linux基础学习之dns服务3-1
一 .DNS服务的信息说明:
服务的信息说明:
A:正向记录
PTR:反向,ip到域名
host -l example.com:查看域中的所有主机
dig -t soa example.com:辅助dns
DNS主配置目录 :/var/named/chroot/
DNS主配置文件 :/var/named/chroot/etc/named.conf
DNS A记录存放目录:/var/named/chroot/var/named
二.高速缓存DNS配置高速缓存 DNS
1.DNS 总揽
1>权威名称服务器(主服务器)
存储并提供某区域 ( 整个 DNS 域或 DNS 域的一部分 ) 的实际数据。权威名称服务器的类型包括Master : 包含原始区域数据。有时称作 “ 主要 ” 名称服务器,Slave : 备份服务器 , 通过区域传送从 Master 服务器获得的区域数据的副本。有时称作 “ 次要 ” 名称服务器
主服务器存储了他所管辖的区的文件,负责创建维护和更新这个区文件。
2>非权威 / 递归名称服务器
– 客户端通过其查找来自权威名称服务器的数据。递归名称服务器的类型包括仅缓存名称服务器 : 仅用于查找 , 对于非重要数据之外的任何内容都不具有权威性
次服务器上的关于区的全部信息的都是从另一个服务器传送过来的。
3>DNS 查找
客户端上的 Stub 解析器 将查询发送至 /etc/resolv.conf 中的名称服务器,如果名称服务器对于请求的信息具有权威性 , 会将权威答案发送至客户端。否则 , 如果名称服务器在其缓存中有请求的信息 , 则会将非权威答案发送至客户端
如果缓存该没有信息 , 名称服务器将搜索权威名称服务器以查找信息 , 从根区域开始 , 按照DNS 层次结构向下搜素 , 直至对于信息具有权威性的名称服务器 , 以此为客户端获得答案。在此情况中, 名 ch 称服务器将信息传递至客户端并在自己的缓存中保留一个副本 , 以备以后查找
2.DNS 资源记录
DNS 区域采用资源记录的形式存储信息。每条资源记录均具有一个类型 , 表明其保留的数据类型
– A : 名称至 IPv4 地址,它用来把域名转换为地址
– AAAA : 名称至 IPv6 地址
– CNAME : 名称至 ” 规范名称 “ ( 包含 A/AAAA 记录的另一个名称 )
– PTR : IPv4/IPv6 地址至名称
– MX : 用于名称的邮件交换器 ( 向何处发送其电子邮件 )
– NS : 域名的名称服务器
– SOA :” 授权起始 “ , DNS 区域的信息 ( 管理信息 )
3.DNS 排错它显示来自 DNS 查找的详细信息 , 其中包括
1>为什么查询失败 :
– NOERROR : 查询成功
– NXDOMAIN : DNS 服务器提示不存在这样的名称
– SERVFAIL : DNS 服务器停机或 DNSSEC 响应验证失败
– REFUSED : DNS 服务器拒绝回答 ( 也许是出于访问控制原因 )
2>dig 输出的部分内容
标题指出关于查询和答案的信息 , 其中包括响应状态和设置的任何特殊标记 ( aa 表示权威答案 , 等等 )
– QUESTION : 提出实际的 DNS 查询
– ANSWER : 响应 ( 如果有 )
– AUTHORITY : 负责域 / 区域的名称服务器
– ADDITIONAL : 提供的其他信息 , 通常是关于名称服务器
– 底部的注释指出发送查询的递归名称服务器以及获得响应所花费的时间
4.缓存 DNS 服务器
1>BIND 是最广泛使用的开源名称服务器在 RHEL 中 , 通过 bind 软件包提供防火墙开启端口 53/TCP 和 53/UDP
2>BIND 的主配置文件是 /etc/named.conf
3>/var/named 目录包含名称服务器所使用的其他数据文件
4>/etc/named.conf 的语法
// 或 # 至行末尾是注释 ; /* 与 */ 之间的文本也是注释 ( 可以跨越多行 )指令以分号结束 (;),许多指令认为地址匹配列表放在大括号中、以CIDR 表示法表示的 IP 地址或子网列表中 或者命名的 ACL 中 ( 例如 any; [ 所有主机 ] 和none; [ 无主机 ] ),文件以 options 块开始 , 其中包含控制 named如何运作的指令
zone 块控制 named 如何查对于其具有权威性的根名称服务器和区域
5.一些重要的 options 指令
listen-on 控制 named 侦听的 IPv4 地址
listen-on-v6 控制 named 侦听的 IPv6 地址
allow-query 控制哪些客户端可以向 DNS 服务器询问信息
forwarders 包含 DNS 查询将转发至的名称服务器的列表( 而不是直接联系外部名称服务器 ; 在设有防火墙的情况中很有用 )
所有这些指令会将打括号中以分号分隔的元素视为地址匹配列表 .如
– listen-on { any; };
– allow-query { 127.0.0.1; 10.0.0.0/8 };
6.配置名称服务器
• 安装 bind 软件包– yum install -y bind
• 编辑 /etc/named.conf
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query { any; };
forwarders { 172.25.254.254; };
• 启动并启用 DNS 服务器
• systemctl start named
• systemctl enable named
• 从 desktopX 进行测试
– dig classroom.example.com
三.dns服务实验
search westos.com
nameserver 172.25.254.134
[[email protected] ~]# systemctl stop firewalld.service ##关闭火墙
[[email protected] ~]# ll /etc/rndc.key
ls: cannot access /etc/rndc.key: No such file or directory
[[email protected] ~]# systemctl start named ##重启dns,安装后第一次重启时需要在虚拟机里写入
[[email protected] ~]# ll /etc/rndc.key ##安装重启后后自动生成key文件
-rw-r-----. 1 root named 77 May 6 09:02 /etc/rndc.key
[[email protected] ~]# netstat -antlpe | grep named ##查看回环接口和外接口,过滤named使用的端口,只有回环接口
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 74918 3958/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 74913 3958/named
tcp6 0 0 ::1:953 :::* LISTEN 25 74919 3958/named
10 options { #全局设定
11 listen-on port 53 { any; }; #监听本地53端口
12 listen-on-v6 port 53 { ::1; }; #关闭ipv6选项
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
[[email protected] ~]# systemctl restart named ##重启服务,每一次改动配置文件重启后才后生效
