dns服务器搭建
文章目录前言一、基本信息二、双向解析三、dns更新四、ddns(dhcp+dns)五、 相关操作:前言dns:domain name service(域名解析服务)提供域名解析,主要分为dns服务端的搭建和测试端测试两部分内容一、基本信息/etc/resolv.confdns指向文件 (主配置文件)host地址解析命令dig地址详细解析信息命令二、双向解析实验环境:客户端2台10.4.17网段1.
·
前言
dns:domain name service(域名解析服务)提供域名解析,主要分为dns服务端的搭建和测试端测试两部分内容
一、基本信息
| /etc/resolv.conf | dns指向文件 (主配置文件) |
|---|---|
| host | 地址解析命令 |
| dig | 地址详细解析信息命令 |
二、双向解析
实验环境:
客户端2台
10.4.17网段
1.1.1网段 %ifconfig ens160 1.1.1.30 netmask 255.255.255.0
服务端1台2个网段的ip
10.4.17.18
1.1.1.101 %ifconfig ens160 1.1.1.101 netmask 255.255.255.0
在10.4.17网段的客户主机中
vim /etc/resolv.conf
nameserver 10.4.17.118
在1.1.1网段的客户主机中
vim /etc/resolv.conf
nameserver 1.1.1.101
配置方式:
cd /var/named/
cp -p westos.org.zone westos.org.inter
vim westos.org.inter %编辑另一个只有网段不同的子配置文件
$TTL 1D
@ IN SOA dns.westos.org. root.westos.org (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 1.1.1.118
www CNAME hello.westos.org.
test A 1.1.1.117
test A 1.1.1.116
westos.com. MX 1 1.1.1.115. %mail exchanger
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inters
vim /etc/named.rfc1912.inters
zone "westos.org" IN {
type master;
file "westos.org.inter"; %更改文件指向
allow-update { none; };
};
vim /etc/named.conf %编写主配置文件
#zone "." IN { %注释该部分内容
## type hint;
## file "named.ca";
##};
#
##include "/etc/named.rfc1912.zones";
##include "/etc/named.root.key";
view localnet {
match-clients { 192.168.0.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inters";
};
include "/etc/named.root.key";
systemctl restart named
测试方法:
分别在2个网段的主机中作同样域名的地址解析,得到的A记录不同
三、dns更新
dns基于ip地址的更新:
在dns中设定:
vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { 10.4.17.100; }; %允许指定客户端更新westos域
also-notify { 10.4.17.106; };
};
测试:
在10.4.17.100
[root@node1 ~]# nsupdate
> server 10.4.17.118
> update add hello.westos.org 86400 A 10.4.17.119 %新增A记录
> send
> update delete hello.westos.org %删除A记录
> send
dns基于key更新的方式:
dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westos
cp -p /etc/rndc.key /etc/wesots.key
vim /etc/wesots.key
key "westos" {
algorithm hmac-sha256;
secret "SB1tQcLaWeroU9lGW21zeA==";
};
vim /etc/named.conf
43 include "/etc/wesots.key";
vim /etc/named.rfc1912.zones
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { key westos; };
also-notify { 10.4.17.106; };
};
systemctl restart named
[root@node1 ~]# nsupdate -k /mnt/Kwestos.+163+26695.private
> server 10.4.17.118
> update add hello.westos.org 86400 A 10.4.17.120
> send
> quit
四、ddns(dhcp+dns)
选择一台主机作为dhcp服务器,可以选择dns服务器:
vim /etc/dhcp/dhcpd.conf %编辑此配置文件,将其作为dhcp服务器
dnf instsall dhcp-server -y
vim /etc/dhcpd/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "westos.com";
option domain-name-servers 192.168.0.20;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim; %开启为网络更新模式(interim)
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
subnet 10.4.17.0 netmask 255.255.255.0 {
range 10.4.17.190 10.4.17.200;
}
key westos {
algorithm hmac-sha256;
secret SB1tQcLaWeroU9lGW21zeA==;
};
zone westos.org. {
primary 127.0.0.1; %当dns和dhcp服务器为同一台主机时,这里可以写127.0.0.1本地回环接口,如果不是则需要写dns服务器ip
key westos;
}
五、相关操作:
技术共进,成长同行——讯飞AI开发者社区
更多推荐
0
0- 0
已为社区贡献4条内容
所有评论(0)