高速缓存dns/ddns
#####高速缓存dns#####
服务端:
[root@localhost ~]# yum search dns ###安装dns####
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
=============================== N/S matched: dns ===============================
dnsmasq.x86_64 : A lightweight DHCP/caching DNS server
dnssec-trigger.x86_64 : NetworkManager plugin to update/reconfigure DNSSEC
: resolving
kdenetwork-kdnssd.x86_64 : Kdnssd
ldns.i686 : Low-level DNS(SEC) library with API
ldns.x86_64 : Low-level DNS(SEC) library with API
perl-Net-DNS.x86_64 : DNS resolver modules for Perl
python-dns.noarch : DNS toolkit for Python
bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System)
: server
bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS server,
: named(8)
bind-libs.i686 : Libraries used by the BIND DNS packages
bind-libs.x86_64 : Libraries used by the BIND DNS packages
bind-libs-lite.i686 : Libraries for working with the DNS protocol
bind-libs-lite.x86_64 : Libraries for working with the DNS protocol
bind-license.noarch : License of the BIND DNS suite
bind-utils.x86_64 : Utilities for querying DNS name servers
c-ares.i686 : A library that performs asynchronous DNS operations
c-ares.x86_64 : A library that performs asynchronous DNS operations
seahorse-sharing.x86_64 : Sharing of PGP public keys via DNS-SD and HKP
unbound.x86_64 : Validating, recursive, and caching DNS(SEC) resolver
Name and summary matches only, use "search all" for everything.
[root@localhost ~]# yum install bind.x86_64 -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-14.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bind x86_64 32:9.9.4-14.el7 rhel_dvd 1.8 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Downloading packages:
bind-9.9.4-14.el7.x86_64.rpm | 1.8 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-9.9.4-14.el7.x86_64 1/1
Verifying : 32:bind-9.9.4-14.el7.x86_64 1/1
Installed:
bind.x86_64 32:9.9.4-14.el7
Complete!
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# ll /etc/rndc.key ###在没有开启named服务的时候,该文件不存在#####
ls: cannot access /etc/rndc.key: No such file or directory
[root@localhost ~]# systemctl start named ###开启服务,若是许久没有开启可能是字符不够,在虚拟机上随便输入几个字符####
[root@localhost ~]# ll /etc/rndc.key
-rw-r-----. 1 root named 77 May 5 22:13 /etc/rndc.key
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; ###回环接口不与外界交互,改成any###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; ###允许任何人连###
forwarders {172.25.254.250;}; ####如果高速缓存dns找不到就到172.25.254.250找####
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
@
[root@localhost ~]# systemctl restart named ###重启服务###
客户端:
[root@localhost ~]# vim /etc/resolv.conf ###在里面指明dns服务器###
# Generated by NetworkManager
search example.com
nameserver 172.25.254.112 ###dns服务器(服务端)为172.25.254.112####
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
[root@localhost ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47262
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com.INA
;; ANSWER SECTION:
www.baidu.com.376INCNAMEwww.a.shifen.com.
www.a.shifen.com.300INA183.232.231.172
www.a.shifen.com.300INA183.232.231.173
;; AUTHORITY SECTION:
.513219INNSk.root-servers.net.
.513219INNSc.root-servers.net.
.513219INNSa.root-servers.net.
.513219INNSg.root-servers.net.
.513219INNSi.root-servers.net.
.513219INNSh.root-servers.net.
.513219INNSm.root-servers.net.
.513219INNSe.root-servers.net.
.513219INNSf.root-servers.net.
.513219INNSb.root-servers.net.
.513219INNSl.root-servers.net.
.513219INNSd.root-servers.net.
.513219INNSj.root-servers.net.
