############更改default.target的鏈接源爲reboot.target############
reboot.target ##init6
修復方法:
rm -fr /etc/systemd/system/default.target
ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
####################
[root@localhost ~]# cd /etc/systemd/system/
[root@localhost system]# ll default.target
lrwxrwxrwx. 1 root root 40 Jul 10 2014 default.target -> /usr/lib/systemd/system/graphical.target
[root@localhost system]# rm -fr default.target
[root@localhost system]# ln -s /usr/lib/systemd/system/reboot.target /etc/systemd/system/default.target
[root@localhost system]# reboot
>重啓後,系統在加載過程中提示以下信息
[ 4.853749] systemd[1]: Successfully loaded SELinux policy in 259.768ms.
[ 4.937647] systemd[1]: Relabelled /dev and /run in 21.891ms.
[ 65.190274] systemd[1]: Job systemd-readahead-done.timer/start deleted to break ordering cycle starting with reboot.target/stop
>然後重新啓動,一直循環下去
>Force Off虛擬機,然後再次開啓
>在系統選擇界面按"上/下"鍵中止啓動,選中第一個標題,按"e"鍵
--------------------------------------------------
方法1:
將倒數第二行從"ro"開始至行尾全部刪除,更改爲:
rw rd.break ##"rd.break"作用是打斷初始化進程
方法2:
將倒數第二行從"root="開始至行尾全部刪除,更改爲:
root=/dev/vda1 rw rd.break
--------------------------------------------------
>按"ctrl+x"啓動設定
switch_root:/# chroot /sysroot/
sh-4.2# rm -fr /etc/systemd/system/default.target
sh-4.2# ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
sh-4.2# exit
exit
switch_root:/#exit
系統繼續啓動進入圖形登陸界面
系統恢復正常!!!
####################
############更改default.target的鏈接源爲poweroff.target############
poweroff.target ##init0
修復方法:
rm -fr /etc/systemd/system/default.target
ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
####################
[root@localhost ~]# cd /etc/systemd/system/
[root@localhost system]# ll default.target
lrwxrwxrwx. 1 root root 40 Nov 23 20:53 default.target -> /usr/lib/systemd/system/graphical.target
[root@localhost system]# rm -fr default.target
[root@localhost system]# ln -s /usr/lib/systemd/system/poweroff.target /etc/systemd/system/default.target
[root@localhost system]# reboot
>重啓後,系統在加載過程中提示以下信息
[ 4.254761] systemd[1]: Successfully loaded SELinux policy in 262.500ms.
[ 4.332879] systemd[1]: Relabelled /dev and /run in 31.580ms.
[ 64.585223] systemd[1]: Breaking ordering cycle by deleting job systemd-readahead-done.timer/start
[ 124.594733] systemd[1]: Job systemd-readahead-done.timer/start deleted to break ordering cycle starting with poweroff.target/stop
>然後系統關機
>Force Off虛擬機,然後再次開啓
>在系統選擇界面按"上/下"鍵中止啓動,選中第一個標題,按"e"鍵
--------------------------------------------------
方法1:
將倒數第二行從"ro"開始至行尾全部刪除,更改爲:
rw rd.break ##"rd.break"作用是打斷初始化進程
方法2:
將倒數第二行從"root="開始至行尾全部刪除,更改爲:
root=/dev/vda1 rw rd.break
--------------------------------------------------
>按"ctrl+x"啓動設定
switch_root:/# chroot /sysroot/
sh-4.2# rm -fr /etc/systemd/system/default.target
sh-4.2# ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
sh-4.2# exit
exit
switch_root:/#exit
系統繼續啓動進入圖形登陸界面
系統恢復正常!!!
####################
####################修改密碼####################
修復方法:
chroot /sysroot/
passwd
touch /.autorelabel
chroot /mnt/sysimage
passwd
####################
[root@localhost ~]# reboot
>在系統選擇界面按"上/下"鍵中止啓動,選中第一個標題,按"e"鍵
--------------------------------------------------
方法1:
將倒數第二行從"ro"開始至行尾全部刪除,更改爲:
rw rd.break ##"rd.break"作用是打斷初始化進程
方法2:
將倒數第二行從"root="開始至行尾全部刪除,更改爲:
root=/dev/vda1 rw rd.break
--------------------------------------------------
>按"ctrl+x"啓動設定
switch_root:/# chroot /sysroot/
sh-4.2# whoami
root
sh-4.2# passwd
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.2# touch /.autorelabel ##讓selinux重新檢測
##缺少了這一步,進不去圖形
##即使關閉了selinux,這一步也要寫。否則一旦再次打開selinux並重啓,還是進不去圖形
sh-4.2# exit
exit
switch_root:/#exit
系統繼續啓動進入圖形登陸界面
>如果之前沒有關閉selinux,這裏會啓動的比較慢。因爲要等待一個100%的進度,然後再次重啓
系統恢復正常!!!
