1.关于dns的名词解释
dns:domain name service(域名解析服务)
关于客户端:
DNS的开机及启用/etc/resolv.conf dns指向文件
nameserver 172.25.254.20
测试:
host www.baidu.com 地址解析命令
dig www.baidu.com 地址详细解析信息命令
A 记录ip地址叫做域名的Address 记录
SO 授权起始主机
dns顶级
. 13
次级
.com .net .edu .org ....
baidu.com
关于服务端
bind 安装包
named 服务名称
/etc/named.conf 主配置文件
/var/named 数据目录
端口 53
实验环境:
服务端nodea,有网络. 客户端nodeb,无网络
dnf install bind -y
[root@westoslinux ~]# systemctl enable --now named
[root@westoslinux ~]# firewall -cmd --permanent --add-service=dns
[root@westoslinux ~]# firewall-cmd --reload
关于报错信息在客户端操作:
[root@westoslinux212 ~]# dig www.baidu.com
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; connection timed out; no servers could be reached
若出现no servers could be reached ,服务无法访问(服务开启?火墙?网络?端口?)
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org
dns A 127.0.0.1
200 PTR mail.westos.org.
在服务端操作:
[root@westoslinux ~]# netstat -antlupe | grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 94195 29526/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 94202 29526/named
tcp6 0 0 ::1:53 :::* LISTEN 25 94197 29526/named
tcp6 0 0 ::1:953 :::* LISTEN 25 94203 29526/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 70 25017 731/avahi-daemon: r
udp 0 0 127.0.0.1:53 0.0.0.0:* 25 94193 29526/named
udp6 0 0 :::5353 :::* 70 25018 731/avahi-daemon: r
udp6 0 0 ::1:53 :::* 25 94196 29526/named
[root@westoslinux ~]# vim /etc/named.conf
11 listen-on port 53 { any; };
[root@westoslinux ~]# systemctl restart named
[root@westoslinux212 ~]# dig www.baidu.com
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 56262
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
若访问时出现REFUSED,服务拒绝访问
[root@westoslinux ~]# vim /etc/named.conf
19 allow-query { any; };
34 dnssec-validation no;-----------< 若访问时出现SERVFAIL,查询记录失败,(dns服务器无法到达上级,拒绝缓存
[root@westoslinux ~]# systemctl restart named
[root@westoslinux212 ~]# dig www.baidu.com
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58415
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: d567cd895a3a1f984ee75d96618e5a246111e52dd4124339 (good)
;; QUESTION SECTION:
;www.baidu.com. IN A
若访问时发现NOERROR,表示查询成功
高速缓存dns
在服务端操作:
[root@westoslinux ~]# vim /etc/named.conf
20 forwarders { 114.114.114.114; };
[root@westoslinux ~]# systemctl restart named
[root@westoslinux ~]# dig www.baidu.com
;; Query time: 577 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri Nov 12 20:36:18 CST 2021
;; MSG SIZE rcvd: 912
在客户端操作:
[root@westoslinux212 ~]# dig www.baidu.com
;; Query time: 2 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri Nov 12 20:36:25 CST 2021
;; MSG SIZE rcvd: 912
[root@westoslinux112 named]# cd
[root@westoslinux112 ~]# cd /var/named
[root@westoslinux112 named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@westoslinux112 named]# ll
total 16
drwxrwx---. 2 named named 23 Nov 12 19:56 data
drwxrwx---. 2 named named 60 Nov 12 20:44 dynamic
-rw-r-----. 1 root named 2253 Feb 27 2020 named.ca
-rw-r-----. 1 root named 152 Feb 27 2020 named.empty
-rw-r-----. 1 root named 152 Feb 27 2020 named.localhost
-rw-r-----. 1 root named 168 Feb 27 2020 named.loopback
drwxrwx---. 2 named named 6 Feb 27 2020 slaves
[root@westoslinux112 named]# cp -p named.localhost westos.org.zone
[root@westoslinux112 named]# vim /etc/named.conf
[root@westoslinux112 named]#vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { none; };
};
[root@westoslinux112 named]#vim westos.org.zone$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.112
www A 172.25.254.111
[root@westoslinux112 named]# systemctl restart named
[root@westoslinux212 ~]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12994
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: 1c528bb3ac5b7606ed16c463618e65b0c2abbac679f13444 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
规范书写
[root@westoslinux112 named]# vim westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.112
www CNAME nodea.westos.org. CNAME-->把对外开放的域名转化为内部主机域名,对内部域名进行解析
nodea A 172.25.254.111
nodea A 172.25.254.222
[root@westoslinux112 named]# systemctl restart named
[root@westoslinux212 ~]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51284
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: e5ec5ebd3cc19caea7eed65a618e6866d89802f106d26dd3 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME nodea.westos.org.
