一 、DNS高速缓存
实验前提
真机:打开网络可以上网,打开路由设备
虚拟机:设置网关可以上网,下在DNS服务器
(1)真机设置(将真机设置成路由)
[root@foundation68 ~]# firewall-cmd --add-masquerade
success
[root@foundation68 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: br0 enp2s0 virbr0 wlp3s0
sources:
services: dhcpv6-client ftp http ssh
ports:
protocols:
masquerade: yes
forward-ports:
sourceports:
icmp-blocks:
rich rules:
[root@foundation68 ~]#
(2)虚拟机
1》设置虚拟机ip,加入网关(真机ip作为网关)和DNS
[root@localhost ~]# ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=58 time=117 ms
64 bytes from 114.114.114.114: icmp_seq=2 ttl=73 time=55.1 ms
64 bytes from 114.114.114.114: icmp_seq=3 ttl=88 time=94.5 ms
^C
--- 114.114.114.114 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 55.168/89.246/117.997/25.927 ms
[root@localhost ~]#
2》设置yum元下载DNS服务
先dag一个网址查看响应时间
[root@localhost ~]# dig www.taobao.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.taobao.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14334
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.taobao.com. IN A
;; ANSWER SECTION:
www.taobao.com. 80 IN CNAME www.taobao.com.danuoyi.tbcache.com.
www.taobao.com.danuoyi.tbcache.com. 157 IN A 111.13.210.219
www.taobao.com.danuoyi.tbcache.com. 157 IN A 111.13.210.218
;; Query time: 73 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Mon Nov 19 17:00:07 CST 2018
;; MSG SIZE rcvd: 120
[root@localhost ~]#
下载DNS
[root@localhost ~]# yum install bind.x86_64
3》设置高速缓存
11注释硬盘配置文件的DNS
22将ip写进DNS配置文件(真机)
[root@foundation68 ~]# vim /etc/resolv.conf
[root@foundation68 ~]#
4》虚拟机缓存设置
[root@localhost ~]# vim /etc/named.conf
注意:需关闭虚拟机火墙
测试(第一次dig时间长,缓存以后再dig响应时间为0)
[root@foundation68 ~]# dig www.taobao.com
; <<>> DiG 9.9.4-RedHat-9.9.4-37.el7 <<>> www.taobao.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58360
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www.taobao.com. IN A
;; ANSWER SECTION:
www.taobao.com. 393 IN CNAME www.taobao.com.danuoyi.tbcache.com.
www.taobao.com.danuoyi.tbcache.com. 163 IN A 223.99.232.253
www.taobao.com.danuoyi.tbcache.com. 163 IN A 223.99.232.254
;; Query time: 28 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Tue Nov 20 20:05:05 CST 2018
;; MSG SIZE rcvd: 120
[root@foundation68 ~]# dig www.taobao.com
; <<>> DiG 9.9.4-RedHat-9.9.4-37.el7 <<>> www.taobao.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57405
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.taobao.com. IN A
;; ANSWER SECTION:
www.taobao.com. 385 IN CNAME www.taobao.com.danuoyi.tbcache.com.
www.taobao.com.danuoyi.tbcache.com. 155 IN A 223.99.232.253
www.taobao.com.danuoyi.tbcache.com. 155 IN A 223.99.232.254
;; Query time: 0 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Tue Nov 20 20:05:12 CST 2018
;; MSG SIZE rcvd: 112
[root@foundation68 ~]#
二、DNS的正向解析(权威设置)
(1)进入DNS配置文件进行设置
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]#
# forwarders { 114.114.114.114; };
(2)添加需要维护的DNS
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]#
(3)正向解析
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost westos.com.zone
[root@localhost named]# vim westos.com.zone
(4)验证
[root@localhost named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14862
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.10
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.168
;; Query time: 1 msec
;; SERVER: 172.25.254.168#53(172.25.254.168)
;; WHEN: Tue Nov 20 20:27:53 CST 2018
;; MSG SIZE rcvd: 93
[root@localhost named]#
三、域名转换
(1)设置域名配置文件
[root@localhost named]# vim westos.com.zone
[root@localhost named]#
(2)域名转换
[root@localhost named]# systemctl restart named
[root@localhost named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46875
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME music.a.westos.com.
music.a.westos.com. 86400 IN A 172.25.254.30
music.a.westos.com. 86400 IN A 172.25.254.20
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.168
;; Query time: 1 msec
;; SERVER: 172.25.254.168#53(172.25.254.168)
;; WHEN: Tue Nov 20 20:40:21 CST 2018
;; MSG SIZE rcvd: 131
[root@localhost named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36176
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME music.a.westos.com.
