文章目录
一. dns 服务器部署
1.关于 dns 的名词解释
dns:
domain name service(域名解析服务)
#关于客户端:#
/etc/resolv.conf ##dns 指向文件
nameserver 172.25.254.20
#测试:
host www.baidu.com ##地址解析命令
dig www.baidu.com ##地址详细解析信息命令
A 记录 ##ip 地址叫做域名的 Address 记录
SOA ##授权起始主机
dns 顶级
. 13
次级
.com .net .edu .org …
baidu.com
#关于服务端#
bind ##安装包
named ##服务名称
/etc/named.conf ##主配置文件
/var/named ##数据目录
端口 ##53
关于报错信息:
1.no servers could be reached ##服务无法访问(服务开启?火墙?网络?端口?)
2.服务启动失败 ##配置文件写错 journalctl -xe 查询错误
3.dig 查询状态
NOERROR ##表示查询成功
REFUSED ##服务拒绝访问
SERVFAIL ##查询记录失败,(dns 服务器无法到达上级,拒绝缓存)
NXDOMAIN ##此域名 A 记录在 dns 中不存在
2.高速缓存 dns
%把端口开到所有网口上
%到达内网主机的速度快
%高速缓存dns,使用的时别人的数据。普通主机dig时会访问外网114,速度慢,当高速缓存器dig后有缓存,其他主机直接访问高速缓存器(属于访问内网段)速度快
%操作,3台主机:服务端node2,客户端node1(第一次dig测试普通低速度),真机(测试高速缓存node2)
%node2(服务端)中操作
[root@node2 ~]# dnf install bind.x86_64 -y
[root@node2 ~]# systemctl enable --now named
[root@node2 ~]# systemctl enable --now firewalld
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
[root@node2 ~]# firewall-cmd --permanent --add-service=dns
success
[root@node2 ~]# firewall-cmd --reload
success
[root@node2 ~]# vim /etc/named.conf
改动:
1,listen-on port 53 { any; };
2,allow-query { any; };
3,forwarders {114.114.114.114; };
4,dnssec-validation no;
[root@node2 ~]# systemctl restart named
[root@node2 ~]# ip route add default via 172.25.254.250
[root@node2 ~]# route -n
[root@node2 ~]# ping 114.114.114.114 #加网关后能访问114.114.114.114
%测试端客户端node1和真机编写vim /etc/resolv.conf都是下面,区别是第一个测试端(两个中的一个)先dig www.baidu.com的时候速度慢,由于dig后有缓存,第二台测试机再dig www.baidu.com时就会快了
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.203
%操作晚餐
测试:
3.dns 的正向解析
[root@node2 named]# vim /etc/named.rfc1912.zones
添加
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { none; };
};
[root@node2 ~]# cd /var/named/
[root@node2 named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@node2 named]# cp -p named.localhost westos.org.zone
[root@node2 named]# vim westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.203
www A 172.25.254.111
[root@node2 named]# systemctl restart named
%在node1中测试
[root@node2 named]# dig www.westos.org
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> www.westos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35351
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 5f99e65e47817a27a3a28bc25fcb15c0d4e5cb7a185801ed (good)
;; QUESTION SECTION:
;www.westos.org. IN A
;; ANSWER SECTION:
www.westos.org. 86400 IN A 172.25.254.111
;; AUTHORITY SECTION:
westos.org. 86400 IN NS dns.westos.org.
;; ADDITIONAL SECTION:
dns.westos.org. 86400 IN A 172.25.254.203
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Dec 05 13:08:16 WITA 2020
;; MSG SIZE rcvd: 121
%发邮件
%node2服务端操作:
[root@node2 named]# vim westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.203
www A 172.25.254.111
bbs CNAME test.westos.org.
test A 172.25.254.111
test A 172.25.254.222
[root@node2 named]# systemctl restart named
%在node1中测试
[root@localhost ~]# dig bbs.westos.org
%在node2中
[root@node2 named]# vim westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.203
www A 172.25.254.111
bbs CNAME test.westos.org.
test A 172.25.254.111
test A 172.25.254.222
westos.org. MX 1 172.25.254.203.
