1.安装部署dns
yum install bind -y
systemctl start named
systemctl enable named
systemctl stop firewalld
systemctl disable firewalld
主配置文件: /etc/named.conf
子配置文件: /etc/name.rfc1912.xones
数据目录: /var/named
2.高速缓存dns
vim /etc/named.conf
测试:
3.权威dns的正向解析
vim /etc/name.rdc1912.zones
cd /var/name
cp -p named.localhost westos.com.zone
vim westos.com.zone
systemctl restart named
测试:
vim /etc/resolv.conf
nameserver 172.25.254.103
dig www.westos.com
4.权威dns的反向解析
vim /etc/name.rfc1912.zones
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
测试:
vim /etc/resolv.conf
nameserver 172.25.254.103
dig -x 172.25.254.111
dns双向解析
cp -p /var/named/westos.com.zone /var/named/westos.com.localnet
vim /var/named/westos.com.localnet
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.localnet
vim /etc/named.rfc1912.localnet
vim /etc/named.conf 注释掉51~58行(大概位置)
systemctl restart named
测试:
dns集群
在辅助dns上做好环境配置:bind安装,主次文件配置,dns指向,服务启动,火墙管理。
主dns:vim /etc/named.rfc1912.zones
systemctl restart named
测试:辅助端重启named服务
远程更新dns
为了方便恢复环境,先将部分文件备份
将之前自己在 /etc/named.conf 中自己写入的部分注释掉,并将之前注释掉的部分还原。
vim /etc/named.rfc1912.zones
chmod 770 /var/named
systemctl restart named
在指定ip主机上发送dns信息
在接手方会有westos.com.zone.jnl
远程加密更新dns
环境恢复:删除之前更新生成的两个文件,并将之前备份的文件恢复,并重启服务。
更新端加密:
vim /etc/named.conf
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westos; };
also-notify {172.25.254.214; };
30 };
systemctl restart named
scp Kwestos.+157+31240.* [email protected]:/mnt/ 将钥上传到允许更新的主机
nsupdate -k Kwestos.+157+54897.key
> server 172.25.254.114
> update add abc.westos.com 86400 A 172.25.254.111
> send