This experiment requires two hosts nodea and nodeb
1. Explanation of dns terms
DNS: domain name service
1) About clients:
/etc/resolv.conf ## dns points to file
nameserver 172.25.254.117
2) Test:
host www.baidu.com ## Address resolution command
dig www.baidu.com ## Address detail resolution command
A record ## The ip Address is called the Address record of the domain name
SOA ## Authorization start host
dns top level: . thirteen
Secondary: . com .net .edu .org ....
baidu.com
3) About server
bind ## Installation package
named ## Service name
/etc/named.conf ## Master profile
/var/named ## Data directory
port ## fifty-three
4) Information about error reporting:
1.no servers could be reached ## The service cannot be accessed (the service opens the firewall network port?)
2. Service startup failed ## Configuration file write error journalctl -xe query error
3.dig query status
NOERROR ## Indicates that the query was successful
REFUSED ## Service denied access
SERVFAIL ## Failed to query the record, (dns server cannot reach the superior, and the cache is rejected)
NXDOMAIN ## This domain name A record does not exist in dns
2. Installation and startup of DNS Service
1) Installation: dnf install bind.x86_64 -y
2) Enable:
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
vim /etc/named.conf
Line 11 listen on port 53 {any;}; ## Open port 53 on all local network interfaces
19 line allow query { any; }; ## List of clients allowed to query A records
Line 34 DNSSEC validation no; ## Disabling dns detection enables dns to cache external information to the database
systemctl restart named
experiment:
stay nodea Medium:
dnf install bind -y
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
netstat -antlupe | grep 53 #View port
vim ~/.vimrc
vim /etc/named.conf #Modify master profile
Line 11 listen-on port 53 { any; }; ##Open port 53 on all local network interfaces
Line 19 allow-query { any; }; ##List of clients allowed to query A records
Line 34 dnssec-validation no; ##Disabling dns detection enables dns to cache external information to the database
systemctl restart named #Restart service
ip route add default via 172.25.254.250 #Set up router
stay nodeb Medium: [test] vim /etc/resolv.conf #Modify DNS pointing nameserver 172.25.254.117 #DNS host ip dig www.baidu.com
3. Cache dns
stay nodea Medium:
vim /etc/named.conf #Edit dns master profile
Add around line 20: forwarders { 114.114.114.114; }; #Forwarding destination DNS server ip address
systemctl restart named
Detection: after the first client host digs, other client hosts digs again, and it will be less than 1mm soon [this experiment digs first in nodeb and then in other ip hosts, and digs will be particularly fast]
dig www.taobao.com
** Note: vim /etc/resolv.conf must be written when the client host (such as nodeb) detects --> [nameserver 172.25.254.117]; The ip inside is the server segment ip (the server ip in this experiment is the nodea ip)
4.dns forward parsing
In nodea:
vim /etc/named.conf
57 Write left and right:
zone "westos.org" IN { ##Maintained domain name
type master; ##Current server primary dns
file "westos.org.zone"; ##Domain name A record file
};
cd /var/named/
cp -p named.localhost westos.org.zone #Copy a template to a custom resolution file
vim westos.org.zone #Edit custom forward resolution file
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.117
www A 172.25.254.111
systemctl restart named #Restart service
Detection in nodeb:
dig www.westos.org
In nodea:
**Note: when writing the sub configuration file, you must comment out the newly written main configuration file, otherwise you cannot restart!!!!!!!
[the editing function of the domain name edited in the main configuration file is the same as that of the sub configuration file. One of them can be used. Because the domain name written in the main configuration file is a little messy, it can be written directly in the sub configuration file.]
vim /etc/named.rfc1912.zones #Write sub configuration file
28 Left and right lines:
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { none; };
};
systemctl restart named #Restart service
Detection in nodeb:
dig www.westos.org
Forward parsing 2
In nodea:
vim westos.org.zone Edit custom forward resolution file
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.117
www CNAME nodea.westos.org.
nodea A 172.25.254.111
nodea A 172.25.254.222
systemctl restart named #Restart service
Detection: in nodeb:
If dig www.westos. Org -- > is executed repeatedly, 111 and 222 change the order
Forward parsing -- mail parsing
On the nodea server side:
vim westos.org.zone Edit custom forward resolution file
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.117
www CNAME nodea.westos.org.
nodea A 172.25.254.111
nodea A 172.25.254.222
westos.org. MX 1 172.25.254.217. #Mail resolution record
systemctl restart named #Restart service 
Detection: on nodeb client:
dig -t mx westos.org # Query DNS message type
5. Reverse parsing of DNS
In nodea: [server segment]
vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN { #Define the resolution of 172.25.254.xx [write ip backwards]
type master; #Current dns server bit
file "172.25.254.ptr"; #Reverse resolution profile name
allow-update { none; }; #Allow update of host list
};
cd /var/named/
ls
cp -p named.loopback 172.25.254.ptr #Copy pointing template file to custom reverse parsing file