[[email protected] ~]# netstat -antlpe | grep named ##既有回环接口也有外接口
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 112551 32052/named ##回环接口
tcp 0 0 172.25.254.134:53 0.0.0.0:* LISTEN 25 112546 32052/named ##外接口
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 112544 32052/named
tcp6 0 0 ::1:953 :::* LISTEN 25 112552 32052/named
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46579
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 12 msec ##时间
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 06 09:42:32 EDT 2017
;; MSG SIZE rcvd: 42
[[email protected] ~]# dig www.baidu.com ##客户端测试,refusedDNS 服务器拒绝回答 ( 也许是出于访问控制原因 )
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 38965
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 1 msec ##时间
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Sat May 06 09:31:29 EDT 2017
[[email protected] ~]# vim /etc/named.conf ##修改17行为any表示,表示允许任何用户。。
10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
18 forwarders { 172.25.254.254; };#外援设别访问,权威dns
[[email protected] ~]# dig www.baidu.com ##客户端测试,servfail
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60169
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 10 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Sat May 06 09:53:52 EDT 2017
[[email protected] ~]# cd /var/named
[[email protected] named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[[email protected] named]# cp -p named.localhost westos.com.zone ##由于权限特殊,必须加-P去配置
[[email protected] named]# vim /etc/named.rfc1912.zones ##
25 zone "westos.com" IN { ##指定要维护的域名
26 type master;
27 file "westos.com.zone"; ##指定A记录文件名
28 allow-update { none; };
[[email protected] named]# chgrp named /etc/named.conf ##改变权限
[[email protected] named]# vim westos.com.zone ##在A记录文件中写入,规范域名测试@表示westos.com,在本文件中未以.结束,则会被自动补上westos.com
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
(dns 服务器主机名) 0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com. ##指定dns主机
dns A 172.25.254.134 ##指定dns服务器的A记录
[[email protected] ~]# dig www.westos.com ##重启服务后在客户端测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9132 ##NOERROR查询成功
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.234 ##查询结果与配置文件重写入的一致
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 1 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Sun May 07 10:48:46 EDT 2017
[[email protected] named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.134
www A 172.25.254.234
music CNAME music.a.westos.com.
music.a A 172.25.254.111
music.a A 172.25.254.222
[[email protected] named]# systemctl restart named
[[email protected] ~]# dig www.westos.com ##客户端测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9666
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.234
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 07:23:15 EDT 2017
[[email protected] ~]# dig music.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> music.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9395
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;music.westos.com. IN A
;; ANSWER SECTION:
music.westos.com. 86400 IN CNAME music.a.westos.com.
music.a.westos.com. 86400 IN A 172.25.254.222
music.a.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 07:26:07 EDT 2017
[[email protected] ~]# mail [email protected]##写邮件
Subject: sdf
sdf
.