注意:進入挽救模式也可以修改密碼,但是需要pxe或者光盤,不方便
####################
####################刪除/bin/bash####################
修復方法:
cp /bin/bash /sysroot/bin/
chroot /sysroot/
touch /.autorelabel
chroot /mnt/sysimage
cp /bin/bash /mnt/sysimage/bin/
####################
[root@localhost ~]# rm -fr /bin/bash
[root@localhost ~]# reboot
>重啓後,系統在加載過程中出現很多[FAILED],然後卡住不動
>Force Off虛擬機,然後再次開啓
>在系統選擇界面按"上/下"鍵中止啓動,選中第一個標題,按"e"鍵
--------------------------------------------------
方法1:
將倒數第二行從"ro"開始至行尾全部刪除,更改爲:
rw rd.break ##"rd.break"作用是打斷初始化進程
方法2:
將倒數第二行從"root="開始至行尾全部刪除,更改爲:
root=/dev/vda1 rw rd.break
--------------------------------------------------
>按"ctrl+x"啓動設定
switch_root:/# chroot /sysroot/
chroot: failed to run command '/bin/sh': No such file or directory
switch_root:/# ls /bin/bash
/bin/bash
switch_root:/# ls /sysroot/bin/bash
ls: cannot access /sysroot/bin/bash: No such file or directory
switch_root:/# cp /bin/bash /sysroot/bin/
switch_root:/# ls /sysroot/bin/bash
/sysroot/bin/bash
switch_root:/# chroot /sysroot/
sh-4.2# touch /.autorelabel ##讓selinux重新檢測
##缺少了這一步,進不去圖形
##即使關閉了selinux,這一步也要寫。否則一旦再次打開selinux並重啓,還是進不去圖形
sh-4.2# exit
exit
switch_root:/# exit
系統繼續啓動進入圖形登陸界面
>如果之前沒有關閉selinux,這裏會啓動的比較慢。因爲要等待一個100%的進度,然後再次重啓
系統恢復正常!!!
注意:進入挽救模式也可以修復,但是需要pxe或者光盤,不方便
####################
####################
##### DNS #####
####################
####################1.DNS高速緩存####################
dig命令用於檢測dns,能否回答你的問題
[root@foundation50 Desktop]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12257 ##NOERROR表示查詢成功
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 760 IN CNAME www.a.shifen.com.
www.a.shifen.com. 269 IN A 61.135.169.125
www.a.shifen.com. 269 IN A 61.135.169.121
;; Query time: 1006 msec ##響應時間
;; SERVER: 221.11.1.67#53(221.11.1.67) ##DNS服務器的IP地址和端口號
;; WHEN: Thu Nov 24 14:47:35 CST 2016
;; MSG SIZE rcvd: 101
真機的配置:
yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewalld
vim /etc/named.conf
--------------------------------------------------
11 listen-on port 53 { any; };
17 allow-query { any; };
18 forwarders { 221.11.1.67; };
32 dnssec-validation no;
:wq
--------------------------------------------------
systemctl restart named
[root@dns-server ~]# yum install bind -y
......
