DNS
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了DNS相关的知识,希望对你有一定的参考价值。
###dns###
一.dns设定
1.首先搭建dns环境
主极端 定为server用户
yum install bind -y安装bind服务
systemctl enable named开机自启
systemctl start named启动服务
firewall-cmd --permanent --add-service=dns永久添加dns服务
firewall-cmd --reload
netstat -antulpe | grep named 查看服务端口
vim /etc/named.conf
options {
listen-on port 53 { any; };设定开放端口参数为any,对所有interface都开放
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };回答所有人的提问
dnssec-enable yes;
dnssec-validation no;改原有参数yes为no
dnssec-lookaside auto;
systemctl restart named重启服务
客户端 定为desktop用户
vim /etc/resolv.conf
添加:
nameserver 172.25.254.2
systemctl restart network
2.正向解析(将域名解析为ip)
cd /var/named
cp -p named.localhost westos.com.zone
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.10
[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
@表示的时zone,如果此处不加表示自动补充域名
[[email protected] ~]# systemctl restart named重启服务
3.反向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.comNaNr";
allow-update { none; };
};
[[email protected] ~]# cd /var/named/
[[email protected] named]# ls
data linux.com.zone named.empty named.loopback westos.com.zone
dynamic named.ca named.localhost slaves
[[email protected] named]# cp -p named.loopback westos.comNaNr
[[email protected] named]# ls
data linux.com.zone named.empty named.loopback westos.comNaNr
dynamic named.ca named.localhost slaves westos.com.zone
[[email protected] named]# vim westos.comNaNr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
A 172.25.254.2
2 PTR www.westos.com.
10 PTR www.hello.com.
[[email protected] named]# systemctl restart named
[[email protected] named]# dig -x 172.25.254.10
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53718
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
10.254.25.172.in-addr.arpa. 86400 INPTRwww.hello.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.2
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:03:43 EST 2016
;; MSG SIZE rcvd: 123
4.双向解析
[[email protected] ~]# cd /var/named/
[[email protected] named]# cp -p westos.com.zone westos.com.inter
[[email protected] named]# vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.0.2
www A 172.25.0.10
www A 172.25.0.11
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.0.2
~
[[email protected] ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
[[email protected] ~]# vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
[[email protected] ~]# vim /etc/named.conf
/* 注释
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/ 注释
view localnet {
match-clients {172.25.254.2;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};##添加内网客户端
view internet {
match-clients {any;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones.inter"
};##添加外网客户端
[[email protected] named]# dig bbs.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> bbs.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22651
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.westos.com.INA
;; ANSWER SECTION:
bbs.westos.com.86400INCNAMEwww.westos.com.
www.westos.com.86400INA172.25.0.11
www.westos.com.86400INA172.25.0.10
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:22:05 EST 2016
;; MSG SIZE rcvd: 127
[[email protected] named]# dig -x 172.25.254.2
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65404
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
2.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 07 06:21:03 EST 2016
;; MSG SIZE rcvd: 116
每次编辑named相关文件都要重启服务
systemctl restart named
二.DNS集群部署
1.辅助dns环境的搭建
[[email protected] ~]# yum install bind -y
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
[[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation no;
dnssec-lookaside auto;
[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters {172.25.254.2;};
file "slaves/westos.com.zone";
allow-update { none; };
};
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.2
[[email protected] ~]# systemctl restart named
[[email protected] ~]# systemctl stop firewalld.service
2.主dns环境搭建
[[email protected] named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
allow-transfr { 172.25.254.1; };
};
[[email protected] named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.10
www A 172.25.254.11
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.254.2.
~
在辅助DNS里
[[email protected] ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26526
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.0.11
www.westos.com.86400INA172.25.0.10
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 1 msec
;; SERVER: 172.25.254.2#53(172.25.254.2)
;; WHEN: Wed Dec 07 08:02:42 EST 2016
;; MSG SIZE rcvd: 109
辅助dns自动获取主dns数据
[[email protected] named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.1; };
allow-transfer { 172.25.254.1; };
also-notify { 172.25.254.1; };
};
[[email protected] named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
2016120701 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.2
www A 172.25.254.19
www A 172.25.254.15
bbs CNAME www.westos.com.
westos.com. MX 1 172.25.254.2.
辅助dns
[[email protected] ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40888
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.0.19
www.westos.com.86400INA172.25.0.15
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.0.2
;; Query time: 2 msec
;; SERVER: 172.25.254.2#53(172.25.254.2)
;; WHEN: Wed Dec 07 08:25:14 EST 2016
;; MSG SIZE rcvd: 109
远程修改DNS服务
主dns
[[email protected] named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 17.25.254.1; };
allow-transfer { 172.25.254.1; };
also-notify { 172.25.254.1; };
};
[[email protected] named]# chmod 770 /var/named/
[[email protected] named]# setenforce 0
[[email protected] named]# cp -p westos.com.zone /mnt/
[[email protected] named]# systemctl restart named
辅助dns
[[email protected] ~]# nsupdate
> server 172.25.254.2
> update delete www.westos.com
> send
> quit
主dns上dig www.westos.com
[[email protected] named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36467
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
辅助dns上
[[email protected] ~]# nsupdate
> server 172.25.254.1
> update add www.hello.com 86400 A 172.25.254.2
> send
> quit
主dns上可以dig到
此时/var/named/ 生成了westos.com.zone.jnl
rm -fr westos.com.zone.jnl
cp -p /mnt/westos.com.zone .
重启named
密钥远程修改dns服务
[[email protected] mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+21093
-a 选择生成密钥文件的算法,这里文件用的
-b 指定密钥中的字节数
-n 指定密钥文件的所有者类型
[[email protected] mnt]# ls
Kwestos.+157+21093.key Kwestos.+157+21093.private westos.com.zone
[[email protected] mnt]# cat Kwestos.+157+21093.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: Myy/LN4Ko4lon2JzPFHRdg==
Bits: AAA=
Created: 20161207165114
Publish: 20161207165114
Activate: 20161207165114
[[email protected] mnt]# cat Kwestos.+157+21093.key
westos. IN KEY 512 3 157 Myy/LN4Ko4lon2JzPFHRdg==
[[email protected] mnt]# vim /etc/westos.key
[[email protected] mnt]# cat /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "Myy/LN4Ko4lon2JzPFHRdg==";
};
[[email protected] mnt]# systemctl restart named
43 include "/etc/westos.key"
[[email protected] mnt]# ls
Kwestos.+157+21093.key Kwestos.+157+21093.private westos.com.zone
[[email protected] mnt]# scp Kwestos.+157+21093.* [email protected]
[[email protected] mnt]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify { 172.25.254.1; };
};
[[email protected] mnt]# systemctl restart named
在辅助dns端
[[email protected] ~]# nsupdate -k /mnt/Kwestos.+157+21093.private
> server 172.25.254.2
> update add www.hello.com 86400 A 172.25.254.10
> send
> quit
dhcp服务自动配置dns服务(ddns)
“花生壳”
主dns
[[email protected] ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[[email protected] ~]# /etc/dhcp/dhcpd.conf
[[email protected] ~]# systemctl restart named
辅助dns
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
IPADDR=172.25.254.1
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=1
[[email protected] ~]# systemctl restart network
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.2
本文出自 “12288655” 博客,谢绝转载!
以上是关于DNS的主要内容,如果未能解决你的问题,请参考以下文章
DNS简介DNS工作原理DNS正反向解析的搭建DNS主从备份DNS子域创建