DNS相关配置

dig -t NS|MX|A  NAME

dig -x IP 反向解析

IXFR增量区域传送

AXFT完全区域传送

dig  -t IXFR=2013040202 mageedu.com (做这个之前需要更改对区域数据进行增加一条数据和更改计数)

dig -t axfr mageedu.com

 

allow-recursion { };允许递归的客户端

allow-query { };允许查询的客户端

allow-transfer { };允许传送的客户端

 

/etc/named.conf  可以使用configtest测试

 

/etc/rndc.key秘钥文件

/etc/rndc.conf配置文件

 

/var/named/区域数据文件,需要创建

 

named-checkconf

named-checkzone

 

dig 客户端工具

dig -t NS.获取根域服务器(必须能上网)

 

53/udp   

53/tcp   从服务器同步数据时使用tcp协议53端口

953/tcp,rndc

 

区域定义:

zone "ZONE NAME" IN {

     type master|slave|hint|forward;

};

若是主区域还需要配置:

file "区域数据文件"

 

若是从区域:

file "区域数据文件"

masters {masters1_ip;}

 netstat -utnpl

首先安装bind文件

yum install bind 

 

DNS的简单设定

Yum install bind -y

1. 端口号的查询

[root@student116 ~]# netstat -antlpe | grep named

tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      25         40524      2422/named          

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      25         40519      2422/named          

tcp6       0      0 ::1:953                 :::*                    LISTEN      25         40525      2422/named          

tcp6       0      0 ::1:53                  :::*                    LISTEN      25         40521      2422/named          

2.systemctl start named

3.vim /etc/named.conf

修改下列:

     listen-on port 53 { any; };

     allow-query     { any; };

     dnssec-validation no;

添加-->    forwarders  {172.25.254.250;}; #能连接到外网的ip地址

例:dig

#################客户端###################

1.vim /etc/resolv.com

nameserver  172.25.254.139          ######使其指向提供服务的dns服务器

2.dig www.baidu.com                  ######会看到139主机提供解析

 

##################DNS相关实验##################################### 

服务器ip:172.25.39.10

                      172.25.254.139

客户端ip:172.25.39.11

 

DNS正向解析

在之前的步骤完成后

1.vim /etc/named.rfc1912.zones     

2.复制6行并修改:

zone "westos.com" IN {

        type master;

        file "westos.com.zone";           ######自己维护的域###

        allow-update { none; };

};

3.cd  /var/named

4.cp -p named.localhost westos.com.zone

5.vim westos.com.zone

$TTL 1D

@       IN SOA  dns.westos.com. root. (                       ######和自己维护的域相同

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns.westos.com.                               ####和自己维护的域相同

dns     A       172.25.254.139                                ####dns域名

www     A       172.25.254.1                                  ####随意

 

6.systemctl restart named

.在客户端  dig www.westos.com  

结果:    

[root@student16 kiosk]# dig

#################################################

 

1.修改:

vim  /var/named/westos.com.zone

$TTL 1D

@       IN SOA  dns.westos.com. root. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        

        NS      dns.westos.com.

dns     A       172.25.254.139

www    CNAME   bbs.westos.com.                          ###########修改部分

bbs   A       172.25.254.111                          ###########修改部分

bbs   A       172.25.254.112                            ###########修改部分

 

 

2.在客户端dig

 

DNS的反向解析

1.vim /etc/named.rfc1912.zones

增加内容

zone "254.25.172.in-addr.arpa" IN {

        type master;

        file "westos.comNaNr";

        allow-update { none; };

};

2.创建westos.com文件

  1.cd /var/named/

  2.cp -p wetos.com.zone westos.com.ptr

  3.vim westos.com.ptr

  修改如下:

 $TTL 1D

@       IN SOA  dns.westos.com. root. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns.westos.com.

dns     A       172.25.254.139

199     PTR     www.westos.com.

234     PTR     bbs.westos.com.

2.systemctl resatrt named

############################在客户端验证################################

1.dig -x 172.25.39.199

 

DNS双向解析(内外网的不同解析)

1.vim /etc/named.conf

注释以下内容

并加入如下内容:

view localhost {

                 match-clients {localhost;};

                 zone "." IN {

                 type hint;

               file "named.ca";

};

include "/etc/named.rfc1912.zones";

};

view internet {

                match-clients {

 any;};

                 zone "." IN {

                 type hint;

                file "named.ca";

};

include "/etc/named.rfc1913.zones";

};

