DNS服务器的配置

时间:2021-11-03 14:53:03

一 .DNS服务的信息说明:

A:正向记录
PTR:反向,ip到域名
host -l example.com:查看域中的所有主机
dig -t soa example.com:辅助dns
软件包 : Bind bind-chroot caching-nameserver
DNS主配置目录:/var/named/chroot/
DNS主配置文件:/var/named/chroot/etc/named.conf
DNS A记录存放目录:: /var/named/chroot/var/named

二 .如何配置dns正向解析:

[root@dns-server ~]# yum search dns                  ##查询dns服务         

[root@dns-server ~]#yum install bind.x86_64 -y          ##安装dns服务

[root@dns-server ~]# systemctl start named            ##开启dns服务

[root@dns-server ~]# vim /etc/named.conf             ##编辑配置文件
配置文件中要修改的内容如下:
在options中参数修改如下:                      ##全局设定
listen-on port 53 { localhost; };              ##监听本地53端口
// listen-on-v6 port 53 { ::1; };                  ##关闭ipv6选项
allow-query   { localnets; };                     ##允许与本地直连的网络使用

DNS服务器的配置

[root@dns-server ~]# vim /etc/named.rfc1912.zones

加入内容如下:

zone "example.com" IN {                        ##指定要维护的域名
type master;
file "example.com.zone";                        ##指定A记录文件名
allow-update { none; };
};

DNS服务器的配置

[root@dns-server ~]# cd /var/named                ##进入当前目录

[root@dns-server named]# cp -p named.localhost westos.com.zone             #用模板生成A记录文件
[root@dns-server named]# vim westos.com.zone                     ##编辑 A记录文件

A记录文件内容如下:

                                               dns 服务器主机名

$TTL        1D                              ||
@                     IN SOA station62.example.com root.exampel.com (

                                             42                    ; serial (d. adams)

                                             3H                    ; refresh

                                             15M                  ; retry

                                              1W                  ; expiry

                                              1D )                ; minimum

                             IN NS         station62.example.com                ##指定dns主机

                             IN A             192.168.0.62                                  ##指定dns主机的ip

station62            IN A             192.168.0.62                                 ##指定dns服务器的A记录

www                    IN A             192.168.1.62                                 ##要添加的A记录

DNS服务器的配置


[root@dns-server named]# systemctl restart named                 ##重启服务
[root@dns-server named]# 

测试结果:

[root@dns-server named]# dig www.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 600
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.            IN    A

;; ANSWER SECTION:
www.westos.com.        86400    IN    A    172.25.254.206

;; AUTHORITY SECTION:
westos.com.        86400    IN    NS    dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.        86400    IN    A    172.25.254.106

;; Query time: 0 msec
;; SERVER: 172.25.254.106#53(172.25.254.106)
;; WHEN: Sat May 06 02:08:09 EDT 2017
;; MSG SIZE  rcvd: 93

[root@dns-server named]#

##########域名规范,邮件域名解析####

[root@dns-server named]# systemctl restart named         ##重启服务
[root@dns-server named]# vim westos.com.zone            ##编辑配置文件

DNS服务器的配置
[root@dns-server named]# systemctl restart named
[root@dns-server named]#

##################dns反向解析

[root@dns-server named]# vim /etc/named.rfc1912.zones         ##编辑该文件进行反向解析

DNS服务器的配置
[root@dns-server named]# cp -p /var/named/westos.com.ptr /var/named/westos.com.inter.ptr
[root@dns-server named]# vim westos.com.inter.ptr
[root@dns-server named]# systemctl restart named
[root@dns-server named]# vim westos.com.inter.ptr             ##编辑反向A记录文件

DNS服务器的配置
[root@dns-server named]# systemctl restart named
[root@dns-server named]# 


##############配置两块网卡,进行不同网段解析#########

[root@dns-server named]# vim /etc/sysconfig/network-scripts/ifcfg-eth1           ##编辑网卡eth1,配置网络
[root@dns-server named]# systemctl restart network
[root@dns-server named]# systemctl restart named
[root@dns-server named]# ifconfig                                                   ##查看当前网段
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.106  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::5054:ff:fe00:60b  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:00:06:0b  txqueuelen 1000  (Ethernet)
        RX packets 60759  bytes 435909469 (415.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 38241  bytes 2783785 (2.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.6.100  netmask 255.255.255.0  broadcast 172.25.6.255
        inet6 fe80::5054:ff:fe5c:c4ce  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:5c:c4:ce  txqueuelen 1000  (Ethernet)
        RX packets 2310  bytes 315989 (308.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 30  bytes 4189 (4.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 820  bytes 71080 (69.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 820  bytes 71080 (69.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@dns-server named]# netstat -antlpe |grep named                    ##查看当前服务的网络端口
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      25         172472     2752/named          
tcp        0      0 172.25.6.100:53         0.0.0.0:*               LISTEN      25         172467     2752/named          
tcp        0      0 172.25.254.106:53       0.0.0.0:*               LISTEN      25         172465     2752/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      25         172463     2752/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN      25         172473     2752/named          
tcp6       0      0 ::1:53                  :::*                    LISTEN      25         172469     2752/named          
[root@dns-server named]#
[root@dns-server named]# cp westos.com.zone westos.com.inter -p                
[root@dns-server named]# vim westos.com.inter                     ##编辑A记录文件
[root@dns-server named]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p
[root@dns-server named]# vim /etc/named.rfc1912.inter
[root@dns-server named]# vim /etc/named.conf                       ##编辑视图,使不同网段进行匹配