nodea.westos.org. 86400 IN A 172.25.254.222
nodea.westos.org. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
[root@westoslinux112 named]# vim westos.org.zon
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.112
www CNAME nodea.westos.org.
nodea A 172.25.254.111
nodea A 172.25.254.222
westos.org. MX 1 172.25.254.212. MX将域名转化成ip,对ip进行解析
[root@westoslinux112 named]# systemctl restart named
[root@westoslinux212 ~]# dig -t mx westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> -t mx westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51069
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: a787e5de1413966459076f14618e6aa9720b63b3d5e63a40 (good)
;; QUESTION SECTION:
;westos.org. IN MX
;; ANSWER SECTION:
westos.org. 86400 IN MX 1 172.25.254.212.
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
;; Query time: 2 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri Nov 12 21:22:49 CST 2021
;; MSG SIZE rcvd: 131
zone "254.25.172.in-addr.arpa" IN {
type master;
file "172.25.254.ptr";
allow-update { none; };
};
[root@westoslinux112 named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.org.zone
[root@westoslinux112 named]# cp -p named.localhost 172.25.254.ptr
[root@westoslinux112 named]# vim 172.25.254.ptr
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.112
212 PTR mail.westos.org.
[root@westoslinux112 named]# systemctl restart named
root@westoslinux212 ~]# dig -x 172.25.254.212
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> -x 172.25.254.212
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34373
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: 461af05deb23e3de53aaac9c618e734b5ad36356e1d88d05 (good)
;; QUESTION SECTION:
;212.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
212.254.25.172.in-addr.arpa. 86400 IN PTR mail.westos.org.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
;; Query time: 5 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri Nov 12 21:59:39 CST 2021
;; MSG SIZE rcvd: 147
在nodeb中操作:
[root@westoslinux212 ~]# dnf install bind -y
[root@westoslinux212 ~]# systemctl enable --now named
[root@westoslinux212 ~]# firewall-cmd --permanent --add-service=dns
[root@westoslinux212 ~]# firewall-cmd --reload
[root@westoslinux212 ~]# vim /etc/named.conf
11 listen-on port 53 { any; };
19 allow-query { any; };
34 dnssec-validation no;
[root@westoslinux212 ~]# systemctl restart named
[root@westoslinux212 ~]# vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type slave; }; ##dns状态位辅助dns
masters { 172.25.254.112; }; ##主dns
file "slaves/westos.org.zone"; ##同步数据文件
};
[root@westoslinux212 ~]# systemctl restart named
[root@westoslinux212 ~]# vim /etc/resolv.conf
nameserver 172.25.254.212
[root@westoslinux212 ~]# cd /var/named/slaves
[root@westoslinux212 slaves]# rm -fr westos.org.zone
[root@westoslinux212 slaves]# systemctl restart named
[root@westoslinux212 slaves]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42137
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: a8078025ba08b38f729bcb0b619057b9d5b38a7bf3eb2d0e (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME nodea.westos.org.
nodea.westos.org. 86400 IN A 172.25.254.11
nodea.westos.org. 86400 IN A 172.25.254.22
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
;; Query time: 1 msec
;; SERVER: 172.25.254.212#53(172.25.254.212)
;; WHEN: Sun Nov 14 08:26:33 CST 2021
;; MSG SIZE rcvd: 157
如果想要辅助主机和主服务器同步,其操作为:
[root@westoslinux112 ~]# vim /var/named/westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
2021111401 ; serial 每次修改A记录文件需要
1D ; refresh 变更此参数的值
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.112
www CNAME nodea.westos.org.
nodea A 172.25.254.111
nodea A 172.25.254.222
westos.org. MX 1 172.25.254.212.
