文章目錄
- 1. 點擊[windowns安裝環回網卡文章](https://blog.csdn.net/weixin_42768634/article/details/113836530)完成網路配置
- 2.添加新的網卡,使用bridge連接方式
- 3.配置DHCP服務器(/etc/dhcpd.conf)
- 3.1首先安裝DHCP服務
- 3.2修改主組態檔
- 4.配置DNS服務器
- 4.1安裝DNS服務
- 4.2主組態檔(/etc/named.conf)
- 4.3/etc/named.rfc1912.zones(在檔案末尾添加正向區域和反向區域配置資訊)
- 4.4正向區域檔案(/var/named/data/example.com.zone)以及反向區域檔案(/var/named/data/172.16.51.arpa)
- 4.4.1修改/var/named/data/example.com.zone
- 4.4.2修改/var/named/data/172.16.51.arpa
- 4.5根區域檔案(/var/named/named.ca)
- 5.啟動服務
- 6.配置DDNS
- 7.修改/etc/named.rfc1912.zones
- 8.測驗
- 8.1用WindowsPC測驗
- 8.2用LinuxPC測驗
- 8.3日志分析
1. 點擊windowns安裝環回網卡文章完成網路配置
2.添加新的網卡,使用bridge連接方式
添加網卡的方法
添加后,可以看到新的網卡:
#ifconfig
網卡改成橋接模式
然后以這個網卡的名字創建組態檔,假設網卡的名字是ens38(具體看個人情況)ens38的組態檔根據ens33來修改即可,
#cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens38
#vim /etc/sysconfig/network-scripts/ifcfg-ens38
修改成如下,配置好后暫不啟動網卡
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens38
UUID=1cc353ed-bbed-4e29-96d2-2a6dbe770e8c
DEVICE=ens38
ONBOOT=yes
IPADDR=172.16.51.1
NETMASK=255.255.255.0
3.配置DHCP服務器(/etc/dhcpd.conf)
3.1首先安裝DHCP服務
#yum install dhcp -y
3.2修改主組態檔
默認主組態檔/etc/dhcp/dhcpd.conf檔案內容為空(只有幾行注釋),修改前先將系統檔案的范本檔案復制到/etc下,參考以下命令,
#cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
找到對應內容修改即可
# vim /etc/dhcp/dhcpd.conf
ddns-update-style interim; //dns互動更新模式
ignore client-updates;
# A slightly different configuration for an internal subnet.
subnet 172.16.51.0 netmask 255.255.255.0 {
range 172.16.51.50 172.16.51.145;
option domain-name-servers 172.16.51.1;
option domain-name "example.com";
option routers 172.16.51.1;
option broadcast-address 172.16.51.255;
default-lease-time 600;
max-lease-time 7200;
}
檢測網卡ens33是否啟動
#ifconfig ens33 | grep inet
啟動DHCP服務
#systemctl start dhcpd
測驗網卡ens38
#ifdown ens38
#ifup ens38
#ifconfig ens38 | grep inet
若配置成功,則可以從地址池中獲得成功獲得IP地址,
4.配置DNS服務器
4.1安裝DNS服務
#yum install -y bind
4.2主組態檔(/etc/named.conf)
options欄位中,listen-on port 53和allow-query的欄位值為any
#vim /etc/named.conf
tions {
listen-on port 53 { any; }; //127.0.0.1改為any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //loacalhost改為any
logging欄位中,修改成如下:
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel general_log {
file "data/general_log" versions 3 size 20m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "data/query_log" versions 3 size 20m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category general { general_log; };
category queries { query_log; };
};
4.3/etc/named.rfc1912.zones(在檔案末尾添加正向區域和反向區域配置資訊)
#vim /etc/named.rfc1912.zones
zone "example.com" {
type master;
file "data/example.com.zone";
allow-update {none;};
};
zone "51.16.172.in-addr.arpa" {
type master;
file "data/172.16.51.arpa";
allow-update { none; };
};
4.4正向區域檔案(/var/named/data/example.com.zone)以及反向區域檔案(/var/named/data/172.16.51.arpa)
拷貝/var/named/named.localhost作為正向區域檔案和反向區域檔案的模板,同時修改這兩個檔案的所屬用戶和屬組為named.
