一 .DNS服务的信息说明:
A:正向记录PTR:反向,ip到域名
host -l example.com:查看域中的所有主机
dig -t soa example.com:辅助dns
软件包 : Bind bind-chroot caching-nameserver
DNS主配置目录:/var/named/chroot/
DNS主配置文件:/var/named/chroot/etc/named.conf
DNS A记录存放目录:: /var/named/chroot/var/named
二 .如何配置dns正向解析:
[root@dns-server ~]# yum search dns ##查询dns服务
[root@dns-server ~]#yum install bind.x86_64 -y ##安装dns服务
[root@dns-server ~]# systemctl start named ##开启dns服务
[root@dns-server ~]# vim /etc/named.conf ##编辑配置文件
配置文件中要修改的内容如下:
在options中参数修改如下: ##全局设定
listen-on port 53 { localhost; }; ##监听本地53端口
// listen-on-v6 port 53 { ::1; }; ##关闭ipv6选项
allow-query { localnets; }; ##允许与本地直连的网络使用
[root@dns-server ~]# vim /etc/named.rfc1912.zones
加入内容如下:
type master;
file "example.com.zone"; ##指定A记录文件名
allow-update { none; };
};
[root@dns-server ~]# cd /var/named ##进入当前目录
[root@dns-server named]# cp -p named.localhost westos.com.zone #用模板生成A记录文件
[root@dns-server named]# vim westos.com.zone ##编辑 A记录文件
A记录文件内容如下:
dns 服务器主机名
@ IN SOA station62.example.com root.exampel.com (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS station62.example.com ##指定dns主机
IN A 192.168.0.62 ##指定dns主机的ip
station62 IN A 192.168.0.62 ##指定dns服务器的A记录
[root@dns-server named]# systemctl restart named ##重启服务
[root@dns-server named]#
测试结果:
[root@dns-server named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 600
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.206
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.106
;; Query time: 0 msec
;; SERVER: 172.25.254.106#53(172.25.254.106)
;; WHEN: Sat May 06 02:08:09 EDT 2017
;; MSG SIZE rcvd: 93
[root@dns-server named]#
##########域名规范,邮件域名解析####
[root@dns-server named]# systemctl restart named ##重启服务
[root@dns-server named]# vim westos.com.zone ##编辑配置文件
[root@dns-server named]# systemctl restart named
[root@dns-server named]#
##################dns反向解析
[root@dns-server named]# vim /etc/named.rfc1912.zones ##编辑该文件进行反向解析
[root@dns-server named]# cp -p /var/named/westos.com.ptr /var/named/westos.com.inter.ptr
[root@dns-server named]# vim westos.com.inter.ptr
[root@dns-server named]# systemctl restart named
[root@dns-server named]# vim westos.com.inter.ptr ##编辑反向A记录文件
[root@dns-server named]# systemctl restart named
[root@dns-server named]#
##############配置两块网卡,进行不同网段解析#########
[root@dns-server named]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 ##编辑网卡eth1,配置网络
[root@dns-server named]# systemctl restart network
[root@dns-server named]# systemctl restart named
[root@dns-server named]# ifconfig ##查看当前网段
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.106 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:60b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:06:0b txqueuelen 1000 (Ethernet)
RX packets 60759 bytes 435909469 (415.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38241 bytes 2783785 (2.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.6.100 netmask 255.255.255.0 broadcast 172.25.6.255
inet6 fe80::5054:ff:fe5c:c4ce prefixlen 64 scopeid 0x20<link>
ether 52:54:00:5c:c4:ce txqueuelen 1000 (Ethernet)
RX packets 2310 bytes 315989 (308.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 4189 (4.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 820 bytes 71080 (69.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 820 bytes 71080 (69.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@dns-server named]# netstat -antlpe |grep named ##查看当前服务的网络端口
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 172472 2752/named
tcp 0 0 172.25.6.100:53 0.0.0.0:* LISTEN 25 172467 2752/named
tcp 0 0 172.25.254.106:53 0.0.0.0:* LISTEN 25 172465 2752/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 172463 2752/named
tcp6 0 0 ::1:953 :::* LISTEN 25 172473 2752/named
tcp6 0 0 ::1:53 :::* LISTEN 25 172469 2752/named
[root@dns-server named]#
