欧鹏RHCE 第五次作业

unit5.DNS域名解析服务的部署及优化方案

1.
(问答题)
1.配置2台服务器要求如下：
a）服务器1：
主机名：dns-master.timinglee.org
ip地址： 172.25.254.100
配置好软件仓库
b）服务器2：
主机名：dns-slave.timinglee.org
ip地址：172.25.254.200
配置好软件仓库

2.dns-master是一台权威dns，次dns要具备一下功能
a）可以解析timinglee.org域中的主机，此域中的主机列表为
172.25.254.100 bbs.timinglee.org
172.25.254.200 login.timinglee.org
b）可以为timinglee.org这个域提供邮件解析记录，邮件服务器的地址为172.25.254.10
c）可以为172.25.254.0/24网段提供反向解析记录，反向解析记录为：
172.25.254.100 bbs.timinglee.org
172.25.254.200 login.timinglee.org

3.dns-slave主机是dns-master主机的辅助dns，当master主机中的数据发生变化后其内容自动发生改变

一,
a）服务器1（dns-master.timinglee.org）配置

1.设置主机名
[root@server ~]# hostnamectl set-hostname dns-master.timinglee.org
[root@server ~]# reboot
结果:
[root@dns-master ~]# 

2.配置网络
[root@dns-master ~]# ifconfig
ens160: 
[root@dns-master ~]# vim /etc/NetworkManager/system-connections/ens160.nmconnection 
[root@dns-master ~]# systemctl restart NetworkManager
在vim中:
...
[ipv4]
address1=192.168.187.131/24,192.168.187.2
address2=172.25.254.100/24
method=manual
...

3.安装BIND
[root@dns-master ~]# yum install bind -y

4.启动BIND
[root@dns-master ~]# systemctl enable --now named 
[root@dns-master ~]# firewall-cmd --permanent --add-service=dns 
[root@dns-master ~]# firewall-cmd --reload
结果:
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
success
success

b）服务器2为1在配置前的克隆（dns-slave.timinglee.org）配置

1.设置主机名
[root@note ~]# hostnamectl set-hostname dns-slave.timinglee.org
[root@note ~]# reboot
[root@dns-slave ~]# 

2.配置网络
[root@dns-slave ~]# vim /etc/NetworkManager/system-connections/ens160.nmconnection 
[root@dns-slave~]# systemctl restart NetworkManager
在vim中:
...
[ipv4]
address1=192.168.187.132/24,192.168.187.2
address2=172.25.254.200
method=manual
...

3.安装BIND
[root@dns-slave ~]#  yum install bind -y

4.启动BIND
[root@dns-slave ~]# systemctl enable --now named 
[root@dns-slave ~]# firewall-cmd --permanent --add-service=dns
[root@dns-slave ~]# firewall-cmd --reload
结果:
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
success
success
二,
a)b)c)
[root@dns-master ~]# vim /etc/named.rfc1912.zones
在vim中
...
// 正向维护的域
zone "timinglee.org" IN {
        type master;
        file "timinglee.org.zone";
        allow-update { none; };
        also-notify { 172.25.254.200; };
};

// 反向维护的域
zone "254.25.172.in-addr.arpa" IN {
    type master;
    file "172.25.254.ptr";
    allow-update { none; };
};

...
[root@dns-master ~]# cd /var/named
生成正向解析A记录文件
[root@dns-master named]# cp -p named.localhost timinglee.org.zone
[root@dns-master named]# vim timinglee.org.zone 
在vim中:
...
@       IN SOA  dns.timinglee.org. root.timinglee.org. (
...
                        NS      dns.timingless.org.
dns                     A       172.25.254.100
www                     CNAME   bbs.timinglee.org.
bbs.timinglee.org.      A       172.25.254.100
login.timinglee.org.    A       172.25.254.200
timinglee.org.          MX 1    172.25.254.100

...
生成反向解析A记录文件
[root@dns-master named]# cp -p named.localhost 172.25.254.ptr
[root@dns-master named]# vim 172.25.254.ptr 
在vim中:
...
                        NS      dns.timingless.org.
dns                     A       172.25.254.100
100                     PTR     bbs.timinglee.org.
200                     PTR     login.timinglee.org.
...
三,
[root@dns-slave named]# vim /etc/named.rfc1912.zones
在vim中:
...
zone "timinglee.org" IN {
        type slave;
        file "slaves/timinglee.org.zone";
        masters{172.25.254.100};
        allow-update { none; };
};
...
测试:
服务重启:
[root@dns-master named]# systemctl restart named
正向解析:
[root@dns-master named]# dig -t A www.timinglee.org @172.25.254.100 

; <<>> DiG 9.16.23-RH <<>> -t A www.timinglee.org @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37416
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6284fdc316a458ec01000000663a5ffaab319d9a34f6e30e (good)
;; QUESTION SECTION:
;www.timinglee.org.        IN    A

;; ANSWER SECTION:
www.timinglee.org.    86400    IN    CNAME    bbs.timinglee.org.
bbs.timinglee.org.    86400    IN    A    172.25.254.100

;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed May 08 01:08:10 CST 2024
;; MSG SIZE  rcvd: 108
邮件解析:
[root@dns-master named]# dig -t MX timinglee.org @172.25.254.100

; <<>> DiG 9.16.23-RH <<>> -t MX timinglee.org @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7445
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3b15c838a778927301000000663a611aad06a8b1e6f1f29b (good)
;; QUESTION SECTION:
;timinglee.org.            IN    MX

;; ANSWER SECTION:
timinglee.org.        86400    IN    MX    1 172.25.254.10.timinglee.org.

;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed May 08 01:12:58 CST 2024
;; MSG SIZE  rcvd: 113

反向解析:
[root@dns-master named]# dig -x 172.25.254.200 @172.25.254.100

; <<>> DiG 9.16.23-RH <<>> -x 172.25.254.200 @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: fc96105ee08c255201000000663a6093606625f73287f01a (good)
;; QUESTION SECTION:
;200.254.25.172.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
200.254.25.172.in-addr.arpa. 86400 IN    PTR    login.timinglee.org.

;; Query time: 2 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed May 08 01:10:43 CST 2024
;; MSG SIZE  rcvd: 117