正向解析
服務端ok
[root@server ~]#yum install bind -y
[root@server ~]#systemctl restart named 重啓named
[root@server ~]#systemctl status firewalld 查看防火牆狀態
[root@server ~]#systemctl stop firewalld 關閉防火牆
客戶端ok
[root@client ~]#vim /etc/resolv.conf# Generated by NetworkManager
search sn.10086.cn
nameserver 172.25.254.200 服務端主機ip
# No nameservers found; try putting DNS servers into your
服務端ok
vim /etc/named.conf
11 listen-on port 53 { any; }; 修改爲any 允許所有人查看
12 listen-on-v6 port 53 { ::1; };
13 directory “/var/named”;
14 dump-file “/var/named/data/cache_dump.db”;
15 statistics-file “/var/named/data/named_stats.txt”;
16 memstatistics-file “/var/named/data/named_mem_stats.txt”;
17 allow-query { any; }; 修改爲any 允許把答案傳送
29 recursion yes;
30
31 dnssec-enable yes;
32 dnssec-validation no; 修改yes爲no (DNS未註冊)
33
服務端操作ok
vim /etc/named.rfc1912.zones
19 zone “localhost” IN {
20 type master;
21 file “named.localhost”;
22 allow-update { none; };
23 };
24
25 zone “westos.com” IN { (域名)
26 type master; (服務端爲主DNS)
27 file “westos.com.zone”;(文件存放位置 )
28 allow-update { none; };(允許誰來更新)
29 };
[root@server ~]# cd /var/named
[root@server named]# ls -l
total 16
drwxrwx—. 2 named named 22 Apr 15 01:18 data
drwxrwx—. 2 named named 30 Apr 15 01:52 dynamic
-rw-r—–. 1 root named 2076 Jan 28 2013 named.ca
-rw-r—–. 1 root named 152 Dec 15 2009 named.empty
-rw-r—–. 1 root named 152 Jun 21 2007 named.localhost
-rw-r—–. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx—. 2 named named 6 Sep 2 2015 slaves
[root@server named]# cp -p(權限一起復制) named.localhost westos.com.zone ()
[root@server named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 正向 172.25.254.200
www A 正向 172.25.254.111
[root@server named]# systemctl restart named
客戶端測試ok
[root@client ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25259
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.200
;; Query time: 0 msec
;; SERVER: 172.25.254.200#53(172.25.254.200)
;; WHEN: Sat Apr 15 02:27:22 EDT 2017
;; MSG SIZE rcvd: 93
服務端 *(反向解析)ok
vim /etc/named.rfc1912.zones
43 zone “0.in-addr.arpa” IN {
44 type master;
45 file “named.empty”;
46 allow-update { none; };
47 };
48
49 zone “254.25.172.in-addr.arpa” IN { (域名)
50 type master; (服務端爲主DNS)
51 file “westos.com.ptr”; (文件存放位置 )
52 allow-update { none; }; (允許誰來更新)
53 };
