文章目录
1. 点击windowns安装环回网卡文章完成网络配置
2.添加新的网卡,使用bridge连接方式
添加网卡的方法
添加后,可以看到新的网卡:
#ifconfig
网卡改成桥接模式
然后以这个网卡的名字创建配置文件,假设网卡的名字是ens38(具体看个人情况)ens38的配置文件根据ens33来修改即可。
#cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens38
#vim /etc/sysconfig/network-scripts/ifcfg-ens38
修改成如下,配置好后暂不启动网卡
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens38
UUID=1cc353ed-bbed-4e29-96d2-2a6dbe770e8c
DEVICE=ens38
ONBOOT=yes
IPADDR=172.16.51.1
NETMASK=255.255.255.0
3.配置DHCP服务器(/etc/dhcpd.conf)
3.1首先安装DHCP服务
#yum install dhcp -y
3.2修改主配置文件
默认主配置文件/etc/dhcp/dhcpd.conf文件内容为空(只有几行注释),修改前先将系统文档的范本文件复制到/etc下,参考以下命令。
#cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
找到对应内容修改即可
# vim /etc/dhcp/dhcpd.conf
ddns-update-style interim; //dns互动更新模式
ignore client-updates;
# A slightly different configuration for an internal subnet.
subnet 172.16.51.0 netmask 255.255.255.0 {
range 172.16.51.50 172.16.51.145;
option domain-name-servers 172.16.51.1;
option domain-name "example.com";
option routers 172.16.51.1;
option broadcast-address 172.16.51.255;
default-lease-time 600;
max-lease-time 7200;
}
检测网卡ens33是否启动
#ifconfig ens33 | grep inet
启动DHCP服务
#systemctl start dhcpd
测试网卡ens38
#ifdown ens38
#ifup ens38
#ifconfig ens38 | grep inet
若配置成功,则可以从地址池中获得成功获得IP地址。
4.配置DNS服务器
4.1安装DNS服务
#yum install -y bind
4.2主配置文件(/etc/named.conf)
options字段中,listen-on port 53和allow-query的字段值为any
#vim /etc/named.conf
tions {
listen-on port 53 { any; }; //127.0.0.1改为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //loacalhost改为any
logging字段中,修改成如下:
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel general_log {
file "data/general_log" versions 3 size 20m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "data/query_log" versions 3 size 20m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category general { general_log; };
category queries { query_log; };
};
4.3/etc/named.rfc1912.zones(在文件末尾添加正向区域和反向区域配置信息)
#vim /etc/named.rfc1912.zones
zone "example.com" {
type master;
file "data/example.com.zone";
allow-update {none;};
};
zone "51.16.172.in-addr.arpa" {
type master;
file "data/172.16.51.arpa";
allow-update { none; };
};
4.4正向区域文件(/var/named/data/example.com.zone)以及反向区域文件(/var/named/data/172.16.51.arpa)
拷贝/var/named/named.localhost作为正向区域文件和反向区域文件的模板,同时修改这两个文件的所属用户和属组为named.
#cp /var/named/named.localhost /var/named/data/example.com.zone
#cp /var/named/named.localhost /var/named/data/172.16.51.arpa
#chown named.named /var/named/data/example.com.zone
#chown named.named /var/named/data/172.16.51.arpa
4.4.1修改/var/named/data/example.com.zone
#vim /var/named/data/example.com.zone
$TTL 1D
example.com. IN SOA dns.example.com. admin.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
example.com. IN NS dns.example.com.
dns IN A 172.16.51.1
example.com. IN MX 10 mail.example.com.
example.com. IN MX 11 mail2.example.com.
example.com. IN MX 12 mail3.example.com.
bbs IN CNAME www
samba IN CNAME www
ftp IN A 172.16.51.1
mail IN A 172.16.51.1
mail2 IN A 172.16.51.1
mail3 IN A 172.16.51.1
www IN A 172.16.51.1
修改完后可检查配置文件
#named-checkzone example.com /var/named/data/example.com.zone
4.4.2修改/var/named/data/172.16.51.arpa
#vim /var/named/data/172.16.51.arpa
$TTL 1D
51.16.172.in-addr.arpa. IN SOA dns.example.com. admin.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
51.16.172.in-addr.arpa. IN NS dns.example.com.
1 IN PTR dns.example.com.
1 IN PTR ftp.example.com.
1 IN PTR mail.example.com.
1 IN PTR mail2.example.com.
1 IN PTR mail3.example.com
1 IN PTR www.example.com.
修改完后检查
#named-checkzone 51.16.172.in-addr.arpa /var/named/data/172.16.51.arpa
4.5根区域文件(/var/named/named.ca)
named.ca文件不用修改,/var/named/目录下就有这个文件
5.启动服务
#systemctl start named
注意:检查本机DNS客户端是否指向本机DNS服务器
#cat /etc/resolv.conf
如果不是指向本机DNS服务器,把NAT模式连接互联网的网卡禁用掉,我这里是ens37
#ifdown ens37
使用nslookup调试。例如
# nslookup www.example.com
# nslookup 172.16.51.1
采用nslookup进行交互式查询
# nslookup
6.配置DDNS
创建密钥
# dnssec-keygen -a HMAC-MD5 -b 128 -n USER linuxdns
出现如下类似提示
然后输入命令
# cat Klinuxdns.+157+33406.key
显示如下
其中,XUlO7GzwRFbfasuBlq7fyQ==为密钥。如果密钥中出现”/”,请按照上面方法重新生成密钥。
DHCP配置文件(/etc/dhcp/dhcpd.conf)添加如下内容:(在ignoreclient-updates;下面添加即可)
# vim /etc/dhcp/dhcpd.conf
key linuxddns {
algorithm hmac-md5;
secret XUlO7GzwRFbfasuBlq7fyQ==;
}
zone example.com. {
primary 172.16.51.1;
key linuxddns;
}
zone 51.99.172.in-addr.arpa. {
primary 172.16.51.1;
key linuxddns;
}
7.修改/etc/named.rfc1912.zones
# vim /etc/named.rfc1912.zones
8.测试
8.1用WindowsPC测试
在Windows上设置环回网卡的IP地址为自动获取IP地址。
按win+R键输入cmd回车,然后在命令行输入ipconfig
8.2用LinuxPC测试
如果使用linuxpc,需要新建如下文件:(/etc/dhclient.conf)
# vim /etc/dhclient.conf
send fqdn.fqdn "linux0707";
send fqdn.encoded on;
send fqdn.server-update off;
然后按照如下顺序重启服务和网络
# systemctl restart named
# systemctl restart dhcpd
使用nslookup命令测试
# nslookup linux0707
如果解析失败了,尝试清空dhcp的租约数据库文件(/var/lib/dhcpd/dhcpd.leases),只留下server-duid这一项,保存文件。之后重新运行以上步骤
8.3日志分析
查看/var/lib/dhcpd/dhcpd.leases中的日志信息
# cat /var/lib/dhcpd/dhcpd.leases
重启服务运行日志文件记录在/var/named/data/general_log
# cat /var/named/data/general_log
