DNS
DNS
一、简介
二、安装
[[email protected] ~]#yum install bind -y
[[email protected] ~]#systemctl start named #如启动卡住,在dns服务主机里多次敲键盘会帮助启动服务
[[email protected] ~]#systemctl stop firewalld
[[email protected] ~]# vim /etc/named.conf
主配置文件: /etc/named.conf
子配置文件: /etc/named.rfc1912.zones
数据目录: /var/named
三、非权威高速缓存
作用:如果一个地址已经访问过就可以缓存在本地,再次访问就可以直接从缓存里拿到解析。不仅提升了域名解析成ip的速度还减少了DNS服务器的压力。
服务端(172.25.254.1):
[[email protected] ~]# systemctl stop firewalld
listen-on port 53 { any; }; #53端口对所有人开放
allow-query { any; }; #对所有人开放
forwarders { 172.25.254.48; }; #当这台主机找不到了就去问48那台主机
[[email protected] ~]# systemctl restart named
客户端(172.25.254.2):
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.1
第一次dig时间为13ms:
第二次dig只需要0ms,明显速度提升了:
四、权威dns的正向解析
[[email protected] ~]# vim /etc/named.conf
删除forwarders { 172.25.254.48; };这一行
[[email protected] ~]# vim /etc/named.rfc1912.zones
25 zone "vaon.com" IN { #要维护的域名是vaon.com
26 type master;
27 file "vaon.com.zone"; #A记录存放文件是vaon.com.zone
28 allow-update { none; };
29 };
[[email protected] ~]# cd /var/named/
[[email protected] named]# cp -p named.localhost vaon.com.zone
[[email protected] named]# vim vaon.com.zone #编辑A记录文件
$TTL 1D #记录可以保存一天
@ IN SOA dns.example.com. root.vaon.com. ( #@代表vaon.com dns.example.com是服务端的主机名 root管理vaon.com这个域名
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.example.com. #指定dns主机,com后面记得要加. 在这个文件里没有点就会默认被加上一个@变量,@就是vaon.com
dns A
172.25.254.1 #指定这台dns服务器的A记录
www A
172.25.254.111 #添加一条A记录,表示将www.vaon.com解析成172.25.254.111
[[email protected] named]# systemctl restart named
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.1
dig域名可以看到被解析成了172.25.254.111了,这时候如果ping这个域名实际就是在ping 172.25.254.111这个ip:
五、反向解析
将ip解析成网址
[[email protected] named]# vim /etc/named.rfc1912.zones
49 zone "254.25.172.in-addr.arpa" IN { #ip要反着写,表示172.25.254整个网段
50 type master;
51 file "vaon.com.ptr"; #指定A记录文件名称
52 allow-update { none; };
53 };
[[email protected] named]# cd /var/named/
cp -p named.loopback vaon.com.ptr
[[email protected] named]# vim vaon.com.ptr
$TTL 1D
@ IN SOA dns.example.com. root.vaon.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.example.com.
dns A 172.25.254.1
222 PTR www.vaon.com.
[[email protected] named]# systemctl restart named
客户端:
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.1
dig -x可以看到将172.25.254.222反向解析成了www.vaon.com这个网址
六、双向解析
有这样一种情况,一个公司的局域网是172.25.254这个网段,外网的客户可以通过1.1.1这个网段访问这个公司发布的网页。但是作为公司内部员工与发布服务的服务器是一个网段,那么访问这个网页的网址时可以解析成内网网址(172.25.254)访问,速度更快。但是同时又想保证外网的客户访问这个网址要解析成1.1.1这个网段的ip。双向解析可以做到这一点。
作用:针对不同用户解析成不同的ip
Tip:这个实验仅针对正向解析,前面做的反向解析不影响实验。
服务端:
[[email protected] named]# vim /etc/named.conf
50 view localnet {
51 match-clients { 172.25.254.2; }; #这一套配置只允许2这台客户端使用
52 zone "." IN {
53 type hint;
54 file "named.ca";
55 };
56 include "/etc/named.rfc1912.zones";
57 include "/etc/named.root.key";
58 };
59
60 view any {
61 match-clients { any; }; #这一套配置允许其他客户端主机使用
62 zone "." IN {
63 type hint;
64 file "named.ca";
65 };
66 include "/etc/named.rfc1912.zones.inter"; #子配置文件改为新的
67 include "/etc/named.root.key";
68 };
[[email protected] named]# cd /etc/
[[email protected] etc]# cp -p named.rfc1912.zones named.rfc1912.zones.inter
[[email protected] etc]# vim named.rfc1912.zones.inter
25 zone "vaon.com" IN {
26 type master;
27 file "vaon.com.zone.inter"; #A记录文件改为新的
28 allow-update { none; };
29 };
[[email protected] named]# cd /var/named/
[[email protected] named]# cp -p vaon.com.zone vaon.com.zone.inter
[[email protected] named]# vim vaon.com.zone.inter
$TTL 1D
@ IN SOA dns.example.com. root.vaon.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.example.com.
