Linux服务器搭建
【本地源的搭建】
【本地源的搭建】--本地服务器搭建的前提
①查看本地源仓库
//查看本地源仓库
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ll
total 40
-rw-r--r--. 1 root root 1664 Oct 23 2020 CentOS-Base.repo
-rw-r--r--. 1 root root 1309 Oct 23 2020 CentOS-CR.repo
-rw-r--r--. 1 root root 649 Oct 23 2020 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root 314 Oct 23 2020 CentOS-fasttrack.repo
-rw-r--r--. 1 root root 630 Oct 23 2020 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 Oct 23 2020 CentOS-Sources.repo
-rw-r--r--. 1 root root 8515 Oct 23 2020 CentOS-Vault.repo
-rw-r--r--. 1 root root 616 Oct 23 2020 CentOS-x86_64-kernel.repo
[root@localhost yum.repos.d]# ls
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo CentOS-x86_64-kernel.repo
CentOS-Debuginfo.repo CentOS-Sources.repo
注:
1.以上对应有八个源,每个源分别对应不同的服务。
2.CentOS-Base.repo:本地仓库(里面的资料基本上都是国外站点的),网络上面下载下来的东西全都放在这。假如说想要启用某项服务时是从这个文件当中取出来,并解压安装的。
3.DHCP服务器本地源搭建就是要将CentOS-Base.repo这个文件里面的东西替换成虚拟机所挂载的镜像(光盘)。实现DHCP服务器本地源的真实路径(光盘目录)在/run/media/root/CentOS 7 x86_64上。
4.所以说DHCP服务器本地源的搭建,是搭建在镜像上(光盘)。
//查看光盘路径(镜像路径)。(桌面上光盘的真实路径如下)
[root@localhost ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 480812 0 480812 0% /dev
tmpfs 497836 0 497836 0% /dev/shm
tmpfs 497836 8736 489100 2% /run
tmpfs 497836 0 497836 0% /sys/fs/cgroup
/dev/mapper/centos-root 17811456 5052532 12758924 29% /
/dev/sda1 1038336 175528 862808 17% /boot
tmpfs 99568 56 99512 1% /run/user/0
/dev/sr0 4600876 4600876 0 100% /run/media/root/CentOS 7 x86_64
实现DHCP服务器本地源的搭建,是要将光盘上的目录/run/media/root/CentOS 7 x86_64挂载到本地仓库CentOS-Base.repo上。(实现将光盘目录成为本地源的仓库)
②将目前所有的本地源仓库收起来(做个备份),否则再搭建仓库时会和原有仓库起冲突。
[root@localhost ~]# cd /etc/yum.repos.d/ //创建一个bak文件夹(叫什么名任意,但bak为备份的意思),用于存放本地源仓库
[root@localhost yum.repos.d]# //本地源仓库必须放在该目录下才能被系统识别
[root@localhost yum.repos.d]# mkdir bak
[root@localhost yum.repos.d]# ll
total 40
drwxr-xr-x. 2 root root 6 Oct 13 12:20 bak
-rw-r--r--. 1 root root 1664 Oct 23 2020 CentOS-Base.repo //在Linux当中后缀为.repo的文件代表仓库的意思。后缀为.repo
-rw-r--r--. 1 root root 1309 Oct 23 2020 CentOS-CR.repo //后缀为.repo的文件才能被Linux识别为仓库。
-rw-r--r--. 1 root root 649 Oct 23 2020 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root 314 Oct 23 2020 CentOS-fasttrack.repo
-rw-r--r--. 1 root root 630 Oct 23 2020 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 Oct 23 2020 CentOS-Sources.repo
-rw-r--r--. 1 root root 8515 Oct 23 2020 CentOS-Vault.repo
-rw-r--r--. 1 root root 616 Oct 23 2020 CentOS-x86_64-kernel.repo
[root@localhost yum.repos.d]# mv *repo* bak //只要是当前目录当中存在关键字repo的都会被移动到bak目录下
[root@localhost yum.repos.d]# ll
total 0
drwxr-xr-x. 2 root root 220 Oct 13 12:23 bak
[root@localhost yum.repos.d]# cd bak //查看bak目录,现在bak目录下放置的为原来的源仓库(作为备份)
[root@localhost bak]# ll
total 40
-rw-r--r--. 1 root root 1664 Oct 23 2020 CentOS-Base.repo
-rw-r--r--. 1 root root 1309 Oct 23 2020 CentOS-CR.repo
-rw-r--r--. 1 root root 649 Oct 23 2020 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root 314 Oct 23 2020 CentOS-fasttrack.repo
