dns:domain name service(域名解析服务)
#关于客户端:#
/etc/resolv.conf ##dns指向文件
nameserver 172.25.254.237
#测试:
host www.baidu.com ##地址解析命令
dig www.baidu.com ##地址详细解析信息命令
A记录
##ip地址叫做域名的Address 记录
SOA
##授权起始主机
dns顶级
. 13
次级
.com .net .edu .org ....
#关于服务端#
bind ##安装包
named ##服务名称
/etc/named.conf ##主配置文件
/var/named ##数据目录
端口 ##53
关于报错信息:
1.no servers could be reached ##服务无法访问(服务开启?火墙?网络?端口?)
2.服务启动失败 ##配置文件写错 journalctl -xe查询错误
3.dig 查询状态
NOERROR ##表示查询成功
REFUSED ##服务拒绝访问
SERVFAIL ##查询记录失败,(dns服务器无法到达上级,拒绝缓存)
NXDOMAIN ##此域名A记录在dns中不存在
#安装#
dnf install bind -y#启用#
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reloadvim /etc/named.conf
11 listen-on port 53 { any; }; ##在本地所有网络接口上开启53端口
19 allow-query { any; }; ##允许查询A记录的客户端列表20 forwarders { 114.114.114.114; }; ##高速缓存dns
34 dnssec-validation no; ##禁用dns检测使dns能够缓存外部信息到本地
systemctl restart named
客户端测试:
三、dns的正向解析[root@westos111 ~]# cd /var/named
[root@westos111 named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@westos111 named]# cp -p named.localhost westos.org.zone ##必须加-p复制权限
[root@westos111 named]# vim westos.org.zone
1 $TTL 1D
2 @ IN SOA dns.westos.org. lee.westos.org. ( #SOA授权起始(Start of Authority)
3 0 ; serial #域名版本序列号
4 1D ; refresh #刷新时间(辅助dns)
5 1H ; retry #重试时间(辅助dns)
6 1W ; expire #过期时间(辅助dns,查询失败过期停止对辅助域名的应答)
7 3H ) ; minimum #A记录最短有效期
8 NS dns.westos.org. ##规范域名
9 dns A 172.25.254.111
10 www A 172.25.254.110
~
[root@westos111 ~]# vim /etc/named.rfc1912.zones
29 zone "westos.org" IN { ##维护的域名
30 type master; ##当前服务器位主dns
31 file "westos.org.zone";##域名A记录文件
32 allow-update { none; };##允许更新主机列表
33 };
[root@westos111 ~]# systemctl restart named
客户端测试
本地多服务器解析
[root@westos137 named]# vim westos.org.zone [root@westos137 named]# cat westos.org.zone $TTL 1D @ IN SOA dns.westos.org. lee.westos.org. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.org. dns A 172.25.254.137 www CNAME nodea.westos.org. nodea A 172.25.254.111 nodea A 172.25.254.222 [root@westos137 named]# systemctl restart named
客户端测试:
邮件地址解析
[root@westos137 named]# vim westos.org.zone [root@westos137 named]# cat westos.org.zone $TTL 1D @ IN SOA dns.westos.org. lee.westos.org. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.org. dns A 172.25.254.137 www CNAME nodea.westos.org. nodea A 172.25.254.111 nodea A 172.25.254.222 westos.org. MX 1 172.25.254.237. [root@westos137 named]# systemctl restart named
客户端测试:
四、dns的反向解析[root@westos111 named]# vim /etc/named.rfc1912.zones
54 zone "254.25.172.in-addr.arpa" IN {
55 type master;
56 file "172.25.254.ptr";
57 allow-update { none; };
58 };
59
[root@westos111 named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.org.zone
[root@westos111 named]# cp -p named.loopback 172.25.254.ptr
[root@westos111 named]# vim 172.25.254.ptr
1 $TTL 1D
2 @ IN SOA dns.westos.org. lee.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.254.111
10 211 PTR mail.westos.org.
[root@westos111 named]# systemctl restart named
客户端测试:
五、dns的双向解析实验环境:
客户端2台:192.168.0网段、172.25.254网段
服务端1台,2个客户端的ip为192.168.0.237和172.25.254.137
[root@westos139 named]# ip addr add 192.168.0.139/24 dev ens3
[root@westos139 named]# ip addr show
[root@westos137 named]# cp -p westos.org.zone westos.org.inter
[root@westos137 named]# ls
172.25.254.ptr dynamic named.empty named.loopback westos.org.inter
data named.ca named.localhost slaves westos.org.zone
[root@westos137 named]# vim westos.org.inter
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 192.168.0.137
www CNAME nodea.westos.org.
nodea A 192.168.0.111
nodea A 192.168.0.222
westos.org. MX 1 192.168.0.237.
