一.DNS的高速缓存
1.##安装bind软件包
2.##启动DNS服务
3.将DNS加入火墙允许列表
4.更改dns主配置文件,令其可以为所有的主机进行网络解析服务,完成后重启服务。
vim /etc/named.conf
systemctl restart named
5.客户端加入DNS解析
6.在客户端解析域名,dig www.baidu.com
##两次速度有变化,第一次要比第二次快
二.DNS的正向解析
1.注释主配置文件里的forwarders{ 172.25.254.66; };
2.[[email protected] etc]# cd /var/named
3.[[email protected] named]# cp -p named.localhost westos.com.zone
4.编辑/etc/named.rfc1912.zones域文件
5.编辑westos.com.zone
6.重启服务
[[email protected] named]# systemctl restart named
7.dig www.westos.com
CNAME解析轮询
[[email protected] named]# systemctl stop firewall
[[email protected] named]# systemctl start named
[[email protected] named]# systemctl enable named
[[email protected] named]# systemctl disable firewalld
[[email protected] named]# vim westos.com.zone
[[email protected] named]#dig www.westos.com
三.反向解析
1.编辑/etc/named.rfc1912.zones
2.[[email protected] named]# cp -p named.loopback westos.com.ptr
3.编辑westos.com.ptr文件
4.客户端dig -x +地址查看
四.双向解析
1.[[email protected] named]# cp -p westos.com.zone westos.com.inter
2.[[email protected] named]# vim westos.com.inter
3.[[email protected] named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
4.[[email protected] named]# vim /etc/named.rfc1912.inter
5.编辑主配置文件
[[email protected] named]# vim /etc/named.conf
6.分别在166和客户端本身测试
1)166解析出来的是172表示内网
2)除166外所有都是外网,用客户端解析查看为外网192
五.主从集群
再次打开一台虚拟机,重置网络ip=172.25.254.206 ,dns 解析nameserver=172.25.254.206,完成后重置网络,配置yum源
在server虚拟机上
[[email protected] Desktop]# vim /etc/resolv.conf
[[email protected] Desktop]# vim /etc/named.conf
[[email protected] Desktop]# vim /etc/named.rfc1912.zones
[[email protected] Desktop]#dig www.westos.com ##无法同步
在虚拟机Desktop
[[email protected] named]# vim /etc/named.conf
[[email protected] named]# vim /etc/named.rfc1912.inter
[[email protected] named]# vim westos.com.zone
##第三行每改一次网段地址都要更改一次数字
在server虚拟机
[[email protected] named]#systemctl restart named
[[email protected] named]#dig www.westos.com
在desktop虚拟机
[[email protected] named]# vim westos.com.zone
在server虚拟机
[[email protected] Desktop]#systemctl restart named
[[email protected] Desktop]#dig www.westos.com
六.远程更新
1.[ro[email protected] named]# cp -p westos.com.zone /mnt##进行备份
2.[[email protected] named]# vim /etc/named.rfc1912.zones
3.[[email protected] named]# systemctl restart named
4.[[email protected] named]# chmod 770 /var/named
在真机上
5.[[email protected] named]# systemctl restart named
6.[[email protected] named]# vim westos.com.zone##里面文件改变
七.远程更新加密
1.[[email protected] mnt]# dnssec-****** -a HMAC-MD5 -b 128 -n HOST westos##生成钥匙和密码 -a表示加密模式 -b表示加密字节 -n HOST 表示类型是HOST 名称是westos
2.[[email protected] mnt]# cp /etc/rndc.key /etc/westos.key -p
3.[[email protected] mnt]# cat Kwestos.+157+21114.key
westos. IN KEY 512 3 157 /Di3wK4gj0lP0Wy924nDYA==
4.[[email protected] mnt]# vim /etc/westos/key
5.[[email protected] mnt]# vim /etc/named.rfc1912.zones
6.[[email protected] mnt]# vim /etc/named.conf
8.[[email protected] mnt]#systemctl restart named
9.发送密码给允许更新的主机scp Kwestos.+157+21114.key Kwestos.+157+21114.private:/mnt/
八.DHCP对DNS进行动态更新
服务端:
1.yum install dhcp -y
2.cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
3.vim /etc/dhcp/dhcpd.conf
4.systemctl restart named
5.systemctl restart dhcpd
6.systemctl stop firewalld
客户端:
修改获取ip的方式为dhcp
[[email protected] etc]# hostnamectl set-hostname linux.westos.com
[[email protected] etc]# systemctl restart network
dig linux.westos.com ##即为dhcp分配的ip