EOT
[[email protected] ~]# mailq ##发送邮件,发送成功
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
6559F17E853 439 Mon May 8 07:41:11 [email protected]
(connect to 172.25.254.134[172.25.254.134]:25: Connection refused)
[email protected]
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52385
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.134.
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 1 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 07:46:06 EDT 2017
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1##eht1配置网段为34
DEVICE=eth1
BOOTPROTO=none
IPADDR=172.25.34.134
PREFIX=24
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
将客户端ip改为与eth1同一网段,ifcconfig 172.25.34.234 netnask 255.255.255.0
[[email protected] named]# vim /etc/named.rfc1912.inter ##
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
58 view localnet{
59 match-clients { 172.25.254.0/24; };##公网
60 zone "." IN {
61 type hint;
62 file "named.ca";
63 };
64 include "/etc/named.rfc1912.zones";##指定读取文件
65 };
66
67 view internet{
68 match-clients { 172.25.34.0/24; };##私网
69 zone "." IN {
70 type hint;
71 file "named.ca";
72 };
73 include "/etc/named.rfc1912.inter";##指定读取文件
[[email protected] named]# vim westos.com.inter ##编辑私网A记录表格
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.34.134
www A 172.25.34.234
music CNAME music.a.westos.com.
music.a A 172.25.34.111
music.a A 172.25.34.222
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 111162 7585/named
tcp 0 0 172.25.34.134:53 0.0.0.0:* LISTEN 25 111157 7585/named
tcp 0 0 172.25.254.134:53 0.0.0.0:* LISTEN 25 111155 7585/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 111153 7585/named
tcp6 0 0 ::1:953 :::* LISTEN 25 111163 7585/named
[[email protected] ~]# dig www.westos.com ##私网测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20996
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.34.234##
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.34.134
;; Query time: 1 msec
;; SERVER: 172.25.34.134#53(172.25.34.134)
;; WHEN: Mon May 08 10:41:58 EDT 2017
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33691
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.234##
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 22:49:45 CST 2017
[[email protected] named]# vim /etc/named.rfc1912.zones ##定义反向解析数据库
49 zone "254.25.172.in-addr.arpa" IN { //反向解析
50 type master;
51 file "westos.com.ptr";
52 allow-update { none; };
[[email protected] named]# vim westos.com.ptr ##反向解析的A记录表格
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.134
[[email protected] Desktop]$ dig -x 172.25.254.111 ##反向解析测试,由ip解析域名
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13091
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 23:28:58 CST 2017
[[email protected] named]# cp -p westos.com.zone /mnt/ ##备份初始文件
[[email protected] named]# chmod 770 /var/named/ ##设置权限
[[email protected] named]# setsebool -P named_write_master_zones 1
[[email protected] named]# vim /etc/named.rfc1912.zones ##子配置文件,允许主机172.25.254更新
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { 172.25.254.234; };
[[email protected] ~]# ifconfig1
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.234 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:420a prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:42:0a txqueuelen 1000 (Ethernet)
RX packets 5346 bytes 306777 (299.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1037 bytes 116520 (113.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[[email protected] ~]# vim /etc/resolv.conf ##写入服务端
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.134
[[email protected] ~]# nsupdate ##在服务端更新
> server 172.25.254.134
> update add hello.westos.com 86400 A 172.25.254.222
> send
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43599
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.222##更新成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 22:40:30 EDT 2017
[[email protected] ~]# nsupdate ##删除更新
> server 172.25.254.134
> update delete hello.westos.com
> send
[[email protected] named]# vim westos.com.zone ##更新后配置文件发生变化,这也是要提前备份的原因
$ORIGIN .
$TTL 86400 ; 1 day
westos.com IN SOA dns.westos.com. root.westos.com. (
2 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
MX 1 172.25.254.100.
