标签:linux 基础运维学习
修改server的配置文件/etc/named.conf
10options {
11 listen-on port 53 { any; }; #监听所有端口的bind服务
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; }; #允许任何人询问此台服务器
18 forwarders { 172.25.254.250;};#主机不知道的域名则去询问172.25.254.250这台主机。此时只需要将client的机器的dns解析修改为server的ip,这时server就为client的DNS的服务器。
1》正向解析
从/etc/named.conf 中可以看到:include "/etc/named.rfc1912.zones"; 包含的配置文件/etc/named.rfc1912.zones,在这个配置文件中可以添加正向解析的文件,同样反向解析的配置文件也在这里。
vim /etc/named.rfc1912.zones
zone "feitian.com" IN { #主机域
type master;
file "fengkai.com"; #包含本地DNS高速缓存的文件
allow-update { none; }; #不允许任何人更新DNS解析文件
};
[root@server ~]# cd /var/named/
[root@server named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@server named]# cp -p named.localhost fengkai.com
[root@server named]# vim fengkai.com
$TTL 1D
@ IN SOA dns.feitian.com. root.feitian.com. (
#分别为DNS服务器的主机名dns.feitian.com和管理员的邮箱root.feitian.com
#@代表本机,在此文件中要以‘.‘结尾,不然会不起本机的域名
#2015080901表示你是2015年08月09日第一次修改,此处的数字在主从同步DNS服务器时,如果不同主从会开始做主从同步。
2015080901 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.feitian.com.
dns A 172.25.254.231
feng A 172.25.254.111
feng A 172.25.254.112
bbs CNAME hui.feitian.com.
#这里就是重命名,访问bbs.feitian.com是,他会解析出hui.feitian.com.
#这里是轮换解析,一次是111,下一次就是112
hui A 172.25.254.2222》反向解析
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN{
type master;
file "fengkai.com";
allow-update { none; };
};
[root@server named]#cp -p var/named/named.loopback fengkaiNaNr
[root@server named]# vim /var/named/fengkai.com
$TTL 1D
@ IN SOA dns.feitian.com.root.feitian.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.feitian.com.
dns A 172.25.254.231
101 PTR fengkai.com.
202 PTR kaikai.com.3. DNS 双向解析
DNS双向解析指的是让一台服务器有两个DNS解析文件,一般分为内网和外网,在/etc/named.conf
中添加如下内容:
[root@server ~]# vim /etc/named.conf
/*
zone "." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/
#将其注释,分别添加到下面的标签中
view localnet {
match-clients {172.25.254.231;};
zone "." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
};
view any {
match-clients {any;};
zone "." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1913.zones";
};将/etc/named.rfc1912.zons拷一份名称为named.rfc1913.zons,分别让其指向不同的解析文件
cp /etc/named.rfc1912.zones /etc/named.rfc1913.zones
vim /etc/named.rfc1912.zones
zone "feitian.com.in" IN {
type master;
file "fengkai.com.out";
allow-update { none; };
};
vim /etc/named.rfc1913.zones
zone "feitian.com.out" IN {
type master;
file "fengkai.com.zone";
allow-update { none; };
};然后在/var/named/下做如下操作
[root@server named]# cp -p named.localhost fengkai.com.out [root@server named]# cp -p named.localhost fengkai.com.in [root@server named]# vim fengkai.com.in $TTL 1D @ IN SOA dns.feitian.com.root.feitian.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H) ; minimum NS dns.feitian.com. dns A 172.25.254.231 feng A 172.25.254.112 bbs CNAME hui.feitian.com. hui A 172.25.254.222 [root@server named]# vim fengkai.com.out $TTL 1D @ IN SOA dns.feitian.com.root.feitian.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H) ; minimum NS dns.feitian.com. dns A 1.1.1.231 feng A 1.1.1.112 bbs CNAME hui.feitian.com. hui A 1.1.1.222
#修改server的配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
#修改客户端client
[root@localhost ~]# vim/etc/named.rfc1912.zones
zone "feitian.com" IN {
type slave;
masters {172.25.254.231;};
file "slaves/feitian.com";
allow-update { any; };
};
[root@localhost ~]# systemctl restart named
[root@localhost ~]# ls /var/named/slaves/
feitian.com将你的防火墙和selinux开启namd和dhcp服务,或者关闭,修改你的client的DNS为你主机的IP。
1》生成秘钥
dnssec-keygen -a HMAC-MD5 -b 128 -n HOSTwestos ##生成密匙
[root@server named]# dnssec-keygen -aHMAC-MD5 -b 128 -n HOST westos
Kwestos.+157+53107
ll | gerp Kwestos
-rw-------. 1 root root 50 Aug 9 04:25Kwestos.+157+53107.key
-rw-------. 1 root root 165 Aug 9 04:25Kwestos.+157+53107.private
[root@server named]# catKwestos.+157+53107.key
westos. IN KEY 512 3 157 MyuqKKel9qE2kj0CZ1NzUw==
[root@server named]# cp /etc/rndc.key /etc/westos.key -p
vim /etc/westos.key
key "westos" { ##key名称
algorithmhmac-md5;
secret"MyuqKKel9qE2kj0CZ1NzUw=="; ##key的加密字符
};
[root@server named] chmod g+x /var/named/ #保证named服务可修改你的解析文件2》 配置服务dhcp服务
编辑dhcp的配置文件/etc/dhcp/dhcp.conf
dhcpoption domain-name"feitian.com";
option domain-name-servers 172.25.254.231; #你的DNS解析
ddns-update-style interim; #开启dhcp的更新服务。
subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.80 172.25.254.90;
option routers 172.25.254.250;
}
#37行以后全部删掉后加上如下内容:
key westos {
algorithm hmac-md5;
secret MyuqKKel9qE2kj0CZ1NzUw==; #就是你生成的钥匙文件,key的加密字符
};
zone feitian.com. {
primary 127.0.0.1;
key westos;
};3》修改named.conf文件
在options标签的外边加一个包含你钥匙的路径 :include "/etc/westos.key";
修改option标签的前几行
options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; }; #注释掉等于全部开启
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };4》修该/etc/named.rfc1912.zones文件
在/etc/named.rfc1912.zones中复制一个修改成正向解析模式,反向解析也可以,这里以正向解析为例
zone "westos.com" IN { #域名,与/etc/dhcp/dhcpd.conf和你的测试机器的域名结尾保持一致
type master;
file "westos.com.zone";
allow-update { key westos; }; #钥匙的名字
};5》测试
将你的钥匙发给从机随便哪个目录,以/var/named/目录为例
在你的client上执行如下命令测试你的秘钥有没有生效
usupdate -k Kwestos.+157+53107.private server 172.25.254.231 update add www.westos.com 86400 A 172.25.254.88 send #这时你是用dig 就会出现 172.25.254.88的解析结果
在你的client端修改你的主机域名,与你server上的weston.com保持一致,但是解析文件中没有解析。
比如:feitain.westos.com,然后设置你的主机的网络为dhcp,这是你如果dig 你client的域名解析结果会根你client的IP变化说明你的花生壳就做好了。
本文出自 “13122323” 博客,请务必保留此出处http://13132323.blog.51cto.com/13122323/1955802
标签:linux 基础运维学习
原文地址:http://13132323.blog.51cto.com/13122323/1955802