;; Query time: 349 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri May 05 22:17:05 EDT 2017
;; MSG SIZE rcvd: 312
####构造dns###
服务端:
[root@server ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
[root@server ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
[root@server ~]# cd /var/named/
[root@server named]# ll
total 20
drwxrwx---. 2 named named 22 May 5 22:13 data
drwxrwx---. 2 named named 30 May 5 23:30 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
-rw-r-----. 1 root named 349 May 5 23:29 westos.com.zone
[root@server named]# cp -p named.localhost westos.com.zone
[root@server named]# vim westos.com.zone ###编写A记录文件####
$TTL 1D
@ ##(之后的内容为westos.com) IN SOA dns.westos.com. root.westos.com. (
即/etc/named.conf里面引号内内容
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.112
www A 172.25.254.212
[root@server named]# systemctl restart named
客户端:
[root@localhost ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 172.25.254.112
[root@localhost ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29432
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.254.212
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri May 05 23:14:27 EDT 2017
;; MSG SIZE rcvd: 93
#####CNAME,MX#####
服务器:
[root@server ~]# vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.112
www A 172.25.254.212
music CNAME music.a.westos.com.
music.a A 172.25.254.111
music.a A 172.25.254.222
westos.com. MX 1 172.25.254.100.
~
[root@server ~]# systemctl restart named
[root@server ~]#
客户端:
[root@localhost ~]# dig music.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> music.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14025
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;music.westos.com.INA
;; ANSWER SECTION:
music.westos.com.86400INCNAMEmusic.a.westos.com.
music.a.westos.com.86400INA172.25.254.111
music.a.westos.com.86400INA172.25.254.222
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri May 05 23:30:33 EDT 2017
;; MSG SIZE rcvd: 133
[root@localhost ~]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33372
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com.INMX
;; ANSWER SECTION:
westos.com.86400INMX1 172.25.254.100.
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Fri May 05 23:30:46 EDT 2017
;; MSG SIZE rcvd: 103
####不同网关####
服务端:
[root@server ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p
[root@server ~]# vim /etc/named.rfc1912.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
[root@server ~]# cp /var/named/westos.com.zone /var/named/westos.com.inter -p
[root@server ~]# vim /var/named/westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.12.112
www A 172.25.12.212
music CNAME music.a.westos.com.
music.a A 172.25.12.111
music.a A 172.25.12.222
westos.com. MX 1 172.25.12.100.
~
[root@server ~]# vim /etc/named.conf
view localnet{
match-clients { 172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet{
match-clients { 172.25.12.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
[root@server ~]# systemctl restart named
客户端:
[root@localhost ~]# dig www.westos.com ###ip为客户端####
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20946
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.254.212
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Sat May 06 02:31:35 EDT 2017
;; MSG SIZE rcvd: 93
[root@localhost ~]# vim /etc/resolv.conf ###ip为172.25.12.213的客户端###
# Generated by NetworkManager
search example.com
nameserver 172.25.12.113
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
[root@localhost ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51552
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.12.213
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.12.213
;; Query time: 0 msec
;; SERVER: 172.25.12.100#53(172.25.12.100)
;; WHEN: Sat May 06 02:40:07 EDT 2017
;; MSG SIZE rcvd: 93
###反向解析####
服务端:
[root@server ~]# vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN { ###将dns服务器所在网段反着写####
type master;
file "westos.comNaNr";
allow-update { none; };
};
[root@server ~]# cd /var/named/
[root@server named]# ll
total 28
drwxrwx---. 2 named named 22 May 5 22:13 data
drwxrwx---. 2 named named 4096 May 6 03:07 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
-rw-r-----. 1 root named 344 May 6 01:57 westos.com.inter
-rw-r-----. 1 root named 349 May 5 23:29 westos.com.zone
[root@server named]# cp -p named.loopback /var/named/westos.comNaNr
[root@server named]# vim /var/named/westos.comNaNr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.112
