DNS服务的信息说明:
A #正向记录(域名-->ip)
PTR #反向记录 (ip-->域名)
host -l example.com #查看域中的所有主机
dig -t soa example.com #辅助dns
软件包: Bind bind-chroot caching-nameserver
DNS主配置目录: /var/named/
DNS主配置文件: /var/named.conf
DNS A记录存放目录: /var/named/chroot/var/named
1.高速缓存
##做实验之前最好先重置虚拟机,重置之后需要先设定ip,
修改主机名(hostnamectl set-hostname dns.server.example.com)
并重新配置虚拟机的yum源
实验:(在dns.server里)
yum install bind -y # -y直接下载,不询问
rpm -qc bind #查找bind的配置文件
vim /etc/named.conf
##############
11 listen-on port 53 { any; }; #端口在任何地方开启
17 allow-query { any; }; #端口允许任何人访问
18 forwarders { 114.114.114.114; }; #本地系统不知道,询问114
32 dnssec-validation no; #不需要互联网认证
systemctl restart named #重启服务
##如果报错,可能为火墙未关闭,named服务未开启,或者配置文件写的有问题
测试:(在真机中)
vim /etc/resolv.conf
#############
nameserver 172.25.254.130 #虚拟机ip(给用户一个访问权)
##真机询问虚拟机130,虚拟机130询问114
dig www.qq.com #第一次时间比较久
再连接一个主机
vim /etc/resolv.conf
############
nameserver 172.25.254.130 #询问130
dig www.qq.com #时间大大缩短,因为第一次记录了访问的结果
2.正向解析(域名--->ip)
实验:(dns.server)
vim /etc/named.conf #查看文件中的子配置文件
vim /etc/named.rfc1912.zones #编写域文件
##########
添加 zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
cd /var/named/
ls
cp -p named.localhost westos.com.zone #复制生成文件名为westos.com.zone的dns资源记录文件
vim westos.com.zone #编写dns资源记录文件(解析文件)
##############
systemctl restart named
测试:(dns.server)
vim /etc/resolv.conf
#############
删除 nameserver 172.25.254.130
systemctl restart named
dig dns.westos.com
dig hello.westos.com
3.轮叫机制
实验:(dns.server)
cd /var/named/
ls
vim westos.com.zone
################
systemctl restart named #必须重启
##如果报错,可能为火墙未关闭,named服务未开启,或者配置文件写的有问题
测试:(dns.sever)
dig node1.westos.com #对比两次dig的效果
dig node1.westos.com
注意:两次测试的时间间隔不能太短
4.反向解析
实验:(dns-servser)
vim /etc/named.rfc1912.zones
##############
添加 zone "254.25.172.in-addr.arpa" IN { #反向解析
type master;
file "westos.com.ptr";
allow-update { none; };
};
cd /var/named/
ls
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
#############
systemctl restart named
测试:
dig -x 172.25.254.111 #反向解析时,测试必须加 -x
dig -x 172.25.254.222
5.双向解析
在虚拟机里
实验:
cd /var/named/
ls
cp -p westos.com.zone westos.com.inter
ls
vim westos.com.inter
################
执行 :%s/172.25.254/192.168.0/g
文件内容会变为
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
vim /etc/named.rfc1912.inter
###############
修改 25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 };
vim /etc/named.conf
###############
注释: 50/*
51 zone "." IN {
52 type hint;
53 file "named.ca";
54 };
55
56 include "/etc/named.rfc1912.zones";
57 include "/etc/named.root.key";
58 */
添加:
59 view localnet {
60 match-clients { 172.25.254.130; };
61 zone "." IN{
62 type hint;
63 file "named.ca";
64 };
65 include "/etc/named.rfc1912.zones"; #
66 };
67 view inter{
68 match-clients { any; };
69 zone "." IN{
70 type hint;
71 file "named.ca";
72 };
73 include "/etc/named.rfc1912.inter"; #
74 };
systemctl restart named
测试:
在真机里
vim /etc/resolv.conf
##############
添加 nameserver 172.25.254.130
dig nod1.westos.com
连接另一个主机的真机
vim /etc/resolv.conf
##############
添加 nameserver 172.25.254.130
dig nod1.westos.com
6.dns文件同步:
实验:
