Linux_配置辅助DNS服务(基础)
【RHEL8】—DNSserver1;【RHEL7】—DNSserver2;【Centos7】—DNSclient
!!!测试环境我们首关闭防火墙和selinux(DNSserver1、DNSserver2、DNSclient都需要)
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@localhost ~]# setenforce 0
前言— https://www.cnblogs.com/520qiangge/p/13395138.html 点这个链接查看
一、在DNSserver1和DNSserver2上安装DNS服务
1、安装DNS服务
//DNSserver1
[root@DNSserver1 ~]# yum install -y bind
[root@DNSserver1 ~]# systemctl start named
[root@DNSserver1 ~]# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
//DNSserver2
[root@dnsserver2 ~]# yum install -y bind
[root@dnsserver2 ~]# systemctl start named
[root@dnsserver2 ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
2、查看IP
//DNSserver1
[root@DNSserver1 ~]# ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.140 netmask 255.0.0.0 broadcast 10.255.255.255
inet6 fe80::fa13:32e0:3b9f:2196 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:cd:6a:1b txqueuelen 1000 (Ethernet)
RX packets 1848 bytes 164945 (161.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1399 bytes 195583 (190.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 596 bytes 50400 (49.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 596 bytes 50400 (49.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//DNSserver2
[root@dnsserver2 ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.150 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::e220:bff8:e997:50c4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b3:4d:83 txqueuelen 1000 (Ethernet)
RX packets 1786 bytes 137533 (134.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1638 bytes 355972 (347.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 68 bytes 5772 (5.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 68 bytes 5772 (5.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
二、编辑配置文件
1、在/etc/named.conf文件里面修改全局配置信息(DNSserver1和DNSserver2都需要修改)
//DNSserver1
[root@DNSserver1 ~]# vim /etc/named.conf
.........
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
.........
//DNSserver2
[root@dnsserver2 ~]# vim /etc/named.conf
.........
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
.........
2、在DNSserver1上配置:在/etc/named.rfc1912.zones子配置文件里面添加正向和反向的解析区域
[root@DNSserver1 ~]# arpaname 10.0.0.140
[root@DNSserver1 ~]# vim /etc/named.rfc1912.zones
.........
zone "test.com" IN {
type master;
file "test.zone";
allow-transfer { 10.0.0.150; };
}; zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.arpa";
allow-transfer { 10.0.0.150; };
};
//在文件的最后添加
3、在DNSserver2上配置:在/etc/named.rfc1912.zones子配置文件里面添加正向和反向的解析区域
[root@dnsserver2 ~]# arpaname 10.0.0.150
150.0.0.10.IN-ADDR.ARPA
[root@dnsserver2 ~]# vim /etc/named.rfc1912.zones
..........
zone "test.com" IN {
type slave;
masters { 10.0.0.140; };
file "slaves/test.zone";
}; zone "0.0.10.in-addr.arpa" IN {
type slave;
masters { 10.0.0.140; };
file "slaves/10.0.0.arpa";
};
//在文件的最后添加
4、在DNSserver1上配置:复制生成正向和反向区域解析数据库文件
[root@DNSserver1 ~]# cd /var/named/
[root@DNSserver1 named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@DNSserver1 named]# cp -a named.localhost test.zone
[root@DNSserver1 named]# cp -a named.loopback 10.0.0.arpa
5、在DNSserver1上配置:编辑正向区域解析数据库文件
[root@DNSserver1 named]# vim test.zone
$TTL 1D
@ IN SOA test.com. root.test.com. (
2020031601 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
NS ns2.test.com.
A 127.0.0.1
AAAA ::1
ns1 A 10.0.0.140
ns2 A 10.0.0.150
www A 10.0.0.1
aaa A 10.0.0.2
bbb A 10.0.0.3
ccc A 10.0.0.4
ddd A 10.0.0.5
6、在DNSserver1上配置:编辑反向区域解析数据库文件
[root@DNSserver1 named]# vim 10.0.0.arpa
$TTL 1D
@ IN SOA test.com root.test.com. (
2020031601 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
NS ns2.tst.com.
A 127.0.0.1
AAAA ::1
PTR localhost.
