文章目录

• 实验环境
• DNS正向解析实验
• 配置主配置文件
• 配置区域文件
• 配置区域数据文件
• 打开一台windows 10进行验证

实验环境

两台cenTOs 7.6

一台windows 10

DNS正向解析实验

[root@localhost ~]# yum -y install bind         安装bing服务软件包
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.bfsu.edu.cn
 * updates: mirrors.bfsu.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 bind.x86_64.32.9.11.4-16.P2.el7_8.6 将被 安装
--> 正在处理依赖关系 bind-libs-lite(x86-64) = 32:9.11.4-16.P2.el7_8.6，它被软件包 32:bind-9.11.4-16.P2.el7_8.6.x86_64 需要
--> 正在处理依赖关系 bind-libs(x86-64) = 32:9.11.4-16.P2.el7_8.6，它被软件包 32:bind-9.11.4-16.P2.el7_8.6.x86_64 需要
--> 正在处理依赖关系 liblwres.so.160()(64bit)，它被软件包 32:bind-9.11.4-16.P2.el7_8.6.x86_64 需要
--> 正在处理依赖关系 libisccfg.so.160()(64bit)，它被软件包 32:bind-9.11.4-16.P2.el7_8.6
.....省略

[root@localhost ~]# rpm -qc bind            ##查看bing配置文件
/etc/logrotate.d/named
/etc/named.conf                             ##主配置文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones                    ##区配置文件
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key 
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost                  ##区域数据配置文件
/var/named/named.loopback

配置主配置文件

[root@localhost ~]# vim /etc/named.conf
 11 
 12 options {
 13         listen-on port 53 { any; };  ##进来后把监听地址改为any
 14         listen-on-v6 port 53 { ::1; };
 15         directory       "/var/named";         ##目录
 16         dump-file       "/var/named/data/cache_dump.db";
 17         statistics-file "/var/named/data/named_stats.txt";
 18         memstatistics-file "/var/named/data/named_mem_stats.txt";
 19         recursing-file  "/var/named/data/named.recursing";
 20         secroots-file   "/var/named/data/named.secroots";
 21         allow-query     { any; };    ##把localhost改为any 任何都可以访问地址
 22 
 23         
 33         recursion yes;
 34 
 35         dnssec-enable yes;
 36         dnssec-validation yes;
:wq 保存退出

配置区域文件

[root@localhost named]# vim /etc/named.rfc1912.zones 
.......省略内容
4 };
 25  26 zone "shuaige.com" IN { 27         type master;    ##解析域名
 28         file "shuaige.com.zone";                  #关联区域数据文件
 29         allow-update { none; };
 30 };      
 ：wq 保存退出

配置区域数据文件

[root@localhost ~]# cd /var/named      ##切到named目录
[root@localhost named]# ls
data     named.ca     named.localhost  slaves
dynamic  named.empty  named.loopback
[root@localhost named]# ll                  ##这边注意文件的属主属组的权限
总用量 16
drwxrwx---. 2 named named    6 6月   1 23:26 data
drwxrwx---. 2 named named    6 6月   1 23:26 dynamic
-rw-r-----. 1 root  named 2253 4月   5 2018 named.ca
-rw-r-----. 1 root  named  152 12月 15 2009 named.empty
-rw-r-----. 1 root  named  152 6月  21 2007 named.localhost
-rw-r-----. 1 root  named  168 12月 15 2009 named.loopback
drwxrwx---. 2 named named    6 6月   1 23:26 slaves
[root@localhost named]# cp -p named.localhost shuaige.com.zone
##-p 保持文件属性不变
[root@localhost named]# ll
总用量 20
drwxrwx---. 2 named named    6 6月   1 23:26 data
drwxrwx---. 2 named named    6 6月   1 23:26 dynamic
-rw-r-----. 1 root  named 2253 4月   5 2018 named.ca
-rw-r-----. 1 root  named  152 12月 15 2009 named.empty
-rw-r-----. 1 root  named  152 6月  21 2007 named.localhost
-rw-r-----. 1 root  named  168 12月 15 2009 named.loopback
drwxrwx---. 2 named named    6 6月   1 23:26 slaves
-rw-r-----. 1 root  named  152 6月  21 2007 xiaokeai.com.zone