music.a.westos.com. 86400 IN A 172.25.254.20
music.a.westos.com. 86400 IN A 172.25.254.30
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.168
;; Query time: 1 msec
;; SERVER: 172.25.254.168#53(172.25.254.168)
;; WHEN: Tue Nov 20 20:40:40 CST 2018
;; MSG SIZE rcvd: 131
DNS解析为轮循方式,在上面的查询结果中,现在music.a.westos.com.解析的ip是172.25.254.20,再次解析,解析ip是172.25.254.30
;
四、邮件发送
发送邮件使用的协议是SMTP
(1)mail 查看当前邮件
[root@localhost named]# mail
No mail for root
[root@localhost named]#
(2)mailq 查看邮件列表
[root@localhost named]# mailq
Mail queue is empty
[root@localhost named]#
(3)在文件中设置邮件发送ip
[root@localhost named]# vim westos.com.zone
[root@localhost named]# systemctl restart named
[root@localhost named]#
(4)查看邮件设置
[root@localhost named]# dig -t MX westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t MX westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51506
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 10 172.25.254.50.
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.168
;; Query time: 2 msec
;; SERVER: 172.25.254.168#53(172.25.254.168)
;; WHEN: Tue Nov 20 20:49:05 CST 2018
;; MSG SIZE rcvd: 102
[root@localhost named]#
(5)发送邮件
[root@localhost named]# mail [email protected]
Subject: test ##邮件名称
xinxi ##邮件内容
. ##.结束邮件编辑
EOT
[root@localhost named]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
377A2241258B 447 Tue Nov 20 20:50:11 [email protected]
(connect to 172.25.254.50[172.25.254.50]:25: No route to host)
[email protected]
-- 0 Kbytes in 1 Request.
[root@localhost named]#
五、域名反向解析
(1)在主配置文件中配置DNS反向解析文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
(2)配置DNS反向解析文件
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.com.zone
[root@localhost named]# cp -p named.loopback 172.25.254.ptr
[root@localhost named]# vim 172.25.254.ptr
(3)反向解析
[root@localhost named]# dig -x 172.25.254.111 ## x代表反向解析
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10580
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR xing.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; Query time: 1 msec
;; SERVER: 172.25.254.168#53(172.25.254.168)
;; WHEN: Tue Nov 20 22:24:24 CST 2018
;; MSG SIZE rcvd: 103
[root@localhost named]#
六、实现DNS内网与外网的不同访问
前提:内网主机给网卡eth0添加两个ip(一个内网ip一个外网ip)
外网ip:172.25.254.1/24
内网ip:1.1.1.1/24
当DNS解析文件中设置的是外网ip,访问时域名解析的是外网ip
当DNS解析文件中设置的是内网ip,访问时域名解析的是内网ip
(1)添加ip
[root@localhost network-scripts]# vim ifcfg-eth0
[root@localhost network-scripts]#
(2)设置DNS访问文件
1》设置内网文件
[root@localhost network-scripts]# cd /var/named/
[root@localhost named]# ls
172.25.254.ptr dynamic named.empty named.loopback westos.com.zone
data named.ca named.localhost slaves
[root@localhost named]# cp -p westos.com.zone westos.com.inter
[root@localhost named]# vim westos.com.inter
2>
[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost named]#
注释掉之前的反向解析
3》复制一个内网的配置文件
[root@localhost named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
[root@localhost named]#vim /etc/named.rfc1912.inter
4》在域名文件配置中配置内网及内网需要读取的文件
[root@localhost named]# vim /etc/named.conf
[root@localhost named]# systemctl restart named
[root@localhost named]#
5>测试
内网测试
[root@localhost named]# vim /etc/resolv.conf
[root@localhost named]#
外网测试
[root@localhost named]# vim /etc/resolv.conf
[root@localhost named]#
/etc/resolv.conf是DNS客户机配置文件,用于设置DNS服务器的IP地址及DNS域名,还包含了主机的域名搜索顺序
实质:在DNS的域名解析文件中/etc/resolv.conf 若配置的是外网的域名,则dig出来的是外网
在DNS的域名解析文件中/etc/resolv.conf 若配置的是内网的域名,则dig出来的是内网
/etc/resolv.conf ------- 问谁来解析域名
七、集群(辅助DNS)
使用两台虚拟机来实验
虚拟机1:desktop (主DNS服务器)
虚拟机2:server (辅助DNS服务器)
前提,主DNS服务关闭防火墙(desktop)
删除desktop /etc/named.conf 下的内网解析,恢复原来设置
(1)辅助DNS服务器
1》设置辅助DNS网卡ip,设置yum源
下载dns服务
[root@dns-slave yum.repos.d]# yum install bind.x86_64 -y
Loaded plugins: langpacks
(2)配置辅助dns读取文件
[root@dns-slave ~]# vim /etc/named.conf
(3)同步辅助dns文件
[root@dns-slave named]# vim /etc/named.rfc1912.zones
[root@dns-slave named]#
[root@dns-slave named]# cd /var/named/slaves/
[root@dns-slave slaves]# ls
westos.com.zone
[root@dns-slave slaves]#
(4)测试辅助dns
[root@dns-slave slaves]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26806
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME music.a.westos.com.