-rw-r--r--. 1 root root 630 Oct 23 2020 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 Oct 23 2020 CentOS-Sources.repo
-rw-r--r--. 1 root root 8515 Oct 23 2020 CentOS-Vault.repo
-rw-r--r--. 1 root root 616 Oct 23 2020 CentOS-x86_64-kernel.repo
③创建仓库文件并重新启用本地源
//Linux当中被系统认定为仓库的必要条件为:必须在该目录下[root@localhost yum.repos.d]# 创建的文件、且创建文件的后缀必须是.repo才能被系统认定为仓库。
//现在在[root@localhost yum.repos.d]#下创建一个文件[root@localhost yum.repos.d]# vim CentOS-Base.repo。注意这里的vim CentOS-Base.repo只是一个空文件并不是真实的仓库文件,真实的仓库文件在bak的目录下。
[root@localhost yum.repos.d]# vim CentOS-Base.repo //创建文件用于写入本地源(文件名可以任意,但文件后缀必须为.repo)
[root@localhost yum.repos.d]# cat CentOS-Base.repo
[local-yum]
name=local-yum
baseurl=file:///run/media/root/CentOS\ 7\ x86_64
gpgcheck=0
//在自己创建的CentOS-Base.repo文件的中(包括自己之后创建文件给系统识别时),写源是有一定的规范的:
1、使用中括号[]:表示用于给系统识别,且中括号的前后都不许有空格,否则系统识别不了(报错)
2、name:仓库名/源名称/本地源
3、baseurl:挂载路径。这里需要将光盘路径拷贝进来。使用反斜杠\进行转义,让系统识别为空格字符。这一条为挂载路径/自己创建源仓库的路径
4、gpgcheck:填关闭校验0。1表示开启校验(本地源一般不使用校验;主要使用在网络源上,用于校验从网络源当中下载的东西是否合规、是否有病毒、证书是否合理等)
//重新启用本地源:
1、清空原有本地仓库的缓存
[root@localhost yum.repos.d]# yum clean all //清空缓存
Loaded plugins: fastestmirror, langpacks
Cleaning repos: local-yum
Cleaning up list of fastest mirrors
Other repos take up 840 M of disk space (use --verbose for details) //清空缓存的大小840M
2、将新配置好的本地仓库信息导进去
[root@localhost yum.repos.d]# yum makecache //重新加载缓存信息
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
local-yum | 3.6 kB 00:00
(1/4): local-yum/group_gz | 153 kB 00:00
(2/4): local-yum/primary_db | 3.3 MB 00:00
(3/4): local-yum/filelists_db | 3.3 MB 00:00
(4/4): local-yum/other_db | 1.3 MB 00:00
Metadata Cache Created
以上这四条代表四个分区(就是磁盘当中的分区),必须确保每个分区都主动加载了缓存。只有这四条消息正常回显,才能说明缓存成功加载。
④关闭相关服务
//永久关闭防火墙服务
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
//永久关闭selinux服务
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/selinux/config //由于永久关闭selinux服务没有相关命令,则只能在配置文件当中进行修改。
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disable //只需将SELINUX=从enforcingg改成disable
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
【DHCP服务器搭建】
【DHCP服务器搭建】
前提:做好本地源的搭建
服务器端的配置
设置服务器的作用就是让其他设备终端能与服务器进行交互、访问,那么防火墙等服务的开启则会阻拦其他终端的访问。
①下载DHCP服务器
//下载DHCP服务器
使用yum下载原因是:使用yum下载工具使用到的内核始终为rpm,且使用yum下载东西可以解决rpm对下载的依赖性关系。
[root@localhost ~]# yum -y install dhcp.x86_64 //使用下载工具yum (-y:下载过程中所有向我询问的项全部yes)
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
local-yum | 3.6 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package dhcp.x86_64 12:4.2.5-82.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
dhcp x86_64 12:4.2.5-82.el7.centos local-yum 515 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 515 k
Installed size: 1.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 12:dhcp-4.2.5-82.el7.centos.x86_64 1/1
Verifying : 12:dhcp-4.2.5-82.el7.centos.x86_64 1/1
Installed:
dhcp.x86_64 12:4.2.5-82.el7.centos
Complete!