[root@node2 named]# systemctl restart named
%在node1中测试
[root@localhost ~]# dnf install postfix mailx -y
[root@localhost ~]# mail [email protected]
Subject: adf
as
as
.
EOT
[root@localhost ~]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
C8F80E50C7A 443 Sat Dec 5 13:57:23 [email protected]
(connect to 172.25.254.203[172.25.254.203]:25: No route to host)
[email protected]
-- 0 Kbytes in 1 Request.
[root@localhost ~]# mail
No mail for westos
5.dns 的反向解析
%操作反响解析
%node2中:
[root@node2 named]# vim /etc/named.rfc1912.zones
添加
zone "254.25.172.in-addr.arpa" IN {
type master;
file "172.25.254.ptr";
allow-update { none; };
};
[root@node2 named]# cd /var/named/
[root@node2 named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.org.zone
[root@node2 named]# cp -p named.loopback 172.25.254.ptr
[root@node2 named]# ls
172.25.254.ptr dynamic named.empty named.loopback westos.org.zone
data named.ca named.localhost slaves
[root@node2 named]# vim 172.25.254.ptr
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 127.0.0.1
111 PTR www.westos.org.
[root@node2 named]# systemctl restart named
%node1中测试:
[root@localhost ~]# dig -x 172.25.254.111 #会解析到www.westos.org.
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.org.
6.dns 的双向解析
%操作双向解析
%node2为服务端,是两个ip的(172和1.1.1),node1是客户端测试是1.1.1
%node2中操作:
[root@node2 network-scripts]# vim ifcfg-enp0s1
BOOTPROTO=none
IPADDR0=172.25.254.203
NIMASK0=255.255.255.0
IPADDR1=1.1.1.203
NIMASK1=255.255.255.0
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
[root@node2 network-scripts]# nmcli connection reload
[root@node2 network-scripts]# nmcli connection down enp1s0
[root@node2 network-scripts]# nmcli connection up enp1s0
[root@node2 network-scripts]# nmcli connection show
[root@node2 network-scripts]# ip addr show enp1s0
[root@node2 named]# cd /etc/named
[root@node2 named]# ls
[root@node2 named]# cd /var/named/
[root@node2 named]# ls
[root@node2 named]# cp -p westos.org.zone westos.org.zone.inter
[root@node2 named]# ls
[root@node2 named]# vim westos.org.zone.inter
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 1.1.1.203
www A 1.1.1.111
bbs CNAME test.westos.org.
test A 1.1.1.111
test A 1.1.1.222
westos.org. MX 1 1.1.1.203.
~
~
~
:%s/172.25.254/1.1.1/g
[root@node2 named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter.zones
[root@node2 named]# vim /etc/named.rfc1912.inter.zones
zone "westos.org" IN {
type master;
file "westos.org.inter.zone"; #改为
allow-update { none; };
};
[root@node2 named]# vim /etc/named.conf
/*
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
*/
view localnet{
match-clients{172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet{
match-clients{any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter.zones";
};
include "/etc/named.root.key";
[root@node2 named]# systemctl restart named
%在node1中,把ip 改为1。1。1。103
[root@localhost ~]# nm-connection-editor
[root@localhost ~]# nmcli connection reload
[root@localhost ~]# nmcli connection down enp1s0
[root@localhost ~]# nmcli connection up enp1s0
[root@localhost ~]# ifconfig
[root@localhost ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search westos.com
nameserver 1.1.1.203
[root@localhost ~]# dig www.westos.org #dig解析的的是1.1.1.203
%在真机中ip是172。25。254。3
[root@localhost ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.203
[root@localhost ~]# dig www.westos.org #dig解析的的是172.25.254.203
%操作晚餐
测试:
7.dns 集群
%node2里面主DNS
[root@node2 named]# vim /etc/named.conf #把原来改的改回去
[root@node2 named]# vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { none; };
also-notify {172.25.254.103;};
};
[root@node2 named]# systemctl restart named
[root@node2 named]# systemctl restart named
%node1里面,客户端辅助DNS
[root@node2 named]# dnf install bind -y
[root@localhost slaves]# vim /etc/named.conf
改动:
listen-on port 53 { any; };
allow-query { any; };
dnssec-validation no;
[root@node1 named]# vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type slave;
masters { 172.252.254.203;};
file "slaves/westos.org.zone";
};
root@localhost ~]# cd /var/named/slaves/
[root@localhost slaves]# ls
westos.org.zone
[root@localhost slaves]# vim /etc/resolv.conf
nameserver 172.25.254.103
[root@localhost slaves]# ,会发生相应改变
%测试改变
在node2主DNS中改变serial次数只增不减少,www 的172.25.254.224改变后,去node1中dig www.westos.org会发生相应改变
[root@node2 named]# vim westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.203
www A 172.25.254.224
bbs CNAME test.westos.org.