[root@localhost named]# vim xiaokeai.com.zone    ##编辑区域数据文件 
$TTL 1D
@       IN SOA  aokeai.com. admin.xiaokeai.com. (       ##域名设置xiaokeai.com
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      xiaokeai.com.                  ##域名设置为xiaokeai.com
        A       127.0.0.1
www IN  A       20.0.0.88                ##配置解析记录IP地址

[root@localhost named]# echo "nameserver 20.0.0.41" > /etc/resolv.conf       ##设置域名服务器
[root@localhost named]# systemctl restart named    ##重启服务

[root@localhost named]# netstat -nuap       查看tcp连接
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           8638/avahi-daemon:  
udp        0      0 20.0.0.41:51154         84.16.67.12:123         ESTABLISHED 8640/chronyd        
udp        0      0 192.168.122.1:53        0.0.0.0:*                           87628/named         
udp        0      0 20.0.0.41:53            0.0.0.0:*                           87628/named         
udp        0      0 127.0.0.1:53            0.0.0.0:*                           87628/named         
udp        0      0 192.168.122.1:53        0.0.0.0:*                           11234/dnsmasq       
udp        0      0 0.0.0.0:67              0.0.0.0:*                           11234/dnsmasq       
udp        0      0 0.0.0.0:51288           0.0.0.0:*                           8638/avahi-daemon:  
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1/systemd           
udp        0      0 127.0.0.1:323           0.0.0.0:*                           8640/chronyd        
udp        0      0 0.0.0.0:744             0.0.0.0:*                           8626/rpcbind        
udp6       0      0 ::1:53                  :::*                                87628/named         
udp6       0      0 :::111                  :::*                                1/systemd           
udp6       0      0 ::1:323                 :::*                                8640/chronyd        
udp6       0      0 :::744                  :::*                                8626/rpcbind        
[root@localhost named]# netstat -ntap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN      18020/X             
tcp        0      0 20.0.0.41:53            0.0.0.0:*               LISTEN      87628/named         
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      87628/named         
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      11234/dnsmasq       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      9164/sshd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      9165/cupsd          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      87628/named         
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      9648/master         
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      82677/sshd: root@pt 
tcp        0      0 127.0.0.1:6011          0.0.0.0:*               LISTEN      83250/sshd: root@pt 
tcp        0      0 127.0.0.1:6012          0.0.0.0:*               LISTEN      86566/sshd: root@pt 
tcp        0     36 20.0.0.41:22            20.0.0.3:52347          ESTABLISHED 86566/sshd: root@pt 
tcp        0      0 20.0.0.41:22            20.0.0.1:56666          ESTABLISHED 83250/sshd: root@pt 
tcp        0      0 20.0.0.41:22            20.0.0.1:56567          ESTABLISHED 82677/sshd: root@pt 
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::6000                 :::*                    LISTEN      18020/X             
tcp6       0      0 ::1:53                  :::*                    LISTEN      87628/named         
tcp6       0      0 :::22                   :::*                    LISTEN      9164/sshd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      9165/cupsd          
tcp6       0      0 ::1:953                 :::*                    LISTEN      87628/named         
tcp6       0      0 ::1:25                  :::*                    LISTEN      9648/master         
tcp6       0      0 ::1:6010                :::*                    LISTEN      82677/sshd: root@pt 
tcp6       0      0 ::1:6011                :::*                    LISTEN      83250/sshd: root@pt 
tcp6       0      0 ::1:6012                :::*                    LISTEN      86566/sshd: root@pt 

[root@localhost named]# host www.shuaige.com
www.shuaige.com has address 20.0.0.88         ##域名解析IP成功

打开一台windows 10进行验证

##配置网卡信息
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=staic          ##配置静态IP
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=e5c91dc3-cda7-452d-80ae-7ce1a28cfc65
DEVICE=ens33
ONBOOT=yes
IPADDR=20.0.0.88              ##配置ip
PREFIX=24                     ##配置子网掩码
GATEWAY=20.0.0.2              ##网关         
DNS1=20.0.0.2
~               
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# setenforce 0
[root@localhost ~]# iptables -F
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# cd /var
[root@localhost var]# ls
account  crash  games     lib    log   opt       spool   www
adm      db     gopher    local  mail  preserve  target  yp
cache    empty  kerberos  lock   nis   run       tmp
[root@localhost var]# cd www
[root@localhost www]# ls
cgi-bin  html
[root@localhost www]# cd html

[root@localhost html]# vi index.html

本次实验结束感谢观看