LINUX625 DNS反向解析
DNS域名管理
正向解析:域名 转换到 IP
反向解析:IP 到 转换到 域名
DNS正向解析
环境
hostnamectl set-hostname DNS.cn
web.cn
client.cn
ip
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config
SELINUX=disabled
yum
DNS.cn
下载dns服务器端:bind
yum install bind
rpm -ql bind
备份
cp /etc/named.conf /etc/named.conf.bak
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
设置DNS.cn 访问权限 vim /etc/named.conf
DNS.CN访问权限
options {
listen-on port 53 { 127.0.0.1;any;};
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
allow-query { localhost;any;};
设置域名解析 vim /etc/named.rfc1912.zones
zone “xiaocao.cluster” IN {
type master;
file “xiaocao.cluster.zone”;
allow-update { none; };
};
定义正向解析
cd /var/named
cp -p named.localhost xiaocao.cluster.zone
定义域名指向
vim xiaocao.cluster.zone
www a webip
格式对齐
检查
named-checkconf /etc/named.conf
named-checkconf /etc/named.rfc1912.zones
cd /var/named
named-checkzone xiaocao.cluster.zone
启动DNS 服务(named)
systemctl start named
netstat -tnlp |grep named
Web服务搭建
安装
yum install httpd
systemctl start httpd
echo ‘test’>/var/www/html/index.html
Client 测试
添加DNS
echo ‘nameserver dnsip’>/etc/resolv.conf
cat /etc/resolv.conf
测试
nslookup www.xiaocao.cluster
curl http://www.xiaocao.cluster
DNS反向解析
开启DNS访问权限
[root@dns named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { localhost;any;};ZONES文件
[root@dns named]# vim /etc/named.rfc1912.zones
[root@dns named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
zone "235.168.192.in-addr.arpa" IN {type master;file "192.168.235.zone";allow-update { none; };
};定义反向解析
cd /var/named
cp -p named.loopback 192.168.235.zone
定义IP的指向
20 PTR www.xiaocao.cluster
[root@dns named]# vim 192.168.235.zone
[root@dns named]# cat 192.168.235.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1PTR localhost.
20 PTR www.xiaocao.cluster检测
named-checkconf /etc/named.conf
named-checkconf /etc/named.rfc1912.zones
cd /var/named
named-checkzone 192.168.235.zone 192.168.235.zone
重启
systemctl restart named
client
设置DNS
echo ‘nameserver DNSIP’>/etc/resolv.conf
测试
nslookup webip
报错
[root@localhost network-scripts]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@localhost network-scripts]# systemctl status network
● network.service - LSB: Bring up/down networkingLoaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)Active: failed (Result: exit-code) since 五 2025-06-27 22:09:52 CST; 13s agoDocs: man:systemd-sysv-generator(8)Process: 66148 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=1/FAILURE)6月 27 22:09:52 localhost.localdomain network[66148]: RTNETLINK answers: File exists
6月 27 22:09:52 localhost.localdomain network[66148]: RTNETLINK answers: File exists
6月 27 22:09:52 localhost.localdomain network[66148]: RTNETLINK answers: File exists
6月 27 22:09:52 localhost.localdomain network[66148]: RTNETLINK answers: File exists
6月 27 22:09:52 localhost.localdomain network[66148]: RTNETLINK answers: File exists
6月 27 22:09:52 localhost.localdomain network[66148]: RTNETLINK answers: File exists
6月 27 22:09:52 localhost.localdomain systemd[1]: network.service: control process exited, code=exited status=1
6月 27 22:09:52 localhost.localdomain systemd[1]: Failed to start LSB: Bring up/down networking.
6月 27 22:09:52 localhost.localdomain systemd[1]: Unit network.service entered failed state.
6月 27 22:09:52 localhost.localdomain systemd[1]: network.service failed.