在主dns里:(dns-server)
vim /etc/named.conf
################
取消注释
51 zone "." IN {
52 type hint;
53 file "named.ca";
54 };
55
56 include "/etc/named.rfc1912.zones"; #
57 include "/etc/named.root.key";
注释
59 /*
60 view localnet {
61 match-clients { 172.25.254.130; };
62 zone "." IN{
63 type hint;
64 file "named.ca";
65 };
66 include "/etc/named.rfc1912.zones";
67 };
68 view inter {
69 match-clients { any; };
70 zone "." IN{
71 type hint;
72 file "named.ca";
73 };
74 include "/etc/named.rfc1912.inter";
75 };
76 */
vim /etc/named.rfc1912.zones
###########
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 also-notify { 172.25.254.230; };
30
31 };
systemctl restart named
打开另外一个虚拟机,重置之后需要先设定ip,
修改主机名(hostnamectl set-hostname dns.slave.example.com)
并重新配置虚拟机的yum源
在辅dns里:(dns-slave)
yum install bind -y
vim /etc/named.conf
########
vim /etc/named.rfc1912.zones
###############
添加
zone "westos.com" IN {
type slave;
masters { 172.25.254.130; };
file "slaves/westos.com.zone";
allow-update { none; };
};
systemctl restart named
测试:
在主dns里(dns-servser)
vim westos.com.zone
############
systemctl restart named
dig www.westos.com
在dns-slave里
dig www.westos.com
##说明在主dns里westos.com.zone文件中更改ip
会同步到辅dns里,即可看到辅dns的ip也更改了
注意:如果重启服务没有报错,但同步仍然失败,
极有可能是辅dns的火墙未关闭,阻挡了dns文件信息的同步
7.dns远程更新
(1)用ip的方式更新(不安全)
实验:
在主dns里(dns-server)
ls
cp -p westos.com.zone /mnt/ #备份,-p 表示带权限拷贝
vim /etc/named.rfc1912.zones
#################
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.30; }; #真机ip
also-notify { 172.25.254.230; };
};
systemctl restart named
chmod 770 /var/named/ #给一个可执行权限
ll -d
测试:
在真机里
nsupdate
> server 172.25.254.130
> update add test.westos.com 86400 A 172.25.254.111 #添加dns的A记录
> send
在主dns里
dig test.westos.com #可查看到 172.25.254.111 这个ip
systemctl restart named
vim westos.com.zone
可查看到改变 #测试成功
##还原环境(在真机里)
nsupdate
>server 172.25.254.130
> update delete test.westos.com #删除
> send
(2)用加密的方式进行更新
在主dns里:
##还原环境
ls
rm -fr westos.com.zone*
cp -p /mnt/westos.com.zone .
systemctl restart named #不报错
实验:
cd /mnt/ ##加密
vim /etc/rndc.key #查看原本加密文件格式
ls
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos #加密类型为HMAC-MD5 大小为128,名称为westos
ls
*****************
Kwestos.+157+46925.key Kwestos.+157+46925.private westos.com.zone
#公钥 私钥
cat Kwestos.+157+46925.key ##说明公钥与私钥的密码相同
**********************
westos. IN KEY 512 3 157 eOYRiaEe+uUqCXIpJqPIZg==
cat Kwestos.+157+46925.private
*********************
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: eOYRiaEe+uUqCXIpJqPIZg==
Bits: AAA=
Created: 20180520064341
Publish: 20180520064341
Activate: 20180520064341
cp /etc/rndc.key /etc/westos.key -p
vim /etc/westos.key
###########
key "westos" { #westos 为名字
algorithm hmac-md5;
secret "eOYRiaEe+uUqCXIpJqPIZg=="; #eOYRiaEe+uUqCXIpJqPIZg== 为密码
};
vim /etc/named.conf
添加
43 include "/etc/westos.key";
## 必须 在 44 logging { 之前添加
vim /etc/named.rfc1912.zones
##############
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { key westos; };
29 also-notify { 172.25.254.230; };
30 };
systemctl restart named
ls
scp Kwestos.+157+14557.* [email protected]:/mnt/ ##将钥匙发送给辅dns