$ORIGIN westos.com.
music.a A 172.25.254.111
A 172.25.254.222
dns A 172.25.254.134
music CNAME music.a
[[email protected] named]# vim westos.com.zone ##文件恢复完成
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.134
www A 172.25.254.234
music CNAME music.a.westos.com.
music.a A 172.25.254.111
music.a A 172.25.254.222
[[email protected] mnt]# cat /etc/rndc.key ##key文件
key "rndc-key" {
algorithm hmac-md5;
secret "MbFunbHAwRM/BsszQQ6lrg==";
};
[[email protected] mnt]# dnssec-****** -a HMAC-MD5 -b 128 -n HOST westoskey ##生成要使用的key文件,第一次生成key文件时需要在虚拟机中键入内容
[[email protected] mnt]# cp -p /etc/rndc.key /etc/westos.key ##复制一个key配置文件格式
[[email protected] mnt]# ls
Kwestoskey.+157+41664.key Kwestoskey.+157+41664.private westos.com.zone
[[email protected] mnt]# cat Kwestoskey.+157+41664.private ##查看生成的key,复制将其写入westoskey文件
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: 7DuOjoxHjtNv2BusOYpCLw==
Bits: AAA=
Created: 20170509030315
Publish: 20170509030315
[[email protected] mnt]# vim /etc/westos.key ##将生成的钥匙写入key配置文件
key "westoskey" {
algorithm hmac-md5;
secret "7DuOjoxHjtNv2BusOYpCLw==";
[[email protected] mnt]# vim /etc/named.rfc1912.zones ##进行dns数据库文件同步
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { key westoskey; };
The authenticity of host '172.25.254.234 (172.25.254.234)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.234' (ECDSA) to the list of known hosts.
[email protected]'s password:
Kwestoskey.+157+41664.key 100% 53 0.1KB/s 00:00
> server 172.25.254.134
> update add hello.westos.com 86400 A 172.25.254.222
> send
[[email protected] mnt]# dig hello.westos.com##检测更新
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3033
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.222##更新成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 3 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Tue May 09 00:20:09 EDT 2017
服务端
[[email protected] ~]# yum install bind.x86_64##安装服务
[[email protected] mnt]# vim /etc/dhcp/dhcpd.conf##改写配置文件,指定ip
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.134;
9
10 default-lease-time 600;
11 max-lease-time 7200;
12
13 # Use this to enble / disable dynamic dns updates globally.
14 ddns-update-style interim;
30 subnet 172.25.254.0 netmask 255.255.255.0 { ##网段,网关
31 range 172.25.254.50 172.25.254.70; ##ip地址
32 option routers 172.25.254.250;
33 }
34 key westoskey { ##将钥匙写入主配置文件
35 algorithm hmac-md5;
36 secret 7DuOjoxHjtNv2BusOYpCLw=;
37 };
38 zone westos.com. { ##指定key文件
39 primary 127.0.0.1;
40 key westoskey;
59 view localnet {
60 match-clients { 172.25.254.0/24; 127.0.0.1; };##
61 zone "." IN {
62 type hint;
63 file "named.ca";
64 };
65 include "/etc/named.rfc1912.zones";
客户端
[[email protected] ~] hostnamectl set-hostname test.westos.com
[[email protected] ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:420a prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:42:0a txqueuelen 1000 (Ethernet)
RX packets 20762 bytes 1065807 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10142 bytes 739811 (722.4 KiB)
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24781
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com. IN A
;; ANSWER SECTION:
test.westos.com. 300 IN A 172.25.254.50
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Tue May 09 03:55:09 EDT 2017
;; MSG SIZE rcvd: 94
服务的信息说明:
A:正向记录
PTR:反向,ip到域名
host -l example.com:查看域中的所有主机
dig -t soa example.com:辅助dns
DNS主配置目录 :/var/named/chroot/
DNS主配置文件 :/var/named/chroot/etc/named.conf