54
:wq
[root@server ~]# cd /var/named
[root@server named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.com.zone
[root@server named]# cp -p westos.com.zone estos.com.ptr
[root@server named]# vim westos.com.ptr
5
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 正向 172.25.254.200
111 PTR 反向 www.westos.com.
222 PTR 反向 bbs.westos.com.
~
[root@server named]# systemctl restart named
客戶端ok
[root@client ~]# dig -x 172.25.254.222 -X 在這裏表示反向
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1233
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
222.254.25.172.in-addr.arpa. 86400 IN PTR bbs.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.200
;; Query time: 0 msec
;; SERVER: 172.25.254.200#53(172.25.254.200)
;; WHEN: Sat Apr 15 03:29:25 EDT 2017
;; MSG SIZE rcvd: 118
允許客戶端更新主DNS
服務端
[root@server named]# vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com (
2017041502 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.200
www CNAME 172.25.254.111
bbs A 172.25.254.222
westos.com. MX 1 172.25.254.250
[root@server named]# cp -r(連目錄一起復制) /var/named/westos.com.zone /mnt/
[root@server named]# vim /etc/named.rfc1912.zones
19 zone “localhost” IN {
20 type master;
21 file “named.localhost”;
22 allow-update { none; };
23 };
24
25 zone “westos.com” IN {
26 type master;
27 file “westos.com.zone”;
28 allow-update { 172.25.254.156; }; (允許誰更新)
29 allow-transfer { 172.25.254.156; };
30 also-notify { 172.25.254.156; }; (更新以後通知誰)
[root@server named]# systemctl restart named
客戶端ok
[root@ client ~]#yum install bind -y
[root@ client ~]#systemctl restart named 重啓named
[root@ client ~]#systemctl status firewalld 查看防火牆狀態
[root@ client ~]#systemctl stop firewalld 關閉防火牆
[root@ client ~]# vim /etc/named.conf
10 options {
11 listen-on port 53 { any; }; 改爲any
12 listen-on-v6 port 53 { ::1; };
13 directory “/var/named”;
14 dump-file “/var/named/data/cache_dump.db”;
15 statistics-file “/var/named/data/named_stats.txt”;
16 memstatistics-file “/var/named/data/named_mem_stats.txt”;
17 allow-query { any; }; 改爲any
29 recursion yes;
30
31 dnssec-enable yes;
32 dnssec-validation no; yes改爲no
33
vim /etc/named.rfc1912.zones
19 zone “localhost” IN {
20 type master;
21 file “named.localhost”;
22 allow-update { none; };
23 };
24
25 zone “westos.com” IN {
26 type slave; (DNS類型爲輔助DNS)
27 masters { 172.25.254.200; }; (主DNS)
28 file “slaves/westos.com.zone”; (文件存放位置)
29 allow-update { none; };
30 };
root@client ~]# systemctl restart named
[root@server named]# ls -l
total 20
drwxrwx—. 2 named named 22 Sep 2 2015 data
drwxrwx—. 2 named named 30 Sep 2 2015 dynamic
-rw-r—–. 1 root named 2076 Jan 28 2013 named.ca
-rw-r—–. 1 root named 152 Dec 15 2009 named.empty
-rw-r—–. 1 root named 152 Jun 21 2007 named.localhost
-rw-r—–. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx—. 2 named named 6 Sep 2 2015 slaves
-rw-r—–. 1 root named 312 Apr 17 08:25 westos.com.zone
[root@server named]# chmod g+w westos.com.zone
[root@server named]# setsebool -P named_write_master_zones 1
客戶端操作
[root@client named]# nsupdate
server 172.25.254.200
update add westos.westos.com 86400 A 172.25.254.156
send
update failed: SERVFAIL
quit
[root@client named]# nsupdate
server 172.25.254.200
update add westos.westos.com 86400 A 172.25.254.15
send
服務端操作
《允許客戶端用鑰匙更新主DNS》
[root@client ~]# systemctl restart named
[root@server named]# rm -fr westos.com.zone
[root@server named]# ls -l
total 24
drwxrwx—. 2 named named 22 Apr 15 01:18 data
drwxrwx—. 2 named named 30 Apr 15 04:40 dynamic
-rw-r—–. 1 root named 2076 Jan 28 2013 named.ca
-rw-r—–. 1 root named 152 Dec 15 2009 named.empty
-rw-r—–. 1 root named 152 Jun 21 2007 named.localhost
-rw-r—–. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx—. 2 named named 6 Sep 2 2015 slaves
-rw-r—–. 1 root named 288 Apr 15 03:18 westos.com.ptr
-rw-r—–. 1 root root 333 Apr 15 04:31 westos.com.zone
[root@server named]# chgrp named westos.com.zone
[root@server named]# ls -l
total 24
drwxrwx—. 2 named named 22 Apr 15 01:18 data
drwxrwx—. 2 named named 30 Apr 15 04:40 dynamic
-rw-r—–. 1 root named 2076 Jan 28 2013 named.ca
-rw-r—–. 1 root named 152 Dec 15 2009 named.empty
-rw-r—–. 1 root named 152 Jun 21 2007 named.localhost
-rw-r—–. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx—. 2 named named 6 Sep 2 2015 slaves
-rw-r—–. 1 root named 288 Apr 15 03:18 westos.com.ptr
-rw-r—–. 1 root named 333 Apr 15 04:31 westos.com.zone
[root@server mnt]#chmod 775 westos.com.zone -R
[root@server mnt]# dnssec-keygen –help
dnssec-keygen: invalid argument –
Usage:
dnssec-keygen [options] name
Version: 9.9.4-RedHat-9.9.4-29.el7
name: owner of the key
Options:
-K : write keys into directory
-a :
RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1 | NSEC3DSA |
RSASHA256 | RSASHA512 | ECCGOST |
ECDSAP256SHA256 | ECDSAP384SHA384 |
DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |
HMAC-SHA384 | HMAC-SHA512
(default: RSASHA1, or NSEC3RSASHA1 if using -3)
-3: use NSEC3-capable algorithm
-b :
RSAMD5: [512..4096]
RSASHA1: [512..4096]
NSEC3RSASHA1: [512..4096]
RSASHA256: [512..4096]
RSASHA512: [1024..4096]
DH: [128..4096]
DSA: [512..1024] and divisible by 64
NSEC3DSA: [512..1024] and divisible by 64
ECCGOST: ignored
ECDSAP256SHA256: ignored
ECDSAP384SHA384: ignored
HMAC-MD5: [1..512]
HMAC-SHA1: [1..160]
HMAC-SHA224: [1..224]
HMAC-SHA256: [1..256]
HMAC-SHA384: [1..384]
HMAC-SHA512: [1..512]
(if using the default algorithm, key size
defaults to 2048 for KSK, or 1024 for all others)
-n : ZONE | HOST | ENTITY | USER | OTHER
(DNSKEY generation defaults to ZONE)
-c : (default: IN)
-d (0 => max, default)
-E :
name of an OpenSSL engine to use
-f : KSK | REVOKE
-g : use specified generator (DH only)
-L : default key TTL
-p : (default: 3 [dnssec])
-r : a file containing random data
-s : strength value this key signs DNS records with (default: 0)
-T : DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0))
-t : AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF)
-h: print usage and exit
-m :
usage | trace | record | size | mctx
-v : set verbosity level (0 - 10)
Timing options:
-P date/[+-]offset/none: set key publication date (default: now)
-A date/[+-]offset/none: set key activation date (default: now)
-R date/[+-]offset/none: set key revocation date
-I date/[+-]offset/none: set key inactivation date
-D date/[+-]offset/none: set key deletion date
-G: generate key only; do not set -P or -A
-C: generate a backward-compatible key, omitting all dates
-S : generate a successor to an existing key
-i : prepublication interval for successor key (default: 30 days)
Output:
K++.key, K++.private
[root@server mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+34053
[root@server mnt]# ls
Kwestos.+157+34053.key Kwestos.+157+34053.private westos.com.zone
[root@server mnt]# cat Kwestos.+157+34053.key
westos. IN KEY 512 3 157 1JWQOS7F31qiP6VnUwFx0A==
[root@server mnt]# cp /etc/rndc.key /etc/westos.key -P (-P 連同屬性一起復制)
[root@server mnt]# vim /etc/westos.key
key “westos” { (鑰匙名稱)
algorithm hmac-md5;
secret “1JWQOS7F31qiP6VnUwFx0A==”; (密鑰)
};
:wq
[root@server named]# vim /etc/named.conf
session-keyfile “/run/named/session.key”;
};
include “/etc/westos.key”; 添加這一行
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
[root@server mnt]# vim /etc/named.rfc1912.zones
19 zone “localhost” IN {
20 type master;
21 file “named.localhost”;
22 allow-update { none; };
23 };
24
25 zone “westos.com” IN {
26 type master;
27 file “westos.com.zone”;
28 allow-update { key westos; }; (允許用密鑰更新)
29 allow-transfer { 172.25.254.156; };
30 };
[root@server mnt]#systemctl restart named
[root@server mnt]# ls
Kwestos.+157+34053.key Kwestos.+157+34053.private westos.com.zone
[root@server mnt]# scp Kwestos.+157+34053.* [email protected]:/mnt/ (把鑰匙發給客戶端)
The authenticity of host ‘172.25.254.156 (172.25.254.156)’ can’t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.25.254.156’ (ECDSA) to the list of known hosts.
[email protected]’s password:
Kwestos.+157+34053.key 100% 50 0.1KB/s 00:00
Kwestos.+157+34053.private 100% 165 0.2KB/s 00:00
客戶端
[root@client ~]# cd /mnt/
[root@client mnt]# ls
Kwestos.+157+34053.key Kwestos.+157+34053.private
[root@client mnt]# nsupdate -k Kwestos.+157+34053.private
server 172.25.254.200
update add westos.westos.com 86400 A 172.25.254.156
send
ddn花生格(高速緩存dns)
[root@server ~]# yum install dhcp -y
[root@server ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
[root@server ~]# vim /etc/dhcp/dhcpd.conf
6 # option definitions common to all supported networks…
7 option domain-name “westos.com”;
8 option domain-name-servers 172.25.254.200;
9
10 default-lease-time 600;
14 ddns-update-style interim; 去掉前面#
27 #subnet 10.152.187.0 netmask 255.255.255.0 {
28 #} 刪除或者註釋掉27 28行
29
30 # This is a very basic subnet declaration.
31
32 subnet 172.25.254.0 netmask 255.255.255.0 {
33 range 172.25.254.80 172.25.254.100;
34 option routers 172.25.254.254;
35 }
36
[root@server ~]# systemctl restart dhcpd
測試端
刪除通過nmtui設置另外一臺主機自動獲取
[root@client Desktop ~]#systemctl restart network
[root@client Desktop ~]# ifconfig
eth0: flags=4163