LINUX DNS

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LINUX DNS相关的知识,希望对你有一定的参考价值。

######DNS######

 

linuxdns服务器分为三类:

1.缓存域名服务器,也叫高速缓存服务器。无负责解析的区域,只是缓存域名查询的结果到本地,提高客户访问时的速度。

2.主域名服务器,负责解析一个或多个区域,也可以起到缓存域名服务器的作用。

3.从域名服务器,主域名服务器的备份,所有的数据来源于主域名服务器。

 

A记录:说明一个域名对应的ip是多少

NS记录:说明区域内那些服务器负责解析。

SOA记录:说明负责解析的服务器哪一个时主服务器。

MX记录:邮件交换记录。

PTR记录:A记录的逆向记录。

CNAME记录:别名记录。

 

(1) SOA资源记录

每个数据库文件按的开始处都包含了一个起始授权记录(Start of Authority

Record),简称SOA记录。SOA定义了域的全局参数,进行整个域的管 理设置。一个

区域文件只允许存在唯一的SOA记录。

(2) NS资源记录

名称服务器(NS)资源记录表示该区的授权服务器,它 们表示SOA资源记录中指定

的该区的主和辅助服务器,也表示了任何授权区的服务器。每个区在区根处至 少包含

一个NS记录。

(3) A资源记录

地址(A)资源记录把FQDN映射到IP地址,因而解析器能查询FQDN对应的IP地址。

(4) PTR资源记录

相对于A资源记录,指针(PTR)记录把IP地址映射到FQDN

(5) CNAME资源记录

规范名字(CNAME)资源记录创建特定FQDN的别名。用户可以通过定义的CANME

记录中的别名来访问

(6) MX资源记录

邮件交换(MX)资源记录为DNS域名指定邮件交换服务器。邮件交换服务器是为

DNS域名处理或转发邮件的主机。处理邮 件指把邮件投递到目的地或转交另一不同类

型的邮件传送者。转发邮件指把邮件发送到最终目的服务器。

(7) 泛域名解析记录

除了在数据库文件中定义的资源记录以为,其他的所有域名都可以被DNS所解析出

来。

 

 

 

客户端(ip172.25.254.228:

       [[email protected] ~]# vim /etc/resolv.conf

       nameserver 172.25.254.128

 

server(ip:172.25.254.128)

###配置nds正向解析###

 

1.安装软件。

[[email protected] named]# yum install bind -y

[[email protected] named]# systemctl stop firewalld

firewall-cmd --permanent --add-service=dns      ###添加dns服务到火墙

  firewall-cmd --reload

 

[[email protected] named]# systemctl start named

 

(注意:执行此命令时,因生成加密字符,需在server主机里面点一下才能启动)

[[email protected] named]# cat /dev/random

@gFM~?

S(u

[[email protected] named]# ll /etc/rndc.key

-rw-r-----. 1 root named 77 Dec  1 20:38 /etc/rndc.key

[[email protected] named]# cat /etc/rndc.key    ###生成的钥匙

key "rndc-key" {

algorithm hmac-md5;

secret "C2mMI0hT1puWW68Ytt4CMQ==";

};

 

2.设置配置文件。

[[email protected] named]# vim /etc/named.conf          ###编辑配置文件

 

 10 options {

 11         listen-on port 53 { any; };                ###从任意地址都可以访问53端口

 12         listen-on-v6 port 53 { ::1; };             ###关闭ipv6选项

 13         directory       "/var/named";

 14         dump-file       "/var/named/data/cache_dump.db";

 15         statistics-file "/var/named/data/named_stats.txt";

 16         memstatistics-file "/var/named/data/named_mem_stats.txt";

 17         allow-query     {any; };                  ###允许所有人使用

18         forwarders { 172.25.254.250; };            ###缓存谁的内容

32         dnssec-validation no;                     ###在查询dns时是否加密

 

[[email protected] ~]# systemctl restart named

[[email protected] ~]# netstat -antlpe | grep 53

tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      25         43075      2121/named          

tcp        0      0 172.25.254.128:53       0.0.0.0:*               LISTEN      25         43070      2121/named          