//查看DHCP的下载目录(看看是否成功下载--主要查看配置文件/etc开头的)
[root@localhost ~]# rpm -ql dhcp //查看DHCP的下载目录
/etc/NetworkManager
/etc/NetworkManager/dispatcher.d
/etc/NetworkManager/dispatcher.d/12-dhcpd
/etc/dhcp/dhcpd.conf //.conf为配置文件的后缀(重要)
/etc/dhcp/dhcpd6.conf
/etc/dhcp/scripts
/etc/dhcp/scripts/README.scripts
/etc/openldap/schema/dhcp.schema
/etc/sysconfig/dhcpd
/usr/bin/omshell
/usr/lib/systemd/system/dhcpd.service
/usr/lib/systemd/system/dhcpd6.service
/usr/lib/systemd/system/dhcrelay.service
/usr/sbin/dhcpd //该文件为命令字文件(重要)
/usr/sbin/dhcrelay //sbin代表只有root用户才能调用
/usr/share/doc/dhcp-4.2.5
/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example
/usr/share/doc/dhcp-4.2.5/dhcpd6.conf.example
/usr/share/doc/dhcp-4.2.5/ldap
/usr/share/doc/dhcp-4.2.5/ldap/README.ldap
/usr/share/doc/dhcp-4.2.5/ldap/dhcp.schema
/usr/share/doc/dhcp-4.2.5/ldap/dhcpd-conf-to-ldap
/usr/share/man/man1/omshell.1.gz
/usr/share/man/man5/dhcpd.conf.5.gz
/usr/share/man/man5/dhcpd.leases.5.gz
/usr/share/man/man8/dhcpd.8.gz
/usr/share/man/man8/dhcrelay.8.gz
/usr/share/systemtap/tapset/dhcpd.stp
/var/lib/dhcpd
/var/lib/dhcpd/dhcpd.leases
/var/lib/dhcpd/dhcpd6.leases
②启用DHCP服务
//备份DHCP配置文件
//首先得先备份该文件(一切需要修改配置文件的时候一定得先备份该配置文件,以防出现修改配置文件修改出错等问题)
//在Linux当中文件的后缀不是重点。在备份文件时,一般都将日期加到文件的后缀当中,可以用于后期的管理
[root@localhost ~]# cd /etc/dhcp/
[root@localhost dhcp]# ll
total 8
drwxr-xr-x. 2 root root 37 Sep 28 19:52 dhclient.d
drwxr-xr-x. 2 root root 28 Sep 28 19:51 dhclient-exit-hooks.d
-rw-r--r--. 1 root root 120 Oct 2 2020 dhcpd6.conf
-rw-r--r--. 1 root root 117 Oct 2 2020 dhcpd.conf //主要的配置文件
drwxr-x---. 2 root dhcpd 28 Oct 13 21:57 scripts
[root@localhost dhcp]# cp -p dhcpd.conf dhcp.conf.20221012.bak //备份文件
[root@localhost dhcp]# ll
total 12
drwxr-xr-x. 2 root root 37 Sep 28 19:52 dhclient.d
drwxr-xr-x. 2 root root 28 Sep 28 19:51 dhclient-exit-hooks.d
-rw-r--r--. 1 root root 117 Oct 2 2020 dhcp.conf.20221012.bak
-rw-r--r--. 1 root root 120 Oct 2 2020 dhcpd6.conf
-rw-r--r--. 1 root root 117 Oct 2 2020 dhcpd.conf
drwxr-x---. 2 root dhcpd 28 Oct 13 21:57 scripts
[root@localhost dhcp]# cat dhcpd.conf //备份已完成,可以对原文件进行修改
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example //# see :那么说明这个文件只是一个DHCP模板文件,真正的文件在see的后面
# see dhcpd.conf(5) man page
#
//在这发现备份不上
[root@localhost dhcp]# cp -p /usr/share/doc/dhcp*/dhcpd.conf.example /usr/share/doc/dhcp*/dhcpd.conf.example.bak
cp: missing destination file operand after ‘/usr/share/doc/dhcp*/dhcpd.conf.example.bak’
Try 'cp --help' for more information.
