#####高速缓存dns#####
服务端:
[[email protected] ~]# yum search dns ###安装dns####
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
=============================== N/S matched: dns ===============================
dnsmasq.x86_64 : A lightweight DHCP/caching DNS server
dnssec-trigger.x86_64 : NetworkManager plugin to update/reconfigure DNSSEC
: resolving
kdenetwork-kdnssd.x86_64 : Kdnssd
ldns.i686 : Low-level DNS(SEC) library with API
ldns.x86_64 : Low-level DNS(SEC) library with API
perl-Net-DNS.x86_64 : DNS resolver modules for Perl
python-dns.noarch : DNS toolkit for Python
bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System)
: server
bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS server,
: named(8)
bind-libs.i686 : Libraries used by the BIND DNS packages
bind-libs.x86_64 : Libraries used by the BIND DNS packages
bind-libs-lite.i686 : Libraries for working with the DNS protocol
bind-libs-lite.x86_64 : Libraries for working with the DNS protocol
bind-license.noarch : License of the BIND DNS suite
bind-utils.x86_64 : Utilities for querying DNS name servers
c-ares.i686 : A library that performs asynchronous DNS operations
c-ares.x86_64 : A library that performs asynchronous DNS operations
seahorse-sharing.x86_64 : Sharing of PGP public keys via DNS-SD and HKP
unbound.x86_64 : Validating, recursive, and caching DNS(SEC) resolver
Name and summary matches only, use "search all" for everything.
[[email protected] ~]# yum install bind.x86_64 -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-14.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bind x86_64 32:9.9.4-14.el7 rhel_dvd 1.8 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Downloading packages:
bind-9.9.4-14.el7.x86_64.rpm | 1.8 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-9.9.4-14.el7.x86_64 1/1
Verifying : 32:bind-9.9.4-14.el7.x86_64 1/1
Installed:
bind.x86_64 32:9.9.4-14.el7
Complete!
[[email protected] ~]# systemctl stop firewalld.service
[[email protected] ~]# ll /etc/rndc.key ###在没有开启named服务的时候,该文件不存在#####
ls: cannot access /etc/rndc.key: No such file or directory
[[email protected] ~]# systemctl start named ###开启服务,若是许久没有开启可能是字符不够,在虚拟机上随便输入几个字符####
[[email protected] ~]# ll /etc/rndc.key
-rw-r-----. 1 root named 77 May 5 22:13 /etc/rndc.key
[[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; ###回环接口不与外界交互,改成any###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; ###允许任何人连###
forwarders {172.25.254.250;}; ####如果高速缓存dns找不到就到172.25.254.250找####
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
@
[[email protected] ~]# systemctl restart named ###重启服务###
客户端:
[[email protected] ~]# vim /etc/resolv.conf ###在里面指明dns服务器###
# Generated by NetworkManager
search example.com
nameserver 172.25.254.112 ###dns服务器(服务端)为172.25.254.112####
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
[[email protected] ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47262
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com.INA
;; ANSWER SECTION:
www.baidu.com.376INCNAMEwww.a.shifen.com.
www.a.shifen.com.300INA183.232.231.172
www.a.shifen.com.300INA183.232.231.173
;; AUTHORITY SECTION:
.513219INNSk.root-servers.net.
.513219INNSc.root-servers.net.
.513219INNSa.root-servers.net.
.513219INNSg.root-servers.net.
.513219INNSi.root-servers.net.
.513219INNSh.root-servers.net.
.513219INNSm.root-servers.net.
.513219INNSe.root-servers.net.
.513219INNSf.root-servers.net.
.513219INNSb.root-servers.net.
.513219INNSl.root-servers.net.
.513219INNSd.root-servers.net.
.513219INNSj.root-servers.net.