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      25         43068      2121/named          

tcp        0      0 172.25.254.128:22       172.25.254.28:55354     ESTABLISHED 0          25162      1407/sshd: [email protected]

tcp6       0      0 ::1:953                 :::*                    LISTEN      25         43076      2121/named          

tcp6       0      0 ::1:53                  :::*                    LISTEN      25         43072      2121/named          

 

[[email protected] etc]# vim /etc/named.rfc1912.zones

 25 zone "westos.com" IN {                                ####指定要维护的域名

 26           type master;

 27           file "westos.com.zone";                     ####指定A记录文件名

 28   };

 

[[email protected] etc]# cp -p /var/named/named.localhost  /var/named/westos.com.zone

[[email protected] named]# vim /var/named/westos.com.zone    ####编写A记录文件

 

 1 $TTL 1D

  2 @       IN SOA  dns.westos.com. root.westos.com. (

  3                                         0       ; serial

  4                                         1D      ; refresh

  5                                         1H      ; retry

  6                                         1W      ; expire

  7                                         3H )    ; minimum

  8         NS      dns.westos.com.                    ###指定dns主机

  9 dns     A       172.25.254.128                     ###指定dns主机

 10 music   A       172.25.254.111

 11 bbs             CNAME   music.westos.com.

 12 westos.com.     MX 1    172.25.254.110.

注意:不加.”的后面会自动加westos.com

 

客户端执行效果:

10条执行效果:

[[email protected] ~]# dig music.westos.com

;; ANSWER SECTION:

music.westos.com.86400INA172.25.254.111

 

11条执行效果:

[[email protected] ~]# dig bbs.westos.com

bbs.westos.com.86400INCNAMEmusic.westos.com.

12条执行效果:

[[email protected] ~]# mail [email protected]            ###发送邮件

Subject: sdsf

afds

af

.

EOT

[[email protected] ~]# mailq

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

6294926BADD      448 Fri Dec  2 21:21:14  [email protected]

              (connect to 172.25.254.110[172.25.254.110]:25: No route to host)

                                         [email protected]

[[email protected] ~]# postsuper -d 6294926BADD                ###删除邮件

postsuper: 6294926BADD: removed

postsuper: Deleted: 1 message

 

 

 

####逆向解析#####

[[email protected] named]# vim /etc/named.rfc1912.zones

 37 zone "1.0.0.127.in-addr.arpa" IN {

 38         type master;

 39         file "named.loopback";

 40         allow-update { none; };

 41 };

 42

 43 zone "254.25.172.in-addr.arpa" IN {

 44         type master;

 45         file "westos.comNaNr";

 46         allow-update { none; };

 47 };

[[email protected] named]# vim westos.comNaNr

 

$TTL 1D

@       IN SOA  dns.westos.com. root.westos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns.westos.com.

dns     A       172.25.254.128

111     PTR     www.westos.com.

 

[[email protected] named]# systemctl restart named

 

客户端执行效果:

[[email protected] ~]# dig -x 172.25.254.111

 

;; ANSWER SECTION:

111.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.

 

 

 

###内外网限制访问###

 

[[email protected] named]# cp -p westos.com.zone westos.com.inter

[[email protected] named]# vim westos.com.inter

1 $TTL 1D

  2 @       IN SOA  dns.westos.com. root.westos.com. (

  3                                         0       ; serial

  4                                         1D      ; refresh

  5                                         1H      ; retry

  6                                         1W      ; expire

  7                                         3H )    ; minimum

  8                 NS      dns.westos.com.

  9 dns             A       192.168.1.128

 10 music           A       192.168.1.111

 11 bbs             CNAME   music.westos.com.

 12 westos.com.     MX 1    192.168.1.110.