[root@dns-server named]# cp westos.com.zone westos.com.inter -p
[root@dns-server named]# vim westos.com.inter ##编辑A记录文件
[root@dns-server named]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p
[root@dns-server named]# vim /etc/named.rfc1912.inter
[root@dns-server named]# vim /etc/named.conf ##编辑视图,使不同网段进行匹配
[root@dns-server named]# systemctl restart named ##重启服务
[root@dns-server named]# dig www.westos.com ##进行检测
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 600
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.206
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.106
;; Query time: 0 msec
;; SERVER: 172.25.254.106#53(172.25.254.106)
;; WHEN: Sat May 06 02:08:09 EDT 2017
;; MSG SIZE rcvd: 93
[root@dns-server named]#
########加密实验准备#
[root@dns-server named]# systemctl start named
[root@dns-server named]# rm -fr westos.com.zone westos.com.zone.jnl
[root@dns-server named]# cp -p /mnt/westos.com.zone . ###将备份文件还原
[root@dns-server named]# systemctl start named ##重启服务
[root@dns-server named]# ls
data named.ca named.localhost slaves westos.com.inter.ptr westos.com.zone
dynamic named.empty named.loopback westos.com.inter westos.com.ptr
[root@dns-server named]# pwd
/var/named
[root@dns-server named]#
#######dnskey加密更新
[root@dns-server mnt]# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST westoskey ##生成密钥
Kwestoskey.+157+43783
[root@dns-server mnt]# cp -p /etc/rndc.key /etc/westos.key
[root@dns-server mnt]# vim /etc/westos.key
[1]+ Stopped vim /etc/westos.key
[root@dns-server mnt]# cat /mnt/Kwestoskey.+157+43783.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: jL98z7rVm9Qu3hLKQ+InQXABm9VbccAWEAsmXSSPFg8=
Bits: AAA=
Created: 20170506084905
Publish: 20170506084905
Activate: 20170506084905
[root@dns-server mnt]# fg
vim /etc/westos.key
[root@dns-server mnt]# vim /etc/westos.key ##编辑密钥文件
key "westoskey" { ##密钥名字
algorithm hmac-md5; ##加密算法
secret "jL98z7rVm9Qu3hLKQ+InQXABm9VbccAWEAsmXSSPFg8="; ##密码
};
~
[root@dns-server mnt]# vim /etc/named.conf
43 include "/etc/westos.key";
[root@dns-server mnt]# vim /etc/named.rfc1912.zones ##允许密钥更新
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westoskey; };
};
[root@dns-server mnt]# systemctl restart named ##重启服务
[root@dns-server mnt]# scp Kwestoskey.+157+43783.* root@172.25.254.206:/mnt/ ##将密钥发给服务端
The authenticity of host '172.25.254.206 (172.25.254.206)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.206' (ECDSA) to the list of known hosts.
root@172.25.254.206's password:
Kwestoskey.+157+43783.key 100% 73 0.1KB/s 00:00
Kwestoskey.+157+43783.private 100% 185 0.2KB/s 00:00
[root@dns-server mnt]#
测试结果;
##############dhcpd服务######
1.安装软件
yum install dhcp -y
2.编辑配置文件
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.106;
14 ddns-update-style interim;
30 subnet 172.25.254.0 netmask 255.255.255.0 {
31 range 172.25.254.50 172.25.254 200; ##分配地址的范围
32 option routers 172.25.254.250;
33 }
34 key "westoskey" { ##密钥名字
35 algorithm hmac-md5; ##加密算法
36 secret "jL98z7rVm9Qu3hLKQ+InQXABm9VbccAWEAsmXSSPFg8="; ##密码
37 };
39 zone westos.com. {
40 primary 127.0.0.1;
41 key westoskey;
42 }
3.检测,测试
*)拔掉网线
*)在客户主机中
hostnamectl set-hostname test.westos.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcpd
ONBOOT=yes
:wq
systemctl restart network
dig test.westos.com
(1) SOA资源记录
Record),简称SOA记录。SOA定义了域的全局参数,进行整个域的管 理设置。一个
区域文件只允许存在唯一的SOA记录。
(2) NS资源记录
名称服务器(NS)资源记录表示该区的授权服务器,它 们表示SOA资源记录中指定
的该区的主和辅助服务器,也表示了任何授权区的服务器。每个区在区根处至 少包含
一个NS记录。
(3) A资源记录
地址(A)资源记录把FQDN映射到IP地址,因而解析器能查询FQDN对应的IP地址。
(4) PTR资源记录
相对于A资源记录,指针(PTR)记录把IP地址映射到FQDN。
(5) CNAME资源记录
规范名字(CNAME)资源记录创建特定FQDN的别名。用户可以通过定义的CANME
记录中的别名来访问
(6) MX资源记录
邮件交换(MX)资源记录为DNS域名指定邮件交换服务器。邮件交换服务器是为
DNS域名处理或转发邮件的主机。处理邮 件指把邮件投递到目的地或转交另一不同类
型的邮件传送者。转发邮件指把邮件发送到最终目的服务器。
(7) 泛域名解析记录
除了在数据库文件中定义的资源记录以为,其他的所有域名都可以被DNS所解析出
来。
注意:此时如果无法同步文件,应删除chroot/var/named/目录下的 *.jnl文件