//*通配符:表示该目录有可能是一个不确定的。就表示在这个目录下/usr/share/doc/dhcp*有dhcp字段的都会产生一个备份文件。
//解决办法是先进入/usr/share/doc/dhcp*目录下
[root@localhost dhcp]# cd /usr/share/doc/dhcp*
[root@localhost dhcp-4.2.5]# ll //说明通配符在这里指的是4.2.5。因此在这里面正常备份的话就可以正常备份了
total 8
-rw-r--r--. 1 root root 3306 Oct 2 2020 dhcpd6.conf.example
-rw-r--r--. 1 root root 3262 Nov 20 2012 dhcpd.conf.example
drwxr-xr-x. 2 root root 70 Oct 13 21:57 ldap
[root@localhost dhcp-4.2.5]# cp -p dhcpd.conf.example dhcpd.conf.example.bak //备份dhcpd.conf.example文件
[root@localhost dhcp-4.2.5]# ll
total 12
-rw-r--r--. 1 root root 3306 Oct 2 2020 dhcpd6.conf.example
-rw-r--r--. 1 root root 3262 Nov 20 2012 dhcpd.conf.example
-rw-r--r--. 1 root root 3262 Nov 20 2012 dhcpd.conf.example.bak
drwxr-xr-x. 2 root root 70 Oct 13 21:57 ldap
//修改DHCP配置文件
//未精简的DHCP配置文件
[root@localhost dhcp-4.2.5]# cat dhcpd.conf.example //以下为DHCP的配置文件,内容很多,需要进行过滤操作
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
subnet 10.152.187.0 netmask 255.255.255.0 {
}
# This is a very basic subnet declaration.
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
//精简的DHCP配置文件
精简操作:1.过滤注释内容 2.过滤空格内容(注释多、空格多会造成文件看起来非常多)
^:在Linux当中表示为首行标识符(^表示这一行的开始)("^#":将首行标识符带有"#"的全都过滤掉)
$:在Linux当中代表每一行的结尾(在首行开头直接看到结尾的就说明这一行为空行)
[root@localhost dhcp-4.2.5]# grep -v "^#" dhcpd.conf.example | grep -v "^$" //精简之后的结果如下
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 10.152.187.0 netmask 255.255.255.0 {
}
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
//将模板导入到配置文件
//将该模板重定向到DHCP的配置文件当中
[root@localhost dhcp-4.2.5]# grep -v "^#" dhcpd.conf.example | grep -v "^$" > /etc/dhcp/dhcpd.conf
[root@localhost dhcp]# cat /etc/dhcp/dhcpd.conf //有如下信息说明之前将模板将模板导入到配置文件成功
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 10.152.187.0 netmask 255.255.255.0 {
}
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
③修改DHCP服务器的配置文件
[root@localhost dhcp-4.2.5]# vim /etc/dhcp/dhcpd.conf
[root@localhost dhcp-4.2.5]# cat /etc/dhcp/dhcpd.conf
option domain-name "xzm.com"; //域名(可修改)
option domain-name-servers 218.85.157.99, 114.114.114.114; //DNS(可以写多个)
default-lease-time 600; //缺省租约
max-lease-time 7200; //客户端最大租约
log-facility local7; //定义日志设备载体(/var/log/boot.log输出)
subnet 192.168.126.0 netmask 255.255.255.0 { //子网+网段
range dynamic-bootp 192.168.126.150 192.168.126.200; //地址范围<地址池>
option broadcast-address 192.168.126.255; //广播地址
option routers 192.168.126.2; //网关
}
[root@localhost dhcp-4.2.5]# systemctl restart dhcpd //重启DHCP服务
[root@localhost dhcp-4.2.5]# systemctl status dhcpd //查看DHCP服务器状态
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2022-10-15 20:24:38 CST; 18s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 5197 (dhcpd)
Status: "Dispatching packets..."
Tasks: 1
CGroup: /system.slice/dhcpd.service
└─5197 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]: No subnet declaration for virbr0 (192.168.122.1).
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]: ** Ignoring requests on virbr0. If this is not what
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]: you want, please write a subnet declaration
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]: in your dhcpd.conf file for the network segment
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]: to which interface virbr0 is attached. **
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]:
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]: Listening on LPF/ens33/00:0c:29:5e:75:dd/192.16.../24
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]: Sending on LPF/ens33/00:0c:29:5e:75:dd/192.16.../24
Oct 15 20:24:38 localhost.localdomain systemd[1]: Started DHCPv4 Server Daemon.