ns1 A 10.0.0.140
ns2 A 10.0.0.150
1 PTR www
2 PTR aaa
3 PTR bbb
4 PTR ccc.test.com
5 PTR ddd.test.com
7、在DNSserver1、DNSserver2上配置:配置文件语法检测
//DNSserver1
[root@DNSserver1 ~]# named-checkconf /etc/named.conf
[root@DNSserver1 ~]# named-checkconf /etc/named.rfc1912.zones
//DNSserver2
[root@dnsserver2 ~]# named-checkconf /etc/named.conf
[root@dnsserver2 ~]# named-checkconf /etc/named.rfc1912.zones
8、在DNSserver1上配置:正向和反向区域解析测试
[root@DNSserver1 ~]# named-checkzone test.com /var/named/test.zone
zone test.com/IN: loaded serial 2020031601
OK
[root@DNSserver1 ~]# named-checkzone test.com /var/named/10.0.0.arpa
zone test.com/IN: loaded serial 2020031601
OK
9、重启DNS服务,查看端口(DNSserver1和DNSserver2都需要)
//DNSserver1
[root@DNSserver1 ~]# systemctl restart named
[root@DNSserver1 ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.0.0.142:53 0.0.0.0:* LISTEN 27491/named
tcp 0 0 10.0.0.140:53 0.0.0.0:* LISTEN 27491/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 27491/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1101/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27491/named
tcp6 0 0 :::53 :::* LISTEN 27491/named
tcp6 0 0 :::22 :::* LISTEN 1101/sshd
tcp6 0 0 ::1:953 :::* LISTEN 27491/named
udp 0 0 10.0.0.142:53 0.0.0.0:* 27491/named
udp 0 0 10.0.0.140:53 0.0.0.0:* 27491/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 27491/named
udp 0 0 0.0.0.0:68 0.0.0.0:* 1611/dhclient
udp 0 0 0.0.0.0:50590 0.0.0.0:* 27491/named
udp6 0 0 :::53 :::* 27491/named
//DNSserver2
[root@dnsserver2 ~]# systemctl restart named
[root@dnsserver2 ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.0.0.150:53 0.0.0.0:* LISTEN 2118/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2118/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1049/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2118/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1296/master
tcp6 0 0 :::53 :::* LISTEN 2118/named
tcp6 0 0 :::22 :::* LISTEN 1049/sshd
tcp6 0 0 ::1:953 :::* LISTEN 2118/named
tcp6 0 0 ::1:25 :::* LISTEN 1296/master
udp 0 0 10.0.0.150:53 0.0.0.0:* 2118/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 2118/named
udp 0 0 0.0.0.0:68 0.0.0.0:* 1455/dhclient
udp 0 0 0.0.0.0:21652 0.0.0.0:* 1455/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 767/chronyd
udp 0 0 0.0.0.0:2421 0.0.0.0:* 2118/named
udp6 0 0 :::61980 :::* 1455/dhclient
udp6 0 0 :::53 :::* 2118/named
udp6 0 0 ::1:323 :::* 767/chronyd
10、在DNSserver2上检查是否获取正向和反向区域解析数据库文件
[root@dnsserver2 ~]# ll /var/named/slaves/
总用量 8
-rw-r--r--. 1 named named 834 7月 30 09:52 10.0.0.arpa
-rw-r--r--. 1 named named 527 7月 30 09:52 test.zone
到这里DNS服务端搭建完成
三、DNS客户端测试
1、查看客户端主机的IP
[root@dnsclient ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.129 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::fe04:212a:5e53:cec4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b3:89:a5 txqueuelen 1000 (Ethernet)
RX packets 22880 bytes 29553230 (28.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4707 bytes 583379 (569.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 148 bytes 12796 (12.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 148 bytes 12796 (12.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2、测试是否能与服务器端互通
[root@dnsclient ~]# ping -c 3 10.0.0.140
PING 10.0.0.140 (10.0.0.140) 56(84) bytes of data.
64 bytes from 10.0.0.140: icmp_seq=1 ttl=64 time=2.15 ms
64 bytes from 10.0.0.140: icmp_seq=2 ttl=64 time=0.403 ms
64 bytes from 10.0.0.140: icmp_seq=3 ttl=64 time=0.424 ms --- 10.0.0.140 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.403/0.993/2.153/0.820 ms
3、安装bind-utils包
[root@dnsclient ~]# yum install -y bind-utils
[root@dnsclient ~]# rpm -qa bind-utils
bind-utils-9.11.4-16.P2.el7_8.6.x86_64
4、在客户端 /etc/resolv.conf 加入服务端的DNS
[root@dnsclient ~]# vim /etc/resolv.conf
[root@dnsclient ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.140
nameserver 10.0.0.150
nameserver 8.8.8.8
5、测试
[root@dnsclient ~]# nslookup www.test.com
Server: 10.0.0.140
Address: 10.0.0.140#53 Name: www.test.com
Address: 10.0.0.1
[root@dnsclient ~]# nslookup 10.0.0.1
1.0.0.10.in-addr.arpa name = www.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup aaa.test.com
Server: 10.0.0.140
Address: 10.0.0.140#53 Name: aaa.test.com
Address: 10.0.0.2
[root@dnsclient ~]# nslookup 10.0.0.2
2.0.0.10.in-addr.arpa name = aaa.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup bbb.test.com
Server: 10.0.0.140
Address: 10.0.0.140#53 Name: bbb.test.com
Address: 10.0.0.3
[root@dnsclient ~]# nslookup 10.0.0.3
3.0.0.10.in-addr.arpa name = bbb.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup ccc.test.com
Server: 10.0.0.140
Address: 10.0.0.140#53 Name: ccc.test.com
Address: 10.0.0.4
[root@dnsclient ~]# nslookup 10.0.0.4
4.0.0.10.in-addr.arpa name = ccc.test.com.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup ddd.test.com
Server: 10.0.0.140
Address: 10.0.0.140#53 Name: ddd.test.com
Address: 10.0.0.5
[root@dnsclient ~]# nslookup 10.0.0.5
5.0.0.10.in-addr.arpa name = ddd.test.com.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup
> server 10.0.0.13
Default server: 10.0.0.13
Address: 10.0.0.13#53
> set q=mx
> test.com
Linux_配置辅助DNS服务(基础)的更多相关文章
- Linux_配置主DNS服务(基础)
[RHEL8]-DNSserver:[Centos7.4]-DNSclient !!!测试环境我们首关闭防火墙和selinux(DNSserver和DNSclient都需要) [root@localh ...