;; Query time: 349 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri May 05 22:17:05 EDT 2017
;; MSG SIZE rcvd: 312
####构造dns###
服务端:
[[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
[[email protected] ~]# cd /var/named/
[[email protected] named]# ll
total 20
drwxrwx---. 2 named named 22 May 5 22:13 data
drwxrwx---. 2 named named 30 May 5 23:30 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
-rw-r-----. 1 root named 349 May 5 23:29 westos.com.zone
[[email protected] named]# cp -p named.localhost westos.com.zone
[[email protected] named]# vim westos.com.zone ###编写A记录文件####
$TTL 1D
@ ##(之后的内容为westos.com) IN SOA dns.westos.com. root.westos.com. (
即/etc/named.conf里面引号内内容
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.112
www A 172.25.254.212
[[email protected] named]# systemctl restart named
客户端:
[[email protected] ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 172.25.254.112
[[email protected] ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29432
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.254.212
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri May 05 23:14:27 EDT 2017
;; MSG SIZE rcvd: 93
#####CNAME,MX#####
服务器:
[[email protected] ~]# vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.112
www A 172.25.254.212
music CNAME music.a.westos.com.
music.a A 172.25.254.111
music.a A 172.25.254.222
westos.com. MX 1 172.25.254.100.
~
[[email protected] ~]# systemctl restart named
[[email protected] ~]#
客户端:
[[email protected] ~]# dig music.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> music.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14025
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;music.westos.com.INA
;; ANSWER SECTION:
music.westos.com.86400INCNAMEmusic.a.westos.com.
music.a.westos.com.86400INA172.25.254.111
music.a.westos.com.86400INA172.25.254.222
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri May 05 23:30:33 EDT 2017
;; MSG SIZE rcvd: 133
[[email protected] ~]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33372
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com.INMX
;; ANSWER SECTION:
westos.com.86400INMX1 172.25.254.100.
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri May 05 23:30:46 EDT 2017
;; MSG SIZE rcvd: 103
####不同网关####
服务端:
[[email protected] ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p
[[email protected] ~]# vim /etc/named.rfc1912.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
[[email protected] ~]# cp /var/named/westos.com.zone /var/named/westos.com.inter -p
[[email protected] ~]# vim /var/named/westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.12.112
www A 172.25.12.212
music CNAME music.a.westos.com.
music.a A 172.25.12.111
music.a A 172.25.12.222
westos.com. MX 1 172.25.12.100.
~
[[email protected] ~]# vim /etc/named.conf
view localnet{
match-clients { 172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet{
match-clients { 172.25.12.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
[[email protected] ~]# systemctl restart named
客户端:
[[email protected] ~]# dig www.westos.com ###ip为客户端####
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20946
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.254.212
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Sat May 06 02:31:35 EDT 2017
;; MSG SIZE rcvd: 93
[[email protected] ~]# vim /etc/resolv.conf ###ip为172.25.12.213的客户端###
# Generated by NetworkManager
search example.com
nameserver 172.25.12.113
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
[[email protected] ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51552
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.12.213
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.12.213
;; Query time: 0 msec
;; SERVER: 172.25.12.100#53(172.25.12.100)
;; WHEN: Sat May 06 02:40:07 EDT 2017
;; MSG SIZE rcvd: 93
###反向解析####
服务端:
[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN { ###将dns服务器所在网段反着写####
type master;
file "westos.comNaNr";
allow-update { none; };
};
[[email protected] ~]# cd /var/named/
[[email protected] named]# ll
total 28
drwxrwx---. 2 named named 22 May 5 22:13 data
drwxrwx---. 2 named named 4096 May 6 03:07 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
-rw-r-----. 1 root named 344 May 6 01:57 westos.com.inter
-rw-r-----. 1 root named 349 May 5 23:29 westos.com.zone
[[email protected] named]# cp -p named.loopback /var/named/westos.comNaNr
[[email protected] named]# vim /var/named/westos.comNaNr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.112