dns A 172.25.254.1
www A 1.1.1.111
[[email protected] named]# systemctl restart named
客户端1(172.25.254.2):
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.1
客户端2(172.25.254.48):
[[email protected] Desktop]# vim /etc/resolv.conf
nameserver 172.25.254.1
可以看到不同的用户访问同一个网址解析到的ip是不同的。
七、辅助dns
dns服务器(172.25.254.1)
删除双向解析实验的配置,只保留到55行的内容,与下面图片不同的部分删除或修改:
[[email protected] ~]# vim /etc/named.conf
[[email protected] ~]# systemctl restart named
辅助dns服务器(172.25.254.2):
[[email protected] ~]# yum install bind -y
[[email protected] ~]# vim /etc/named.conf
10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };
[[email protected] ~]# vim /etc/named.rfc1912.zones
25 zone "vaon.com" IN { #域名名称,与主服务器相同
26 type slave; #这台是备用服务器
27 masters { 172.25.254.1; }; #从1这台主服务器同步A记录
28 file "slaves/vaon.com.zone"; #A记录文件文件位置
29 allow-update { none; };
30 also-notify { 172.25.254.2; }; #允许254.2主机更新A文件
31 };
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# ls /var/named/slaves/ #查看slaves目录,可以看到自动从252.1主机同步过来一个A记录文件
vaon.com.zone
[[email protected] Desktop]# vim /etc/resolv.conf
nameserver 172.25.254.2 #将备用dns服务器作为本机的dns
现在修改主服务器的A记录,记得每次修改A记录的时候serial前面的数字要加1,这个数字最大10位:
[[email protected] ~]# vim /var/named/vaon.com.zone
$TTL 1D
@ IN SOA dns.example.com. root.vaon.com. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.example.com.
dns A 172.25.254.1
www A 172.25.254.114
[[email protected] ~]# systemctl restart named
客户端dig,A记录已经改变
八、dns远程更新(增加A记录)
1.
服务端(172.25.254,1):
[[email protected] ~]# vim /etc/named.rfc1912.zones
25 zone "vaon.com" IN {
26 type master;
27 file "vaon.com.zone";
28 allow-update { 172.25.254.2; }; #允许254.2上传A记录
29 also-notify { 172.25.254.2; };
30 };
[[email protected] ~]# chmod g+w /var/named/ #增加权限,远程用户可以写
[[email protected] ~]# cp -p /var/named/vaon.com.zone /mnt/ #将A记录文件备份到/mnt
[[email protected] ~]# systemctl restart named
客户端(172.25.254.2):
vim /etc/resolv.conf
nameserver 172.25.254.1
[[email protected] ~]# nsupdate
> server 172.25.254.1
> update add hello.vaon.com 86400 A 172.25.254.123
> send
> quit
dig hello.vaon.com这个刚刚更新的A记录,这个网址被解析成了172.25.254.123:
2.基于key的远程更新
服务端(172.25.254.1):
[[email protected] named]# rm -rf /var/named/vaon.com* #删除上一个远程更新实验的东西
[[email protected] named]# cp -p /mnt/vaon.com.zone /var/named #将刚才备份的A记录还原
[[email protected] named]# systemctl restart named
[[email protected] mnt]# cd /mnt
[[email protected] mnt]# dnssec-****** -a HMAC-MD5 -b 128 -n HOST vaon #生成key文件(2个)
[[email protected] mnt]# cat Kvaon.+157+63178.key
vaon. IN KEY 512 3 157 R5816LNQQOHdjV/oEZgwZg== #查看key内容
[[email protected] mnt]# cp -p /etc/rndc.key /etc/vaon.key #复制并配置保存key的文件
[[email protected] mnt]# vim /etc/vaon.key
key "vaon" { #修改为vaon域
algorithm hmac-md5;
secret "R5816LNQQOHdjV/oEZgwZg=="; #与上面的key内容一致
};
[[email protected] mnt]# vim /etc/named.conf
42 include "/etc/vaon.key";
[[email protected] mnt]# vim /etc/named.rfc1912.zones
25 zone "vaon.com" IN {
26 type master;
27 file "vaon.com.zone";
28 allow-update { key vaon; }; #将ip认证改为key认证
29 also-notify { 172.25.254.2; };
30 };
[[email protected] mnt]# scp /mnt/Kvaon.+157+63178.* [email protected]:/mnt #将key发送给客户端
[[email protected] mnt]# systemctl restart named
客户端(172.25.254.2):
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.1
[[email protected] ~]# nsupdate -k /mnt/Kvaon.+157+63178.key #使用key去远程增加A记录
> server 172.25.254.1
> update add ppp.vaon.com 86400 A 172.25.254.155 #86400代表一天
> send
> quit
Tip:update delete ppp.vaon.com表示删除这个A记录
九、ddns
即dhcp+dns
[[email protected] ~]# cd /var/named/
[[email protected] named]# rm -rf vaon.com.zone*
[[email protected] named]# cp -p /mnt/vaon.com.zone /var/named/
[[email protected] named]# yum install dhcp -y
[[email protected] named]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[[email protected] named]# vim /etc/dhcp/dhcpd.conf
7 option domain-name "vaon.com";
8 option domain-name-servers 172.25.254.1;
14 ddns-update-style interim;
27 #subnet 10.152.187.0 netmask 255.255.255.0 {
28 #}
32 subnet 172.25.254.0 netmask 255.255.255.0 {
33 range 172.25.254.80 172.25.254.90;
34 option routers 172.25.254.1;
35 }
36 key vaon {
37 algorithm hmac-md5;
38 secret R5816LNQQOHdjV/oEZgwZg==;
39 };
40 zone vaon.com. {
41 primary 127.0.0.1;
42 key vaon;
43 }
[[email protected] named]# systemctl start dhcp
客户端:
hostname设置为www.vaon.com,即vaon.com这个域
配置为dhcp网络,重启网络后dig www.vaon.com