- DNS服务基础原理介绍
FQDN 全称域名 localhost(主机名或者是别名).localdomain(域名) FQDN=主机名.域名 根域 . 顶级域名 .com .n ...
- Bind DNS服务——基础知识
Linux基础--Bind DNS服务 Part0 DNS简介 域名系统(英语:Domain Name System,缩写:DNS)是互联网的一项服务.它作为将域名和IP地址相互映射的一个分布式数据库 ...
- Linux:Day18(上) dns服务基础进阶
DNS:Domain Name Service,协议(C/S,53/udp,53/tcp):应用层协议. BIND:Bekerley Internat Name Domain,ISC(www.isc. ...
- 【Azure 微服务】基于已经存在的虚拟网络(VNET)及子网创建新的Service Fabric并且为所有节点配置自定义DNS服务
问题描述 创建新的Service Fabric集群,可以通过门户,Powershell命令,或者是ARM模板.但是通过门户和PowerShell命令时,创建的SF集群都会自动新建一个虚拟网络而无法使用 ...
- 1、DNS服务基础
w'indows上名称解析目录: C:\Windows\System32\drivers\etc https://jocent.me/2017/06/18/dns-protocol-principle ...
- DNS服务基础
DNS服务器的功能 – 正向解析:根据注册的域名查找其对应的IP地址 – 反向解析:根据IP地址查找对应的注册域名(不常用) NS(声明DNS记录) A(正向解析记录) CNAME(解析记录别名) 安 ...
- linux之DNS服务
1.DNS (Domain Name Service 域名解析) DNS是因特网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网而不需要记忆能够直接被机器识别的IP. BI ...
- DNS服务/etc/rndc.key was found解决办法
问题: [root@localhost ~]# rndc reload rndc: neither /etc/rndc.conf nor /etc/rndc.key was found 解决办法: R ...
随机推荐
- 消息中间件-RabbitMQ持久化机制、内存磁盘控制
RabbitMQ持久化机制 RabbitMQ内存控制 RabbitMQ磁盘控制 RabbitMQ持久化机制 重启之后没有持久化的消息会丢失 package com.study.rabbitmq.a13 ...
- VirtualBox CentOS8 调整分辨率
1 概述 VirtualBox安装完CentOS8后无法调节分辨率,需要安装额外的工具. 2 安装依赖包 首先确保虚拟机能正常连接网络,然后安装:kernel.kernel-core.kernel-m ...
- Salesforce学习之路(三)利用VS Code结合Git开发Salesforce
在前面说了一些有关Admin的知识,但实际开发运用中,仅凭Admin的配置很难满足项目的定制化需求,因此基于CRM的二次开发则应运而生. 由于国内资料相对较少,所以很多入门新手无处下手,那这里就简单介 ...
- Python容器相关操作
(集合与字典除外)的容器相关操作 (1)容器的拼接 >>> 'abc' + 'def' 'abcdef' (2)容器的重复 >>> (1, 2) * 3 (1, 2 ...
- 中文NER的那些事儿1. Bert-Bilstm-CRF基线模型详解&代码实现
这个系列我们来聊聊序列标注中的中文实体识别问题,第一章让我们从当前比较通用的基准模型Bert+Bilstm+CRF说起,看看这个模型已经解决了哪些问题还有哪些问题待解决.以下模型实现和评估脚本,详见 ...
- Jquery 代码参考
jquery 代码参考 jQuery(document).ready(function($){}); jQuery(window).on('load', function(){}); $('.vide ...
- POJ 3301 三分(最小覆盖正方形)
题意: 给你n个点,让你找一个最小的正方形去覆盖所有点.思路: 想一下,如果题目中规定正方形必须和x轴平行,那么我们是不是直接找到最大的x差和最大的y差取最大就行了,但是这个题目 ...
- 从苏宁电器到卡巴斯基第30篇:难忘的三年硕士时光 VIII
自给自足 临近毕业答辩,别的导师的学生基本上都完成了各自的论文,也都开始交由第三方进行审核.而我们导师由于情况特殊,还没有机会看我们的论文,所以我们也打算和老师约一个时间,来给我们的论文提点意见,修改 ...
- hook Android系统调用的乐趣和好处
翻译:myswsun 0x00 前言 Android的内核是逆向工程师的好伙伴.虽然常规的Android应用被限制和沙盒化,逆向工程师可以按自己希望自定义和改变操作系统和内核中行为.这给了你不可多得的 ...
- 解决Android加固多进程ptrace反调试的思路整理
本文博客链接:http://blog.csdn.net/qq1084283172/article/details/53613481 一.Android多进程反调试的原理代码 当ptrace附加目标进程 ...