My Linux Learning Journey: (1) DNS

Source: Internet
Author: User
Tags dnssec subdomain

Configuration of DNS

The network environment I prepared is as follows

Target: Configure dnsmaster and dnsslave two DNS servers to form a master-slave configuration to provide name resolution services for this network.

Process: Automatically configure the required environment with a script for 2 servers (this script is appended to this article)

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/77/wKiom1Samg-wJzoMAAA47n8JweY893.jpg "style=" float: none; "Title=" Master. PNG "alt=" Wkiom1samg-wjzomaaa47n8jwey893.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/74/wKioL1SamvmiKQWVAABCbB1sIWg045.jpg "title=" from. PNG " alt= "Wkiol1samvmikqwvaabcbb1siwg045.jpg"/>

Operating System: CentOS6.6 x32_64

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/77/wKiom1Sallei82YkAAEPDx1BNgw813.jpg "title=" Picture 1.png "alt=" Wkiom1sallei82ykaaepdx1bngw813.jpg "/>

Dnsmaster

/etc/sysconfig/network-scripts/ifcfg-eth0 Configuration

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/77/wKiom1SalnST6BxbAAGTuGWnBpg381.jpg "title=" Picture 2.png "alt=" wkiom1salnst6bxbaagtugwnbpg381.jpg "/>

/etc/named.conf Options Section configuration 650) this.width=650; "Src=" http://s3.51cto.com/wyfs02/M00/57/77/ Wkiom1salscdxsxlaaibhhldoqs330.jpg "title=" image 4.png "alt=" wkiom1salscdxsxlaaibhhldoqs330.jpg "/>

Start named service, view the Port.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/74/wKioL1Sal37D-6tJAAFbFkz-OWQ786.jpg "title=" Picture 5.png "alt=" wkiol1sal37d-6tjaafbfkz-owq786.jpg "/>

newly added subdomains in /etc/named.rfc1912.zones

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/77/wKiom1SaluCj17FuAAFbyTZVlf8744.jpg "title=" Picture 6.png "alt=" wkiom1salucj17fuaafbytzvlf8744.jpg "/>

Subdomain file

/var/named/test.com.zone

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/74/wKioL1Sal5ziiAFpAAIM9iv56pw167.jpg "title=" Picture 7.png "alt=" wkiol1sal5ziiafpaaim9iv56pw167.jpg "/>

Anti-solution files for subdomains

/var/named/172.16.32.zone

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/77/wKiom1SalwLyHK0rAAMFBM_4dcA146.jpg "title=" Picture 8.png "alt=" wkiom1salwlyhk0raamfbm_4dca146.jpg "/>

the Positive and inverse solutions of test.com domain

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/74/wKioL1Sal76gO6yJAAVYggaTgmY706.jpg "title=" Picture 9.png "alt=" wkiol1sal76go6yjaavyggatgmy706.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/77/wKiom1SalyDxWrMSAAUwisyUAx8210.jpg "title=" Picture 10.png "alt=" wkiom1salydxwrmsaauwisyuax8210.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/74/wKioL1Sal_7yH1H7AAI5M0GvQFk363.jpg "title=" Picture 11.png "alt=" wkiol1sal_7yh1h7aai5m0gvqfk363.jpg "/>

Canceling a comment does not allow a reverse solution

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/77/wKiom1Sal17jHvN9AADBhMKatgk383.jpg "title=" Picture 12.png "alt=" wkiom1sal17jhvn9aadbhmkatgk383.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/74/wKioL1SamBbw4pTlAAG1p6oR6O4856.jpg "title=" Picture 13.png "alt=" wkiol1sambbw4ptlaag1p6or6o4856.jpg "/>