111 PTR www.westos.com.
222 PTR bbs.westos.com.
[[email protected] named]# systemctl restart named
客户端:
[[email protected] ~]# dig -x 172.25.254.111
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34839
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Sat May 06 03:27:08 EDT 2017
;; MSG SIZE rcvd: 118
[[email protected] ~]# dig -x 172.25.254.222
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
222.254.25.172.in-addr.arpa. 86400 INPTRbbs.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 1 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Sat May 06 03:30:35 EDT 2017
;; MSG SIZE rcvd: 118
####配置钥匙###
服务端:
[[email protected] mnt]# dnssec-keygen --help
dnssec-keygen: invalid argument --
Usage:
dnssec-keygen [options] name
Version: 9.9.4-RedHat-9.9.4-14.el7
name: owner of the key
Options:
-K <directory>: write keys into directory
-a <algorithm>:
RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1 | NSEC3DSA |
RSASHA256 | RSASHA512 | ECCGOST |
ECDSAP256SHA256 | ECDSAP384SHA384 |
DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |
HMAC-SHA384 | HMAC-SHA512
(default: RSASHA1, or NSEC3RSASHA1 if using -3)
-3: use NSEC3-capable algorithm
-b <key size in bits>:
RSAMD5:[512..4096]
RSASHA1:[512..4096]
NSEC3RSASHA1:[512..4096]
RSASHA256:[512..4096]
RSASHA512:[1024..4096]
DH:[128..4096]
DSA:[512..1024] and divisible by 64
NSEC3DSA:[512..1024] and divisible by 64
ECCGOST:ignored
ECDSAP256SHA256:ignored
ECDSAP384SHA384:ignored
HMAC-MD5:[1..512]
HMAC-SHA1:[1..160]
HMAC-SHA224:[1..224]
HMAC-SHA256:[1..256]
HMAC-SHA384:[1..384]
HMAC-SHA512:[1..512]
(if using the default algorithm, key size
defaults to 2048 for KSK, or 1024 for all others)
-n <nametype>: ZONE | HOST | ENTITY | USER | OTHER
(DNSKEY generation defaults to ZONE)
-c <class>: (default: IN)
-d <digest bits> (0 => max, default)
-E <engine name>
-f <keyflag>: KSK | REVOKE
-g <generator>: use specified generator (DH only)
-L <ttl>: default key TTL
-p <protocol>: (default: 3 [dnssec])
-r <randomdev>: a file containing random data
-s <strength>: strength value this key signs DNS records with (default: 0)
-T <rrtype>: DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0))
ECCGOST:ignored
-t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF)
-h: print usage and exit
-m <memory debugging mode>:
usage | trace | record | size | mctx
-v <level>: set verbosity level (0 - 10)
Timing options:
-P date/[+-]offset/none: set key publication date (default: now)
-A date/[+-]offset/none: set key activation date (default: now)
-R date/[+-]offset/none: set key revocation date
-I date/[+-]offset/none: set key inactivation date
-D date/[+-]offset/none: set key deletion date
-G: generate key only; do not set -P or -A
-C: generate a backward-compatible key, omitting all dates
-S <key>: generate a successor to an existing key
-i <interval>: prepublication interval for successor key (def[r[
[[email protected] mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westoskey
Kwestoskey.+157+33334
[[email protected] mnt]# ls
Kwestoskey.+157+33334.key westos.com.zone
Kwestoskey.+157+33334.private
[[email protected] mnt]#cat Kwestoskey.+157+33334.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: TKSWfTJrHFxAmJXz7LWHbg==
Bits: AAA=
Created: 20170509052622
Publish: 20170509052622
Activate: 20170509052622
[[email protected] mnt]# cp -p /etc/rndc.key /etc/westos.key
[[email protected] mnt]# vim /etc/westos.key
[[email protected] mnt]# cat /etc/westos.key
key "westoskey" {
algorithm hmac-md5;
secret "TKSWfTJrHFxAmJXz7LWHbg==";
};
[[email protected] mnt]# vim /etc/named.conf
[[email protected] mnt]# systemctl restart named
[[email protected] mnt]# vim /etc/named.rfc1912.zones
[[email protected] mnt]# systemctl restart named
[[email protected] mnt]# scp Kwestoskey.+157+33334.* [email protected]:/mnt/ ##把密码给客户端
The authenticity of host ‘172.25.254.213 (172.25.254.213)‘ can‘t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.25.254.213‘ (ECDSA) to the list of known hosts.