DNS A记录存放目录:/var/named/chroot/var/named
二.高速缓存DNS配置高速缓存 DNS
1.DNS 总揽
1>权威名称服务器(主服务器)
存储并提供某区域 ( 整个 DNS 域或 DNS 域的一部分 ) 的实际数据。权威名称服务器的类型包括Master : 包含原始区域数据。有时称作 “ 主要 ” 名称服务器,Slave : 备份服务器 , 通过区域传送从 Master 服务器获得的区域数据的副本。有时称作 “ 次要 ” 名称服务器
主服务器存储了他所管辖的区的文件,负责创建维护和更新这个区文件。
2>非权威 / 递归名称服务器
– 客户端通过其查找来自权威名称服务器的数据。递归名称服务器的类型包括仅缓存名称服务器 : 仅用于查找 , 对于非重要数据之外的任何内容都不具有权威性
次服务器上的关于区的全部信息的都是从另一个服务器传送过来的。
3>DNS 查找
客户端上的 Stub 解析器 将查询发送至 /etc/resolv.conf 中的名称服务器,如果名称服务器对于请求的信息具有权威性 , 会将权威答案发送至客户端。否则 , 如果名称服务器在其缓存中有请求的信息 , 则会将非权威答案发送至客户端
如果缓存该没有信息 , 名称服务器将搜索权威名称服务器以查找信息 , 从根区域开始 , 按照DNS 层次结构向下搜素 , 直至对于信息具有权威性的名称服务器 , 以此为客户端获得答案。在此情况中, 名 ch 称服务器将信息传递至客户端并在自己的缓存中保留一个副本 , 以备以后查找
2.DNS 资源记录
DNS 区域采用资源记录的形式存储信息。每条资源记录均具有一个类型 , 表明其保留的数据类型
– A : 名称至 IPv4 地址,它用来把域名转换为地址
– AAAA : 名称至 IPv6 地址
– CNAME : 名称至 ” 规范名称 “ ( 包含 A/AAAA 记录的另一个名称 )
– PTR : IPv4/IPv6 地址至名称
– MX : 用于名称的邮件交换器 ( 向何处发送其电子邮件 )
– NS : 域名的名称服务器
– SOA :” 授权起始 “ , DNS 区域的信息 ( 管理信息 )
3.DNS 排错它显示来自 DNS 查找的详细信息 , 其中包括
1>为什么查询失败 :
– NOERROR : 查询成功
– NXDOMAIN : DNS 服务器提示不存在这样的名称
– SERVFAIL : DNS 服务器停机或 DNSSEC 响应验证失败
– REFUSED : DNS 服务器拒绝回答 ( 也许是出于访问控制原因 )
2>dig 输出的部分内容
标题指出关于查询和答案的信息 , 其中包括响应状态和设置的任何特殊标记 ( aa 表示权威答案 , 等等 )
– QUESTION : 提出实际的 DNS 查询
– ANSWER : 响应 ( 如果有 )
– AUTHORITY : 负责域 / 区域的名称服务器
– ADDITIONAL : 提供的其他信息 , 通常是关于名称服务器
– 底部的注释指出发送查询的递归名称服务器以及获得响应所花费的时间
4.缓存 DNS 服务器
1>BIND 是最广泛使用的开源名称服务器在 RHEL 中 , 通过 bind 软件包提供防火墙开启端口 53/TCP 和 53/UDP
2>BIND 的主配置文件是 /etc/named.conf
3>/var/named 目录包含名称服务器所使用的其他数据文件
4>/etc/named.conf 的语法
// 或 # 至行末尾是注释 ; /* 与 */ 之间的文本也是注释 ( 可以跨越多行 )指令以分号结束 (;),许多指令认为地址匹配列表放在大括号中、以CIDR 表示法表示的 IP 地址或子网列表中 或者命名的 ACL 中 ( 例如 any; [ 所有主机 ] 和none; [ 无主机 ] ),文件以 options 块开始 , 其中包含控制 named如何运作的指令
zone 块控制 named 如何查对于其具有权威性的根名称服务器和区域
5.一些重要的 options 指令
listen-on 控制 named 侦听的 IPv4 地址
listen-on-v6 控制 named 侦听的 IPv6 地址
allow-query 控制哪些客户端可以向 DNS 服务器询问信息
forwarders 包含 DNS 查询将转发至的名称服务器的列表( 而不是直接联系外部名称服务器 ; 在设有防火墙的情况中很有用 )
所有这些指令会将打括号中以分号分隔的元素视为地址匹配列表 .如
– listen-on { any; };
– allow-query { 127.0.0.1; 10.0.0.0/8 };
6.配置名称服务器
• 安装 bind 软件包– yum install -y bind
• 编辑 /etc/named.conf
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query { any; };
forwarders { 172.25.254.254; };
• 启动并启用 DNS 服务器
• systemctl start named
• systemctl enable named
• 从 desktopX 进行测试
– dig classroom.example.com
三.dns服务实验
1.dns基础测试
在客户端和服务端配置好网络及yum源
[[email protected] ~]# yum install bind.x86_64 -y ##服务端安装dns软件
search westos.com
nameserver 172.25.254.134
[[email protected] ~]# systemctl stop firewalld.service ##关闭火墙
[[email protected] ~]# ll /etc/rndc.key
ls: cannot access /etc/rndc.key: No such file or directory
[[email protected] ~]# systemctl start named ##重启dns,安装后第一次重启时需要在虚拟机里写入
[[email protected] ~]# ll /etc/rndc.key ##安装重启后后自动生成key文件
-rw-r-----. 1 root named 77 May 6 09:02 /etc/rndc.key
[[email protected] ~]# netstat -antlpe | grep named ##查看回环接口和外接口,过滤named使用的端口,只有回环接口
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 74918 3958/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 74913 3958/named
tcp6 0 0 ::1:953 :::* LISTEN 25 74919 3958/named
tcp6 0 0 ::1:53 :::* LISTEN 25 74915 3958/named
10 options { #全局设定
11 listen-on port 53 { any; }; #监听本地53端口
12 listen-on-v6 port 53 { ::1; }; #关闭ipv6选项
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { localhost; }; #允许与本地直连的网络使用dns
[[email protected] ~]# systemctl restart named ##重启服务,每一次改动配置文件重启后才后生效
[[email protected] ~]# netstat -antlpe | grep named ##既有回环接口也有外接口
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 112551 32052/named ##回环接口