#cp /var/named/named.localhost /var/named/data/example.com.zone
#cp /var/named/named.localhost /var/named/data/172.16.51.arpa
#chown named.named /var/named/data/example.com.zone
#chown named.named /var/named/data/172.16.51.arpa
4.4.1修改/var/named/data/example.com.zone
#vim /var/named/data/example.com.zone
$TTL 1D
example.com. IN SOA dns.example.com. admin.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
example.com. IN NS dns.example.com.
dns IN A 172.16.51.1
example.com. IN MX 10 mail.example.com.
example.com. IN MX 11 mail2.example.com.
example.com. IN MX 12 mail3.example.com.
bbs IN CNAME www
samba IN CNAME www
ftp IN A 172.16.51.1
mail IN A 172.16.51.1
mail2 IN A 172.16.51.1
mail3 IN A 172.16.51.1
www IN A 172.16.51.1
修改完后可檢查組態檔
#named-checkzone example.com /var/named/data/example.com.zone
4.4.2修改/var/named/data/172.16.51.arpa
#vim /var/named/data/172.16.51.arpa
$TTL 1D
51.16.172.in-addr.arpa. IN SOA dns.example.com. admin.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
51.16.172.in-addr.arpa. IN NS dns.example.com.
1 IN PTR dns.example.com.
1 IN PTR ftp.example.com.
1 IN PTR mail.example.com.
1 IN PTR mail2.example.com.
1 IN PTR mail3.example.com
1 IN PTR www.example.com.
修改完后檢查
#named-checkzone 51.16.172.in-addr.arpa /var/named/data/172.16.51.arpa
4.5根區域檔案(/var/named/named.ca)
named.ca檔案不用修改,/var/named/目錄下就有這個檔案
5.啟動服務
#systemctl start named
注意:檢查本機DNS客戶端是否指向本機DNS服務器
#cat /etc/resolv.conf
如果不是指向本機DNS服務器,把NAT模式連接互聯網的網卡禁用掉,我這里是ens37
#ifdown ens37
使用nslookup除錯,例如
# nslookup www.example.com
# nslookup 172.16.51.1
采用nslookup進行互動式查詢
# nslookup
6.配置DDNS
創建密鑰
# dnssec-keygen -a HMAC-MD5 -b 128 -n USER linuxdns
出現如下類似提示
然后輸入命令
# cat Klinuxdns.+157+33406.key
顯示如下
其中,XUlO7GzwRFbfasuBlq7fyQ==為密鑰,如果密鑰中出現”/”,請按照上面方法重新生成密鑰,
DHCP組態檔(/etc/dhcp/dhcpd.conf)添加如下內容:(在ignoreclient-updates;下面添加即可)
# vim /etc/dhcp/dhcpd.conf
key linuxddns {
algorithm hmac-md5;
secret XUlO7GzwRFbfasuBlq7fyQ==;
}
zone example.com. {
primary 172.16.51.1;
key linuxddns;
}
zone 51.99.172.in-addr.arpa. {
primary 172.16.51.1;
key linuxddns;
}
7.修改/etc/named.rfc1912.zones
# vim /etc/named.rfc1912.zones
8.測驗
8.1用WindowsPC測驗
在Windows上設定環回網卡的IP地址為自動獲取IP地址,
按win+R鍵輸入cmd回車,然后在命令列輸入ipconfig
8.2用LinuxPC測驗
如果使用linuxpc,需要新建如下檔案:(/etc/dhclient.conf)
# vim /etc/dhclient.conf
send fqdn.fqdn "linux0707";
send fqdn.encoded on;
send fqdn.server-update off;
然后按照如下順序重啟服務和網路
# systemctl restart named
# systemctl restart dhcpd
使用nslookup命令測驗
# nslookup linux0707
如果決議失敗了,嘗試清空dhcp的租約資料庫檔案(/var/lib/dhcpd/dhcpd.leases),只留下server-duid這一項,保存檔案,之后重新運行以上步驟
8.3日志分析
查看/var/lib/dhcpd/dhcpd.leases中的日志資訊
# cat /var/lib/dhcpd/dhcpd.leases
重啟服務運行日志檔案記錄在/var/named/data/general_log
# cat /var/named/data/general_log
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/264426.html
標籤:其他