测试:
在辅dns里(dns-slave)
cd /mnt
ls
**************
Kwestos.+157+46925.key Kwestos.+157+46925.private #有钥匙
nsupdate -k Kwestos.+157+46925.private
> server 172.25.254.130
> update add hello.westos.com 86400 A 172.25.254.130
> send #不报错代表成功
> quit
9.动态dhcp远程控制dns
在主dns里:(dns-servser)
##还原环境
cd /var/named
ls
rm -rf westos.com.zone*
ls
cp -p /mnt/westos.com.zone . # . 表示当前目录
systemctl restart named
vim westos.com.zone #可查看到文件恢复到初始状态,说名还原成功
###################
实验:
在虚拟机里:(dns-slave)
更改主机名 (hostnamectl set-hostname linux.westos.com)
将ip设为动态ip(vim /etc/sysconfig/network-scripts/ifcfg-eth0)
此时重启网络失败
在主dns里:(dns-servser)
yum install dhcp
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf #安装dhcp模版
vim /etc/dhcp/dhcpd.conf #编辑dhcp主配置文件
###########
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.130;
取消注释
14 ddns-update-style interim;
删除27 28
删除34 行以后
30 subnet 172.25.254.0 netmask 255.255.255.0 {
31 range 172.25.254.80 172.25.254.90;
32 option routers 172.25.254.100;
33 }
systemctl restart dhcpd
vim /etc/westos.key #复制文件里的内容
vim /etc/dhcp/dhcpd.conf
#############
#粘贴/etc/westos.key里的内容
key "westos" {
algorithm hmac-md5;
secret "eOYRiaEe+uUqCXIpJqPIZg==";
};
添加 zone westos.com. {
primary 127.0.0.1;
key westos;
}
systemctl restart dhcpd
测试:
在虚拟机里 (linux.westos.com)
此时重启网络成功 并获得到一个随机的ip
如果更改/etc/dhcp/dhcpd.conf 里的range(更改后需要重启systemctl restart dhcpd)
那么虚拟机里的ip会有所改变(查看ip之前需要重启网络systemctl restart network)
重启服务报错应如何排错:
例如:
[root@dns-servser named]# systemctl restart named #报错
Job for named.service failed. See 'systemctl status named.service' and 'journalctl -xn' for details.
[root@dns-servser named]# > /var/log/messages
[root@dns-servser named]# cat /var/log/messages
[root@dns-servser named]# systemctl start named
Job for named.service failed. See 'systemctl status named.service' and 'journalctl -xn' for details.
[root@dns-servser named]# cat /var/log/messages #查看日志,因为日志会记录报错信息
May 19 22:08:32 dns-servser systemd: Starting Generate rndc key for BIND (DNS)...
May 19 22:08:32 dns-servser systemd: Started Generate rndc key for BIND (DNS).
May 19 22:08:32 dns-servser systemd: Starting Berkeley Internet Name Domain (DNS)...
May 19 22:08:32 dns-servser named-checkconf: /etc/named.rfc1912.zones:53: unknown option '42'
May 19 22:08:32 dns-servser named-checkconf: /etc/named.rfc1912.zones:54: unknown option '43'
May 19 22:08:32 dns-servser named-checkconf: /etc/named.rfc1912.zones:55: unknown option '44'
May 19 22:08:32 dns-servser named-checkconf: /etc/named.rfc1912.zones:56: unknown option '45'
May 19 22:08:32 dns-servser named-checkconf: /etc/named.rfc1912.zones:56: unexpected token near '}'
##说明 /etc/named.rfc1912.zones 文件编写的有问题
May 19 22:08:32 dns-servser systemd: named.service: control process exited, code=exited status=1
May 19 22:08:32 dns-servser systemd: Failed to start Berkeley Internet Name Domain (DNS).
May 19 22:08:32 dns-servser systemd: Unit named.service entered failed state.
[root@dns-servser named]# vim /etc/named.rfc1912.zones
[root@dns-servser named]# systemctl start named #成功