2.cd /etc/named/

3. cp -p named.rfc1912.zones     named.rfc1912.zones.inter

4.vim named.rfc1912.zones.inter

增加内容:

zone "westos.com" IN {

        type master;

        file "westos.com.inter";

        allow-update { none; };

};

5.systemctl restart named

建立westos.com.inter文件:

1.cd /var/named

2.cp -ap  westos.com.zone  westos.com.inter

3.vim westos.com.inter                         #########

修改如下:

$TTL 1D

@       IN SOA  dns.westos.com. root. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns.westos.com.

dns     A       172.25.39.139 

www      A       192.168.1.1             #########此处添加要访问的外网地址###

4.systemctl restart named

###########################验证结果####################

注意将服务器本身的dns指向自己;客户端的dns指向服务器

1.在服务器本身:

dig www.westos.com     结果为:172.25.254.*

2.在客户端为:

dig www.westos.com     结果为:192.168.1.*

 

DNS集群

#################从服务器的设定#################

主服务器:10(desktop)  ---> "master";    辅助服务器:11(server)  --> slave

1.安装dns服务:

2.systemctl restart named;systmectl stop firewalld

3.vim /etc/resolv.conf   --->   nameserver  172.25.39.11 ;改为自己的ip;

4.修改从服务器的配置:

   vim /etc/named.conf  

     修改:listen-on port 53 { any; };

          allow-query     { any; };

          dnssec-validation no;

5.vim /etc/named.rfc1912.zones

  复制并修改:

     zone "westos.com" IN {                      ##########维护的域要相同

         type slave;

        masters {172.25.39.10;};            ##########指向10,说明10是他的主服         

        file "slaves/westos.com.zone";          ##########指出路径

        allow-update { none; };

    };

6.systemctl restart named

7.dig www.westos.com    ###查看内容

######主服务器的配置修改##################################

 

1.vim /etc/named.rfc1913.zone

修改并添加:

zone "westos.com" IN {

        type master;

        file "westos.com.zone";

        allow-update { none; };

        allow-transfer {172.25.39.11;};            ########添加上辅助dns服务器的ip;

        also-notify {172.25.39.11;};        

};

2.systemctl restart named;

systemctl stop firewalld;

3.修改 /var/named/westos.com.zone

        

       bbs   A     172.25.254.222  --->  172.25.254.255  ,要注意每次修改  " 2016251601"  ; serial   

   改变一次解析地址,改变一次serial,保存退出,刷新后在从服务器上dig www.westos.com  时会看到新的已更改的ip地址。

 

 

DNS更新

 

#########################主服务器部分######################

1.vim /etc/named.rfc1913.com.zone

    zone "westos.com" IN {

        type master;

        file "westos.com.zone";

        allow-update { 172.25.39.11;};   ##none  --> 指定更新的从服务器的ip()172.25.254.11;

        allow-transfer {172.25.39.11;};

        also-notify {172.25.39.11;};

};

 

2.cd /var/named

3.getsebool -a | grep named

 

[root@foundation116 doc]# getsebool -a | grep named

named_tcp_bind_http_port --> off

named_write_master_zones --> on

4.setsebool -P named_write_master_zones on

5.cd /var/named ;  

ll -d ;

chmod g+w /var/named

6.cp -p westos.com.zone  /mnt/  ##备份,为后续实验准备,因为从服务器更新会改变该文件内容

####################主服务器配置完成##########

 

#########从服务器的改变####################

向主服务器申请更新主服务器的dns的域名和ip;

服务器的dns的域名和ip就是其他从服务器的dns的域名

ip;因为他们是集群关系!

更新完毕之后可在主服务器的 /var/named/westos.com.zone; 中发现:会有从服务器更新的dns域名和ip;

实验:

先删除

然后dig www.westos.com测试,则不会显示域名和ip

添加

1.[root@slave mnt]# nsupdate 

> server 172.25.39.10                   ##########主服务器的ip

> update add test.westos.com 86400 A 172.25.39.111    ##########新的dns域名和ip

> send                                                 ##########发送命令

> quit                                                 ##########推出

 

2.dig  test.westos.com

[root@slave mnt]# dig test.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62064

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;test.westos.com.INA

 

;; ANSWER SECTION:

test.westos.com.86400INA172.25.39.111    #######自己申请的域名和ip(test.westos.com;172.25.39.111)

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172,25,44.10

 

;; Query time: 1 msec

;; SERVER: 172.25.39.10#53(172.25.39.10)

;; WHEN: Sat Aug 15 11:33:09 CST 2015

;; MSG SIZE  rcvd: 94

3.此为验证成功!