Oct 15 20:24:38 localhost.localdomain dhcpd[5197]: Sending on Socket/fallback/fallback-net
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost dhcp-4.2.5]#
客户端的配置
//先把DHCP服务器关闭:原因是vmnet自己有一个本地的DHCP服务器-->它实现了一安装centos时就有网络进行通信。
//关闭本地DHCP服务器的实现办法:打开vm的虚拟网络编辑器-->选择vmnet8-->将“使用本地DHCP服务器将IP地址分配给虚拟机”的勾选选项取消和选择NAT模式-->点击应用+确认-->这样虚拟机上的客户端就可以优先选择虚拟机上有DHCP服务器的主机进行索取IP地址。
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=dhcp
#IPADDR=192.168.126.132
#NETMASK=255.255.255.0
#DNS1=218.85.157.99
#DNS2=114.114.114.114
#DEFROUTE=yes
NAME=ens33
DEVICE=ens33
ONBOOT=yes
[root@localhost network-scripts]# systemctl restart network //重启网络服务生效(关闭本地DHCP服务器必须成功才有效)
[root@localhost network-scripts]# ip a //查看IP发现已经正确的从服务器端的地址池上获得正确的IP地址
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:f1:c2:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.126.151/24 brd 192.168.126.255 scope global noprefixroute dynamic ens33
valid_lft 597sec preferred_lft 597sec
inet6 fe80::20c:29ff:fef1:c2e3/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:be:29:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:be:29:66 brd ff:ff:ff:ff:ff:ff
【ftp服务器搭建】
【ftp服务器搭建】
FTP (File Transfer Protocol)是一种应用非常广泛并且古老的一个互联网文件传输协议。
主要用于互联网中文件的双向传输(上传/下载)、文件共享跨平台Linux、Windows。FTP是CIS架构,拥有一个客户端和服务端,使用TCP协议作为底层传输协议,提供可靠的数据传输。
FTP的默认端口21号(命令端口)20号(数据端口)FTP有主动模式、被动模式两种工作模式,默认被动模式下FTP软件包vsftpd
//ftp服务器基础文件介绍
文件 描述
/etc/pam.d/vsftpd 安全认证
/etclvsftpd 配置文件主目录
/etc/vsftpd/ftpusers 黑名单用户列表
/etc/vsftpd/user_list 用户列表(黑白名单)
letc/vsftpd/vsftpd.conf 主配置文件
/usrlsbinlvsftpd 二进制命令
/var/ftp 匿名用户的默认数据的根目录
lvar/ftp/pub 匿名用户的默认数据目录的扩展目录
//了解配置文件
选项 描述
anonymous_enable=YES 支持匿名用户访问
local_enable=YES 支持非匿名用户访问
write_enable=YEs 支持写入
local_umask=022 反掩码
dirmessage_enable=YES 启用消息功能
xferlog_enable=YES 启用xferlog日志
connect_from _port_20=YES 支持主动模式(默认为被动模式)
xferlog_std_format=YES xferlog日志格式
listen=NO FTP服务独立模式下的监听
listen_ipv6=YES FTP服务独立模式下的监听(IPv6)
pam_service_name=vsftpd 指定认证文件
userlist_enable=YES 启用用户列表
tcp_wrappers=YES 支持tcp_wrappers功能
//修改配置文件
参数 描述
anon_upload_enable=YES 支持匿名用上传(需激活write_enable)
anon_mkdir_write_enable=YES 支持匿名用户创建目录(需激活write_enable)
anon_other_write_enable=YES 支持匿名用户删除、重命名等写操作
anon_umask=022 匿名用户创建文件的umask值
配置过程如下:
【ftp服务器搭建】
//ftp服务器端配置
[root@localhost ~]# yum -y install vsftpd.x86_64 //下载ftp服务器
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
local-yum | 3.6 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-28.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================
Package Arch Version Repository Size
========================================================================================================
Installing:
vsftpd x86_64 3.0.2-28.el7 local-yum 172 k
Transaction Summary
========================================================================================================
Install 1 Package
Total download size: 172 k
Installed size: 353 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-28.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-28.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-28.el7
Complete!