tcp 0 0 172.25.254.134:53 0.0.0.0:* LISTEN 25 112546 32052/named ##外接口
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 112544 32052/named
tcp6 0 0 ::1:953 :::* LISTEN 25 112552 32052/named
tcp6 0 0 ::1:53 :::* LISTEN 25 112548 32052/named
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46579
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 12 msec ##时间
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 06 09:42:32 EDT 2017
;; MSG SIZE rcvd: 42
[[email protected] ~]# dig www.baidu.com ##客户端测试,refusedDNS 服务器拒绝回答 ( 也许是出于访问控制原因 )
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 38965
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 1 msec ##时间
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Sat May 06 09:31:29 EDT 2017
;; MSG SIZE rcvd: 42
[[email protected] ~]# vim /etc/named.conf ##修改17行为any表示,表示允许任何用户。。
10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; }; #允许所有的网络使用dns,控制哪些客户可以向DNS服务器询问信息
18 forwarders { 172.25.254.254; };#外援设别访问,权威dns
[[email protected] ~]# dig www.baidu.com ##客户端测试,servfail
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60169
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 10 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Sat May 06 09:53:52 EDT 2017
;; MSG SIZE rcvd: 42
end.
[[email protected] ~]# cd /var/named
[[email protected] named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[[email protected] named]# cp -p named.localhost westos.com.zone ##由于权限特殊,必须加-P去配置
[[email protected] named]# vim /etc/named.rfc1912.zones ##
25 zone "westos.com" IN { ##指定要维护的域名
26 type master;
27 file "westos.com.zone"; ##指定A记录文件名
28 allow-update { none; };
29 };
[[email protected] named]# chgrp named /etc/named.conf ##改变权限
[[email protected] named]# vim westos.com.zone ##在A记录文件中写入,规范域名测试@表示westos.com,在本文件中未以.结束,则会被自动补上westos.com
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
(dns 服务器主机名) 0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com. ##指定dns主机
dns A 172.25.254.134 ##指定dns服务器的A记录
www A 172.25.254.234 ##要添加的A记录
[[email protected] ~]# dig www.westos.com ##重启服务后在客户端测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9132 ##NOERROR查询成功
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.234 ##查询结果与配置文件重写入的一致
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 1 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Sun May 07 10:48:46 EDT 2017
;; MSG SIZE rcvd: 93
[[email protected] named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.134
www A 172.25.254.234
music CNAME music.a.westos.com.
music.a A 172.25.254.111
music.a A 172.25.254.222
westos.com. MX 1 172.25.254.134. ##用于名称的邮件交换器 ( 向何处发送其电子邮件 )
[[email protected] named]# systemctl restart named
[[email protected] ~]# dig www.westos.com ##客户端测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9666
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.234
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 07:23:15 EDT 2017
;; MSG SIZE rcvd: 93
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> music.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9395
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;music.westos.com. IN A
;; ANSWER SECTION:
music.westos.com. 86400 IN CNAME music.a.westos.com.
music.a.westos.com. 86400 IN A 172.25.254.222
music.a.westos.com. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 07:26:07 EDT 2017
;; MSG SIZE rcvd: 133
[[email protected] ~]# mail [email protected]##写邮件
Subject: sdf
sdf
.