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.235.15
GATEWAY=192.168.235.2
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.235.15
GATEWAY=192.168.235.2
NETMASK=255.255.255.0
[root@localhost network-scripts]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.235.13
GATEWAY=192.168.235.2
NETMASK=255.255.255.0
[root@localhost network-scripts]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.235.130
GATEWAY=192.168.235.2
NETMASK=255.255.255.0
[root@localhost network-scripts]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:1d:53:3b brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000link/ether 52:54:00:2b:f9:1b brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000link/ether 52:54:00:2b:f9:1b brd ff:ff:ff:ff:ff:ff
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.235.132
GATEWAY=192.168.235.2
NETMASK=255.255.255.0
[root@localhost network-scripts]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:1d:53:3b brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000link/ether 52:54:00:2b:f9:1b brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000link/ether 52:54:00:2b:f9:1b brd ff:ff:ff:ff:ff:ff
[root@localhost network-scripts]# cat ifcfg-ens34
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens34
UUID=44e22a3d-4f83-469c-a483-15f56dac2916
DEVICE=ens34
ONBOOT=no
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown ifdown-ib ifdown-isdn ifdown-routes ifdown-TeamPort ifup-aliases ifup-ib ifup-isdn ifup-post ifup-sit ifup-tunnel network-functions
ifcfg-ens34 ifdown-bnep ifdown-ippp ifdown-post ifdown-sit ifdown-tunnel ifup-bnep ifup-ippp ifup-plip ifup-ppp ifup-Team ifup-wireless network-functions-ipv6
ifcfg-lo ifdown-eth ifdown-ipv6 ifdown-ppp ifdown-Team ifup ifup-eth ifup-ipv6 ifup-plusb ifup-routes ifup-TeamPort init.ipv6-global
[root@localhost network-scripts]# rm -rf ifcfg-ens33
[root@localhost network-scripts]# vim ifcfg-ens34
[root@localhost network-scripts]# cat ifcfg-ens34
TYPE=Ethernet
PROXY_METHOD=none
BOOTPROTO=none
DEFROUTE=yes
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.235.15
GATEWAY=192.168.235.2
NETMASK=255.255.255.0[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.235.2 0.0.0.0 UG 0 0 0 ens34
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens34
192.168.235.0 0.0.0.0 255.255.255.0 U 0 0 0 ens34
[root@localhost network-scripts]# ping www.baidu.com
ping: www.baidu.com: 未知的名称或服务
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:1d:53:3b brd ff:ff:ff:ff:ff:ffinet 192.168.235.15/24 brd 192.168.235.255 scope global ens34valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000link/ether 52:54:00:2b:f9:1b brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000link/ether 52:54:00:2b:f9:1b brd ff:ff:ff:ff:ff:ff
[root@localhost network-scripts]# 码
nfs
root@192.168.235.100's password:┌────────────────────────────────────────────────────────────────────┐│ • MobaXterm 20.0 • ││ (SSH client, X-server and networking tools) ││ ││ ➤ SSH session to root@192.168.235.100 ││ • SSH compression : ✘ ││ • SSH-browser : ✔ ││ • X11-forwarding : ✔ (remote display is forwarded through SSH) ││ • DISPLAY : ✔ (automatically set on remote server) ││ ││ ➤ For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last login: Thu Jun 26 19:17:09 2025 from 192.168.235.1
[root@dns ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: inactive (dead)
[root@dns ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { localhost;any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns ~]# find /etc -name "named.*"
/etc/named.rfc1912.zones
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.root.key
/etc/named.conf.bak
/etc/named.rfc1912.zones.bak
[root@dns ~]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
[root@dns ~]# cd /var/named
[root@dns named]# ;s
-bash: 未预期的符号 `;' 附近有语法错误
[root@dns named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluter.zone\
> ^C
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1
www A 192.168.235.20
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: inactive (dead)
[root@dns named]# systemctl start named
[root@dns named]# systemctl start named
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 五 2025-06-27 19:54:58 CST; 14s agoProcess: 2612 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 2609 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 2614 (named)CGroup: /system.slice/named.service└─2614 /usr/sbin/named -u named -c /etc/named.conf6月 27 19:54:58 dns.nfs.cn named[2614]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
6月 27 19:54:58 dns.nfs.cn named[2614]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
6月 27 19:54:58 dns.nfs.cn named[2614]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
6月 27 19:54:58 dns.nfs.cn named[2614]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
6月 27 19:54:58 dns.nfs.cn named[2614]: managed-keys-zone: Key 38696 for zone . acceptance timer complete: key now trusted
6月 27 19:55:01 dns.nfs.cn named[2614]: resolver priming query complete
6月 27 19:55:01 dns.nfs.cn named[2614]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
6月 27 19:55:01 dns.nfs.cn named[2614]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
6月 27 19:55:01 dns.nfs.cn named[2614]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
6月 27 19:55:01 dns.nfs.cn named[2614]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
[root@dns named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { localhost;any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns named]# vim /etc/named.rfc1912.zones
[root@dns named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
zone "235.168.192.in-addr.arpa" IN {type master;file "192.168.235.zone";allow-update { none; };
};
[root@dns named]# cd /var/named
[root@dns named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# cp -p named.loopback 192.168.235.zone
[root@dns named]# ls
192.168.235.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# vim 192.168.235.zone
[root@dns named]# cat 192.168.235.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1PTR localhost.
