###dns###
一.dns設定
1.首先搭建dns環境
主極端 定爲server用戶
yum install bind -y安裝bind服務
systemctl enable named開機自啓
systemctl start named啓動服務
firewall-cmd --permanent --add-service=dns永久添加dns服務
firewall-cmd --reload
netstat -antulpe | grep named 查看服務端口
vim /etc/named.conf
options {
listen-on port 53 { any; };設定開放端口參數爲any,對所有interface都開放
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };回答所有人的提問
dnssec-enable yes;
dnssec-validation no;改原有參數yes爲no
dnssec-lookaside auto;
systemctl restart named重啓服務
客戶端 定爲desktop用戶
vim /etc/resolv.conf
添加:
nameserver 172.25.254.2
systemctl restart network
2.正向解析(將域名解析爲ip)
cd /var/named
cp -p named.localhost westos.com.zone
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.10
[root@server-dns ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
@表示的時zone,如果此處不加表示自動補充域名
[root@server-dns ~]# systemctl restart named重啓服務
3.反向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.comNaNr";
allow-update { none; };
};
[root@server-dns ~]# cd /var/named/
[root@server-dns named]# ls
data linux.com.zone named.empty named.loopback westos.com.zone
dynamic named.ca named.localhost slaves
[root@server-dns named]# cp -p named.loopback westos.comNaNr
[root@server-dns named]# ls
data linux.com.zone named.empty named.loopback westos.comNaNr
dynamic named.ca named.localhost slaves westos.com.zone
[root@server-dns named]# vim westos.comNaNr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
A 172.25.254.2
2 PTR www.westos.com.
10 PTR www.hello.com.
[root@server-dns named]# systemctl restart named
[root@server-dns named]# dig -x 172.25.254.10
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53718
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
10.254.25.172.in-addr.arpa. 86400 INPTRwww.hello.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.2
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:03:43 EST 2016
;; MSG SIZE rcvd: 123
4.雙向解析
[root@server-dns ~]# cd /var/named/
[root@server-dns named]# cp -p westos.com.zone westos.com.inter
[root@server-dns named]# vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.0.2
www A 172.25.0.10
www A 172.25.0.11
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.0.2
~
[root@server-dns ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
[root@server-dns ~]# vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
[root@server-dns ~]# vim /etc/named.conf
/* 註釋
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/ 註釋
view localnet {
match-clients {172.25.254.2;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};##添加內網客戶端
view internet {
match-clients {any;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones.inter"
};##添加外網客戶端
[root@server-dns named]# dig bbs.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> bbs.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22651
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.westos.com.INA
;; ANSWER SECTION:
bbs.westos.com.86400INCNAMEwww.westos.com.
www.westos.com.86400INA172.25.0.11
www.westos.com.86400INA172.25.0.10
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:22:05 EST 2016
;; MSG SIZE rcvd: 127
[root@server-dns named]# dig -x 172.25.254.2
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65404
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
2.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:21:03 EST 2016
;; MSG SIZE rcvd: 116
每次編輯named相關文件都要重啓服務
systemctl restart named
二.DNS集羣部署
1.輔助dns環境的搭建
[root@client-dns ~]# yum install bind -y
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
[root@client-dns ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation no;
dnssec-lookaside auto;
[root@client-dns ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters {172.25.254.2;};
file "slaves/westos.com.zone";
allow-update { none; };
};
[root@client-dns ~]# vim /etc/resolv.conf
nameserver 172.25.254.2
[root@client-dns ~]# systemctl restart named
[root@client-dns ~]# systemctl stop firewalld.service
2.主dns環境搭建
[root@server-dns named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
allow-transfr { 172.25.254.1; };
};
[root@server-dns named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.10
www A 172.25.254.11
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.254.2.
~
在輔助DNS裏
[root@client-dns ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26526
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.0.11
www.westos.com.86400INA172.25.0.10
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 172.25.254.2#53(172.25.254.2)
;; WHEN: Wed Dec 07 08:02:42 EST 2016
;; MSG SIZE rcvd: 109
輔助dns自動獲取主dns數據
[root@server-dns named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.1; };
allow-transfer { 172.25.254.1; };
also-notify { 172.25.254.1; };
};
[root@server-dns named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
2016120701 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.19
www A 172.25.254.15
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.254.2.
輔助dns
[root@client-dns ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40888
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.0.19
www.westos.com.86400INA172.25.0.15
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 2 msec
;; SERVER: 172.25.254.2#53(172.25.254.2)
;; WHEN: Wed Dec 07 08:25:14 EST 2016
;; MSG SIZE rcvd: 109
遠程修改DNS服務
主dns
[root@server-dns named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 17.25.254.1; };
allow-transfer { 172.25.254.1; };
also-notify { 172.25.254.1; };
};
[root@server-dns named]# chmod 770 /var/named/
[root@server-dns named]# setenforce 0
[root@server-dns named]# cp -p westos.com.zone /mnt/
[root@server-dns named]# systemctl restart named
輔助dns
[root@client-dns ~]# nsupdate
> server 172.25.254.2
> update delete www.westos.com
> send
> quit
主dns上dig www.westos.com
[root@server-dns named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36467
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
輔助dns上
[root@client-dns ~]# nsupdate
> server 172.25.254.1
> update add www.hello.com 86400 A 172.25.254.2
> send
> quit
主dns上可以dig到
此時/var/named/ 生成了westos.com.zone.jnl
rm -fr westos.com.zone.jnl
cp -p /mnt/westos.com.zone .
重啓named
密鑰遠程修改dns服務
[root@server-dns mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+21093
-a 選擇生成密鑰文件的算法,這裏文件用的
-b 指定密鑰中的字節數
-n 指定密鑰文件的所有者類型
[root@server-dns mnt]# ls
Kwestos.+157+21093.key Kwestos.+157+21093.private westos.com.zone
[root@server-dns mnt]# cat Kwestos.+157+21093.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: Myy/LN4Ko4lon2JzPFHRdg==
Bits: AAA=
Created: 20161207165114
Publish: 20161207165114
Activate: 20161207165114
[root@server-dns mnt]# cat Kwestos.+157+21093.key
westos. IN KEY 512 3 157 Myy/LN4Ko4lon2JzPFHRdg==
[root@server-dns mnt]# vim /etc/westos.key
[root@server-dns mnt]# cat /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "Myy/LN4Ko4lon2JzPFHRdg==";
};
[root@server-dns mnt]# systemctl restart named
43 include "/etc/westos.key"
[root@server-dns mnt]# ls
Kwestos.+157+21093.key Kwestos.+157+21093.private westos.com.zone
[root@server-dns mnt]# scp Kwestos.+157+21093.* [email protected]
[root@server-dns mnt]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify { 172.25.254.1; };
};
[root@server-dns mnt]# systemctl restart named
在輔助dns端
[root@client-dns ~]# nsupdate -k /mnt/Kwestos.+157+21093.private
> server 172.25.254.2
> update add www.hello.com 86400 A 172.25.254.10
> send
> quit
dhcp服務自動配置dns服務(ddns)
“花生殼”
主dns
[root@server-dns ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[root@server-dns ~]# /etc/dhcp/dhcpd.conf
[root@server-dns ~]# systemctl restart named
輔助dns
[root@client-dns ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
IPADDR=172.25.254.1
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
[root@client-dns ~]# systemctl restart network
[root@client-dns ~]# vim /etc/resolv.conf
nameserver 172.25.254.2