music.a.westos.com. 86400 IN A 172.25.254.30
music.a.westos.com. 86400 IN A 172.25.254.20
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.168
;; Query time: 3 msec
;; SERVER: 172.25.254.168#53(172.25.254.168)
;; WHEN: Wed Nov 21 19:32:35 CST 2018
;; MSG SIZE rcvd: 131
[root@dns-slave slaves]#
(5)当主dns文件修改时同步辅助的信息
主机设置同步
[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost named]# systemctl restart named
[root@localhost named]#
(6)验证,改变域名解析ip在辅助查看
[root@localhost named]# vim westos.com.zone
[root@localhost named]#
查看主机
[root@localhost named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41488
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME music.a.westos.com.
music.a.westos.com. 86400 IN A 172.25.254.2
music.a.westos.com. 86400 IN A 172.25.254.1
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.168
;; Query time: 1 msec
;; SERVER: 172.25.254.168#53(172.25.254.168)
;; WHEN: Wed Nov 21 19:38:27 CST 2018
;; MSG SIZE rcvd: 131
[root@localhost named]#
查看辅助
[root@dns-slave ~]# systemctl restart named
[root@dns-slave slaves]# clear
[root@dns-slave slaves]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64409
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME music.a.westos.com.
music.a.westos.com. 86400 IN A 172.25.254.2
music.a.westos.com. 86400 IN A 172.25.254.1
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.168
;; Query time: 2 msec
;; SERVER: 172.25.254.168#53(172.25.254.168)
;; WHEN: Wed Nov 21 19:38:51 CST 2018
;; MSG SIZE rcvd: 131
[root@dns-slave slaves]#
八、更新DNS(当辅助DNS改变时主DNS改变)
ip更新方式
(1)更新辅助DNS
更新失败
[root@dns-slave ~]# nsupdate
> server 172.25.254.168
> update add test.westos.com 86400 A 172.25.254.66
> send
update failed: REFUSED
> quit
[root@dns-slave ~]#
(2)在主DNS中设置允许辅助更新
[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost named]#
(3)再次在辅助中更新
[root@dns-slave ~]# nsupdate
> server 172.25.254.133
> update add test.westos.com 86400 A 172.25.254.66
> send
update failed: SERVFAIL ##辅助没有更新权限
> quit
[root@dns-slave ~]#
(4)在主DNS中给辅助设置更新权限
[root@localhost named]# chmod 770 /var/named/
[root@localhost named]#
(5)在辅助里面删除www.westos.com 在主机里面看是否删除
删除之前为避免后续实验出错先进行复制
[root@localhost named]# chmod 770 /var/named/
[root@localhost named]# cp -p /var/named/westos.com.zone /mnt
[root@localhost named]# ls /mnt
westos.com.zone
[root@localhost named]#
在辅助删除
给权限以后发现删除时还是提示无权限,现在需要查看服务端内核及防火墙状态
[root@localhost named]# getenforce
Enforcing
[root@localhost named]# getsebool -a | grep named
named_tcp_bind_http_port --> off
named_write_master_zones --> off
[root@localhost named]# setsebool -P named_write_master_zones on
[root@localhost named]#
辅助删除
[root@dns-slave ~]# nsupdate
> server 172.25.254.133
> update delete www.westos.com
> send
update failed: SERVFAIL
> quit
[root@dns-slave ~]# nsupdate
> server 172.25.254.133
> update delete www.westos.com
> send
> quit
[root@dns-slave ~]#
(4)主机测试,发现没有www.westos.com
[root@localhost named]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18838
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; AUTHORITY SECTION:
westos.com. 10800 IN SOA dns.westos.com.westos.com. student.westos.com. 5 86400 3600 604800 10800
;; Query time: 1 msec
;; SERVER: 172.25.254.133#53(172.25.254.133)
;; WHEN: Sun Nov 18 03:15:37 EST 2018
;; MSG SIZE rcvd: 102
[root@localhost named]#
加密更新方式
(1)主机生成钥匙对
[root@localhost mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westoskey
Kwestoskey.+157+65440
[root@localhost mnt]# ls
Kwestoskey.+157+65440.key trouble-2.0-1.el7.x86_64.rpm
Kwestoskey.+157+65440.private westos.com.zone
[root@localhost mnt]# cp -p /etc/rndc.key /etc/westos.key
[root@localhost mnt]#
(2)配置westos.key
将Kwestoskey.+157+65440.key 文件的secret添加给westos.key
[root@localhost mnt]# cat Kwestos.key.+157+53347.key
westos.key. IN KEY 512 3 157 dHW2xC0CHtVe0Jd9Pcwfmw==
[root@localhost mnt]# vim /etc/westos.key
[root@localhost mnt]#
[root@localhost mnt]# vim /etc/westos.key
[root@localhost mnt]# cat /etc/westos.key
key "westoskey" {
algorithm hmac-md5;
secret "dHW2xC0CHtVe0Jd9Pcwfmw==";
};
(3)配置DNS主配置文件
[root@localhost mnt]# vim /etc/named.conf
[root@localhost mnt]# systemctl restart named
(4)
[root@localhost mnt]# vim /etc/named.rfc1912.zones
(5)将主机锁给辅助
[root@localhost mnt]# scp Kwestos.key.+157+53347.* [email protected]:/mnt
The authenticity of host '172.25.254.133 (172.25.254.133)' can't be established.
