DNS高速缓存
1.安装部署dns
yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewalld
systemctl disable firewalld
主配置文件: /etc/named.conf
子配置文件: /etc/name.rfc1912.zones
数据目录: /var/named
2.高速缓存dns
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
forwarders {114.114.114.114; };
3.权威dns的正向解析
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update {none; };
};
cd /var/name
cp -p named.localhost westos.com.zone
vim westos.com.zone
vim /etc/$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.105
www A 172.25.254.105
bbs CNAME linux
linux A 172.25.254.111
linux A 172.25.254.222
westos.com. MX 1 172.25.254.250.
systemctl restart named
测试:
vim /etc/resolv.conf
nameserver 172.25.254.105
dig www/westos.com
4.权威dns的反向解析
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.com.ptr";
allow-update { none; };
};
cd /var/name
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
A 172.25.254.100
111 PTR bbs.westos.com.
110 PTR www.westos.com.
100 PTR linux.westos.com.
测试:
vim /etc/resolv.conf
nameserver 172.25.254.105
dig -x 172.25.254.111
5.权威dns的双向解析
vim /var/named/westos.com.local
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 168.0.0.105
www A 168.0.0.105
bbs CNAME linux
linux A 168.0.0.111
linux A 168.0.0.222
westos.com. MX 1 168.0.0.250.
vim /etc/named.rfc1912.local
zone "westos.com" IN {
type master;
file "westos.com.local";
allow-update {none; };
};
vim /etc/named.conf
/*
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/
view local {
match-clients { 172.25.254.105; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.local";
};
view internet {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
6.辅dns
在辅dns的主机上编辑/etc/named.rfc1912.zones文件
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
master { 172.25.254.105; };
file "westos.com.zone";
allow-update {none; };
};
在主dns的主机上编辑/etc/named.rfc1912.zones文件
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update {none; };
also-notify {172.25.254.205;};
allow-transfer {172.25.254.205; };
};
7.更新dns
chmod 770 /var/named/
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update {172.25.254.5; };
also-notify {172.25.254.205;};
};
nsupdate
>server 172.25.254.105
update hello.westos.com 86400 A 172.25.254.200
send
update delete hello.westos.com
8.通过**更新
dnssec-****** -a HMAC-MD5 -b 128 -n HOST westos
cat Kwestos.....key
cp -p /etc/rndc.key /etc/westos.key
修改westos.key中的key值为Kwestos.....key中的key值
vim /etc/westos.key
vim /etc/named.conf
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update {key westos; };
also-notify {172.25.254.205;};
};
vim /etc/named.rfc1912.zones
include "/etc/westos.key"
将Kwestos.....key分发给某个主机,则这个主机可以进行dns更新
nsupdate -k Kwestos.....key
server 172.25.254.105
update hello.westos.com 86400 A 172.25.254.200
send
update delete hello.westos.com
9.ddns
yum insatll dhcp -y
firewall-cmd --permanent --add-service=dhcp
firewall-cmd --reload
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
option domain-name "westos.com";
option domain-name-servers 172.25.254.105;
ddns-update-style interim;
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.205 172.25.254.250;
option routers 172.25.254.250;
}
key westos {
algorithm hmac-md5;
secret yqZkpbkImRXk5PiH8Yh2Xw==;
};
zone westos.com {
primary 127.0.0.1;
key westos;
}