DNS服务器的配置


[root@dns-server named]# systemctl restart named                 ##重启服务
[root@dns-server named]# dig www.westos.com                       ##进行检测

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 600
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.            IN    A

;; ANSWER SECTION:
www.westos.com.        86400    IN    A    172.25.254.206

;; AUTHORITY SECTION:
westos.com.        86400    IN    NS    dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.        86400    IN    A    172.25.254.106

;; Query time: 0 msec
;; SERVER: 172.25.254.106#53(172.25.254.106)
;; WHEN: Sat May 06 02:08:09 EDT 2017
;; MSG SIZE  rcvd: 93

[root@dns-server named]#

########加密实验准备#

[root@dns-server named]# systemctl start named
[root@dns-server named]# rm -fr westos.com.zone westos.com.zone.jnl
[root@dns-server named]# cp -p /mnt/westos.com.zone .         ###将备份文件还原
[root@dns-server named]# systemctl start named                   ##重启服务
[root@dns-server named]# ls
data     named.ca     named.localhost  slaves            westos.com.inter.ptr  westos.com.zone
dynamic  named.empty  named.loopback   westos.com.inter  westos.com.ptr
[root@dns-server named]# pwd
/var/named
[root@dns-server named]#

#######dnskey加密更新

[root@dns-server mnt]# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST westoskey          ##生成密钥
Kwestoskey.+157+43783
[root@dns-server mnt]# cp -p /etc/rndc.key /etc/westos.key
[root@dns-server mnt]# vim /etc/westos.key

[1]+  Stopped                 vim /etc/westos.key
[root@dns-server mnt]# cat /mnt/Kwestoskey.+157+43783.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: jL98z7rVm9Qu3hLKQ+InQXABm9VbccAWEAsmXSSPFg8=
Bits: AAA=
Created: 20170506084905
Publish: 20170506084905
Activate: 20170506084905
[root@dns-server mnt]# fg
vim /etc/westos.key
[root@dns-server mnt]# vim /etc/westos.key                ##编辑密钥文件
key "westoskey" {                                   ##密钥名字
        algorithm hmac-md5;                       ##加密算法
        secret "jL98z7rVm9Qu3hLKQ+InQXABm9VbccAWEAsmXSSPFg8=";  ##密码
};
~     

[root@dns-server mnt]# vim /etc/named.conf
43 include "/etc/westos.key";

[root@dns-server mnt]# vim /etc/named.rfc1912.zones          ##允许密钥更新

zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { key westoskey; };
};


[root@dns-server mnt]# systemctl restart named                ##重启服务
[root@dns-server mnt]# scp Kwestoskey.+157+43783.* root@172.25.254.206:/mnt/       ##将密钥发给服务端
The authenticity of host '172.25.254.206 (172.25.254.206)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.206' (ECDSA) to the list of known hosts.
root@172.25.254.206's password:
Kwestoskey.+157+43783.key                                             100%   73     0.1KB/s   00:00    
Kwestoskey.+157+43783.private                                         100%  185     0.2KB/s   00:00    
[root@dns-server mnt]#
测试结果;

DNS服务器的配置

##############dhcpd服务######

1.安装软件

yum install dhcp -y

2.编辑配置文件

cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

vim /etc/dhcp/dhcpd.conf

7  option domain-name "westos.com";

8  option domain-name-servers 172.25.254.106;

14  ddns-update-style interim;

30 subnet 172.25.254.0 netmask 255.255.255.0 {

31           range 172.25.254.50 172.25.254 200;            ##分配地址的范围

32           option routers 172.25.254.250;

33 }

34 key "westoskey" {                                   ##密钥名字
35       algorithm hmac-md5;                       ##加密算法
36       secret "jL98z7rVm9Qu3hLKQ+InQXABm9VbccAWEAsmXSSPFg8=";  ##密码
37 };
39      zone westos.com. {

40             primary 127.0.0.1;

41             key westoskey;

42  } 

3.检测,测试

*)拔掉网线

*)在客户主机中

hostnamectl set-hostname test.westos.com

vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=dhcpd

ONBOOT=yes

:wq

systemctl restart network

dig test.westos.com




  (1) SOA资源记录

每个数据库文件按的开始处都包含了一个起始授权记录(Start of Authority
Record),简称SOA记录。SOA定义了域的全局参数,进行整个域的管 理设置。一个
区域文件只允许存在唯一的SOA记录。
(2) NS资源记录
名称服务器(NS)资源记录表示该区的授权服务器,它 们表示SOA资源记录中指定
的该区的主和辅助服务器,也表示了任何授权区的服务器。每个区在区根处至 少包含
一个NS记录。
(3) A资源记录
地址(A)资源记录把FQDN映射到IP地址,因而解析器能查询FQDN对应的IP地址。
(4) PTR资源记录
相对于A资源记录,指针(PTR)记录把IP地址映射到FQDN。
(5) CNAME资源记录
规范名字(CNAME)资源记录创建特定FQDN的别名。用户可以通过定义的CANME
记录中的别名来访问
(6) MX资源记录
邮件交换(MX)资源记录为DNS域名指定邮件交换服务器。邮件交换服务器是为
DNS域名处理或转发邮件的主机。处理邮 件指把邮件投递到目的地或转交另一不同类
型的邮件传送者。转发邮件指把邮件发送到最终目的服务器。
(7) 泛域名解析记录
除了在数据库文件中定义的资源记录以为,其他的所有域名都可以被DNS所解析出
来。
注意:此时如果无法同步文件,应删除chroot/var/named/目录下的 *.jnl文件