RHCE dns实验
1.dns域名解析原理
以v.qq.com为例:
1) dns先找本地缓存,若没有找到则去问询公共dns(递归查询)
2)公共dns服务器像根域发送请求。获得com.域的IP
公共dns服务器再向com.域发出请求,获取qq.com的IP
公共dns服务器向qq.com发起请求,获取v.qq.com的ip
(此步骤为迭代查询)
3)公共dns拿到IP后,将结果返回客户端,浏览器将基于v.qq.com.的IP地址查询服务器
2.dns的正向解析
1)给网卡添加一个IP地址
[root@localhost ~]# nmcli c mod ens160 +ipv4.addresses 192.168.83.130/24
[root@localhost ~]# nmcli c up ens160
2)下载并开启应用
[root@localhost ~]# yum install bind.x86_64 -y
[root@localhost ~]# systemctl restart named.service3)在/var/named/named.qin.com与etc/named.conf写配置文件
[root@localhost ~]# vim /var/named/named.qin.com$TTL 1D
@ IN SOA @ hhh.admin. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS dns
dns A 192.168.83.129
www A 192.168.83.130[root@localhost ~]# vim /etc/named.confoptions {listen-on port 53 {192.168.83.130; };listen-on-v6 port 53 { ::1; };directory "/var/named";allow-query { any; };
};zone "." IN {type hint;file "named.ca";
};
zone "qin.com" IN {type master;file "named.qin.com";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";4)重启应用并将安全上下文复制
[root@localhost ~]# cp -a /var/named/named.localhost /var/named/named.qin.com
[root@localhost ~]# systemctl restart named.service
5)测试
2.dns的 反向解析
1)在正向解析的基础上,在etc/named.conf中写反向解析的内容
listen-on port 53 { 192.168.83.130; };listen-on-v6 port 53 { ::1; };directory "/var/named";allow-query { any; };
};zone "." IN {type hint;file "named.ca";
};zone "qin.com" IN {type master;file "named.qin.com";
};
zone "83.168.192.in-addr.arpa" IN {type master;file "named.192.168.83.zone";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2)在/var/named/named.192.168.83.zone中写配置,重启应用并将安全上下文复制到对应文件
[root@localhost ~]# vim /var/named/named.192.168.83.zone$TTL 1D
@ IN SOA @ szwtk.com. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS dns.qin.com.
dns.qin.com. A 192.168.5.130
130 PTR haha.qin.com.
130 PTR hehe.qin.com.[root@localhost ~]# cp -a /var/named/named.localhost /var/named/named.192.168.83.zone[root@localhost ~]# systemctl restart named3)测试
3.dns主从同步(完全传输 ,增量传输)
1)完全传输
(1)选中192.168.83.130为主,在主上做的配置有
options {listen-on port 53 { 192.168.83.130; };listen-on-v6 port 53 { ::1; };directory "/var/named";allow-query { any; };allow-transfer {192.168.83.131; };
};zone "qin.com" IN {type master;file "named.qin.com";
};
zone "83.168.192.in-addr.arpa" IN {type master;file "named.192.168.83.zone";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";记得关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service
(2)选中192.168.83.130为从(从要先挂载并配置仓库),从上的配置有
[root@localhost ~]# yum install bind
[root@localhost ~]# systemctl start named
[root@localhost ~]# vim /etc/named.conf
options {listen-on port 53 { any; };directory "/var/named";allow-query { any; };
};
zone "qin.com." IN {type slave;masters{192.168.83.130; };file "slaves/named.qin.com";
};
zone "83.168.192.in-addr.arpa" IN {type slave;masters { 192.168.83.130; };file "slaves/named.192.168.83.zone";
};关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service3)测试
2)增量同步
(1)主的配置,增加新的内容,序列号增加
[root@localhost ~]# vim /var/named/named.qin.com$TTL 1D
@ IN SOA @ szwtk.admin. (5 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS dns
dns A 192.168.83.130
www A 192.168.83.130
xixi A 192.168.83.131
haha A 192.168.83.129[root@localhost ~]# vim /var/named/named.192.168.83.zone$TTL 1D
@ IN SOA @ szwtk.com. (5 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS dns.qin.com.
dns.qin.com. A 192.168.5.130
130 PTR haha.qin.com.
130 PTR hehe.qin.com.
129 PTR aaa.qin.com.
131 PTR www.qin.com.
~[root@localhost ~]# systemctl restart named
(2)从上手动增量同步
[root@localhost ~]# rndc refresh qin.com
[root@localhost ~]# rndc refresh 83.168.192.in-addr.arpa
(3)测试
