############更改default.target的链接源为reboot.target############
reboot.target ##init6
修复方法:
rm -fr /etc/systemd/system/default.target
ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
####################
[root@localhost ~]# cd /etc/systemd/system/
[root@localhost system]# ll default.target
lrwxrwxrwx. 1 root root 40 Jul 10 2014 default.target -> /usr/lib/systemd/system/graphical.target
[root@localhost system]# rm -fr default.target
[root@localhost system]# ln -s /usr/lib/systemd/system/reboot.target /etc/systemd/system/default.target
[root@localhost system]# reboot
>重启后,系统在加载过程中提示以下信息
[ 4.853749] systemd[1]: Successfully loaded SELinux policy in 259.768ms.
[ 4.937647] systemd[1]: Relabelled /dev and /run in 21.891ms.
[ 65.190274] systemd[1]: Job systemd-readahead-done.timer/start deleted to break ordering cycle starting with reboot.target/stop
>然后重新启动,一直循环下去
>Force Off虚拟机,然后再次开启
>在系统选择界面按"上/下"键中止启动,选中第一个标题,按"e"键
--------------------------------------------------
方法1:
将倒数第二行从"ro"开始至行尾全部删除,更改为:
rw rd.break ##"rd.break"作用是打断初始化进程
方法2:
将倒数第二行从"root="开始至行尾全部删除,更改为:
root=/dev/vda1 rw rd.break
--------------------------------------------------
>按"ctrl+x"启动设定
switch_root:/# chroot /sysroot/
sh-4.2# rm -fr /etc/systemd/system/default.target
sh-4.2# ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
sh-4.2# exit
exit
switch_root:/#exit
系统继续启动进入图形登陆界面
系统恢复正常!!!
####################
############更改default.target的链接源为poweroff.target############
poweroff.target ##init0
修复方法:
rm -fr /etc/systemd/system/default.target
ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
####################
[root@localhost ~]# cd /etc/systemd/system/
[root@localhost system]# ll default.target
lrwxrwxrwx. 1 root root 40 Nov 23 20:53 default.target -> /usr/lib/systemd/system/graphical.target
[root@localhost system]# rm -fr default.target
[root@localhost system]# ln -s /usr/lib/systemd/system/poweroff.target /etc/systemd/system/default.target
[root@localhost system]# reboot
>重启后,系统在加载过程中提示以下信息
[ 4.254761] systemd[1]: Successfully loaded SELinux policy in 262.500ms.
[ 4.332879] systemd[1]: Relabelled /dev and /run in 31.580ms.
[ 64.585223] systemd[1]: Breaking ordering cycle by deleting job systemd-readahead-done.timer/start
[ 124.594733] systemd[1]: Job systemd-readahead-done.timer/start deleted to break ordering cycle starting with poweroff.target/stop
>然后系统关机
>Force Off虚拟机,然后再次开启
>在系统选择界面按"上/下"键中止启动,选中第一个标题,按"e"键
--------------------------------------------------
方法1:
将倒数第二行从"ro"开始至行尾全部删除,更改为:
rw rd.break ##"rd.break"作用是打断初始化进程
方法2:
将倒数第二行从"root="开始至行尾全部删除,更改为:
root=/dev/vda1 rw rd.break
--------------------------------------------------
>按"ctrl+x"启动设定
switch_root:/# chroot /sysroot/
sh-4.2# rm -fr /etc/systemd/system/default.target
sh-4.2# ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
sh-4.2# exit
exit
switch_root:/#exit
系统继续启动进入图形登陆界面
系统恢复正常!!!
####################
####################修改密码####################
修复方法:
chroot /sysroot/
passwd
touch /.autorelabel
chroot /mnt/sysimage
passwd
####################
[root@localhost ~]# reboot
>在系统选择界面按"上/下"键中止启动,选中第一个标题,按"e"键
--------------------------------------------------
方法1:
将倒数第二行从"ro"开始至行尾全部删除,更改为:
rw rd.break ##"rd.break"作用是打断初始化进程
方法2:
将倒数第二行从"root="开始至行尾全部删除,更改为:
root=/dev/vda1 rw rd.break
--------------------------------------------------
>按"ctrl+x"启动设定
switch_root:/# chroot /sysroot/
sh-4.2# whoami
root
sh-4.2# passwd
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.2# touch /.autorelabel ##让selinux重新检测
##缺少了这一步,进不去图形
##即使关闭了selinux,这一步也要写。否则一旦再次打开selinux并重启,还是进不去图形
sh-4.2# exit
exit
switch_root:/#exit
系统继续启动进入图形登陆界面
>如果之前没有关闭selinux,这里会启动的比较慢。因为要等待一个100%的进度,然后再次重启
系统恢复正常!!!