4.可在主服务器的 /var/named/westos.com.zone 中查看更新的dns的域名和ip;

 

DNS的加密更新

####################主服务器配置########################

1.rm -fr /var/named/westos.com.zone ;westos.com.inter,jnl;

2.cp -p /mnt/westos.com.zone  /var/named/

3.cat /etc/rndc.key

key "rndc-key" {

algorithm hmac-md5;

secret "F1qtiCvSQ+itJqgSdG5uqw==";

};

4. cd /mnt

dnssec-keygen -a  HMAC-MD5 -b 128 -n HOST westos   

###生成加密密码########

5.[root@foundation116 mnt]# cat Kwestos.+157+25331.private

Private-key-format: v1.3

Algorithm: 157 (HMAC_MD5)

Key: QJL7Jx0/H6UGu/H2iI9jdg==                        ###########对密码:QJL7Jx0/H6UGu/H2iI9jdg==  ##进行复制

Bits: AAA=:

Created: 20150815071748

Publish: 20150815071748

Activate: 20150815071748

6.cp  -p   /etc/rndc.key  /etc/westos.key

7.vim /etc/westos.key

key "westos" {                        #######改名字#####

        algorithm hmac-md5;

        secret "QJL7Jx0/H6UGu/H2iI9jdg==";          ####粘贴之前复制的密码

};

8.vim /etc/named.conf

添加:        dnssec-enable yes;

        dnssec-validation no;

        dnssec-lookaside auto;vim

        forwarders {172.25.254.250;};  

        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";

 

        managed-keys-directory "/var/named/dynamic";

 

        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

 

include  "/etc/westos.key";            #########添加的语句###

 

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

9.vim /etc/named.rfc1913.zones

zone "westos.com" IN {

        type master;

        file "westos.com.inter";

        allow-update { key westos; };        ########修改为key westos ;

        allow-transfer {172.25.39.11;};

        also-notify {172.25.39.11;};

 

10.systemctl restart named

11.cd /mnt;

  scp Kwestos.+157+41687.*   

 

 

 

###############从服务器################

1.cd /mnt

2.[root@slave mnt]# nsupdate -k Kwestos.+157+53788.private

> server 172.25.254.139        ##主服务器ip

> update add test.westos.com  86400 A 172.25.254.123  ###新的域名和ip

> send

> quit

[root@slave mnt]# dig test.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9145

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;test.westos.com.INA

 

;; ANSWER SECTION:

test.westos.com.86400INA172.25.254.123

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA192.168.1.1

 

;; Query time: 1 msec

;; SERVER: 172.25.254.116#53(172.25.254.116)

;; WHEN: Sat Aug 15 16:03:05 CST 2015

;; MSG SIZE  rcvd: 94

###################验证完毕#####################

 

DNS动态解析(ddns)

#####主服务器配置##############

基于dns加密更新配置的基础上

 

配置DHCP服务

yum install dhcp -y

systemctl stop firewalld

systemctl start dhcpd

cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example  /etc/dhcp/dhcpd.conf

vim  /etc/dhcp/dhcpd.conf

删除37行以下,并删除27行,然后做以下配置的编写

7 option dimian-name "westos.com";  ##要填写的本机域名

8 option dimian-name-severs 172.25.254.139   ###dns地址

增加语句:ddns-update-style interim

30 subnet 172.25.39.0 netmask 255.255.255.0      ##网段和子网掩码

31 range 172.25.39.100 172.25.39.150           ###dhcp分配ip的范围

32 option routers 172.25.254.139            #网关

密码信息就是生成的密码文件中的信息,不要写错

zone 后面的名字就是在dns配置文件中写入的,域名

cd /var/named

rm -fr westos.com.zone westos.com.zone.jnl   ##删除原来的zone配置文件

cp -p /mnt/westos.com.zone .   ####将之前备份的/westos.com.zone复制到当前位置。或者重新写一个westos.com.zone

systemc restart named

systemctl retstart dhcpd.service

 

#############从服务器##############

systemctl stop firewalld

ip改成动态获取

vim /etc/sysconfig/network-script/eth0

更改配置后

systemctl restart network

ifconfig

vim /etc/resolv.comf

确认dns指向服务器的ip

并且域名必须与主服务器一置(本实验域名为westos.com

域名不一致则需更改主机名(hostnamectl set-hostname client.westos.com

sysetmctl restart named

dig client.westos.com  测试

取此时解析的ip则为当前客户主机所获的动态ip

 

本次所有实验在更改完配置文件后一定要重启服务。