linux 中的DNS服务

DNS（DomainNameSystem，域名系统），因特网上作为域名和IP地址相互映射的一个分布式数据库，能够使用户更方便的访问互联网，而不用去记住能够被机器直接读取的IP数串。通过主机名，最终得到该主机名对应的IP地址的过程叫做域名解析（或主机名解析）。DNS协议运行在UDP协议之上，使用端口号53。

1、安装部署

yuminstall bind -y

systemctlstart named

ssytemctlenable named

systemctlstop firewalld ---为了方便下面的实验，提前关闭防火墙

主配置文件/etc/named.conf

子配置文件/etc/name.rfc1912.zones

数据目录/var/named

2、高速缓存文件配置

vim/etc/named.conf

11listen-on port 53 {any;}; ---开放网卡端口

17allow-query {any;}; ---允许所有查询

18forwarders {172.25.254.250;}; ---自己不知道问别人

systemctlrestart named

测试：

客户机

vim/etc/resolve.conf

nameserver172.25.254.100 ---修改为测试主机的IP

3、权威DNS的正向解析

(1)vim/etc/named.rfc1912.zones

zone"xinhao.com" IN {

typemaster;

file"xinhao.com.zone";

allow-update{none;};

};

(2)cd/var/named

(3)cp-p named.localhost xinhao.com.zone

(4)vimxinhao.com.zone

$TTL1D

@ IN SOA dns.xinhao.com. root.xinhao.com. ( [email protected]代表域中的内容

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H) ; minimum

NS dns.xinhao.com.

dns A 172.25.254.239

www A 172.25.254.39

(5)systemctlrestart named

(6)vim/etc/resolve.conf

nameserver172.25.254.239

测试：

digwww.xinhao.com

4、反向解析

(1)vim/etc/named.rfc1912.zones

zone"254.25.172.in-addr.arpa" IN {

typemaster;

file"xinhao.com.ptr";

allow-update{none;};

};

(2)cd/var/named

(3)cp-p named.loopback xinhao.com.ptr

(4)vimxinhao.com.ptr

$TTL1D

@ IN SOA dns.xinhao.com. root.xinhao.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H) ; minimum

NS dns.xinhao.com.

dns A 172.25.254.239

239 PTR www.xinhao.com.

(5)systemctlrestart named

测试：

dig-x 172.25.254.239

5、双向解析

(1)vim/etc/named.conf

修改为:

viewlocalnet {

match-clients{172.25.254.239;}; ---对内网解析

zone"." IN {

typehint;

file"named.ca";

};

include"/etc/named.rfc1912.zones";

include"/etc/named.root.key";

};

viewany { ---对外网解析

match-clients{any;};

zone"." IN {

typehint;

file"named.ca";

};

include"/etc/named.rfc1912.zones.inter";

include"/etc/named.root.key";

};

(2)cp-p /var/named/xinhao.com.zone /var/named/xinhao.com.inter

vim/var/named/xinhao.com.inter

$TTL1D

@ IN SOA dns.xinhao.com. root.xinhao.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H) ; minimum

NS dns.xinhao.com.

dns A 172.25.254.239

www A 82.243.253.61

(3)cp-p /etc/named/named.rfc1912.zones/etc/named/named.rfc1912.zones.inter

zone"xinhao.com" IN {

typemaster;

file"xinhao.com.inter";

allow-update{ none; };

};

(4)systemctlrestart named

测试：在两台电脑分别测试

6、辅助DNS

主DNS的设定：

(1)vim/etc/named.rfc1912.zones.inter

zone"xinhao.com" IN {

typemaster;

file"xinhao.com.inter";

allow-update{none;};

also-notify{172.25.254.139;}; ---允许139主机同步

};

(2)systemctlrestart named

每次更改A记录文件后必须更改serial的数值

辅助DNS设定：

(1)vim/etc/named.conf

11listen-on port 53 {any;}; ---开放网卡端口

17allow-query {any;}; ---允许所有查询

(2)vim/etc/named.rfc1912.zones

zone"xinhao.com" IN {

typeslave;

masters{172.25.254.239}；---同步239主机

file"slaves/xinhao.com.inter";

allow-update{none;};

};

(3)systemctlrestart named

测试：

主机：

vim/etc/reslove.conf

nameserver172.25.254.139

digwww.xinhao.com

辅助：

vim/etc/reslove.conf

nameserver172.25.254.239

digwww.xinhao.com

没有更改时

更改后

7、DNS的远程更新（基于IP）

在239主机上：

(1)chmodg+w /var/named

(2)vim/etc/named.rfc1912.zones.inter

zone"xinhao.com" IN {

typemaster;

file"xinhao.com.zone";

allow-update{172.25.254.139;};

also-notify{172.25.254.139;}; ---允许139主机同步

};

(3)systemctlrestart named

测试：

在139辅助机上：

(1)nsupdate

server172.25.254.239

updateadd bbs.xinhao.com 86400 A 1.1.1.1 ---添加

send

nsupdate

server172.25.254.239

updatedelete bbs.xinhao.com ---删除

send

8、DNS（基于KEY）

(1)cp/etc/rndc.key /etc/xxx.key -p

(2)dnssec-******-a HMAC-MD5 -b 128 -n HOST xxx

(3)vimKxxx.xxx.key

复制钥匙

(4)vim/etc/xxx.key

替换钥匙，名称

(5)vim/etc/named.conf

include"/etc/xxx.key";

logging{

(6)vim/etc/named.rfc1912.zones.inter

zone"xinhao.com" IN {

typemaster;

file"xinhao.com.inter";

allow-update{key xxx;};

also-notify{172.25.254.139;};

};

测试

scpKxxx.157+58934.* [email protected]:/mnt/

nsupdate-k Kxinhao.157+58934.private

9、动态域名解析（ddns）

主机上

(1)yuminstall dhcp -y

(2)cpcp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.con

(3)vim/etc/dhcp/dhcpd.conf

optiondomain-name "xinhao.com";

optiondomain-name-servers 172.25.50.10;

ddns-update-stylenone;

subnet172.25.50.0 netmask 255.255.255.0 {

range172.25.50.12 172.25.50.20;

optionrouters 172.25.50.10;

}

key"xinhao" {

algorithmhmac-md5;

secret"g9wXV1pMUWYPliyC8f4zXA==";

};

zonexinhao.com. {

primary172;

keyxinhao;

}

(4)vim/etc/named.rfc1912.zones

zone"xinhao.com" IN {

typemaster;

file"xinhao.com.zone";

allow-update{ key xinhao; };

};

(5)hostnamectlset-hostname www.xinhao.com

辅助机上：

设置网络为DHCP模式

systemctlrestart network

digwww.xinhao.com