111 PTR www.westos.com.
222 PTR bbs.westos.com.
[root@server named]# systemctl restart named
客户端:
[root@localhost ~]# dig -x 172.25.254.111
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34839
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 0 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Sat May 06 03:27:08 EDT 2017
;; MSG SIZE rcvd: 118
[root@localhost ~]# dig -x 172.25.254.222
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
222.254.25.172.in-addr.arpa. 86400 INPTRbbs.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.112
;; Query time: 1 msec
;; SERVER: 172.25.254.112#53(172.25.254.112)
;; WHEN: Sat May 06 03:30:35 EDT 2017
;; MSG SIZE rcvd: 118
####配置钥匙###
服务端:
[root@server mnt]# dnssec-keygen --help
dnssec-keygen: invalid argument --
Usage:
dnssec-keygen [options] name
Version: 9.9.4-RedHat-9.9.4-14.el7
name: owner of the key
Options:
-K <directory>: write keys into directory
-a <algorithm>:
RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1 | NSEC3DSA |
RSASHA256 | RSASHA512 | ECCGOST |
ECDSAP256SHA256 | ECDSAP384SHA384 |
DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |
HMAC-SHA384 | HMAC-SHA512
(default: RSASHA1, or NSEC3RSASHA1 if using -3)
-3: use NSEC3-capable algorithm
-b <key size in bits>:
RSAMD5:[512..4096]
RSASHA1:[512..4096]
NSEC3RSASHA1:[512..4096]
RSASHA256:[512..4096]
RSASHA512:[1024..4096]
DH:[128..4096]
DSA:[512..1024] and divisible by 64
NSEC3DSA:[512..1024] and divisible by 64
ECCGOST:ignored
ECDSAP256SHA256:ignored
ECDSAP384SHA384:ignored
HMAC-MD5:[1..512]
HMAC-SHA1:[1..160]
HMAC-SHA224:[1..224]
HMAC-SHA256:[1..256]
HMAC-SHA384:[1..384]
HMAC-SHA512:[1..512]
(if using the default algorithm, key size
defaults to 2048 for KSK, or 1024 for all others)
-n <nametype>: ZONE | HOST | ENTITY | USER | OTHER
(DNSKEY generation defaults to ZONE)
-c <class>: (default: IN)
-d <digest bits> (0 => max, default)
-E <engine name>
-f <keyflag>: KSK | REVOKE
-g <generator>: use specified generator (DH only)
-L <ttl>: default key TTL
-p <protocol>: (default: 3 [dnssec])
-r <randomdev>: a file containing random data
-s <strength>: strength value this key signs DNS records with (default: 0)
-T <rrtype>: DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0))
ECCGOST:ignored
-t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF)
-h: print usage and exit
-m <memory debugging mode>:
usage | trace | record | size | mctx
-v <level>: set verbosity level (0 - 10)
Timing options:
-P date/[+-]offset/none: set key publication date (default: now)
-A date/[+-]offset/none: set key activation date (default: now)
-R date/[+-]offset/none: set key revocation date
-I date/[+-]offset/none: set key inactivation date
-D date/[+-]offset/none: set key deletion date
-G: generate key only; do not set -P or -A
-C: generate a backward-compatible key, omitting all dates
-S <key>: generate a successor to an existing key
-i <interval>: prepublication interval for successor key (def[r[
[root@server mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westoskey
Kwestoskey.+157+33334
[root@server mnt]# ls
Kwestoskey.+157+33334.key westos.com.zone
Kwestoskey.+157+33334.private
[root@server mnt]#cat Kwestoskey.+157+33334.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: TKSWfTJrHFxAmJXz7LWHbg==
Bits: AAA=
Created: 20170509052622
Publish: 20170509052622
Activate: 20170509052622
[root@server mnt]# cp -p /etc/rndc.key /etc/westos.key
[root@server mnt]# vim /etc/westos.key
[root@server mnt]# cat /etc/westos.key
key "westoskey" {
algorithm hmac-md5;
secret "TKSWfTJrHFxAmJXz7LWHbg==";
};
[root@server mnt]# vim /etc/named.conf
[root@server mnt]# systemctl restart named
[root@server mnt]# vim /etc/named.rfc1912.zones
[root@server mnt]# systemctl restart named
[root@server mnt]# scp Kwestoskey.+157+33334.* root@172.25.254.213:/mnt/ ##把密码给客户端
The authenticity of host '172.25.254.213 (172.25.254.213)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.213' (ECDSA) to the list of known hosts.