注意:进入挽救模式也可以修改密码,但是需要pxe或者光盘,不方便
####################
####################删除/bin/bash####################
修复方法:
cp /bin/bash /sysroot/bin/
chroot /sysroot/
touch /.autorelabel
chroot /mnt/sysimage
cp /bin/bash /mnt/sysimage/bin/
####################
[root@localhost ~]# rm -fr /bin/bash
[root@localhost ~]# reboot
>重启后,系统在加载过程中出现很多[FAILED],然后卡住不动
>Force Off虚拟机,然后再次开启
>在系统选择界面按"上/下"键中止启动,选中第一个标题,按"e"键
--------------------------------------------------
方法1:
将倒数第二行从"ro"开始至行尾全部删除,更改为:
rw rd.break ##"rd.break"作用是打断初始化进程
方法2:
将倒数第二行从"root="开始至行尾全部删除,更改为:
root=/dev/vda1 rw rd.break
--------------------------------------------------
>按"ctrl+x"启动设定
switch_root:/# chroot /sysroot/
chroot: failed to run command ‘/bin/sh‘: No such file or directory
switch_root:/# ls /bin/bash
/bin/bash
switch_root:/# ls /sysroot/bin/bash
ls: cannot access /sysroot/bin/bash: No such file or directory
switch_root:/# cp /bin/bash /sysroot/bin/
switch_root:/# ls /sysroot/bin/bash
/sysroot/bin/bash
switch_root:/# chroot /sysroot/
sh-4.2# touch /.autorelabel ##让selinux重新检测
##缺少了这一步,进不去图形
##即使关闭了selinux,这一步也要写。否则一旦再次打开selinux并重启,还是进不去图形
sh-4.2# exit
exit
switch_root:/# exit
系统继续启动进入图形登陆界面
>如果之前没有关闭selinux,这里会启动的比较慢。因为要等待一个100%的进度,然后再次重启
系统恢复正常!!!
注意:进入挽救模式也可以修复,但是需要pxe或者光盘,不方便
####################
####################
##### DNS #####
####################
####################1.DNS高速缓存####################
dig命令用于检测dns,能否回答你的问题
[root@foundation50 Desktop]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12257 ##NOERROR表示查询成功
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 760 IN CNAME www.a.shifen.com.
www.a.shifen.com. 269 IN A 61.135.169.125
www.a.shifen.com. 269 IN A 61.135.169.121
;; Query time: 1006 msec ##响应时间
;; SERVER: 221.11.1.67#53(221.11.1.67) ##DNS服务器的IP地址和端口号
;; WHEN: Thu Nov 24 14:47:35 CST 2016
;; MSG SIZE rcvd: 101
真机的配置:
yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewalld
vim /etc/named.conf
--------------------------------------------------
11 listen-on port 53 { any; };
17 allow-query { any; };
18 forwarders { 221.11.1.67; };
32 dnssec-validation no;
:wq
--------------------------------------------------
systemctl restart named
[root@dns-server ~]# yum install bind -y
......