 

[[email protected] named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter

[[email protected] named]# vim /etc/named.rfc1912.zones.inter

 

 25 zone "westos.com" IN {

 26          type master;

 27          file "westos.com.inter";

 28          allow-update { none; };

 29 };

 

[[email protected] named]# vim /etc/named.conf

 

 50 /*

 51 zone "." IN {

 52         type hint;

 53         file "named.ca";

 54 };

 55

 56 include "/etc/named.rfc1912.zones";

 57 include "/etc/named.root.key";

 58 */

 59 view localnet {

 60      match-clients { 172.25.254.228; };            ###只允许172.25.254.228访问/etc/named.rfc1912.zones172.25.254.0/24此网段全部)

 61

 62         zone "." IN {

 63         type hint;

 64         file "named.ca";

 65 };

 66

 67 include "/etc/named.rfc1912.zones";

 68 };

 69

 70 view any {

 71         match-clients { any; };            ###其他的访问/etc/named.rfc1912.zones.inter

 72

 73         zone "." IN {

 74         type hint;

 75         file "named.ca";

 76 };

 77

 78 include "/etc/named.rfc1912.zones.inter";

 79 };

[[email protected] named]# systemctl restart named

 

实验结果:

172.25.254.228用户:

[[email protected] ~]# dig music.westos.com

;; ANSWER SECTION:

music.westos.com.86400INA172.25.254.111

 

172.25.254.90用户:

[[email protected] ~]# dig music.westos.com

;; ANSWER SECTION:

music.westos.com.86400INA192.168.1.111

 

######辅助dns#####

 

###dns内容同步####

 

在辅助机安装bind

[[email protected] slaves]# yum install bind -y

[[email protected] ~]# firewall-cmd --permanent --add-service=dns

success

[[email protected] ~]# firewall-cmd --reload

success

[[email protected] ~]# systemctl start named

[[email protected] ~]# vim /etc/named.conf

 

11 //      listen-on port 53 { 127.0.0.1; };

17 //      allow-query     { localhost; };

32         dnssec-validation no;

 

 

 

 

[[email protected] slaves]# vim /etc/named.rfc1912.zones

 

25 zone "westos.com" IN {

 26         type slave;

 27         masters { 172.25.254.128; };

 28         file "slaves/westos.com.zone";

 29         allow-update { none; };

 30 };

 

[[email protected] ~]# systemctl restart named

[[email protected] ~]# cd /var/named/slaves/

[[email protected] slaves]# ls

westos.com.zone

 

 

[server]

 

[[email protected] named]# vim /etc/named.rfc1912.zones

25 zone "westos.com" IN {

 26          type master;

 27          file "westos.com.zone";

 28          allow-update { none; };

 29          also-notify { 172.25.254.228; };            ####172.25.254.228dns同步主的dns

 30 };

 

 

 

 

注意:当serial前的数字“0”不同时,在可以同步。

 3                                         0       ; serial

 

 

 

#####dns升级#####

 

[[email protected] named]# vim /etc/named.rfc1912.zones

25 zone "westos.com" IN {

 26          type master;

 27          file "westos.com.zone";

 28          allow-update { 172.25.254.228; };            ###允许172.25.254.128对其dns添加A记录

 29 };

 

[[email protected] named]# chmod 770 /var/named/

[[email protected] named]# setsebool -P named_write_master_zones 1

 

[[email protected] named]# nsupdate

> server 172.25.254.128

> update add www.westos.com 86400 A 172.25.254.111

> send

 

 

 

效果:

[[email protected] named]# systemctl restart named

[[email protected] named]# vim westos.com.zone

 

 1 $ORIGIN .

  2 $TTL 86400      ; 1 day

  3 westos.com              IN SOA  dns.westos.com. root.westos.com. (

  4                                 2          ; serial

  5                                 86400      ; refresh (1 day)

  6                                 3600       ; retry (1 hour)

  7                                 604800     ; expire (1 week)

  8                                 10800      ; minimum (3 hours)

  9                                 )

 10                         NS      dns.westos.com.

 11                         MX      1 172.25.254.110.

 12 $ORIGIN westos.com.