root@172.25.254.213's password:
Kwestoskey.+157+33334.key 100% 53 0.1KB/s 00:00
Kwestoskey.+157+33334.private 100% 165 0.2KB/s 00:00
[root@localhost named]# systemctl restart named
客户端:
[root@dns mnt]# nsupdate -k /mnt/Kwestoskey.+157+33334.private
> server 172.25.254.113
> update add hello.westos.com 86400 A 172.25.254.111
> send
>
[root@dns mnt]# dig hello.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60850
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com.INA
;; ANSWER SECTION:
hello.westos.com.86400INA172.25.254.111
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.113
;; Query time: 3 msec
;; SERVER: 172.25.254.113#53(172.25.254.113)
;; WHEN: Tue May 09 02:50:19 EDT 2017
;; MSG SIZE rcvd: 95
####dns的更新###
///但重启服务时,文件就变了,与缓存文件同步
1.
cp -p /var/named/westos.com.zone /mnt
2.
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.213; }; ##允许谁更新
};
3.
chmod 770 /var/named
4.
[root@localhost ~]# setsebool -P named_write_master_zones 1
[root@localhost ~]# getsebool -a | grep named
named_tcp_bind_http_port --> off
named_write_master_zones --> on
systemctl restart named
5.check on 172.25.254.213
[root@dns ~]# nsupdate
> server 172.25.254.113 ##服务端
> update add hello.westos.com 86400 A 172.25.254.111
> send
>
[root@server named]# vim /var/named/westos.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
westos.com IN SOA dns.westos.com. root.westos.com. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
MX 1 172.25.254.100.
$ORIGIN westos.com.
music.a A 172.25.254.111
A 172.25.254.222
dns A 172.25.254.112
hello A 172.25.254.222
music CNAME music.a
www A 172.25.254.212
[root@server named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter westos.com.zone.jnl
named.ca named.loopback westos.comNaNr
[root@server named]# vim /var/named/westos.com.zone
[root@server named]# rm -fr westos.com.zone westos.com.zone.jnl ###将缓存文件和变了的文件删除###
[root@server named]# cp -p /mnt/westos.com.zone . ###将之前的文件复制过来###
[root@server named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter
named.ca named.loopback westos.comNaNr
[root@server named]# systemctl restart named
[root@server named]# vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expir 3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.113
www A 172.25.254.213
music CNAME music.a.westos.com.
music.a A 172.25.254.111
westos.com. MX 1 172.25.254.113.
~
~
####dhcp更新dns(ddns)####
1.install software
yum install dhcp -y
2.mk configfile
[root@localhost ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y ##
3.change configfile
vim /etc/dhcp/dhcpd.conf
[root@localhost ~]# cat /etc/dhcp/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "westos.com";
option domain-name-servers 172.25.254.113;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.60 172.25.254.70;
option routers 172.25.254.250;
}
key "westoskey" {
algorithm hmac-md5;
secret "TKSWfTJrHFxAmJXz7LWHbg==";
};
zone westos.com. {
primary 127.0.0.1;
key westoskey;
}
4.check
*)拔掉网线
*)在客户端检测
hostnamectl set-hostname test.westos.com
vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@dns ~]# hostnamectl set-hostname dns.westos.com
[root@dns ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@dns ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
systemctl restart network
dig test.westos.com
转载于:https://blog.51cto.com/12768057/1924102
高速缓存dns/ddns相关推荐
- DNS高速缓存及DDNS
1.高速缓存DNS 域名系统(Domain Name System)是因特网的一项核心服务,它作为可以将域名和IP地址相互映射的一个分布式数据库,能够使人更方便的访问互联网,而不用去记住能够被机器直接 ...
- Linux系统中的ddns:dhcp+dns=ddns (花生壳)
动态域名解析(ddns) 动态域名服务的对象是指IP是动态的,是变动的.普通的DNS都是基于静态IP的,有可能是一对多或多对多,IP都是固定的一个或多个.但DDNS的IP是变动的.随机的.也就是说DD ...
- 带你轻松配置linux下高速缓存DNS服务器
1.dns(域名系统)的基础知识 dns的定义 域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务 作为将域名和IP地址相互映射的一个分布式数据库,帮助人们方便的访 ...