//重启服务(ftp服务器配置)
[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# systemctl restart vsftpd.service
//使用rpm -ql命令查看ftp服务器的相关配置文件
[root@localhost ~]# rpm -ql vsftpd
/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpd/user_list
/etc/vsftpd/vsftpd.conf
/etc/vsftpd/vsftpd_conf_migrate.sh
/usr/lib/systemd/system-generators/vsftpd-generator
/usr/lib/systemd/system/vsftpd.service
/usr/lib/systemd/system/vsftpd.target
/usr/lib/systemd/system/vsftpd@.service
/usr/sbin/vsftpd
/usr/share/doc/vsftpd-3.0.2
/usr/share/doc/vsftpd-3.0.2/AUDIT
/usr/share/doc/vsftpd-3.0.2/BENCHMARKS
/usr/share/doc/vsftpd-3.0.2/BUGS
/usr/share/doc/vsftpd-3.0.2/COPYING
/usr/share/doc/vsftpd-3.0.2/Changelog
/usr/share/doc/vsftpd-3.0.2/EXAMPLE
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/README
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/README.configuration
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/vsftpd.conf
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/vsftpd.xinetd
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE_NOINETD
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE_NOINETD/README
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE_NOINETD/vsftpd.conf
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/PER_IP_CONFIG
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/PER_IP_CONFIG/README
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/PER_IP_CONFIG/README.configuration
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/PER_IP_CONFIG/hosts.allow
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/README
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_HOSTS
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_HOSTS/README
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/README
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/README.configuration
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/logins.txt
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/vsftpd.conf
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/vsftpd.pam
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS_2
/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS_2/README
/usr/share/doc/vsftpd-3.0.2/FAQ
/usr/share/doc/vsftpd-3.0.2/INSTALL
/usr/share/doc/vsftpd-3.0.2/LICENSE
/usr/share/doc/vsftpd-3.0.2/README
/usr/share/doc/vsftpd-3.0.2/README.security
/usr/share/doc/vsftpd-3.0.2/REWARD
/usr/share/doc/vsftpd-3.0.2/SECURITY
/usr/share/doc/vsftpd-3.0.2/SECURITY/DESIGN
/usr/share/doc/vsftpd-3.0.2/SECURITY/IMPLEMENTATION
/usr/share/doc/vsftpd-3.0.2/SECURITY/OVERVIEW
/usr/share/doc/vsftpd-3.0.2/SECURITY/TRUST
/usr/share/doc/vsftpd-3.0.2/SIZE
/usr/share/doc/vsftpd-3.0.2/SPEED
/usr/share/doc/vsftpd-3.0.2/TODO
/usr/share/doc/vsftpd-3.0.2/TUNING
/usr/share/doc/vsftpd-3.0.2/vsftpd.xinetd
/usr/share/man/man5/vsftpd.conf.5.gz
/usr/share/man/man8/vsftpd.8.gz
/var/ftp
/var/ftp/pub
//实现ftp客户端配置
//可能是系统自动升级正在运行,yum在锁定状态中,要等待那个进程结束退出(最好使用下该命令在进行下载)
[root@localhost network-scripts]# rm -f /var/run/yum.pid
[root@localhost network-scripts]# yum -y install lftp.x86_64 //下载需要使用ftp的相关工具
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.ustc.edu.cn
* extras: mirrors.ustc.edu.cn
* updates: mirrors.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package lftp.x86_64 0:4.4.8-12.el7_8.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
lftp x86_64 4.4.8-12.el7_8.1 base 752 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 752 k
Installed size: 2.4 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/lftp-4.4.8-12.el7_8.1.x86_64.rpm:
Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for lftp-4.4.8-12.el7_8.1.x86_64.rpm is not installed
lftp-4.4.8-12.el7_8.1.x86_64.rpm | 752 kB 00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@anaconda)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : lftp-4.4.8-12.el7_8.1.x86_64 1/1
Verifying : lftp-4.4.8-12.el7_8.1.x86_64 1/1