[root@westoslinux112 ~]# vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
also-notify { 172.25.254.200; };
};
[root@westoslinux112 ~]# systemctl restart name
[root@westoslinux112 ~]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46100
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: ba5fb7ce19974634767c65ba619059e43deeece5293392cb (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME nodea.westos.org.
nodea.westos.org. 86400 IN A 172.25.254.222
nodea.westos.org. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
;; Query time: 2 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Sun Nov 14 08:35:48 CST 2021
;; MSG SIZE rcvd: 157
[root@westoslinux212 slaves]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1309
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: 57f079d6c2bfc97b0d1b44cd619059f08fd14100b0454a90 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME nodea.westos.org.
nodea.westos.org. 86400 IN A 172.25.254.111
nodea.westos.org. 86400 IN A 172.25.254.222
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.212#53(172.25.254.212)
;; WHEN: Sun Nov 14 08:36:00 CST 2021
;; MSG SIZE rcvd: 157
[root@westoslinux112 ~]# ip addr add 192.168.0.112/24 dev ens3
[root@westoslinux112 ~]# ip addr add 192.168.0.112/24 dev ens3
[root@westoslinux112 ~]# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3:
link/ether 52:54:00:da:e5:d5 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.112/24 brd 172.25.254.255 scope global noprefixroute ens3
valid_lft forever preferred_lft forever
inet 192.168.0.112/24 scope global ens3
valid_lft forever preferred_lft forever
[root@westoslinux112 ~]# cd /var/named
[root@westoslinux112 named]# ls
172.25.254.ptr dynamic named.empty named.loopback westos.org.zone
data named.ca named.localhost slaves
[root@westoslinux112 named]# cp -p westos.org.zone westos.org.inter
[root@westoslinux112 named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
[root@westoslinux112 named]# ls
172.25.254.ptr dynamic named.empty named.loopback westos.org.inter
data named.ca named.localhost slaves westos.org.zone
[root@westoslinux112 named]# vim westos.org.inter
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
2021111401 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 192.168.0.112
www CNAME nodea.westos.org.
nodea A 192.168.0.111
nodea A 192.168.0.222
westos.org. MX 1 192.168.0.212.
[root@westoslinux112 named]# vim /etc/named.rfc1912.inter
zone "westos.org" IN {
type master;
file "westos.org.inter";
allow-update { none; };
};
[root@westoslinux112 named]# vim /etc/named.conf
注释掉
view localnet {
match-clients { 172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
[root@westoslinux112 named]# systemctl restart named
[root@westoslinux112 named]# vim /etc/resolv.conf
[root@westoslinux112 named]# cat /etc/resolv.conf
# Generated by NetworkManager
search westos.org
nameserver 172.25.254.112
[root@westoslinux112 named]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43166
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: 928b623f2c77f6ee0084d4d361906bfa3f6b18611fc73804 (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME nodea.westos.org.
nodea.westos.org. 86400 IN A 172.25.254.111
nodea.westos.org. 86400 IN A 172.25.254.222
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Sun Nov 14 09:52:58 CST 2021
;; MSG SIZE rcvd: 157
[root@westoslinux212 slaves]# vim /etc/sysconfig/network-scripts/ifcfg-westos
IPADDR0=192.168.0.212
PREFIX0=24
[root@westoslinux212 slaves]# nmcli connection reload
[root@westoslinux212 slaves]# nmcli connection up westos
[root@westoslinux212 slaves]# vim /etc/resolv.conf
[root@westoslinux212 slaves]# cat /etc/resolv.conf
# Generated by NetworkManager
search westos.org
nameserver 192.168.0.112
[root@westoslinux212 slaves]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56011
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: 94c711eaf96ada91379e14d361906cb08ef76471b68940df (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN CNAME nodea.westos.org.