[email protected]‘s password:
Kwestoskey.+157+33334.key 100% 53 0.1KB/s 00:00
Kwestoskey.+157+33334.private 100% 165 0.2KB/s 00:00
[[email protected] named]# systemctl restart named
客户端:
[[email protected] mnt]# nsupdate -k /mnt/Kwestoskey.+157+33334.private
> server 172.25.254.113
> update add hello.westos.com 86400 A 172.25.254.111
> send
>
[[email protected] mnt]# dig hello.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60850
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com.INA
;; ANSWER SECTION:
hello.westos.com.86400INA172.25.254.111
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.113
;; Query time: 3 msec
;; SERVER: 172.25.254.113#53(172.25.254.113)
;; WHEN: Tue May 09 02:50:19 EDT 2017
;; MSG SIZE rcvd: 95
####dns的更新###
///但重启服务时,文件就变了,与缓存文件同步
1.
cp -p /var/named/westos.com.zone /mnt
2.
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.213; }; ##允许谁更新
};
3.
chmod 770 /var/named
4.
[[email protected] ~]# setsebool -P named_write_master_zones 1
[[email protected] ~]# getsebool -a | grep named
named_tcp_bind_http_port --> off
named_write_master_zones --> on
systemctl restart named
5.check on 172.25.254.213
[[email protected] ~]# nsupdate
> server 172.25.254.113 ##服务端
> update add hello.westos.com 86400 A 172.25.254.111
> send
>
[[email protected] named]# vim /var/named/westos.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
westos.com IN SOA dns.westos.com. root.westos.com. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
MX 1 172.25.254.100.
$ORIGIN westos.com.
music.a A 172.25.254.111
A 172.25.254.222
dns A 172.25.254.112
hello A 172.25.254.222
music CNAME music.a
www A 172.25.254.212
[[email protected] named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter westos.com.zone.jnl
named.ca named.loopback westos.comNaNr
[[email protected] named]# vim /var/named/westos.com.zone
[[email protected] named]# rm -fr westos.com.zone westos.com.zone.jnl ###将缓存文件和变了的文件删除###
[[email protected] named]# cp -p /mnt/westos.com.zone . ###将之前的文件复制过来###
[[email protected] named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter
named.ca named.loopback westos.comNaNr
[[email protected] named]# systemctl restart named
[[email protected] named]# vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expir 3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.113
www A 172.25.254.213
music CNAME music.a.westos.com.
music.a A 172.25.254.111
westos.com. MX 1 172.25.254.113.
~
~
####dhcp更新dns(ddns)####
1.install software
yum install dhcp -y
2.mk configfile
[[email protected] ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y ##
3.change configfile
vim /etc/dhcp/dhcpd.conf
[[email protected] ~]# cat /etc/dhcp/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "westos.com";
option domain-name-servers 172.25.254.113;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.60 172.25.254.70;
option routers 172.25.254.250;
}
key "westoskey" {
algorithm hmac-md5;
secret "TKSWfTJrHFxAmJXz7LWHbg==";
};
zone westos.com. {
primary 127.0.0.1;
key westoskey;
}
4.check
*)拔掉网线
*)在客户端检测
hostnamectl set-hostname test.westos.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
[[email protected] ~]# hostnamectl set-hostname dns.westos.com
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[[email protected] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
systemctl restart network
dig test.westos.com