20 PTR www.xiaocao.cluster
[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
[root@dns named]# cd /var/named
[root@dns named]# ls
192.168.235.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# named-checkzone 192.168.235.zone 192.168.235.zone
zone 192.168.235.zone/IN: loaded serial 0
OK
[root@dns named]# systemctl restart named
[root@dns named]# cat named.conf
cat: named.conf: 没有那个文件或目录
[root@dns named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { localhost;any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
zone "235.168.192.in-addr.arpa" IN {type master;file "192.168.235.zone";allow-update { none; };
};
[root@dns named]# vim /etc/named.rfc1912.zones
您在 /var/spool/mail/root 中有新邮件
[root@dns named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
zone "235.168.192.in-addr.arpa" IN {type master;file "192.168.235.zone";allow-update { none; };
};
zone "test.net" IN {type master;file "test.net.zone";allow-update { none; };
};
zone "mahei.cc" IN {type master;file "mahei.cc.zone";allow-update { none; };
};
[root@dns named]# cd /var/named
[root@dns named]# ls
192.168.235.zone data dynamic named.ca named.empty named.localhost named.loopback slaves xiaocao.cluster.zone
[root@dns named]# cp -p named.localhost test.net.zone
[root@dns named]# cp -p named.localhost mahei.cc.zone
[root@dns named]# vim test.net.zone
[root@dns named]# cat test.net.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1
www A 192.168.235.20
[root@dns named]# ls
192.168.235.zone dynamic named.ca named.localhost slaves xiaocao.cluster.zone
data mahei.cc.zone named.empty named.loopback test.net.zone
[root@dns named]# vim mahei.cc.zone
[root@dns named]# cat mahei.cc.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1
www A 192.168.235.20
[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
[root@dns named]# named-checkzone test.net.zone
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-J filename] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename
[root@dns named]# named-checkzone test.net.zone test.net.zone
zone test.net.zone/IN: loaded serial 0
OK
[root@dns named]# named-checkzone mahei.cc.zone mahei.cc.zone
zone mahei.cc.zone/IN: loaded serial 0
OK
[root@dns named]#client
caozx26@192.168.235.200's password:┌────────────────────────────────────────────────────────────────────┐│ • MobaXterm 20.0 • ││ (SSH client, X-server and networking tools) ││ ││ ➤ SSH session to caozx26@192.168.235.200 ││ • SSH compression : ✘ ││ • SSH-browser : ✔ ││ • X11-forwarding : ✔ (remote display is forwarded through SSH) ││ • DISPLAY : ✔ (automatically set on remote server) ││ ││ ➤ For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last login: Thu Jun 26 19:17:42 2025 from 192.168.235.1
[caozx26@client ~]$ cat /etc/relovs.conf
cat: /etc/relovs.conf: 没有那个文件或目录
[caozx26@client ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search backup.cn
nameserver 8.8.8.8
nameserver 114.114.114.114
[caozx26@client ~]$ echo 'nameserver 192.168.235.100'>/etc/resolv.conf
-bash: /etc/resolv.conf: 权限不够
[caozx26@client ~]$ sudo su
[sudo] caozx26 的密码:
[root@client caozx26]# echo 'nameserver 192.168.235.100'>/etc/resolv.conf
[root@client caozx26]# cat /etc/resolv.conf
nameserver 192.168.235.100
[root@client caozx26]# curl http://www.xiaocao.cluster
curl: (6) Could not resolve host: www.xiaocao.cluster; 未知的错误
[root@client caozx26]# curl http://www.xiaocao.cluster
<<video width="800" height="450" controls>
<source src="media/share.mp4">
</video>
DNS Test ...