[root@dns-server ~]# systemctl status named
named.service - Berkeley Internet Name Domain (DNS) ##伯克利分校
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
Active: inactive (dead)
[root@dns-server ~]# systemctl enable named
ln -s ‘/usr/lib/systemd/system/named.service‘ ‘/etc/systemd/system/multi-user.target.wants/named.service‘
[root@dns-server ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@dns-server ~]# cat /etc/bind.key
cat: /etc/bind.key: No such file or directory
[root@dns-server ~]# systemctl start named
##注意此服务第一次启动的时候,需要摇摇鼠标或者敲敲键盘,否则命令行就会一直停留在等待状态
--------------------------------------------------
这里涉及到密码产生的机制:
cat /dev/random
>每当摇动鼠标或者敲击键盘时,命令行都会产生额外的输出,这就是随机数的产生
>当/dev/random不能产生新的随机数时就会阻塞程序
--------------------------------------------------
[root@dns-server ~]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "nPK+d7fPFBw+EXM1Rz4zCg==";
};
[root@dns-server ~]# firewall-cmd --permanent --add-service=dns
success
[root@dns-server ~]# firewall-cmd --reload
success
[root@client ~]# vim /etc/resolv.conf
--------------------------------------------------
4 nameserver 172.25.50.200
:wq
--------------------------------------------------
[root@client ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@dns-server ~]# netstat --help
--------------------------------------------------
-a, --all display all sockets (default: connected) ##所有
-n, --numeric don‘t resolve names ##不解析
-l, --listening display listening server sockets ##正在被监听
-p, --programs display PID/Program name for sockets ##进程名字
-e, --extend display other/more information ##扩展信息
<Socket>={-t|--tcp} {-u|--udp}
--------------------------------------------------
[root@dns-server ~]# netstat -antulpe | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 73918 31073/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 73911 31073/named
tcp6 0 0 ::1:953 :::* LISTEN 25 73919 31073/named
tcp6 0 0 ::1:53 :::* LISTEN 25 73913 31073/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 25 73910 31073/named
udp6 0 0 ::1:53 :::* 25 73912 31073/named
##只开放了环回地址的53端口
[root@dns-server ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@dns-server ~]# vim /etc/named.conf
--------------------------------------------------
11 listen-on port 53 { any; }; ##表示所有interface都开放53端口
:wq
--------------------------------------------------
[root@dns-server ~]# systemctl restart named
[root@dns-server ~]# netstat -antulpe | grep named | grep 172.25.50.200
tcp 0 0 172.25.50.200:53 0.0.0.0:* LISTEN 25 96283 741/named
udp 0 0 172.25.50.200:53 0.0.0.0:* 25 96282 741/named
##开放了eth0上172.25.50.200的53端口
[root@client ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 8190 ##REFUSED表示拒绝
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 2 msec
;; SERVER: 172.25.50.200#53(172.25.50.200) ##DNS服务器是dns-server
;; WHEN: Thu Nov 24 04:09:31 EST 2016
;; MSG SIZE rcvd: 42
[root@dns-server ~]# vim /etc/named.conf
--------------------------------------------------
17 allow-query { any; }; ##表示回答所有人的问题
:wq
--------------------------------------------------
[root@dns-server ~]# systemctl restart named
[root@client ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35504 ##SERVFAIL表示不知道
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; Query time: 2 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 04:15:30 EST 2016
;; MSG SIZE rcvd: 42
[root@dns-server ~]# vim /etc/named.conf
--------------------------------------------------
18 forwarders { 172.25.50.250; }; ##表示缓存谁的答案
32 dnssec-validation no; ##非权威,内部测试用
:wq
--------------------------------------------------
[root@dns-server ~]# systemctl restart named
[root@client ~]# dig www.firefox.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.firefox.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36167 ##NOERROR表示查询成功
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 16
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.firefox.com. IN A
;; ANSWER SECTION:
www.firefox.com. 242 IN CNAME firefox.com.
firefox.com. 60 IN A 63.245.213.24
;; AUTHORITY SECTION:
com. 172657 IN NS g.gtld-servers.net.
com. 172657 IN NS l.gtld-servers.net.
com. 172657 IN NS h.gtld-servers.net.
com. 172657 IN NS c.gtld-servers.net.
com. 172657 IN NS e.gtld-servers.net.
com. 172657 IN NS i.gtld-servers.net.
com. 172657 IN NS k.gtld-servers.net.
com. 172657 IN NS a.gtld-servers.net.
com. 172657 IN NS j.gtld-servers.net.
com. 172657 IN NS f.gtld-servers.net.
com. 172657 IN NS b.gtld-servers.net.
com. 172657 IN NS m.gtld-servers.net.
com. 172657 IN NS d.gtld-servers.net.
;; ADDITIONAL SECTION:
a.gtld-servers.net. 32653 IN A 192.5.6.30
a.gtld-servers.net. 32653 IN AAAA 2001:503:a83e::2:30
h.gtld-servers.net. 67767 IN A 192.54.112.30
f.gtld-servers.net. 79561 IN A 192.35.51.30
b.gtld-servers.net. 34019 IN A 192.33.14.30
b.gtld-servers.net. 77812 IN AAAA 2001:503:231d::2:30
d.gtld-servers.net. 78716 IN A 192.31.80.30
m.gtld-servers.net. 74109 IN A 192.55.83.30
i.gtld-servers.net. 67562 IN A 192.43.172.30
e.gtld-servers.net. 75957 IN A 192.12.94.30
g.gtld-servers.net. 31250 IN A 192.42.93.30
j.gtld-servers.net. 78708 IN A 192.48.79.30
l.gtld-servers.net. 78658 IN A 192.41.162.30
c.gtld-servers.net. 74833 IN A 192.26.92.30
k.gtld-servers.net. 67562 IN A 192.52.178.30
;; Query time: 150 msec
;; SERVER: 172.25.50.200#53(172.25.50.200) ##DNS服务器是dns-server
;; WHEN: Thu Nov 24 04:42:36 EST 2016
;; MSG SIZE rcvd: 562
[root@client ~]# dig www.firefox.com | grep "Query time"
;; Query time: 1 msec ##响应时间1秒,实现高速缓存
####################2.DNS附加内容####################
CNAME 别名,比如www.a.shifen.com.至www.baidu.com.