Dnsslave Host

/etc/sysconfig/network-scripts/ifcfg-eth0 Configuration

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/77/wKiom1Sal4GzQRHxAAGHQpZAc2I501.jpg "title=" Picture 14.png "alt=" wkiom1sal4gzqrhxaaghqpzac2i501.jpg "/>

configuration of the/var/named/test.com.zone file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/74/wKioL1SamDziEapvAAHHDk7nr5g957.jpg "title=" Picture 15.png "alt=" wkiol1samdzieapvaahhdk7nr5g957.jpg "/>

will automatically parse the file from the download

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/77/wKiom1Sal6mi8owjAAHroFB6jKY339.jpg "title=" Picture 16.png "alt=" wkiom1sal6mi8owjaahrofb6jky339.jpg "/>

/var/named/slaves/test.com.zone File

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/74/wKioL1SamGLxqhw-AAKjtnVnmlo123.jpg "title=" Picture 17.png "alt=" wkiol1samglxqhw-aakjtnvnmlo123.jpg "/> /var/named/slaves/172.16.32.zone file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/74/wKioL1SamG6zQE0UAAJmzWC1KrE870.jpg "title=" Picture 18.png "alt=" wkiol1samg6zqe0uaajmzwc1kre870.jpg "/>

View positive solutions for a domain

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/77/wKiom1Sal9GjNBJiAAU4_rz0xoU944.jpg "title=" Picture 19.png "alt=" wkiom1sal9gjnbjiaau4_rz0xou944.jpg "/>

To view the inverse of a domain

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/74/wKioL1SamIvgBV4jAAUF6ECkq6k840.jpg "title=" Picture 20.png "alt=" wkiol1samivgbv4jaauf6eckq6k840.jpg "/>

will be after the Dnsmaster service is closed

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/77/wKiom1Sal-_ygObBAACeRlpOVd8915.jpg "title=" Picture 21.png "alt=" wkiom1sal-_ygobbaacerlpovd8915.jpg "/>

You will find that the server that provided the resolution has been converted to Dnsslave

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/74/wKioL1SamKmQlqC4AARBjLwYKfE063.jpg "title=" Picture 22.png "alt=" wkiol1samkmqlqc4aarbjlwykfe063.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/77/wKiom1SamBqCSItrAAQ6evVe4-E857.jpg "title=" Picture 23.png "alt=" wkiom1sambqcsitraaq6evve4-e857.jpg "/>