[root@dns-server ~]# systemctl status named
named.service - Berkeley Internet Name Domain (DNS) ##伯克利分校
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
Active: inactive (dead)
[root@dns-server ~]# systemctl enable named
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
[root@dns-server ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@dns-server ~]# cat /etc/bind.key
cat: /etc/bind.key: No such file or directory
[root@dns-server ~]# systemctl start named
##注意此服務第一次啓動的時候,需要搖搖鼠標或者敲敲鍵盤,否則命令行就會一直停留在等待狀態
--------------------------------------------------
這裏涉及到密碼產生的機制:
cat /dev/random
>每當搖動鼠標或者敲擊鍵盤時,命令行都會產生額外的輸出,這就是隨機數的產生
>當/dev/random不能產生新的隨機數時就會阻塞程序
--------------------------------------------------
[root@dns-server ~]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "nPK+d7fPFBw+EXM1Rz4zCg==";
};
[root@dns-server ~]# firewall-cmd --permanent --add-service=dns
success
[root@dns-server ~]# firewall-cmd --reload
success
[root@client ~]# vim /etc/resolv.conf
--------------------------------------------------
4 nameserver 172.25.50.200
:wq
--------------------------------------------------
[root@client ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@dns-server ~]# netstat --help
--------------------------------------------------
-a, --all display all sockets (default: connected) ##所有
-n, --numeric don't resolve names ##不解析
-l, --listening display listening server sockets ##正在被監聽
-p, --programs display PID/Program name for sockets ##進程名字
-e, --extend display other/more information ##擴展信息
<Socket>={-t|--tcp} {-u|--udp}
--------------------------------------------------
[root@dns-server ~]# netstat -antulpe | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 73918 31073/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 73911 31073/named
tcp6 0 0 ::1:953 :::* LISTEN 25 73919 31073/named
tcp6 0 0 ::1:53 :::* LISTEN 25 73913 31073/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 25 73910 31073/named
udp6 0 0 ::1:53 :::* 25 73912 31073/named
##只開放了環回地址的53端口
[root@dns-server ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@dns-server ~]# vim /etc/named.conf
--------------------------------------------------
11 listen-on port 53 { any; }; ##表示所有interface都開放53端口
:wq
--------------------------------------------------
[root@dns-server ~]# systemctl restart named
[root@dns-server ~]# netstat -antulpe | grep named | grep 172.25.50.200
tcp 0 0 172.25.50.200:53 0.0.0.0:* LISTEN 25 96283 741/named
udp 0 0 172.25.50.200:53 0.0.0.0:* 25 96282 741/named
##開放了eth0上172.25.50.200的53端口
[root@client ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 8190 ##REFUSED表示拒絕
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 2 msec
;; SERVER: 172.25.50.200#53(172.25.50.200) ##DNS服務器是dns-server
;; WHEN: Thu Nov 24 04:09:31 EST 2016
;; MSG SIZE rcvd: 42
[root@dns-server ~]# vim /etc/named.conf
--------------------------------------------------
17 allow-query { any; }; ##表示回答所有人的問題
:wq
--------------------------------------------------
[root@dns-server ~]# systemctl restart named
[root@client ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35504 ##SERVFAIL表示不知道
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 2 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 04:15:30 EST 2016
;; MSG SIZE rcvd: 42
[root@dns-server ~]# vim /etc/named.conf
--------------------------------------------------
18 forwarders { 172.25.50.250; }; ##表示緩存誰的答案
32 dnssec-validation no; ##非權威,內部測試用
:wq
--------------------------------------------------
[root@dns-server ~]# systemctl restart named
[root@client ~]# dig www.firefox.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.firefox.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36167 ##NOERROR表示查詢成功
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 16
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.firefox.com. IN A
;; ANSWER SECTION:
www.firefox.com. 242 IN CNAME firefox.com.
firefox.com. 60 IN A 63.245.213.24
;; AUTHORITY SECTION:
com. 172657 IN NS g.gtld-servers.net.
com. 172657 IN NS l.gtld-servers.net.
com. 172657 IN NS h.gtld-servers.net.
com. 172657 IN NS c.gtld-servers.net.
com. 172657 IN NS e.gtld-servers.net.
com. 172657 IN NS i.gtld-servers.net.
com. 172657 IN NS k.gtld-servers.net.
com. 172657 IN NS a.gtld-servers.net.
com. 172657 IN NS j.gtld-servers.net.
com. 172657 IN NS f.gtld-servers.net.
com. 172657 IN NS b.gtld-servers.net.
com. 172657 IN NS m.gtld-servers.net.
com. 172657 IN NS d.gtld-servers.net.