PTR 反向解析
MX 域里面的邮件服务器
NS nameserver
SOA 授权起始,dns区域的管理信息
QUESTION ##提出实际的DNS查询
ANSWER ##响应(如果有)
AUTHORITY ##负责域/区域的名称服务器
ADDITIONAL ##提供的其他信息,通常是关于名称服务器
. ##根域名,全世界一共13台根域名服务器
.com .net .edu .cn .org等 ##顶级域名或者一级域名
=====域名解析=====
[root@dns-server named]# vim /etc/named.conf
--------------------------------------------------
/发现
56 include "/etc/named.rfc1912.zones";
--------------------------------------------------
[root@dns-server ~]# vim /etc/named.rfc1912.zones
--------------------------------------------------
/19行按下"y6y",24行按下"p",修改25行和27行
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 };
:wq
--------------------------------------------------
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# ll
total 16
drwxrwx---. 2 named named 22 Nov 24 02:58 data
drwxrwx---. 2 named named 58 Nov 24 21:08 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
[root@dns-server named]# cp -p named.localhost westos.com.zone
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
1 $TTL 1D ##"1D"表示一天
2 @ IN SOA dns.westos.com. root.westos.com. ( ##@表示域名(即westos.com)
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.50.200
10 www A 172.25.50.201
:wq
--------------------------------------------------
##以上的域名必须以"."来结尾,否则就默认加上".westos.com"后缀
##第二行的"root.westos.com."是给打开这个文件的人看的。可以不改,保留为原来的"rname.invalid."
[root@dns-server named]# systemctl restart named
>如果出现以下提示:
Job for named.service failed. See ‘systemctl status named.service‘ and ‘journalctl -xn‘ for details.
使用以下命令排查:
> /var/log/messages
systemctl restart named
cat /var/log/messages
[root@client ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4229
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.50.201 ##地址解析成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 23:25:03 EST 2016
;; MSG SIZE rcvd: 93
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
/添加
11 www A 172.25.50.202
:wq
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@client ~]# dig www.westos.com | grep www.westos.com.
;www.westos.com. IN A
www.westos.com. 86400 IN A 172.25.50.201
www.westos.com. 86400 IN A 172.25.50.202
[root@client ~]# dig www.westos.com | grep www.westos.com.
;www.westos.com. IN A
www.westos.com. 86400 IN A 172.25.50.202
www.westos.com. 86400 IN A 172.25.50.201
##一个域名对应两个IP地址,解析的时候就会以轮巡的方式解析
=====CNAME解析=====
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
/添加
12 bbs CNAME www.westos.com.
:wq
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@client ~]# dig bbs.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> bbs.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23454
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.westos.com. IN A
;; ANSWER SECTION:
bbs.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.50.202
www.westos.com. 86400 IN A 172.25.50.201 ##先别名解析,后地址解析
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 23:28:47 EST 2016
;; MSG SIZE rcvd: 127
=====MX解析=====
[root@foundation50 Desktop]# dig -t mx qq.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t mx qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39196
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qq.com. IN MX
;; ANSWER SECTION:
qq.com. 5415 IN MX 30 mx1.qq.com.
qq.com. 5415 IN MX 10 mx3.qq.com.
qq.com. 5415 IN MX 20 mx2.qq.com.
;; Query time: 260 msec
;; SERVER: 221.11.1.67#53(221.11.1.67)
;; WHEN: Fri Nov 25 11:49:21 CST 2016
;; MSG SIZE rcvd: 95
[root@client ~]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36424
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; AUTHORITY SECTION:
westos.com. 10800 IN SOA dns.westos.com. root.westos.com. 0 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 23:29:45 EST 2016
;; MSG SIZE rcvd: 84
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
/添加
13 westos.com. MX 1 172.25.50.200.