 13 bbs                     CNAME   music

 14 dns                     A       172.25.254.128

 15 music                   A       172.25.254.234

 16                         A       172.25.254.111

 17 www                     A       172.25.254.111

 

######dns的升级用密码#####

 

##key的制作与处理##

[[email protected] named]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST lalala    ###生成钥匙

Klalala.+157+08891

[[email protected] named]# cat Klalala.+157+08891.private

Private-key-format: v1.3

Algorithm: 157 (HMAC_MD5)

Key: 0M/4AyXAN1Om5Uz9qexZZw==

Bits: AAA=

Created: 20161203075913

Publish: 20161203075913

Activate: 20161203075913

[[email protected] named]# cat Klalala.+157+08891.key

lalala. IN KEY 512 3 157 0M/4AyXAN1Om5Uz9qexZZw==

 

[[email protected] named]# cp -p /etc/rndc.key /etc/westos.key

[[email protected] named]# vim /etc/westos.key                ###在文件中写入钥匙文件名,密码

 

1 key "lalala" {

  2         algorithm hmac-md5;

  3         secret "0M/4AyXAN1Om5Uz9qexZZw==";

  4 };

 

[[email protected] named]# vim /etc/named.rfc1912.zones

 

25 zone "westos.com" IN {                                    ###拥有钥匙文件lalala的才能对其dns进行升级

 26          type master;

 27          file "westos.com.zone";

 28          allow-update { key lalala; };

 

[[email protected] named]# scp Klalala.+157+08891.* [email protected]:/mnt    ###将钥匙给172.25.254.228

 

 

[[email protected] mnt]# nsupdate -k Klalala.+157+08891.key                     ####有密钥时对dns升级

> server 172.25.254.128

> update add www.westos.com 86400 A 172.25.254.111

> send

> quit

 

效果:

[[email protected] named]# systemctl restart named

 

 1 $ORIGIN .

  2 $TTL 86400      ; 1 day

  3 westos.com              IN SOA  dns.westos.com. root.westos.com. (

  4                                 2          ; serial

  5                                 86400      ; refresh (1 day)

  6                                 3600       ; retry (1 hour)

  7                                 604800     ; expire (1 week)

  8                                 10800      ; minimum (3 hours)

  9                                 )

 10                         NS      dns.westos.com.

 11                         MX      1 172.25.254.110.

 12 $ORIGIN westos.com.

 13 bbs                     CNAME   music

 14 dns                     A       172.25.254.128

 15 music                   A       172.25.254.234

 16                         A       172.25.254.111

 17 www                     A       172.25.254.111

 

 

#####dhcp中使用key进行dns自动同步ip#####

 

[[email protected] named]# yum install dhcp -y

[[email protected] named]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

cp: overwrite /etc/dhcp/dhcpd.conf? y

 

[[email protected] named]# vim /etc/dhcp/dhcpd.conf

 

7 option domain-name "westos.com";

8 option domain-name-servers 172.25.254.128;

14 ddns-update-style interim;

30 subnet 172.25.254.0 netmask 255.255.255.0 {

31   range 172.25.254.227  172.25.254.240;

32   option routers 172.25.254.128;

33 }

 

[[email protected] named]# man 5 dhcpd.conf

找到

 key DHCP_UPDATER {

         algorithm hmac-md5;

         secret pRP5FapFoJ95JEL06sv4PQ==;

       };

 

       zone EXAMPLE.ORG. {

         primary 127.0.0.1;

         key DHCP_UPDATER;

       }

添加到/etc/dhcp/dhcpd.conf

 

 35 key lalala {

 36          algorithm hmac-md5;

 37          secret 0M/4AyXAN1Om5Uz9qexZZw==;

 38 };

 39

 40 zone westos.com. {

 41          primary 127.0.0.1;

 42          key lalala;

 43 }

 

 

[[email protected] named]# cat /etc/westos.key

key "lalala" {

algorithm hmac-md5;

secret "0M/4AyXAN1Om5Uz9qexZZw==";

};

 

[[email protected] named]# rm -fr westos.com.zone westos.com.zone.jnl

 

 

 

 

 

 


本文出自 “12112684” 博客,请务必保留此出处http://12122684.blog.51cto.com/12112684/1879508

以上是关于LINUX DNS的主要内容,如果未能解决你的问题,请参考以下文章

Linux学习导航

Linux 文件/目录管理(初级)

Linux 内核Linux 内核源码结构 ( 下载 Linux 内核源码 | 使用 VSCode 阅读 Linux 内核源码 )

嵌入式linux怎么学

Linux一步一步学Linux——Linux发展史(01)

linux查看进程id命令(linux查看进程id)