;; ADDITIONAL SECTION:
a.gtld-servers.net. 32653 IN A 192.5.6.30
a.gtld-servers.net. 32653 IN AAAA 2001:503:a83e::2:30
h.gtld-servers.net. 67767 IN A 192.54.112.30
f.gtld-servers.net. 79561 IN A 192.35.51.30
b.gtld-servers.net. 34019 IN A 192.33.14.30
b.gtld-servers.net. 77812 IN AAAA 2001:503:231d::2:30
d.gtld-servers.net. 78716 IN A 192.31.80.30
m.gtld-servers.net. 74109 IN A 192.55.83.30
i.gtld-servers.net. 67562 IN A 192.43.172.30
e.gtld-servers.net. 75957 IN A 192.12.94.30
g.gtld-servers.net. 31250 IN A 192.42.93.30
j.gtld-servers.net. 78708 IN A 192.48.79.30
l.gtld-servers.net. 78658 IN A 192.41.162.30
c.gtld-servers.net. 74833 IN A 192.26.92.30
k.gtld-servers.net. 67562 IN A 192.52.178.30
;; Query time: 150 msec
;; SERVER: 172.25.50.200#53(172.25.50.200) ##DNS服務器是dns-server
;; WHEN: Thu Nov 24 04:42:36 EST 2016
;; MSG SIZE rcvd: 562
[root@client ~]# dig www.firefox.com | grep "Query time"
;; Query time: 1 msec ##響應時間1秒,實現高速緩存
####################2.DNS附加內容####################
CNAME 別名,比如www.a.shifen.com.至www.baidu.com.
PTR 反向解析
MX 域裏面的郵件服務器
NS nameserver
SOA 授權起始,dns區域的管理信息
QUESTION ##提出實際的DNS查詢
ANSWER ##響應(如果有)
AUTHORITY ##負責域/區域的名稱服務器
ADDITIONAL ##提供的其他信息,通常是關於名稱服務器
. ##根域名,全世界一共13臺根域名服務器
.com .net .edu .cn .org等 ##頂級域名或者一級域名
=====域名解析=====
[root@dns-server named]# vim /etc/named.conf
--------------------------------------------------
/發現
56 include "/etc/named.rfc1912.zones";
--------------------------------------------------
[root@dns-server ~]# vim /etc/named.rfc1912.zones
--------------------------------------------------
/19行按下"y6y",24行按下"p",修改25行和27行
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 };
:wq
--------------------------------------------------
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# ll
total 16
drwxrwx---. 2 named named 22 Nov 24 02:58 data
drwxrwx---. 2 named named 58 Nov 24 21:08 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
[root@dns-server named]# cp -p named.localhost westos.com.zone
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
1 $TTL 1D ##"1D"表示一天
2 @ IN SOA dns.westos.com. root.westos.com. ( ##@表示域名(即westos.com)
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.50.200
10 www A 172.25.50.201
:wq
--------------------------------------------------
##以上的域名必須以"."來結尾,否則就默認加上".westos.com"後綴
##第二行的"root.westos.com."是給打開這個文件的人看的。可以不改,保留爲原來的"rname.invalid."
[root@dns-server named]# systemctl restart named
>如果出現以下提示:
Job for named.service failed. See 'systemctl status named.service' and 'journalctl -xn' for details.
使用以下命令排查:
> /var/log/messages
systemctl restart named
cat /var/log/messages
[root@client ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4229
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.50.201 ##地址解析成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 23:25:03 EST 2016
;; MSG SIZE rcvd: 93
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
/添加
11 www A 172.25.50.202
:wq
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@client ~]# dig www.westos.com | grep www.westos.com.
;www.westos.com. IN A
www.westos.com. 86400 IN A 172.25.50.201
www.westos.com. 86400 IN A 172.25.50.202
[root@client ~]# dig www.westos.com | grep www.westos.com.
;www.westos.com. IN A
www.westos.com. 86400 IN A 172.25.50.202
www.westos.com. 86400 IN A 172.25.50.201
##一個域名對應兩個IP地址,解析的時候就會以輪巡的方式解析
=====CNAME解析=====
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
/添加
12 bbs CNAME www.westos.com.
:wq
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@client ~]# dig bbs.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> bbs.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23454
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.westos.com. IN A
;; ANSWER SECTION:
bbs.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.50.202
www.westos.com. 86400 IN A 172.25.50.201 ##先別名解析,後地址解析
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 23:28:47 EST 2016
;; MSG SIZE rcvd: 127
=====MX解析=====
[root@foundation50 Desktop]# dig -t mx qq.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t mx qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39196
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qq.com. IN MX
;; ANSWER SECTION:
qq.com. 5415 IN MX 30 mx1.qq.com.
qq.com. 5415 IN MX 10 mx3.qq.com.
qq.com. 5415 IN MX 20 mx2.qq.com.