:wq
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@client ~]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1672
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.50.200. ##解析成功
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Thu Nov 24 23:30:25 EST 2016
;; MSG SIZE rcvd: 102
[root@client ~]# mail root@westos.com
Subject: 111
222
EOT
[root@client ~]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
92C6F17E864 430 Thu Nov 24 23:32:34 root@client.example.com
(connect to 172.25.50.200[172.25.50.200]:25: No route to host)
root@westos.com
-- 0 Kbytes in 1 Request.
##未发送成功,邮件传输之后会讲
=====反向解析=====
反向解析和正向解析没有一毛钱关系
[root@client ~]# dig -x 172.25.254.200
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5704 ##不存在此名称
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;200.254.25.172.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
25.172.in-addr.arpa. 86400 IN SOA 25.172.in-addr.arpa. . 0 28800 7200 604800 86400
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 01:30:13 EST 2016
;; MSG SIZE rcvd: 91
[root@dns-server named]# vim /etc/named.rfc1912.zones
--------------------------------------------------
/25行按下"y6y",42行按下"p",修改43行和45行
43 zone "254.25.172.in-addr.arpa" IN {
44 type master;
45 file "westos.com.ptr";
46 allow-update { none; };
47 };
:wq
--------------------------------------------------
[root@dns-server named]# cp -p named.localhost westos.com.ptr
[root@dns-server named]# vim westos.com.zone
--------------------------------------------------
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. ( ##"@"表示254.25.172
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 A 172.25.254.200
10 222 PTR www.westos.com.
11 200 PTR www.hello.com.
:wq
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@client ~]# dig -x 172.25.254.200
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;200.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
200.254.25.172.in-addr.arpa. 86400 IN PTR www.hello.com. ##反向解析成功
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 2 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 01:45:54 EST 2016
;; MSG SIZE rcvd: 124
[root@client ~]# dig -x 172.25.254.222
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40119
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
222.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com. ##反向解析成功
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 2 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 01:51:26 EST 2016
;; MSG SIZE rcvd: 118
=====双向解析=====
[root@dns-server named]# cp -p westos.com.zone westos.com.inter
[root@dns-server named]# vim westos.com.inter
--------------------------------------------------
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.0.200
10 www A 172.25.0.201
11 www A 172.25.0.202
12 bbs CNAME www.westos.com.
13 westos.com. MX 1 172.25.0.200.
:wq
--------------------------------------------------
[root@dns-server named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
[root@dns-server named]# vim /etc/named.rfc1912.zones.inter
--------------------------------------------------
27 file "westos.com.inter";
:wq
--------------------------------------------------
[root@dns-server named]# man 5 named.conf
--------------------------------------------------
VIEW
view string optional_class {
match-clients { address_match_element; ... };
--------------------------------------------------
/复制
[root@dns-server named]# vim /etc/named.conf
--------------------------------------------------
50 /*zone "." IN {
51 type hint;
52 file "named.ca";
53 };
54
55 include "/etc/named.rfc1912.zones";
56 include "/etc/named.root.key";
57 */
58 view localnet {
59 match-clients { 172.25.50.100/32; };
60 zone "." IN {
61 type hint;
62 file "named.ca";
63 };
64
65 include "/etc/named.rfc1912.zones";
66 };
67
68 view internet {
69 match-clients { any; };
70 zone "." IN {
71 type hint;
72 file "named.ca";
73 };
74
75 include "/etc/named.rfc1912.zones.inter";
76 };
--------------------------------------------------
[root@dns-server named]# systemctl restart named
[root@dns-server named]# vim /etc/resolv.conf
--------------------------------------------------
4 nameserver 172.25.50.200
:wq
--------------------------------------------------
[root@dns-server named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8562
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.0.202
www.westos.com. 86400 IN A 172.25.0.201 ##第三位是0
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.0.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 02:15:32 EST 2016
;; MSG SIZE rcvd: 109
[root@client ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60150
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.50.202
www.westos.com. 86400 IN A 172.25.50.201 ##第三位是50
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.50.200
;; Query time: 1 msec
;; SERVER: 172.25.50.200#53(172.25.50.200)
;; WHEN: Fri Nov 25 02:14:09 EST 2016
;; MSG SIZE rcvd: 109
本文出自 “施超Linux学习笔记” 博客,谢绝转载!
原文地址:http://shichao.blog.51cto.com/5804953/1876612