test A 172.25.254.111
test A 172.25.254.222
westos.org. MX 1 172.25.254.203.
%操作完成
测试:
8.dns 的更新
%dns 基于 key 更新的方式:
%服务端node2中
cd /mnt
dnssec-keygen -a HMAC-SHA256 -b 128 -n HOSt westos
ls
cp -p /etc/rndc.key /etc/wesots.key
vim /etc/westos.key
key "westos" {
algorithm hmac-sha256;
secret "efxEGcwYg/VZY3O0EsSxOw==";
};
~
vim /etc/named.conf
43 include "/etc/wesots.key";
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify { 192.168.0.30; }; #测试端ip
systemctl restart named
9.ddns(dhcp+dns)
%node2服务端,安dhcp
[root@node2 named]# cd /var/named/
[root@node2 named]# ls
172.25.254.ptr named.empty tmp-Heu1xyEUSA westos.org.zone.inter
data named.localhost tmp-XAjrAUtrvb westos.org.zone.jnl
dynamic named.loopback tmp-YOnrscpy28
named.ca slaves westos.org.zone
[root@node2 named]# rm -fr westos.org.zone.jnl
[root@node2 network-scripts]# vim ifcfg-enp0s1
BOOTPROTO=none
IPADDR0=172.25.254.203
NETMASK0=255.255.255.0
IPADDR1=1.1.1.203
NETMASK1=255.255.255.0
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
[root@node2 named]# vim /etc/westos.key
key "westos" {
algorithm hmac-sha256;
secret "efxEGcwYg/VZY3O0EsSxOw==";
};
~
[root@node2 named]# vim /etc/named.conf
增加
include "/etc/westos.key";
[root@node2 network-scripts]# vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { key westos; };
also-notify {172.25.254.103;};
};
[root@node2 named]# vim westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.203
www A 172.25.254.224
bbs CNAME test.westos.org.
test A 172.25.254.111
test A 172.25.254.222
westos.org. MX 1 172.25.254.203.
~
[root@node2 named]# vim /etc/dhcp/dhcpd.conf
增加:
ddns-update-style interim;
编写
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.10 172.25.254.20;
}
key westos{
algorithm hmac-sha256;
secret efxEGcwYg/VZY3O0EsSxOw==;
};
zone westos.org.{
primary 127.0.0.1;
key westos;
}
%node1中测试,安dhcp
[root@localhost network-scripts]# hostnamectl set-hostname node1.westos.org
[root@node2 network-scripts]# vim ifcfg-enp0s1
BOOTPROTO=dhcp
#IPADDR=172.25.254.103
#PREFIX=24
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
[root@localhost ~]# nmcli connection reload
[root@localhost ~]# nmcli connection down enp1s0
[root@localhost ~]# nmcli connection up enp1s0
ip addr show enp1s0 #是获得的服务端node2中dhcpd.conf里面设置的ip范围
[root@localhost network-scripts]# dig node1.westos.org #得到的是服务端node2中dhcpd.conf里面设置的ip范围中的ip。
#改变node2中的dhcpd.conf里面设置的ip范围,再去node1中更新获取ip再dig
%操作晚餐
测试
