一、安装部署dns
yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewlld systemctl disable firewalld
图示:安装bind
图示:开启服务关闭火墙
主配置文件: /etc/named.conf
子配置文件: /etc/name.rfc1912.zones
数据目录: /var/named
二、高速缓存dns
vim /etc/named.conf
11 listen-on port 53 { any; }; #让所有用户IP可以访问
17 allow-query { any; }; #客户群体
18 forwarders {172.25.254.250; }; #访问中介
图示:修改配置文件
cat /etc/services | grep domain
图示:查看systemctl restart named
测试:
在客户主机
vim /etc/resolv.conf
nameserver 172.25.254.121
dig www.baidu.com
图示:测试结果
三、权威DNS的正向解析
vim /etc/named.rfc.1912.zone
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 };
cd /var/named/
cp -p named.localhost westos.com.zone
vim westos.com.zone
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com
9 dns A 172.25.254.121
10 www A 172.25.254.111
systemctl restart named
图示:修改配置文件
测试:
dig www.westos.com
cat /etc/resolv.conf
# Generated by NetworkManager
search ilt.example.com example.com
nameserver 172.25.254.121
图示:测试结果
四、反向解析
vim /etc/named.rfc.1912.zone
48 zone "254.25.172.in-addr.arpa" IN {
49 type master;
50 file "westos.com.ptr";
51 allow-update { none; };
52 };
ls
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.100
10 100 PTR www.westos.com.
systemctl restart named
图示:配置文件及操作
测试:
dig -x 172.25.254.121
图示:测试结果
五、dns双向解析
vim /etc/named.conf
50 view localnet {
51 match-clients { 172.25.254.221; };
52 zone "." IN {
53 type hint;
54 file "named.ca";
55 };
56
57 include "/etc/named.rfc1912.zones";
58 include "/etc/named.root.key";
59 };
60
61 view any {
62 match-clients { any; };
63 zone "." IN {
64 type hint;
65 file "named.ca";
66 };
67
68 include "/etc/named.rfc1912.zones";
69 include "/etc/named.root.key";
70 };
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter -p
vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 };
cp -p westos.com.zone westos.com.inter
vim westos.com.inter
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 1.1.1.121
10 www A 1.1.1.111
%s/172.25.254/1.1.1/g
systemctl restart named
图示:修改配置内容
测试:在221主机上 dig www.westos.com.inter
图示:测试结果
六、辅助dns
主dns的设定
vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 also-notify { 172.25.254.221; };
systemctl restart named
注意:每次更改A记录文件后必须更改辅助serial的值,最高为10位。
vim /var/named/westos.com.inter
4 0 ; serial
辅助dns主机中的设定
yum install bind -y
systemctl restart named
systemctl stop firewalld
vim /etc/sysconfig/selinux
disabled
vim /etc/named.conf
# listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
# allow-query { localhost; };
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters {172.25.254.121; };
file "slaves/westos.com.inter";
allow-update { none; };
};
systemctl restart named
测试:
vim /etc/resolv.conf
nameserver 172.25.254.221
dig www.westos.com
图示:修改配置文件
图示:测试结果
七、dns的远程更新
(实验前需先备份)
基于ip
vim /etc/name.rfc1912.zone.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { 172.25.254.244; };
29 also-notify {172.25.254.244; };
30 };
systemctl restart named
图示:修改配置文件
测试
在221主机上
[root@localhost ~]# nsupdate
> server 172.25.254.121
> update add bbs.westos.com 86400 A 1.1.1.2 #添加
> send
> server 172.25.254.121
> update delete bbs.westos.com #删除
> send
[root@dns-server named]# ls
data named.empty slaves westos.com.ptr
dynamic named.localhost westos.com.inter westos.com.zone
named.ca named.loopback westos.com.inter.jnl <-----更新在121主机上生成
图示:记录生成过程
dig bbs.westos.com
;; ANSWER SECTION:
bbs.westos.com. 86400 IN A 1.1.1.2
图示:测试结果
###
还原
[root@dns-server named]# rm -fr westos.com.inter westos.com.inter.jnl[root@dns-server named]# ls
data named.ca named.localhost slaves westos.com.zone
dynamic named.empty named.loopback westos.com.ptr
[root@dns-server named]# cp -p /mnt/westos.com.inter .
###
*基于key的
cd /mnt
cp -p /etc/rndc.key /etc/westos.key ##‘-p’复制所有
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
vim /etc/westos.key
1 key "westos" {
2 algorithm hmac-md5;
3 secret "ujuIHzR74r3ikunB3OblMQ==";
4 };
图示:更改文件内容
vim /etc/named.conf
41 include "/etc/westos.key";
42 logging {
43 channel default_debug {
44 file "data/named.run";
图示:修改配置文件
vim /etc/named.rfc1912.zones.inter
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { key westos; };
29 also-notify {172.25.254.221; };
30 };
systemctl restart named
图示:修改配置文件
测试
测试:
发送钥匙给测试主机
scp Kwestos.+157+60830.* root@172.25.254.121:/mnt
图示:发送钥匙
在有key 的主机中执行
[root@localhost mnt]# nsupdate -kKwestos.+157+60830.private
> update add bbs.westos.com 8000 A 1.1.1.0
> send
[root@localhost mnt]# nsupdate
> server 172.25.254.121
> update add ss.westos.com 8000 A 1.1.1.1
> send
update failed: REFUSED
图示:没钥匙更新失败
ddns
八、DDNS的配置
1.辅助设备
[root@dns-slave mnt]# hostnamectl set-hostname www.westos.com ##修改主机名
[root@dns-slave mnt]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
图示:编辑配置使得更改为动态获取ip
[root@dns-slave mnt]# systemctl restart network
2.设置dns主机
vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 also-notify { key westos; };
图示:修改配置文件
安装dhcp服务
[root@dns-server ~]# yum install dhcp -y ##安装dhcp服务
[root@dns-server ~]# systemctl stop firewalld ##关闭防火墙
[root@dns-server ~]# systemctl disable firewalld ##设置开机不启动
[root@dns-server ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
[root@dns-server mnt]# cd /etc/dhcp/
[root@dns-server dhcp]# ls
dhclient.d dhcpd6.conf dhcpd.conf
图示:复制以及修改配置文件
[root@dns-server named]# vim westos.com.zone
图示 :修改配置文件
[root@dns-server named]# systemctl restart named
监控测试
watch -n 1 dig www.westos.com.inter
图示:测试结果
##end##
本文转自 無緣 51CTO博客,原文链接:http://blog.51cto.com/13352594/2045981