#!/bin/bash#  based on yum installation bindrpm -ql bind &>/dev/null | |  yum install -y bind bind-utils#  Modifying the default configuration file conf=/etc/named.conf[ -f $ conf.bak ] && cp -f  $conf .bak  $conf  | |  cp  $conf   $conf .baksed -i  ' [Email protected]\ (^[[:space:]]*listen-on.*\) @//\[ Email protected] '   $confsed  -i  ' s/localhost;/any;/g '   $confsed  -i  ' s/ dnssec-enable yes/dnssec-enable no/'   $confsed  -i  ' s/dnssec-validation yes/ dnssec-validation no/'   $confsed  -i  ' s/auto/no/'   $confsed  -i  ' [email  Protected]\ (^[[:space:]]*bindkeys\) @//\[email protected] '   $confsed  -i  ' [email  Protected]\ (^[[:space:]]*managed\) @//\[email protected]   $conf #  set a blacklist blackhole=192.168.0.0/24 [ ! -z  $blackhole  ] && sed -i  "[Email protEcted]\ (recursion yes;\) @\1\n\tblackhole {  ' echo  $blackhole ';  };@ '   $conf #  Domain name zonename=test.com#  The segment address of the domain zoneip=172.16.32.0#  the primary domain ns= (ns1 ns2) masterip=172.16.32.251slaveip= 172.16.32.252#  subdomain subns= () #  mailing list mx= (mail) # a record a= (ns1=172.16.32.251 ns2=172.16.32.252  www1=172.16.32.241 www2=172.16.32.242 php=172.16.32.231 mysqlm=172.16.32.221 mysqls= 172.16.32.222 ftp=172.16.0.1 ) #  list cname= (POP3=MAIL&NBSP;IMAPS=MAIL&NBSP;WWW=WWW1) # SOA  ns and mailsoans=nssoamail=mailser=01ttl=3600serial= ' date + "%Y%m%d" ' $serrefresh =1hretry= 5mexpire=7dmttl=1hzonefile=/var/namedsed -i  ', $d '  /etc/named.rfc1912.zonesptrip= ' echo $ Zoneip | cut -d '. '  -f3 ' "." ' echo  $zoneIP  | cut -d '. '  -f2 ' "." ' echo  $zoneIP  | cut -d '. '  -f1 ' if [ ${1:-master} ==  "slave"  ];thencat >> /etc/named.rfc1912.zones <<eofzone  "$zonename"  IN {type slave;file  "slaves/$" Zonename.zone ";masters {  $masterip; };allow-transfer { 172.16.32.0/16; };}; zone  "$ptrip. In-addr.arpa"  IN {type slave;file  "Slaves/${zoneip%.*}.zone"; masters  {  $masterip; };//allow-transfer { none; };}; zone  "example.com"  IN {type forward;forward only;forwarders { 172.16.0.1;  };}; eofelsecat >> /etc/named.rfc1912.zones <<eofzone  "$zonename"  IN { type master;file  "$zonename. Zone";allow-transfer { 172.16.32.0/16; };}; zone  "$ptrip. In-addr.arpa"  IN {type master;file  "${zoneip%.*}.zone";//allow-transfer  { none; };}; zone  "example.com"  IN {type forward;forward only;forwarders { 172.16.0.1;  };}; eofzonens= "" zonesubns= "" Zonemx= "" Zonea= "" Zonecname= "" for i in ${ns[@ "};d ozonens= $zoneNS" \tin\tns\t "$i" \ n "donefor i  in ${subns[@]};d ozonesubns= $zoneNS $i "\tin\tns\t" $i "\ n" donenice=10for i in ${mx[@]}; dozonemx= $zoneMX "\tin\tmx\t$nice\t$i\n" nice=$[$nice +10]donefor i in ${a[@]};d ozonea= $zoneA ' echo   $i  | cut -d ' = '  -f1 ' "\tin\ta\t" ' echo  $i  | cut -d ' = '  -f2 ' "\ n" donefor i in ${cname[@]};d ozonecname= $zoneCNAME ' echo  $i  | cut -d ' = '  - F1 ' "\tin\tcname\t" ' echo  $i  | cut -d ' = '  -f2 ' "\ n" donefunction getptr () {ptr= ' echo  $1|cut -d '. '  -f4 ' "." ' echo $1|cut -d '. '  -f3 ' "." ' echo $1|cut -d '. '  -f2 ' "." ' echo $1|cut -d '. '  -f1 '. In-addr.arpa.; echo -n  $ptr}ptrns= "" for i in ${ns[@]};d optrns= $ptrNS "\tin\tns\t" $i. $zonename. " \ n "Donefunction ptra () {for i in ${a[@]};d ogetptr ' echo  $i  | cut -d ' = '  -f2 '  echo -en  ' \tin\tptr\t ' echo  $i  |  cut -d ' = '  -f1 '. $zonename. \ n ' done}cat >  $zonefile/$zonename. zone <<eof\ $TTL   $ttl \ $ORIGIN   $zonename. @INSOA $soaNS   $soaMail   ($serial $refresh$retry$expire$mttl  ' echo -e  $zoneNS ' echo -e  $zoneMX ' echo -e  $zoneA ' echo -e  $zoneCNAME "echo -e  $zoneSUBNS ' eofcat >  $zonefile/${zoneip%.*}.zone <<eof\ $TTL  $ Ttl\ $ORIGIN   $ptrip. In-addr.arpa @INSOA $soaNS. $zonename. $soaMail. $zonename .  ($serial $refresh$retry$ expire$mttl ) ' echo -e  $ptrNS ' PtrA ' eoffichown :named  $zonefile/$zonename. zone $ zonefile/${zoneip%.*}.zonechmod 640  $zonefile/$zonename .zone  $zonefile/${zoneip%.*}. zonechkconfig named onpidof named &>/dev/null && service  named restart | |   Service named start 

This article is from the "TTQQ" blog, make sure to keep this source http://473008.blog.51cto.com/463008/1595640

My Linux Learning Journey: (1) DNS

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.