ECDSA key fingerprint is 53:2e:dd:fb:2d:22:e4:7f:18:df:65:40:8e:dc:23:81.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.133' (ECDSA) to the list of known hosts.
[email protected]'s password:
Kwestos.key.+157+53347.key 100% 54 0.1KB/s 00:00
Kwestos.key.+157+53347.private 100% 165 0.2KB/s 00:00
[root@localhost mnt]#
(6)在辅助中查看
[root@dns-slave ~]# cd /mnt
[root@dns-slave mnt]# ls
[root@dns-slave mnt]# ls
Kwestoskey.+157+65440.key Kwestoskey.+157+65440.private
[root@dns-slave mnt]#
(7)辅助删除在主机查看
[root@dns-slave mnt]# nsupdate -k Kwestoskey.+157+65440.private
> server 172.25.254.168
> updeat delete www.westos.com
> send
> quit
[root@localhost mnt]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2737
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; AUTHORITY SECTION:
westos.com. 10800 IN SOA dns.westos.com.westos.com. student.westos.com. 5 86400 3600 604800 10800
;; Query time: 1 msec
;; SERVER: 172.25.254.133#53(172.25.254.133)
;; WHEN: Sun Nov 18 04:06:14 EST 2018
;; MSG SIZE rcvd: 102
九.
动态域名解析(ddns)
dns+dhcp ======花生壳
花生壳是一个动态域名解析,当安装花生壳后,无论在任何地点,任何时间,使用任何线路,均可利用这一服务建立拥有固定域名和最大自主权的互联网主机
(1)配置客户端获取ip的分配方式为dhcp
(2)在主服务器上配置dhcp服务器
~安装dhcp
(2)编辑文件
[root@localhost /]# vim /etc/dhcp/dhcpd.conf
[root@localhost /]#
(3)在维护域名文件中添加内容
[root@localhost named]# vim westos.com.zone
[root@localhost named]#
(4)测试
此时查看客户端分配的域名为172.25.254.90,但域名解析出来的ip不是172.25.254.90
[root@dns-slave ]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.90 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe02:175 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:02:01:75 txqueuelen 1000 (Ethernet)
RX packets 1841 bytes 185129 (180.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1034 bytes 146257 (142.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@dns-slave mnt]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2737
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; AUTHORITY SECTION:
game.westos.com. 10800 IN A 172.25.254.113 ##解析不一致 student.westos.com. 5 86400 3600 604800 10800
;; Query time: 20 msec
;; SERVER: 172.25.254.133#53(172.25.254.168)
;; WHEN: Sun Nov 18 04:06:14 EST 2018
;; MSG SIZE rcvd: 102
(4)设置维护域名文件
[root@localhost named]# vim westos.com.zone
[root@localhost named]#
删除添加进去的game.com
(5)重新编辑dhcp配置文件
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf
修改14行,以interim的方式开启dns更新
ddns-update-style interim;
添加更新dns的key以及更新的dns域信息
key “westoskey” {
algorithm hmac-md5;
secret "s8xXL8dXrzR4BnXrof28DQ";
};
zone westos.com.{
primary 172.0.0.1;
key westoskey;
}
(6)重启服务后测试(分配ip与解析ip一至)
[root@dns-slave ]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.91 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe02:175 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:02:01:75 txqueuelen 1000 (Ethernet)
RX packets 1841 bytes 185129 (180.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1034 bytes 146257 (142.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@dns-slave mnt]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2737
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; AUTHORITY SECTION:
game.westos.com. 10800 IN A 172.25.254.91 ##解析一直 student.westos.com. 5 86400 3600 604800 10800
;; Query time: 20 msec
;; SERVER: 172.25.254.133#53(172.25.254.168)
;; WHEN: Sun Nov 18 04:26:14 EST 2018
;; MSG SIZE rcvd: 102