#DNS配置##环境配置用两个虚拟机进行实验服务器端 server1双网卡一个IP为172.25.254.128一个IP为172.25.28.128DNS为本机yum install bind.x86
#DNS配置
##环境配置
用两个虚拟机进行实验
服务器端 server1
双网卡
一个IP为172.25.254.128
一个IP为172.25.28.128
DNS为本机
yum install bind.x86_64 -yhostnamectl set-hostname server.westos.comsystemctl stop firewalld连接端 server2
单网卡
IP为172.25.28.10DNS为172.25.28.128
hostnamectl set-hostname client.westos.com##高速缓存 server1
vim /etc/named.conf listen-on port 53 { any; }; allow-query { any; }; dnssec-validation no; forwarders { 172.25.254.250; };systemctl restart named #重启named服务##正向解析server1
vim /etc/named.conf # forwarders { 172.25.254.250; }; vim /etc/named.rfc1912.zones #复制20-24行 为26-30行 zone "westos.com" IN { type master; file "westos.com.zone"; allow-update { none; }; }; cp -p /var/named/named.localhost /var/named/westos.com.zone vim /var/named/westos.com.zone $TTL 1D @ IN SOA dns.westos.com. root. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com. dns A 172.25.254.128 www A 172.25.254.121 bbs A 172.25.254.123 systemctl restart named #重启named服务 反向解析
解析方式 dig -x
server1
vim /etc/named.rfc1912.zones #复制42-48行 为51-55行 zone "28.25.172.in-addr.arpa" IN { type master; file "westos.com.ptr"; allow-update { none; }; };cp -p /var/named/named.loopback /var/named/westos.com.ptrvim /var/named/westos.com.ptr $TTL 1D @ IN SOA dns.westos.com. root. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com. dns A 172.25.28.128 28 PTR www.westos.com.systemctl restart named #重启named服务##变换服务以及邮件地址解析server1
vim /var/named/westos.com.zone $TTL 1D @ IN SOA dns.westos.com. root. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com. dns A 172.25.254.128 www CNAME bbs.westos.com. bbs A 172.25.254.123 bbs A 172.25.254.124 westos.com. MX 1 172.25.254.28.systemctl restart named #重启named服务##双向解析
- 预期目的
在172.25.254.0/24 上 显示的解析地址为172.25.254号段
在172.25.28.0/24 上 显示的解析地址为172.25.28号段
server1
cp -p westos.com.zone westos.com.intervim westos.com.inter #将原文件中的254改为28 $TTL 1D @ IN SOA dns.westos.com. root. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.westos.com. dns A 172.25.28.128 www CNAME bbs.westos.com. bbs A 172.25.28.123 bbs A 172.25.28.124 westos.com. MX 1 172.25.28.28.cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.intervim named.rfc1912.zones.inter #将文件名变为inter文件 zone "westos.com" IN { type master; file "westos.com.inter"; allow-update { none; }; };vim /etc/named.conf #将最后一段注释掉。 view localnet { match-clients { 172.25.100.0/24; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones.inter"; }; view internet { match-clients { any; }; Zone "."IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; };systemctl restart named #重启named服务##DNS集群
- 预期目的
建立另外的DNS服务器,作为原服务器的从属,以分担原服务器的压力。当原服务器解析内容发生改变时,自动同步到从属服务器。
server2
yum install bind.x86_64 ##安装dns服务软件将DNS地址改为本机vim /etc/named.conf listen-on port 53 { any; }; allow-query { any; }; dnssec-validation no;vim/etc/named.rfc1912.zones #复制20-24行 为26-30行 zone "westos.com" IN { type slave; masters { 172.25.28.128; }; file "slaves/westos.com.zone"; allow-update { none; }; };systemctl restart named #重启named服务server1
vim /etc/named.rfc1912.zones zone "westos.com" IN { type master; file "westos.com.zone"; };systemctl restart named #重启named服务##远程更改DNS
PS. 实验前,将westos.com.zone备份到/mnt
###通过IP允许更改server1
vim /etc/named.rfc1912.zones #注释点最后两句,将允许同步出改为从属端IP zone "westos.com" IN { type master; file "westos.com.zone"; allow-update { 172.25.28.10; }; #allow-transfer { 172.25.28.10; }; #also-notify { 172.25.28.10; }; };chmod g+w /var/named #为目录增加写权限,使从属端有权利创建文件setsebool -P named_write_master_zones 1 #更改selinux设置systemctl restart named #重启named服务server2
systemctl stop named #从属端关闭named服务#通过nsupdate命令更改主服务端DNS解析内容nsupdate> server 172.25.28.128> update delete www.westos.com> send> server 172.25.28.128> update add www.westos.com 86400 A 172.25.254.28> send###通过key允许更改server1
cp -p /etc/rndc.key /etc/westos.keyvim /etc/named.conf include "/etc/westos.key";cd /mntdnssec-keygen -a HMAC-MD5 -b 128 -n HOST westosvim /mnt/Kwestos.+157+42971.private Private-key-format: v1.3 Algorithm: 157 (HMAC_MD5) Key: Z02GUNE+jXJVoNAQ7/lARA== Bits: AAA= Created: 20160819070112 Publish: 20160819070112 Activate: 20160819070112vim /etc/westos.key key "westos" { algorithm hmac-md5; secret "Z02GUNE+jXJVoNAQ7/lARA=="; };vim /etc/named.rfc1912.zones allow-update { key westos; };systemctl restart namedscp /mnt/Kwestos.+157+42971.* [email protected]:/mntserver2
将DNS改为服务端IP通过nsupdate命令更改主服务端DNS解析内容nsupdate -k Kwestos.+157+42971.private > server 172.25.28.128 > update delete www.westos.com > send > server 172.25.28.128 > update add www.westos.com 86400 A 172.25.254.28 > send##ddns
- 预期目的
通过dhcp服务,自动改变服务器DNS解析内容
server1
yum install dhcp -y #安装DHCPcp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.confcd /etc/dhcp/sed -i 37,104d /etc/dhcp/dhcpd.confsed -i 27,28d /etc/dhcp/dhcpd.confvim /etc/dhcp/dhcpd.conf option domain-name "westos.com"; option domain-name-servers 172.25.28.128; log-facility local7; subnet 172.25.28.0 netmask 255.255.255.0 { range 172.25.28.100 172.25.28.200; option routers 172.25.28.254; } key westos { algorithm hmac-md5; secret Z02GUNE+jXJVoNAQ7/lARA==; }; zone westos.com. { primary 127.0.0.1; key westos; } #配置DHCPrm -fr /var/maned/westos.com.zone.jnl /var/maned/westos.com.zonecp -p /mnt/westos.com.zone /var/maned/westos.com.zonesystemctl restart named #重启named服务systemctl restart dhcpd #重启dhcpd服务server2
将网络设置为dhcp模式。systemctl restart network #重启网络服务以获得服务器端分享的IPdig clientwestos.com #通过地址解析,验证服务器端配置是否成功PS. 通过更改服务器端的dhcp服务配置,使接受端获得不同的IP。通过dig命令检验不同的解析地址是否与接受端IP相同。