[root@client caozx26]# nslookup www.xiaocao.cluster
Server: 192.168.235.100
Address: 192.168.235.100#53Name: www.xiaocao.cluster
Address: 192.168.235.20[root@client caozx26]# cat /etc/resolv.conf
nameserver 192.168.235.100
[root@client caozx26]# nslookup 192.168.235.20
20.235.168.192.in-addr.arpa name = www.xiaocao.cluster.235.168.192.in-addr.arpa.[root@client caozx26]# ntpdate 192.168.235.15
27 Jun 23:09:24 ntpdate[9599]: step time server 192.168.235.15 offset -28800.127705 sec
[root@client caozx26]#
web
root@192.168.235.20's password:
▒▒▒ʱ▒▒ܾ▒
root@192.168.235.20's password:┌────────────────────────────────────────────────────────────────────┐│ • MobaXterm 20.0 • ││ (SSH client, X-server and networking tools) ││ ││ ➤ SSH session to root@192.168.235.20 ││ • SSH compression : ✘ ││ • SSH-browser : ✔ ││ • X11-forwarding : ✔ (remote display is forwarded through SSH) ││ • DISPLAY : ✔ (automatically set on remote server) ││ ││ ➤ For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last failed login: Fri Jun 27 19:46:58 CST 2025 from 192.168.235.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Jun 26 19:16:45 2025 from 192.168.235.1
[root@web ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: inactive (dead)Docs: man:httpd(8)man:apachectl(8)
您在 /var/spool/mail/root 中有新邮件
[root@web ~]# systemctl start httpd
[root@web ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: active (running) since 五 2025-06-27 19:57:32 CST; 22s agoDocs: man:httpd(8)man:apachectl(8)Main PID: 3076 (httpd)Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"Tasks: 6CGroup: /system.slice/httpd.service├─3076 /usr/sbin/httpd -DFOREGROUND├─3096 /usr/sbin/httpd -DFOREGROUND├─3097 /usr/sbin/httpd -DFOREGROUND├─3098 /usr/sbin/httpd -DFOREGROUND├─3099 /usr/sbin/httpd -DFOREGROUND└─3100 /usr/sbin/httpd -DFOREGROUND6月 27 19:57:29 web.cn systemd[1]: Starting The Apache HTTP Server...
6月 27 19:57:32 web.cn systemd[1]: Started The Apache HTTP Server.
[root@web ~]#ntp
root@192.168.235.15's password:┌────────────────────────────────────────────────────────────────────┐│ • MobaXterm 20.0 • ││ (SSH client, X-server and networking tools) ││ ││ ➤ SSH session to root@192.168.235.15 ││ • SSH compression : ✘ ││ • SSH-browser : ✔ ││ • X11-forwarding : ✔ (remote display is forwarded through SSH) ││ • DISPLAY : ✔ (automatically set on remote server) ││ ││ ➤ For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last login: Sat May 17 22:01:39 2025 from 192.168.17.1
[root@localhost ~]# yum repolist
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
源标识 源名称 状态
local local yum 4,070
soft soft yum 1
repolist: 4,071
[root@localhost ~]# cd /etc/repo.yum.d
-bash: cd: /etc/repo.yum.d: 没有那个文件或目录
[root@localhost ~]# cd /etc/yum.repo.d
-bash: cd: /etc/yum.repo.d: 没有那个文件或目录
[root@localhost ~]# cd /etc/repo.yum .d
-bash: cd: /etc/repo.yum: 没有那个文件或目录
[root@localhost ~]# cd /etc/yum.repos.d
[root@localhost yum.repos.d]# ls
local.repo repo.tar.gz soft.repo
[root@localhost yum.repos.d]# yum install ntp -y
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
软件包 ntp-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本
无须任何处理
[root@localhost yum.repos.d]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client# Enable public key cryptography.
#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys# Specify the key identifiers which are trusted.
#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.
#requestkey 8# Specify the key identifier to use with the ntpq utility.
#controlkey 8# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
[root@localhost yum.repos.d]# vim /etc/ntp.conf
[root@localhost yum.repos.d]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
restrict 192.168.235.0 mask 255.255.255.0# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client# Enable public key cryptography.
#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys# Specify the key identifiers which are trusted.
#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.
#requestkey 8# Specify the key identifier to use with the ntpq utility.
#controlkey 8# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
[root@localhost yum.repos.d]# ntpdate cn.ntp.org.cn
27 Jun 23:08:41 ntpdate[72869]: step time server 203.107.6.88 offset -0.638674 sec
[root@localhost yum.repos.d]# systemctl restart ntpd
[root@localhost yum.repos.d]#