Installed:
lftp.x86_64 0:4.4.8-12.el7_8.1
Complete!
[root@localhost ~]# lftp 192.168.126.131 //客户端通过lftp连接ftp服务器
lftp 192.168.126.131:~> //成功通过匿名连上ftp服务器
lftp 192.168.126.131:~> ls
drwxr-xr-x 2 0 0 6 Oct 13 2020 pub //pub为匿名用户的家目录
lftp 192.168.126.131:/> pwd
ftp://192.168.126.131/ //表示在ftp服务器的家目录上
//测试客户端从ftp服务器上下载文件
服务器端
[root@localhost ~]# cd /var/ftp/
[root@localhost ftp]# ls
pub
[root@localhost ftp]# echo 13 > 1.txt //ftp服务器端上写一个文件,用于客户端下载测试
[root@localhost ftp]# ls
1.txt pub
客户端
[root@localhost ~]# lftp 192.168.126.131
lftp 192.168.126.131:~> ls
-rw-r--r-- 1 0 0 3 Oct 16 08:50 1.txt
drwxr-xr-x 2 0 0 6 Oct 13 2020 pub
lftp 192.168.126.131:/> get 1.txt //客户端下载ftp服务器上1.txt文件(使用get命令)
3 bytes transferred
[root@localhost ~]# ls //与服务器断开连接后发现文件已经下载到了主机上的家目录上
1.txt Desktop Downloads Music Public Videos
anaconda-ks.cfg Documents initial-setup-ks.cfg Pictures Templates
[root@localhost ~]# cat 1.txt
13
//匿名用户登入到ftp服务器上下载文件时的默认下载路径是在登入ftp服务器时所在的路径上。(默认的下载路径)
//修改从ftp服务器上下载文件的默认路径
lftp 192.168.126.131:~> lcd /root/Desktop/1
lcd ok, local cwd=/root/Desktop/1
lftp 192.168.126.131:~> get 1.txt
3 bytes transferred
[root@localhost 1]# ll //客户端断开连接之后看见1.txt已经从ftp服务器上下载到/root/Desktop/1上
total 4
-rw-r--r--. 1 root root 3 Oct 16 16:50 1.txt
//测试客户端上传文件到ftp服务器上
//结论:匿名用户无法在ftp服务器上总结上传文件
客户端
[root@localhost 1]# echo 12 > 2.txt
[root@localhost 1]# ll
total 8
-rw-r--r--. 1 root root 3 Oct 16 16:50 1.txt
-rw-r--r--. 1 root root 3 Oct 16 17:03 2.txt
//客户端通过连接上ftp服务器上并且上传客户端的2.txt文件到ftp服务器上
[root@localhost ~]# lftp 192.168.126.131 //此时的默认下载路径为root/Desktop/1
lftp 192.168.126.131:/> put 2.txt //上传文件用put命令
put: Access failed: 550 Permission denied. (2.txt) //回显结果:权限被拒绝了
//上传文件时的权限被拒绝了的原因是:匿名用户在ftp服务器端默认(不修改配置文件时)只有下载的权限
//解决办法:通过修改配置文件能够实现匿名用户能够在ftp服务器上成功上传文件
服务器上
//让匿名用户可以实现文件的上传,首先改变文件里面的权限
//完成ftp服务器端允许anonymous的上传设置(修改主配置文件)
[root@localhost ftp]# grep -n "anon_upload_enable" /etc/vsftpd/vsftpd.conf //将该注释解除
29:anon_upload_enable=YES
//为ftp服务器用于上传时所使用的文件夹设置相应权限
[root@localhost ftp]# cd /var/ftp //进入ftp服务器所在位置
[root@localhost ftp]# mkdir -p /var/ftp/upload //在ftp服务器下(/var/ftp/)创建一个文件夹用于存放用户上传的文件
[root@localhost ftp]# ll
drwxr-xr-x. 2 root root 6 Oct 17 10:47 upload
[root@localhost ftp]# chown ftp /var/ftp/upload //修改用户主属
[root@localhost ftp]# ll
drwxr-xr-x. 2 ftp root 6 Oct 17 10:47 upload
对selinux安全进行配置
[root@localhost ftp]# setsebool -P allow_ftpd_full_access on
[root@localhost ftp]# setsebool -P tftp_home_dir on
重启服务(ftp服务器配置)
[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# systemctl restart vsftpd.service
//实现了匿名用户成功上传文件到ftp服务器端
客户端上传文件
[root@localhost ~]# lftp 192.168.126.131
lftp 192.168.126.131:~> ls
-rw-r--r-- 1 0 0 3 Oct 16 08:50 1.txt
drwxr-xr-x 2 0 0 6 Oct 13 2020 pub
drwxr-xr-x 2 14 0 6 Oct 16 13:28 upload
lftp 192.168.126.131:/> cd upload
lftp 192.168.126.131:/upload> put 2.txt
3 bytes transferred
lftp 192.168.126.131:/upload>
服务器查看文件
root@localhost ftp]# cd upload
[root@localhost upload]# ll
-rw-------. 1 ftp ftp 19 Oct 17 10:54 2.txt
【DNS服务器搭建】
【DNS服务器搭建】
前提:实现得做好本地源的搭建和相关服务的关闭。
服务器端的配置
①下载DNS服务器
//下载DNS服务器
[root@localhost ~]# yum -y install bind //bind为linux当中DNS服务器的名字
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
local-yum | 3.6 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.11.4-26.P2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================
Package Arch Version Repository Size
==============================================================================================
Installing:
bind x86_64 32:9.11.4-26.P2.el7 local-yum 2.3 M
Transaction Summary
==============================================================================================
Install 1 Package
Total download size: 2.3 M
Installed size: 5.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-9.11.4-26.P2.el7.x86_64 1/1
Verifying : 32:bind-9.11.4-26.P2.el7.x86_64 1/1
Installed:
bind.x86_64 32:9.11.4-26.P2.el7
Complete!