;; Query time: 260 msec
;; SERVER: 221.11.1.67#53(221.11.1.67)
;; WHEN: Fri Nov 25 11:49:21 CST 2016
;; MSG SIZE rcvd: 95
[root@client ~]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36424
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; AUTHORITY SECTION:
westos.com. 10800 IN SOA dns.westos.com. root.westos.com. 0 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 23:29:45 EST 2016
;; MSG SIZE rcvd: 84
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
/添加
13 westos.com. MX 1 172.25.50.200.
:wq
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@client ~]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1672
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.50.200. ##解析成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 23:30:25 EST 2016
;; MSG SIZE rcvd: 102
[root@client ~]# mail [email protected]
Subject: 111
222
EOT
[root@client ~]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
92C6F17E864 430 Thu Nov 24 23:32:34 [email protected]
(connect to 172.25.50.200[172.25.50.200]:25: No route to host)
[email protected]
-- 0 Kbytes in 1 Request.
##未發送成功,郵件傳輸之後會講
=====反向解析=====
反向解析和正向解析沒有一毛錢關係
[root@client ~]# dig -x 172.25.254.200
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5704 ##不存在此名稱
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;200.254.25.172.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
25.172.in-addr.arpa. 86400 IN SOA 25.172.in-addr.arpa. . 0 28800 7200 604800 86400
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 01:30:13 EST 2016
;; MSG SIZE rcvd: 91
[root@dns-server named]# vim /etc/named.rfc1912.zones
--------------------------------------------------
/25行按下"y6y",42行按下"p",修改43行和45行
43 zone "254.25.172.in-addr.arpa" IN {
44 type master;
45 file "westos.com.ptr";
46 allow-update { none; };
47 };
:wq
--------------------------------------------------
[root@dns-server named]# cp -p named.localhost westos.com.ptr
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. ( ##"@"表示254.25.172
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 A 172.25.254.200
10 222 PTR www.westos.com.
11 200 PTR www.hello.com.
:wq
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@client ~]# dig -x 172.25.254.200
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;200.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
200.254.25.172.in-addr.arpa. 86400 IN PTR www.hello.com. ##反向解析成功
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 2 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 01:45:54 EST 2016
;; MSG SIZE rcvd: 124
[root@client ~]# dig -x 172.25.254.222
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40119
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
222.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com. ##反向解析成功
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 2 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 01:51:26 EST 2016
;; MSG SIZE rcvd: 118
=====雙向解析=====
[root@dns-server named]# cp -p westos.com.zone westos.com.inter
[root@dns-server named]# vim westos.com.inter
--------------------------------------------------
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.0.200
10 www A 172.25.0.201
11 www A 172.25.0.202
12 bbs CNAME www.westos.com.
13 westos.com. MX 1 172.25.0.200.
:wq
--------------------------------------------------
[root@dns-server named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
[root@dns-server named]# vim /etc/named.rfc1912.zones.inter
--------------------------------------------------
27 file "westos.com.inter";
:wq
--------------------------------------------------
[root@dns-server named]# man 5 named.conf
--------------------------------------------------
VIEW
view string optional_class {
match-clients { address_match_element; ... };
--------------------------------------------------
/複製
[root@dns-server named]# vim /etc/named.conf
--------------------------------------------------
50 /*zone "." IN {
51 type hint;
52 file "named.ca";
53 };
54
55 include "/etc/named.rfc1912.zones";
56 include "/etc/named.root.key";
57 */
58 view localnet {
59 match-clients { 172.25.50.100/32; };
60 zone "." IN {
61 type hint;
62 file "named.ca";
63 };
64
65 include "/etc/named.rfc1912.zones";
66 };
67
68 view internet {
69 match-clients { any; };
70 zone "." IN {
71 type hint;
72 file "named.ca";
73 };
74
75 include "/etc/named.rfc1912.zones.inter";
76 };
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@dns-server named]# vim /etc/resolv.conf
--------------------------------------------------
4 nameserver 172.25.50.200
:wq
--------------------------------------------------
[root@dns-server named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8562
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.0.202
www.westos.com. 86400 IN A 172.25.0.201 ##第三位是0
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.0.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 02:15:32 EST 2016
;; MSG SIZE rcvd: 109
[root@client ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60150
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.50.202
www.westos.com. 86400 IN A 172.25.50.201 ##第三位是50
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 02:14:09 EST 2016
;; MSG SIZE rcvd: 109