- linux下配置高速缓存dns
一.概念 1.什么是DNS? ==域名系统(服务)协议(dns)==是一种分布式网络目录服务,主要用于域名与IP地址的相互转换,以控制因特网的电子邮件的发送. 2.DNS的分类 (1)权威名称服务器, ...
- Linux学习笔记—高速缓存DNS
一.DNS总揽 1.DNS相关概念 name space: 命名空间,如何给互联网上的主机命名的 权威名称服务器: 存储并提供某区域 ( 整个 DNS 域或 DNS 域的一部分 ) 的实际数据. 权威 ...
- Linux下高速缓存DNS的配置
一.DNS概述 权威dns: 存储并提供某区域(整个DNS域或DNS域的一部分)的实际数据. 非权威dns: 客户端通过其查找来自权威名称服务器的数据.递归名称服务器的类型包括 仅缓存名称服务器:仅用 ...
- Linux基于rhel的DNS部署(一)——高速缓存DNS
一.DNS总览 1.权威名称服务器 存储并提供某区域 ( 整个 DNS 域或 DNS 域的一部分 ) 的实际数据. 权威名称服务器的类型包括: Master : 包含原始区域数据.有时称作 " ...
- 高速缓存DNS解析详解
1.DNS总览 域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务.它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网. 权威名称服务器: ...
- DDNS配置实例(DHCP+DNS=DDNS)
DDNS配置实例(DHCP+DNS=DDNS) 在网络管理中,维护DNS服务器是一项很基本的工作.但是,随着网络规模的不断扩大,频繁的去修改DNS区域数据文件,那也将会是一件很麻烦的事情.因此,动态D ...
- DNS域名解析服务1(高速缓存dns,dns正向解析,dns正向轮询解析,dns反向解析,dns双向解析)
域名解析是把域名指向网站空间IP,让人们通过注册的域名可以方便地访问到网站的一种服务.IP地址是网络上标识站点的数字地址,为了方便记忆,采用域名来代替IP地址标识站点地址.域名解析就是域名到IP地址的 ...
最新文章
- 生物什么时候学公式计算机,高考生物重要规律性关系及公式精华归纳,转走吧!...
- Jetson Xavier(Ubuntu18.04)安装固态硬盘并挂载到/home区下
- android 1396x750设计图,移动端的适配|切图|标注
- C#加密解密DES字符串转
- 为考试而准备1——无线WCDMA 网规精选(04年)
- 【poj3070】Fibonacci
- nginx能访问html静态文件但无法访问php文件
- 初识Xen-CentOS5.8_x64位系统安装xen文档(-)
- Python使用pytest框架进行单元测试
- 梦幻群侠传5帮派修炼_梦幻封妖传5门派技能介绍 | 手游网游页游攻略大全
- word类型得实参和lpwstr类型的形参不兼容_前端测试题:(解析)关于JavaScript的数据类型,下面说法错误的是?...
- mysql 左连接 左外连接吗_数据库左连接和左外连接有区别吗
- Python-torch.optim优化算法理解之optim.Adam()
- hdu-2206 IP的计算
- Python招聘职位大体是两个方向
- sql Sever 2012安装失败解决办法!
- 计算机通信过程详解 与 arp欺骗
- 服务器虚拟化及云计算基础实验
- 自己用的一些觉得不错的软件
- 设计实现抽象数据类型“三元组”,要求动态分配内存
热门文章
- Atitit 代理CGLIB 动态代理 AspectJ静态代理区别
- Atitit linux获取项目运行环境版本
- AIS家电行业供应链管理系统综合分析-零部件订货对应分析需求
- Rust:Fn,FnMut,FnOnce
- 节约服务器成本50%以上,独角兽完美日记电商系统容器化改造历程
- php1到5000排序,php排序1亿个号码
- java基础教程 吴仁群 试读_清华大学出版社-图书详情-《Java基础教程》
- 【优化算法】麻雀搜索优化算法(SSA)【含Matlab源码 1288期】
- 【CPI指数预测】基于matlab BP神经网络CPI指数预测【含Matlab源码 662期】
- 【电路仿真】基于matlab Simulink红绿灯车辆数量识别【含Matlab源码 378期】