标签:interface server permanent start enable
###dns###
一.dns设定
1.首先搭建dns环境
主极端 定为server用户
yum install bind -y安装bind服务
systemctl enable named开机自启
systemctl start named启动服务
firewall-cmd --permanent --add-service=dns永久添加dns服务
firewall-cmd --reload
netstat -antulpe | grep named 查看服务端口
vim /etc/named.conf
options {
listen-on port 53 { any; };设定开放端口参数为any,对所有interface都开放
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };回答所有人的提问
dnssec-enable yes;
dnssec-validation no;改原有参数yes为no
dnssec-lookaside auto;
systemctl restart named重启服务
客户端 定为desktop用户
vim /etc/resolv.conf
添加:
nameserver 172.25.254.2
systemctl restart network
2.正向解析(将域名解析为ip)
cd /var/named
cp -p named.localhost westos.com.zone
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.10
[root@server-dns ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
@表示的时zone,如果此处不加表示自动补充域名
[root@server-dns ~]# systemctl restart named重启服务
3.反向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.comNaNr";
allow-update { none; };
};
[root@server-dns ~]# cd /var/named/
[root@server-dns named]# ls
data linux.com.zone named.empty named.loopback westos.com.zone
dynamic named.ca named.localhost slaves
[root@server-dns named]# cp -p named.loopback westos.comNaNr
[root@server-dns named]# ls
data linux.com.zone named.empty named.loopback westos.comNaNr
dynamic named.ca named.localhost slaves westos.com.zone
[root@server-dns named]# vim westos.comNaNr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
A 172.25.254.2
2 PTR www.westos.com.
10 PTR www.hello.com.
[root@server-dns named]# systemctl restart named
[root@server-dns named]# dig -x 172.25.254.10
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53718
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
10.254.25.172.in-addr.arpa. 86400 INPTRwww.hello.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.2
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:03:43 EST 2016
;; MSG SIZE rcvd: 123
4.双向解析
[root@server-dns ~]# cd /var/named/
[root@server-dns named]# cp -p westos.com.zone westos.com.inter
[root@server-dns named]# vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.0.2
www A 172.25.0.10
www A 172.25.0.11
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.0.2
~
[root@server-dns ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
[root@server-dns ~]# vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
[root@server-dns ~]# vim /etc/named.conf
/* 注释
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/ 注释
view localnet {
match-clients {172.25.254.2;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};##添加内网客户端
view internet {
match-clients {any;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones.inter"
};##添加外网客户端
[root@server-dns named]# dig bbs.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> bbs.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22651
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.westos.com.INA
;; ANSWER SECTION:
bbs.westos.com.86400INCNAMEwww.westos.com.
www.westos.com.86400INA172.25.0.11
www.westos.com.86400INA172.25.0.10
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:22:05 EST 2016
;; MSG SIZE rcvd: 127
[root@server-dns named]# dig -x 172.25.254.2
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65404
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
2.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:21:03 EST 2016
;; MSG SIZE rcvd: 116
每次编辑named相关文件都要重启服务
systemctl restart named
二.DNS集群部署
1.辅助dns环境的搭建
[root@client-dns ~]# yum install bind -y
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
[root@client-dns ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation no;
dnssec-lookaside auto;
[root@client-dns ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters {172.25.254.2;};
file "slaves/westos.com.zone";
allow-update { none; };
};
[root@client-dns ~]# vim /etc/resolv.conf
nameserver 172.25.254.2
[root@client-dns ~]# systemctl restart named
[root@client-dns ~]# systemctl stop firewalld.service
2.主dns环境搭建
[root@server-dns named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
allow-transfr { 172.25.254.1; };
};
[root@server-dns named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.10
www A 172.25.254.11
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.254.2.
~
在辅助DNS里
[root@client-dns ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26526
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.0.11
www.westos.com.86400INA172.25.0.10
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 172.25.254.2#53(172.25.254.2)
;; WHEN: Wed Dec 07 08:02:42 EST 2016
;; MSG SIZE rcvd: 109
辅助dns自动获取主dns数据
[root@server-dns named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.1; };
allow-transfer { 172.25.254.1; };
also-notify { 172.25.254.1; };
};
[root@server-dns named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
2016120701 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.19
www A 172.25.254.15
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.254.2.
辅助dns
[root@client-dns ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40888
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.0.19
www.westos.com.86400INA172.25.0.15
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 2 msec
;; SERVER: 172.25.254.2#53(172.25.254.2)
;; WHEN: Wed Dec 07 08:25:14 EST 2016
;; MSG SIZE rcvd: 109
远程修改DNS服务
主dns
[root@server-dns named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 17.25.254.1; };
allow-transfer { 172.25.254.1; };
also-notify { 172.25.254.1; };
};
[root@server-dns named]# chmod 770 /var/named/
[root@server-dns named]# setenforce 0
[root@server-dns named]# cp -p westos.com.zone /mnt/
[root@server-dns named]# systemctl restart named
辅助dns
[root@client-dns ~]# nsupdate
> server 172.25.254.2
> update delete www.westos.com
> send
> quit
主dns上dig www.westos.com
[root@server-dns named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36467
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
辅助dns上
[root@client-dns ~]# nsupdate
> server 172.25.254.1
> update add www.hello.com 86400 A 172.25.254.2
> send
> quit
主dns上可以dig到
此时/var/named/ 生成了westos.com.zone.jnl
rm -fr westos.com.zone.jnl
cp -p /mnt/westos.com.zone .
重启named
密钥远程修改dns服务
[root@server-dns mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+21093
-a 选择生成密钥文件的算法,这里文件用的
-b 指定密钥中的字节数
-n 指定密钥文件的所有者类型
[root@server-dns mnt]# ls
Kwestos.+157+21093.key Kwestos.+157+21093.private westos.com.zone
[root@server-dns mnt]# cat Kwestos.+157+21093.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: Myy/LN4Ko4lon2JzPFHRdg==
Bits: AAA=
Created: 20161207165114
Publish: 20161207165114
Activate: 20161207165114
[root@server-dns mnt]# cat Kwestos.+157+21093.key
westos. IN KEY 512 3 157 Myy/LN4Ko4lon2JzPFHRdg==
[root@server-dns mnt]# vim /etc/westos.key
[root@server-dns mnt]# cat /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "Myy/LN4Ko4lon2JzPFHRdg==";
};
[root@server-dns mnt]# systemctl restart named
43 include "/etc/westos.key"
[root@server-dns mnt]# ls
Kwestos.+157+21093.key Kwestos.+157+21093.private westos.com.zone
[root@server-dns mnt]# scp Kwestos.+157+21093.* root@172.25.254.1
[root@server-dns mnt]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify { 172.25.254.1; };
};
[root@server-dns mnt]# systemctl restart named
在辅助dns端
[root@client-dns ~]# nsupdate -k /mnt/Kwestos.+157+21093.private
> server 172.25.254.2
> update add www.hello.com 86400 A 172.25.254.10
> send
> quit
dhcp服务自动配置dns服务(ddns)
“花生壳”
主dns
[root@server-dns ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[root@server-dns ~]# /etc/dhcp/dhcpd.conf
[root@server-dns ~]# systemctl restart named
辅助dns
[root@client-dns ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
IPADDR=172.25.254.1
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
[root@client-dns ~]# systemctl restart network
[root@client-dns ~]# vim /etc/resolv.conf
nameserver 172.25.254.2
本文出自 “12288655” 博客,谢绝转载!
标签:interface server permanent start enable
原文地址:http://12298655.blog.51cto.com/12288655/1880597
