DNS作业
作业:
1.搭建dns服务器能够对自定义的正向或者反向域完成数据解析查询。
2.配置从DNS服务器,对主dns服务器进行数据备份。
一、配置DNS主服务器
# systemctl stop firewalld
# setenforce 0
1.创建主配置文件,定义正反向解析域
# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//options {
listen-on port 53 { 192.168.107.129; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};zone "openlab.com" IN {
type master;
file "named.openlab.com";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2.创建正向解析资源记录文件
# vim /var/named/named.openlab.com
3.创建反向解析记录文件
cp -a /var/named/named.localhost /var/named/named.192
vim /var/named/named.192
# systemctl restart named
4.解析测试
- 方法一
# nslookup
- 方法二
修改当前主机查找的本地dns服务器
进行测试
补充:dig命令
dig
-t 指定资源记录类型
-x 反解析查询
+trace 解析追溯显示源
# dig www.openlab.com @dns服务器的地址
二、配置DNS从服务器
1.挂载安装
# mount /dev/sr0 /mnt
# dnf install bind -y
2.关闭防火墙,已关闭。
3.完全区域传送(从服务器第一次发送请求)
- 配置从服务器使其可以对主服务器发送同步请求,对主服务器进行备份(要求二)
- 对主服务器文件进行修改
- 重启服务器,测试,在/var/named/slaves下面可以看到正反向资源记录文件
# vim /var/named/slaves/named.192
4.增量区域传送(从服务器第二次发送请求)
- 在主服务器上进行数据添加更改
# vim /var/named/named.openlab.com
- 重启
# systemctl restart named
- 在从服务器进行测试
1.监听日志信息
# tail -f /var/log/messages
2.从服务器测试增量
