####高速缓存##
reset desktop
vim /etc/sysconfig/network-scripts/ifcfg-eth0
添加: IPADDR=172.25.254.149
BOOTPROTO=none
PREFIX=24
systemctcl restart network
ping 172.24.254.250
hostnamectl set-hostname dns-server.example.com
vim /etc/yum.repos.d/rhel-dvd.repo
http://172.25.254.250/rhel7 ##
yum repolist
高速缓存
116去114拿缓存
10去116拿缓存快 节省了dns访问速度,把外部的dns变成自己的高速缓存,一个网段只有一个去外网拿,其他的都从
#######
首先把主机设置为一个路由器
server添加可以上网的网关
vim /etc/sysconfig/network-scripts/ifcfg-eth0
GATEWAY=本机的ip
vim /etc/sysconfig/network(全局网关)
GATEWAY=本机的ip
systemctl restart network
route -n (查看网关)
vim /etc/resolv.conf(dns的指向文件,全网通用)
nameserver 114.14.114.114
dig www.baidu.com
在真机中下载
yum install bind -y
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
forwarders { 114.114.114.114; };
dnssec-validation no;
systemctl start named
systemctl stop firewalld
在测试端配置相应文件
vim /etc/resolv.conf
nameserver 172.25.254.56(下载bind的ip)
dig www.baidu.com
在真机中
dig www.baidu.com
发现时间差好多
DNS正向解析 : 域名改为ip地址
vim /etc/named.conf
删除 forwarders { 114.114.114.114; };
vim /etc/named.rfc1912.zones复制19到23行,进行粘贴
zone "westos.com" IN { ###westos要管理的区域
type master;
file "westos.com.zone"; ##域名与ip的对应关系放在westos.com.zone这个文件中
allow-update { none; };
cd /var/named
ls(named.localhost中放的是172.0.0.1这个dns服务器)
cp -p named.localhost westos.com.zone###把named.localhost的这个文件的模版复制到自己建立的文件中 -p的作用是将文件的权限也复制给westos.com.zone
vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.56
www A 172.25.254.56
systemctl restart named
systemctl stop firewalld(这个是必须的)
在测试主机中
vim /etc/resolv.conf
nameserver 172.25.254.56
dig www.westos.com
####
vim westos.com.zone
1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.100
10 www A 172.25.254.100
11 bbs CNAME linux
12 linux A 172.25.254.111
13 linux A 172.25.254.222
14 westos.com. MX 1 172.25.254.56.
systemctl restart named
mail [email protected]
Subject: agds
sgdgs
.
EOT
[root@foundation56 named]# mailq
###反向解析
vim /etc/named.rfc1912.zones
复制37-41行,粘贴在最后,反向解析的文件是ptr格式
zone "254.25.172.in-addr.arpa" IN {
type master;
file "westos.com.ptr";
allow-update { none; };
};
cd /var/named
ls
cp -p named.loopback westos.com.ptr###把named.localhost的这个文件的模版复制到自己建立的文件中 -p的作用是将文件的权限也复制给westos.com.zone
vim /var/named/westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.100
111 PTR bbs.westos.com.
110 PTR www.westos.com.
systemctl restart named
在测试主机中 dig -x 172.25.254.111 -x表示反向解析
####双向解析###
在正向解析的情况下做双向解析
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
cd /var/named
ls
cp westos.com.zone westos.com.localnet -p
vim westos.com.localnet(把地址都改为192.168.0.100)
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.0.100
www A 192.168.0.100
ll
vim /etc/named.rfc1912.zones
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.localnet
vim /etc/named.rfc1912.localnet
zone "westos.com" IN { ###westos要管理的区域
type master;
file "westos.com.localnet"; ##域名与ip的对应关系放在westos.com.zone这个文件中
allow-update { none; };
vim /etc/named.conf
注释50-58行在底下分别编写内网和外网的访问配置文件
view localnet {
match-clients { 172.25.254.149; };
zone '.' IN {
type hint;
file"named.ca";
};
include "/etc/named.rfc1912.localnet";
};
view internet {
match-clients { any; };
zone '.' IN {
type hint;
file"named.ca";
};
include "/etc/named.rfc1912.zones";
};
systemctl restart named
两台客户主机询问同一个dns服务器,得到不同的结果,这是因为将两台主机分别定义内网和外网,解析得到的ip不同
在ip为172.25.254.49的客户端中
vim /etc/resolve.conf
nameserver 172.25.254.149
dig www.westos.com
在ip为172.25.254.149中