[root@westos137 named]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p
[root@westos137 named]# vim /etc/named.rfc1912.inter
zone "westos.org" IN {
type master;
file "westos.org.inter";
allow-update { none; };
};
[root@westos137 named]# vim /etc/named.conf
view localnet {
match-clients {172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet {
match-clients {any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
[root@westos137 named]# vim /etc/resolv.conf
[root@westos137 named]# cat /etc/resolv.conf
# Generated by NetworkManager
search westos.org
nameserver 172.25.254.137
[root@westos137 named]# systemctl restart named
172网段测试:
192网段测试:
六、dns集群附属dns:
[root@westos211 ~]# dnf install bind -y
[root@westos211 named]# firewall-cmd --permanent --add-service=dns
success
[root@westos211 named]# firewall-cmd --reload
success
[root@westos211 named]# systemctl enable named
[root@westos211 named]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
dnssec-validation no;
[root@westos211 slaves]# vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type slave;
masters {172.25.254.111; };
file "slaves/westos.org.zone";
};
[root@westos211 slaves]# systemctl restart named
[root@westos211 slaves]# ls
westos.org.zone
dns主机111
[root@westos111 named]# vim /etc/named.rfc1912.zones
29 zone "westos.org" IN {
30 type master;
31 file "westos.org.zone";
32 allow-update { none; };
33 also-notify { 172.25.254.211; };
34 };
[root@westos111 named]# systemctl restart named
[root@westos111 named]# vim /etc/resolv.conf
1 # Generated by NetworkManager
2 search westos.org
3 nameserver 172.25.254.111
测试:
[root@westos111 named]# vim westos.org.zone ##更新一下 1 $TTL 1D 2 @ IN SOA dns.westos.org. lee.westos.org. ( 3 1 ##增量更改才可同步(例如变为0就不同步了) ; serial 4 1D ; refresh 5 1H ; retry 6 1W ; expire 7 3H ) ; minimum 8 NS dns.westos.org. 9 dns A 172.25.254.111 10 www CNAME nodea.westos.org. 11 nodea A 172.25.254.11 12 nodea A 172.25.254.22 13 westos.org. MX 1 172.25.254.200. ~ 附属dns中 [root@westos211 slaves]# vim /etc/resolv.conf # Generated by NetworkManager search westos.org nameserver 172.25.254.211 ~ [root@westos211 slaves]# dig www.westos.org ##可以看到同步更改了 ; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48300 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; cookie: 061ab37f014288d080d81c79618dee7b4023b9d82d463dae (good) ;; QUESTION SECTION: ;www.westos.org. IN A ;; ANSWER SECTION: www.westos.org. 86400 IN CNAME nodea.westos.org. nodea.westos.org. 86400 IN A 172.25.254.22 nodea.westos.org. 86400 IN A 172.25.254.11 ;; AUTHORITY SECTION: westos.org. 86400 IN NS dns.westos.org. ;; ADDITIonAL SECTION: dns.westos.org. 86400 IN A 172.25.254.111 ;; Query time: 0 msec ;; SERVER: 172.25.254.211#53(172.25.254.211) ;; WHEN: Fri Nov 12 12:32:59 CST 2021 ;; MSG SIZE rcvd: 157七、ddns(dhcp+dns)
配置dhcp,使nodeb 从nodea 中获取ip
nodea
[root@westos111 named]# dnf install dhcp-server -y
[root@westos111 ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[root@westos111 ~]# vim /etc/dhcp/dhcpd.conf
option domain-name "westos.org";
option domain-name-servers 172.25.254.111;
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.60 172.25.254.90;
}
[root@westos111 ~]# systemctl restart dhcpd
nodeb中:
vim /etc/sysconfig/ vim /etc/sysconfig/network-scripts/ifcfg-Wired_connection_1 boot=dhcp
nodea中:
[root@westos111 ~]# cd /mnt
[root@westos111 mnt]# cp /etc/rndc.key /etc/westos.key -p
[root@westos111 mnt]# cat /etc/westos.key
key "rndc-key" {
algorithm hmac-sha256;
secret "uOtf2g+g+QG6oeC9O9wTugTId0Au3neuA7aphEHH8q8=";
};
[root@westos111 mnt]# dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westos
Kwestos.+163+59167
[root@westos111 mnt]# ls
8-abstract-dark.xml desktop-backgrounds-default.xml
8-abstract-light.xml hello-world-dark.xml
circles-dark.xml Kwestos.+163+59167.key
circles-light.xml Kwestos.+163+59167.private
[root@westos111 mnt]# cat Kwestos.+163+59167.private
Private-key-format: v1.3
Algorithm: 163 (HMAC_SHA256)
Key: ltIIlGcGxBDzOrrwyQ2fxQ==
Bits: AAA=
Created: 20211112072950
Publish: 20211112072950
Activate: 20211112072950
[root@westos111 mnt]# vim /etc/westos.key
[root@westos111 mnt]# vim /etc/named.conf
[root@westos111 mnt]# systemctl restart named
[root@westos111 mnt]# vim /etc/named.rfc1912.zones
zone "westos.org" IN{
type master;
file "westos.org.zone";
allow-update { key westos;};
also-notify { 172.25.254.211;};
};
[root@westos111 mnt]# systemctl restart named
[root@westos111 mnt]# nsupdate -k Kwestos.+163+59167.private
> server 172.25.254.111
> update add haha.westos.org 86400 A 172.25.254.110
> send
> quit
[root@westos111 mnt]# dig haha.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> haha.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60804
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: 7262c48c41f069fb7c51c1ee618e1ae1413a265d9df8a154 (good)
;; QUESTION SECTION:
;haha.westos.org. IN A
;; ANSWER SECTION:
haha.westos.org. 86400 IN A 172.25.254.110
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.111
;; Query time: 0 msec
;; SERVER: 172.25.254.111#53(172.25.254.111)
;; WHEN: Fri Nov 12 15:42:25 CST 2021
;; MSG SIZE rcvd: 122
[root@westos111 mnt]# nsupdate -k Kwestos.+163+59167.private
> server 172.25.254.111
> update delete haha.westos.org
> send
> quit