vim 172.25.254.ptr #Edit custom response analysis writer
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.117
217 PTR mail.westos.org.
systemctl restart named #Restart service
Detection: in nodeb: [Client]
dig -x 172.25.254.217 # Reverse resolution (resolve the domain name of this ip)
6.dns cluster
In nodeb [secondary DNS configuration side]
dnf install bind -y
systemctl start named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
vim /etc/named.rfc1912.zones
28 Write left and right
zone "westos.org" IN {
type slave;
masters {172.25.254.117; };
file "slaves/westos.org.zone";
};
vim /etc/named.conf
Line 11 listen-on port 53 { any; }; ##Open port 53 on all local network interfaces
Line 19 allow-query { any; }; ##List of clients allowed to query A records
Line 34 dnssec-validation no; ##Disabling dns detection enables dns to cache external information locally
ls /var/named
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.254.217
In nodea [primary DNS]:
vim /etc/resolv.conf
nameserver 172.25.254.217
vim /var/named/westos.org.zone
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
3 ; serial #The serial value must be modified, and the value of serial can only be increased but not decreased
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 172.25.254.117
www CNAME nodea.westos.org.
nodea A 172.25.254.112 # Modify the ip address of A record (the last three digits)
nodea A 172.25.254.223 # Modify the ip address of A record (the last three digits)
westos.org. MX 1 172.25.254.217.
systemctl restart named
vim /etc/named.rfc1912.zones
29 Row left and right:
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { none; };
also-notify { 172.25.254.217; }; #Line 33 add
};
systemctl restart named
testing:
In primary DNS (nodea):
dig www.westos.org # You can see that the A record ip just modified has been synchronized and updated
In secondary DNS (nodeb):
dig www.westos.org # You can see that the ip record of A just modified has been synchronized and updated with that of nodea master DNS
7. Bidirectional parsing of DNS
In nodea:
ip addr show
ip addr add 192.168.0.117/24 dev ens3
ls
cp -p westos.org.zone westos.org.inter
vim westos.org.inter
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 192.168.0.117
www CNAME nodea.westos.org.
nodea A 192.168.0.112
nodea A 192.168.0.223
westos.org. MX 1 192.168.0.217.cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p
vim /etc/named.rfc1912.inter
zone "westos.org" IN {
type master;
file "westos.org.inter"; #Line 31 change the zone to inter
allow-update { none; };
also-notify { 172.25.254.217; };
vim /etc/named.conf
Note out 52-63 that 's ok
view localnet {
match-clients { 172.25.254.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view internet {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.254.117
Set as dual network card host in nodeb
cd /etc/sysconfig/network-scripts/
vim ifcfg-ens3
nmcli connection reload
nmcli connection up ens3
ip addr show # If the above setting of dual network is unsuccessful, it can be set directly in nodeb host (westos vmctl view nodeb)
vim /etc/resolv.conf
nameserver 192.168.0.117 
testing:
In nodea:
dig www.westos.org --> The ip address that appears is 172 network segment
In nodeb:
dig www.westos.org --> The ip address that appears is 192
8.dns update
In nodea
dnf install dhcp-server -y
cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
Line 7 should read: option domain-name "westos.org";
Line 8 should read: option domain-name-servers 172.25.254.117;
Delete 27 lines
30 Lines to 32 should read: subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.50 172.25.254.90;
}
Delete all after line 33
systemctl restart dhcpdcd /mnt
ls
rm -rf *
ls
dnssec-keygen -a HMAC-SHA256 -b 128 -n HOST westos
**Kwestos.+163+08981
cp /etc/rndc.key /etc/westos.key -p
ls
**Kwestos.+163+08981.key Kwestos.+163+08981.private
cat Kwestos.+163+08981.private
**Private-key-format: v1.3
Algorithm: 163 (HMAC_SHA256)
Key: 92muGwCGJWjHsYI0Iy3k6g==
Bits: AAA=
Created: 20211112080938
Publish: 20211112080938
Activate: 20211112080938
vim /etc/westos.key
key "westos" {
algorithm hmac-sha256;
secret "92muGwCGJWjHsYI0Iy3k6g==";
};
vim /etc/named.conf #When writing the master configuration file, be sure to restore the previously modified experimental environment [cancel comments on lines 52-63 and 65-81]
Line 44 add: include "/etc/westos.key";
vim /etc/named.rfc1912.zones
Line 32 should read: allow-update { key westos; };
systemctl restart named
nsupdate -k Kwestos.+163+08981.private
> server 172.25.254.117
> update add haha.westos.org 86400 A 172.25.254.111
> send
> quit
testing : dig haha.westos.org
9.ddns(dhcp+dns) [peanut shell]
In nodea
vim /etc/dhcp/dhcpd.conf
Add after line 33: key westos {
algorithm hmac-sha256;
secret 92muGwCGJWjHsYI0Iy3k6g==;
};
zone westos.org. {
primary 127.0.0.1;
key westos;
}
systemctl restart dhcpd
In NodeB: [it must be in the virtual machine, not the real machine ssh nodeb]
cd /etc/sysconfig/network-scripts/
vim ifcfg-ens3
#Delete the ip address and 255.255.255.0 in nodeb
Replace with: BOOTPROTO=dhcp
nmcli connection reload
nmcli connection up ens3
ip addr show #Will get new ip
dig westos217.westos.org # Dig own host name
The new ip address just obtained will appear