nodea.westos.org. 86400 IN A 192.168.0.111
nodea.westos.org. 86400 IN A 192.168.0.222
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 192.168.0.112
;; Query time: 6 msec
;; SERVER: 192.168.0.112#53(192.168.0.112)
;; WHEN: Sun Nov 14 09:56:00 CST 2021
;; MSG SIZE rcvd: 157
ddns(dhcp+dns)
[root@westoslinux112 named]# dnf install dhcp-server -y
[root@westoslinux112 named]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite '/etc/dhcp/dhcpd.conf'? y
[root@westoslinux112 named]# vim /etc/dhcp/dhcpd.conf
7 option domain-name "westos.org";
8 option domain-name-servers 172.25.254.112;
27 #subnet 10.152.187.0 netmask 255.255.255.0 {
28 #} 注释
32 subnet 172.25.254.0 netmask 255.255.255.0 {
33 range 172.25.254.90 172.25.254.130;
[root@westoslinux112 named]# systemctl restart dhcpd
[root@westoslinux212~] vim /etc/sysconfig/network-scripts/ifcfg-westes
DEVICE=ens3
BOOTPRORT=dhcp
onBOOT=yes
NAME=westos
[root@westoslinux212~] nmcli connection reload
[root@westoslinux212~] nmcli connection up westos
[root@westoslinux212~] ifconfig 网线拔掉之后生成的自动生成的ip如果在范围之类,说明dhcp配置成功
[root@westoslinux112 named]# cd /mnt
[root@westoslinux112 mnt]# rm -fr *
[root@westoslinux112 mnt]# cp -p /etc/rndc.key /etc/westos.key
[root@westoslinux112 mnt]# dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westos
Kwestos.+163+15320
[root@westoslinux112 mnt]# ls
Kwestos.+163+15320.key Kwestos.+163+15320.private
[root@westoslinux112 mnt]# cat Kwestos.+163+15320.private
Private-key-format: v1.3
Algorithm: 163 (HMAC_SHA256)
Key: f6jTFWpOCBLogcFZN+KPWA==
Bits: AAA=
Created: 20211116122826
Publish: 20211116122826
Activate: 20211116122826
[root@westoslinux112 mnt]# vim /etc/westos.key
[root@westoslinux112 mnt]# cat /etc/westos.key
key "westos" {
algorithm hmac-sha256;
secret "f6jTFWpOCBLogcFZN+KPWA==";
};[root@westoslinux112 mnt]# vim /etc/named.conf
44 include "/etc/westos.key";
[root@westoslinux112 mnt]# systemctl restart named
[root@westoslinux112 mnt]# vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { key westos; };
also-notify { 172.25.254.212; };
};
[root@westoslinux112 mnt]# systemctl restart named
[root@westoslinux112 mnt]# nsupdate -k Kwestos.+163+15320.private
> server 172.25.254.112
> update add haha.westos.org 86400 A 172.25.254.111
> send
> quit
[root@westoslinux112 mnt]# dig haha.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> haha.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40475
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: 76023ac4eb999add67386a746193a59d6a6659d88f19a96f (good)
;; QUESTION SECTION:
;haha.westos.org. IN A
;; ANSWER SECTION:
haha.westos.org. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIonAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Tue Nov 16 20:35:41 CST 2021
;; MSG SIZE rcvd: 122
[root@westoslinux112 mnt]# nsupdate -k Kwestos.+163+15320.private
> server 172.25.254.112
> update delete haha.westos.org
> send
> quit
[root@westoslinux112 mnt]# dig haha.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> haha.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59553
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; cookie: 8da9e22f968ddcfa69da94336193a5d5f4f50a293d2ae361 (good)
;; QUESTION SECTION:
;haha.westos.org. IN A
;; AUTHORITY SECTION:
westos.org. 10800 IN SOA dns.westos.org. lee.westos.org. 202111603 86400 3600 604800 10800
[root@westoslinux112 mnt]# cd /var/named
[root@westoslinux112 named]# ls
172.25.254.ptr dynamic named.empty named.loopback westos.org.inter westos.org.zone.jnl
data named.ca named.localhost slaves westos.org.zone
[root@westoslinux112 named]# rm -fr westos.org.zone.jnl
[root@westoslinux112 named]# vim /etc/dhcp/dhcpd.conf
14 ddns-update-style interim;
36 key westos {
37 algorithm hmac-sha256;
38 secret EKrtbLfRQPJ/b5mm7BW8vw==;
39 };
40
41 zone westos.org. {
42 primary 127.0.0.1;
43 key westos;
44 }
[root@westoslinux112 named]# systemctl restart dhcpd
在nodeb中操作:
hostnamectl 查询主机名称
dig westoslinux212.westos.org 可以查询到相应的信息