vim /etc/resolve.conf
nameserver 172.25.254.149
dig www.westos.com
####dns 集群##
dns服务器一般在用的时候,为了缓解服务器的压力,多使用一个主dns服务器,多个副dns服务器,这些dns服务器就组成了一个dns集群
在副dns服务器上安装named服务
yum install bind -y
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
forwarders { 114.114.114.114; };
dnssec-validation no;
systemctl start named
systemctl stop firewalld
vim /etc/named.rfc1912.zones 在第19行编辑内容
zone "westos.com" IN{
type slave;
masters {172.25.254.149; };
file "slaves/westos.com.zone";
allow-update {none; };
};
ll /var/named/ (看是否显示slaves)
sytemctl restart named
vim /etc/resolv.conf
nameserver 172.25.254.249##分担任务,所以填自己的ip
配置完成后,将副dns服务器重启就好,但是在主dns服务器的内容改变之后,副dns的内容不会同步改变,这样就会造成询问域名出现不同的ip的情况,所以我们需要在主dns服务器做如下配置:
vim /etc/named.rfc1912.zones
zone "westos.com" IN { ###westos要管理的区域
type master;
file "westos.com.zone"; ##域名与ip的对应关系放在westos.com.zone这个文件中
allow-update { none; };
also-notify { 172.25.254.249; }; ##允许249来更新
};
systemctl restart named
systemctl stop firewalld##这个是必须做的,必须关闭火墙
在修改主dns服务器的域名和ip时,还需要修改serial前边的数字
在两台主机分别dig www.westos.com观看是否同步
###dns的更新
在主dns
vim /etc/named.rfc1912.zones
修改28行 allow-update { 172.25.254.49; }; #设置更新的主机为172.25.254.49
systemctl restart named
cp -p /var/named/westos.com.zone /mnt/ ##备份原来的DNS文件,在恢复的时候会用到
chmod 770 /var/named/
在允许更新端
增加
nsupdate
server 172,25.254.149 #主dns的ip
update add hello.westos.com 86400 A 172.25.254.111
send
删除
nsupdate
server 172,25.254.149 #主dns的ip
update delete hello.westos.com 86400 A 172.25.254.111
send
在两台主机中分别测试dig hello.westos.com 查看结果
systemctl restart named 之后更新的内容更新到主dns端的westos.com.zone
如果想恢复原来的ip与域名记录,
rm -fr /var/named/westos.com.*
cp /mnt/westos.com.zone .
systemctl restart named
dig hello.westos.com ###发现dig不到
###含有钥匙的解析dns的加密##
在主dns中做
cd /mnt
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
ls
cat Kwestos.+157+13154.private
cp -p /etc/rndc.key /etc/westos.key
vim /etc/westos.key
key "westos" {
algorithm hmac-md5;
secret "OPOXlk/c2j3+UapDN4hTAw==
";
};
vim /etc/named.conf
43 加 include "/etc/westos.key";
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify {172.25.254.249; };
};
systemctl restart named
ls
scp Kwestos.+157+13154.* [email protected]:/mnt/
在主机中做
[root@foundation49 ~]# cd /mnt
[root@foundation49 mnt]# ls
create_vm.sh Kwestos.+157+13154.key vm_kuaizhao.sh
fengjie.xml Kwestos.+157+13154.private
[root@foundation49 mnt]# nsupdate -k Kwestos.+157+13154.key
> server 172.25.254.149
> update add hello.westos.com 86400 A 172.25.254.111
> send
>quit
在149中
dig hello.westos.com
####动态dns地址解析###
在主dns中
yum install dhcp -y
firewall-cmd --permanent --add-service=dhcp
firewall-cmd --reload
cp /usr/share/doc/dhcp-4.2.5/dhcp.conf.example /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcp.conf
修改域名和下一行
删除27.28.行,删除35以后改33行以后。
systemctl restart dhcpd
在另一台主机中改dhcp 删除id 删除子网言码
(拔掉网线)systemctl restart network
ifconfig
cat /etc/resolv.conf##查看是谁给的ip
vim /etc/dhcp/dhcp.conf
14 加 interim
在最后加
westos {
algorithm hmac-md5;
secret OPOXlk/c2j3+UapDN4hTAw==;
};
zone westos.com. {
primary 127.0.0.1;
key westos;
}
cat /mnt/Kwestos.+157+41611.##看密钥复制
systemctl restart dhcpd
cd /var/named
ls
vim westos.com.zone
rm -fr westos.com.zone*
cp -p /mnt/westos.com.zone .
vim westos.com.zone(改删的删)
systemctl restart named
在测试机中做
hostnamectl set-hostname test.westos.com
systemctl restart network(拔掉网线)
ifcongig
cat /etc/resolv.conf ##查看谁给的ip
dig test.westos.com###观看能不能dig通