EOT
[[email protected] ~]# mailq ##发送邮件,发送成功
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
6559F17E853 439 Mon May 8 07:41:11 [email protected]
(connect to 172.25.254.134[172.25.254.134]:25: Connection refused)
[email protected]
-- 0 Kbytes in 1 Request
.
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52385
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.134.
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 1 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 07:46:06 EDT 2017
;; MSG SIZE rcvd: 103
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1##eht1配置网段为34
DEVICE=eth1
BOOTPROTO=none
IPADDR=172.25.34.134
PREFIX=24
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
将客户端ip改为与eth1同一网段,ifcconfig 172.25.34.234 netnask 255.255.255.0
在/etc/resolv.conf配置文件内改为 nameserver 172.25.34.134
[[email protected] named]# cp -p westos.com.zone westos.com.inter##复制一份格式,-p保存属性
[[email protected] named]# vim /etc/named.rfc1912.inter ##
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 };
58 view localnet{
59 match-clients { 172.25.254.0/24; };##公网
60 zone "." IN {
61 type hint;
62 file "named.ca";
63 };
64 include "/etc/named.rfc1912.zones";##指定读取文件
65 };
66
67 view internet{
68 match-clients { 172.25.34.0/24; };##私网
69 zone "." IN {
70 type hint;
71 file "named.ca";
72 };
73 include "/etc/named.rfc1912.inter";##指定读取文件
74 };
[[email protected] named]# vim westos.com.inter ##编辑私网A记录表格
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.34.134
www A 172.25.34.234
music CNAME music.a.westos.com.
music.a A 172.25.34.111
music.a A 172.25.34.222
westos.com. MX 1 172.25.34.134.
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 111162 7585/named
tcp 0 0 172.25.34.134:53 0.0.0.0:* LISTEN 25 111157 7585/named
tcp 0 0 172.25.254.134:53 0.0.0.0:* LISTEN 25 111155 7585/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 111153 7585/named
tcp6 0 0 ::1:953 :::* LISTEN 25 111163 7585/named
tcp6 0 0 ::1:53 :::* LISTEN 25 111159 7585/named
[[email protected] ~]# dig www.westos.com ##私网测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20996
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.34.234##
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.34.134
;; Query time: 1 msec
;; SERVER: 172.25.34.134#53(172.25.34.134)
;; WHEN: Mon May 08 10:41:58 EDT 2017
;; MSG SIZE rcvd: 93
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33691
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.234##
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 22:49:45 CST 2017
;; MSG SIZE rcvd: 93
4.反向解析,可以反向查看到解析结果,由ip访问到域名
[[email protected] named]# vim /etc/named.rfc1912.zones ##定义反向解析数据库
49 zone "254.25.172.in-addr.arpa" IN { //反向解析
50 type master;
51 file "westos.com.ptr";
52 allow-update { none; };
53 };
[[email protected] named]# cd /vatr/named/
[[email protected] named]# cp -p named.loopback westos.com.ptr[[email protected] named]# vim westos.com.ptr ##反向解析的A记录表格
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.134
111 PTR www.westos.com. ##
[[email protected] Desktop]$ dig -x 172.25.254.111 ##反向解析测试,由ip解析域名
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13091
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 23:28:58 CST 2017
;; MSG SIZE rcvd: 118
[[email protected] named]# cp -p westos.com.zone /mnt/ ##备份初始文件
[[email protected] named]# chmod 770 /var/named/ ##设置权限
[[email protected] named]# setsebool -P named_write_master_zones 1
[[email protected] named]# vim /etc/named.rfc1912.zones ##子配置文件,允许主机172.25.254更新
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { 172.25.254.234; };
29 };
[[email protected] ~]# ifconfig1
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.234 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:420a prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:42:0a txqueuelen 1000 (Ethernet)
RX packets 5346 bytes 306777 (299.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1037 bytes 116520 (113.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[[email protected] ~]# vim /etc/resolv.conf ##写入服务端
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.134
[[email protected] ~]# nsupdate ##在服务端更新
> server 172.25.254.134
> update add hello.westos.com 86400 A 172.25.254.222
> send
> quit
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43599
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.222##更新成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Mon May 08 22:40:30 EDT 2017
;; MSG SIZE rcvd: 95
[[email protected] ~]# nsupdate ##删除更新
> server 172.25.254.134
> update delete hello.westos.com
> send
> quit
[[email protected] named]# vim westos.com.zone ##更新后配置文件发生变化,这也是要提前备份的原因
$ORIGIN .
