dns 解析 - 爱码网

######dns######
1.安装部署DNS
yum insatll bind.x86_64 -y
systemctl start named （敲键盘）
sytemctl enable named
systemctl stop firewalld
systemctl disable firewalld
主配置文件： /etc/named.conf
子配置文件： /etc/named.rfc1912.zones
数据目录： /var/named
dns 解析

##2.高速缓存dns
vim /etc/named.conf

options {
11         listen-on port 53 { any; }; 53端口允许任何人访问这个dns（原本端口是只在内部开启） ss -anutple | grep named
12         listen-on-v6 port 53 { ::1; };
13         directory       "/var/named";
14         dump-file       "/var/named/data/cache_dump.db";
15         statistics-file "/var/named/data/named_stats.txt";
16         memstatistics-file "/var/named/data/named_mem_stats.txt"    ;
17         allow-query     { any; };   查询当前dns的客户群体
18         forwarders {172.25.254.250;};   若本机不知道，去向250主机寻找

systemctl restart named

dns 解析

#测试：
在客户主机
vim /etc/resolv.conf

nameserver 172.25.254.150

dns 解析

dig www.baidu.com

dns 解析

#3.权威dns的正象解析

dns 解析

删除/etc/named.conf文件中的172.25.254.250那行
vim /etc/named.rfc1912.zones
42 zone "westos.com" IN {
43         type master;
44         file "westos.com.zone";
45         allow-update { none; };
46 };
cd /var/named
cp -p named.localhost westos.com.zone
vim westos.com.zone
1 $TTL 1D    #一天
2 @       IN SOA dns.westos.com. root.westos.com. (        #@表示后面没有.的均表示为westos.com 即若写为root.westos.com=westos.com
3                                         0       ; serial
4                                         1D      ; refresh
5                                         1H      ; retry
6                                         1W      ; expire
7                                         3H )    ; minimum
8         NS      dns.westos.com.
9 dns     A       172.25.254.126

10 www A 172.25.254.111

dns 解析

systemctl restart named
dig www.westos.com
dns 解析

#4.反向解析
vim /etc/named.rfc1912.zones
49 zone "254.25.172.in-addr.arpa" IN {
50         type master;
51         file "westos.com.ptr";
52         allow-update { none; };

53 };

cd /var/named
cp -p named.localhost westos.com.ptr
vim westos.com.ptr
1 $TTL 1D
2 @       IN SOA dns.westos.com. root.westos.com. (
3                                         0       ; serial
4                                         1D      ; refresh
5                                         1H      ; retry
6                                         1W      ; expire
7                                         3H )    ; minimum
8         NS      dns.westos.com.
9 dns     A       172.25.254.126

10 126 PTR www.westos.com.

dns 解析

systemctl restart named

dig -x 172.25.254.150

dns 解析

#5.双向解析
vim /etc/named.conf
48 view localnet {
49         match-clients { 172.25.254.150; };   #内网能连接的人是172.25.254.150
50         zone "." IN {
51                 type hint;
52                 file "named.ca";
53 };
54
55 include "/etc/named.rfc1912.zones";         #访问的是/etc/named.rfc1912.zones这个文件
56 include "/etc/named.root.key";
57 };
58 view any {
59         match-clients { any; };            #其他人都能访问
60         zone "." IN {
61                 type hint;
62                 file "named.ca";
63 };
65 include "/etc/named.rfc1912.zones.inter";   #访问的是/etc/named.rfc1912.zones.inter
66 include "/etc/named.root.key";

67 };

dns 解析

cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter     #-p的意思是peimission
vim /etc/named.rfc1912.zones.inter
42 zone "westos.com" IN {
43         type master;
44         file "westos.com.inter";
45         allow-update { none; };

46 };

dns 解析

cp -p westos.com.zone westos.com.inter
vim westos.com.inter
1 $TTL 1D
2 @       IN SOA dns.westos.com. root.westos.com. (
3                                         0       ; serial
4                                         1D      ; refresh
5                                         1H      ; retry
6                                         1W      ; expire
7                                         3H )    ; minimum
8         NS      dns.westos.com.
9 dns     A       1.1.1.150

10 www A 1.1.1.161

dns 解析

重启服务
测试：

172.25.254.151主机

dig www.westos.com

;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.161

;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.

;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.150

dns 解析

172.25.254.50主机，即外网

dig www.westos.com

;; ANSWER SECTION:
www.westos.com.       86400   IN   A   1.1.1.111

;; AUTHORITY SECTION:
westos.com.       86400   IN   NS   dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.       86400   IN   A   1.1.1.126

dns 解析

#6.辅助dns
主dns的设定
vim /etc/named.rfc1912.zones.inter
42 zone "westos.com" IN {
43         type master;
44         file "westos.com.inter";
45         allow-update { none; };
46         also-notify { 172.25.254.151; };
47 };

dns 解析
systemctl restart named
辅助dns
yum install bind -y
systemctl stop firewalls
systemctl start named
vim /etc/named.conf
options {
//      #listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      #allow-query     { localhost; };   ##注释掉这两行

dns 解析
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
        type slave;
        masters { 172.25.254.150; };
        file "slavec/westos.com.inter";
        allow-update { none; };
};

systemctl restart named
####注意westos.com.inter里面的serial值最大为10位
若/var/named/slaves中没有改有的文件，则是selinux没有关闭
测试
vim /etc/resoly.conf
nameserver 172.25.254.150

dig www.westos.com

vim /etc/resoly.conf
nameserver 172.25.254.151

dig www.westos.com

#7.dns的远程更新
主dns机子：
vim /etc/named.rfc1912.zones.inter
42 zone "westos.com" IN {
43         type master;
44         file "westos.com.inter";
45         allow-update { 172.25.254.151; };    #允许151主机远程更新
46         also-notify { 172.25.254.151; };
47 };

dns 解析
#测试
在151主机上：（注意：此时的151主机不能是前面双向解析内网的ip)
[[email protected] ~]# nsupdate
> server 172.25.254.126
> update add bbs.westos.com 86400 A 1.1.1.111 #添加
> send
> quit

dns 解析
[[email protected] ~]# nsupdate
> server 172.25.254.126
> update delete bbs.westos.com #删除
> send

dns 解析
#基于key的更新
vim /etc/named.conf
systemctl restart named
vim /etc/rndc.key
cd /mnt/
cp -p /etc/rndc.key /etc/westos.key
dnssec-****** -a HMAC-MD5 -b 128 -n HOST westos
dhasDFJAKwestos.+157+32278
cat Kwestos.+157+32278.key
westos. IN KEY 512 3 157 4+hrJmz578PBd2tTNtlpCA==
vim /etc/westos.key
cat /etc/westos.key
key "westos" {+
        algorithm hmac-md5;
        secret "4+hrJmz578PBd2tTNtlpCA==";
};
[[email protected] mnt]# vim /etc/named.conf
include "/etc/westos.key";
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
dns 解析
vim /etc/named.rfc1912.zones.inter

zone "westos.com" IN {
        type master;
        file "westos.com.inter";
        allow-update { key westos; };
        also-notify { 172.25.254.151; };
};