中执行 [root@localhost mnt]# nsupdate -kKwestos.+157+60830.private > update add bbs.westos.com 8000 A 1.1.1.0 > send [root@localhost mnt]# nsupdate > server 172.25.254.121 > update add ss.westos.com 8000 A 1.1.1.1 > send update failed: REFUSED图示:没钥匙更新失败
ddns 八、DDNS的配置 1.辅助设备[root@dns-slave mnt]# hostnamectl set-hostname www.westos.com ##修改主机名
[root@dns-slave mnt]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
图示:编辑配置使得更改为动态获取ip
[root@dns-slave mnt]# systemctl restart network
2.设置dns主机
vim /etc/named.rfc1912.zones 25 zone "westos.com" IN { 26 type master; 27 file "westos.com.zone"; 28 allow-update { none; }; 29 also-notify { key westos; };图示:修改配置文件
安装dhcp服务
[root@dns-server ~]# yum install dhcp -y ##安装dhcp服务
[root@dns-server ~]# systemctl stop firewalld ##关闭防火墙
[root@dns-server ~]# systemctl disable firewalld ##设置开机不启动[root@dns-server ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y [root@dns-server mnt]# cd /etc/dhcp/ [root@dns-server dhcp]# ls dhclient.d dhcpd6.conf dhcpd.conf
图示:复制以及修改配置文件
[root@dns-server named]# vim westos.com.zone
图示 :修改配置文件
[root@dns-server named]# systemctl restart named
监控测试 watch -n 1 dig
图示:测试结果
##end##