$TTL 86400 ; 1 day
westos.com IN SOA dns.westos.com. root.westos.com. (
2 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
MX 1 172.25.254.100.
$ORIGIN westos.com.
music.a A 172.25.254.111
A 172.25.254.222
dns A 172.25.254.134
music CNAME music.a
www A 172.25.254.234
[[email protected] named]# cp -p /mnt/westos.com.zone . ##将/mnt/中备份的文件复制到当前,恢复原配置文件
[[email protected] named]# vim westos.com.zone ##文件恢复完成
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.134
www A 172.25.254.234
music CNAME music.a.westos.com.
music.a A 172.25.254.111
music.a A 172.25.254.222
westos.com. MX 1 172.25.254.100.
[[email protected] mnt]# cat /etc/rndc.key ##key文件
key "rndc-key" {
algorithm hmac-md5;
secret "MbFunbHAwRM/BsszQQ6lrg==";
};
[[email protected] mnt]# dnssec-****** -a HMAC-MD5 -b 128 -n HOST westoskey ##生成要使用的key文件,第一次生成key文件时需要在虚拟机中键入内容
Kwestoskey.+157+41664
[[email protected] mnt]# cp -p /etc/rndc.key /etc/westos.key ##复制一个key配置文件格式
[[email protected] mnt]# ls
Kwestoskey.+157+41664.key Kwestoskey.+157+41664.private westos.com.zone
[[email protected] mnt]# cat Kwestoskey.+157+41664.private ##查看生成的key,复制将其写入westoskey文件
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: 7DuOjoxHjtNv2BusOYpCLw==
Bits: AAA=
Created: 20170509030315
Publish: 20170509030315
Activate: 20170509030315
[[email protected] mnt]# vim /etc/westos.key ##将生成的钥匙写入key配置文件
key "westoskey" {
algorithm hmac-md5;
secret "7DuOjoxHjtNv2BusOYpCLw==";
};
[[email protected] mnt]# vim /etc/named.rfc1912.zones ##进行dns数据库文件同步
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { key westoskey; };
29 };
43 include "/etc/westos.key";
The authenticity of host '172.25.254.234 (172.25.254.234)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.234' (ECDSA) to the list of known hosts.
[email protected]'s password:
Kwestoskey.+157+41664.key 100% 53 0.1KB/s 00:00
Kwestoskey.+157+41664.private 100% 165 0.2KB/s 00:00
> server 172.25.254.134
> update add hello.westos.com 86400 A 172.25.254.222
> send
> quit
[[email protected] mnt]# dig hello.westos.com##检测更新
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3033
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.222##更新成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 3 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Tue May 09 00:20:09 EDT 2017
;; MSG SIZE rcvd: 95
服务端
[[email protected] ~]# yum install bind.x86_64##安装服务
[[email protected] mnt]# vim /etc/dhcp/dhcpd.conf##改写配置文件,指定ip
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.134;
9
10 default-lease-time 600;
11 max-lease-time 7200;
12
13 # Use this to enble / disable dynamic dns updates globally.
14 ddns-update-style interim;
30 subnet 172.25.254.0 netmask 255.255.255.0 { ##网段,网关
31 range 172.25.254.50 172.25.254.70; ##ip地址
32 option routers 172.25.254.250;
33 }
34 key westoskey { ##将钥匙写入主配置文件
35 algorithm hmac-md5;
36 secret 7DuOjoxHjtNv2BusOYpCLw=;
37 };
38 zone westos.com. { ##指定key文件
39 primary 127.0.0.1;
40 key westoskey;
41 }
[[email protected] mnt]# vim westos.com.zone
59 view localnet {
60 match-clients { 172.25.254.0/24; 127.0.0.1; };##
61 zone "." IN {
62 type hint;
63 file "named.ca";
64 };
65 include "/etc/named.rfc1912.zones";
66 };
客户端
[[email protected] ~] hostnamectl set-hostname test.westos.com
[[email protected] ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.50 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:420a prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:42:0a txqueuelen 1000 (Ethernet)
RX packets 20762 bytes 1065807 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10142 bytes 739811 (722.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24781
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com. IN A
;; ANSWER SECTION:
test.westos.com. 300 IN A 172.25.254.50
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.134
;; Query time: 0 msec
;; SERVER: 172.25.254.134#53(172.25.254.134)
;; WHEN: Tue May 09 03:55:09 EDT 2017
;; MSG SIZE rcvd: 94