//查看下载好的DNS服务
[root@localhost ~]# rpm -ql bind //查看DNS服务器的配置文件
/etc/logrotate.d/named
/etc/named
/etc/named.conf //主配置文件(重要,需要修改)
/etc/named.iscdlv.key
/etc/named.rfc1912.zones //定义域文件(重要,需要修改)
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/bin/arpaname
/usr/bin/named-rrchecker
/usr/lib/python2.7/site-packages/isc
/usr/lib/python2.7/site-packages/isc-2.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/isc/__init__.py
/usr/lib/python2.7/site-packages/isc/__init__.pyc
/usr/lib/python2.7/site-packages/isc/__init__.pyo
/usr/lib/python2.7/site-packages/isc/checkds.py
/usr/lib/python2.7/site-packages/isc/checkds.pyc
/usr/lib/python2.7/site-packages/isc/checkds.pyo
/usr/lib/python2.7/site-packages/isc/coverage.py
/usr/lib/python2.7/site-packages/isc/coverage.pyc
/usr/lib/python2.7/site-packages/isc/coverage.pyo
/usr/lib/python2.7/site-packages/isc/dnskey.py
/usr/lib/python2.7/site-packages/isc/dnskey.pyc
/usr/lib/python2.7/site-packages/isc/dnskey.pyo
/usr/lib/python2.7/site-packages/isc/eventlist.py
/usr/lib/python2.7/site-packages/isc/eventlist.pyc
/usr/lib/python2.7/site-packages/isc/eventlist.pyo
/usr/lib/python2.7/site-packages/isc/keydict.py
/usr/lib/python2.7/site-packages/isc/keydict.pyc
/usr/lib/python2.7/site-packages/isc/keydict.pyo
/usr/lib/python2.7/site-packages/isc/keyevent.py
/usr/lib/python2.7/site-packages/isc/keyevent.pyc
/usr/lib/python2.7/site-packages/isc/keyevent.pyo
/usr/lib/python2.7/site-packages/isc/keymgr.py
/usr/lib/python2.7/site-packages/isc/keymgr.pyc
/usr/lib/python2.7/site-packages/isc/keymgr.pyo
/usr/lib/python2.7/site-packages/isc/keyseries.py
/usr/lib/python2.7/site-packages/isc/keyseries.pyc
/usr/lib/python2.7/site-packages/isc/keyseries.pyo
/usr/lib/python2.7/site-packages/isc/keyzone.py
/usr/lib/python2.7/site-packages/isc/keyzone.pyc
/usr/lib/python2.7/site-packages/isc/keyzone.pyo
/usr/lib/python2.7/site-packages/isc/parsetab.py
/usr/lib/python2.7/site-packages/isc/parsetab.pyc
/usr/lib/python2.7/site-packages/isc/parsetab.pyo
/usr/lib/python2.7/site-packages/isc/policy.py
/usr/lib/python2.7/site-packages/isc/policy.pyc
/usr/lib/python2.7/site-packages/isc/policy.pyo
/usr/lib/python2.7/site-packages/isc/rndc.py
/usr/lib/python2.7/site-packages/isc/rndc.pyc
/usr/lib/python2.7/site-packages/isc/rndc.pyo
/usr/lib/python2.7/site-packages/isc/utils.py
/usr/lib/python2.7/site-packages/isc/utils.pyc
/usr/lib/python2.7/site-packages/isc/utils.pyo
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-checkds
/usr/sbin/dnssec-coverage
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-importkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-keymgr
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/dnssec-verify
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf //检查配置文件(检查命令,重要)
/usr/sbin/named-checkzone //检查域文件(检查命令,重要)
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/sbin/tsig-keygen
/usr/share/doc/bind-9.11.4
/usr/share/doc/bind-9.11.4/Bv9ARM.ch01.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch02.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch03.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch04.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch05.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch06.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch07.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch08.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch09.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch10.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch11.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch12.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch13.html
/usr/share/doc/bind-9.11.4/Bv9ARM.html
/usr/share/doc/bind-9.11.4/Bv9ARM.pdf
/usr/share/doc/bind-9.11.4/CHANGES
/usr/share/doc/bind-9.11.4/README
/usr/share/doc/bind-9.11.4/isc-logo.pdf
/usr/share/doc/bind-9.11.4/man.arpaname.html
/usr/share/doc/bind-9.11.4/man.ddns-confgen.html
/usr/share/doc/bind-9.11.4/man.delv.html
/usr/share/doc/bind-9.11.4/man.dig.html
/usr/share/doc/bind-9.11.4/man.dnssec-checkds.html
/usr/share/doc/bind-9.11.4/man.dnssec-coverage.html
/usr/share/doc/bind-9.11.4/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-importkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.11.4/man.dnssec-keygen.html
/usr/share/doc/bind-9.11.4/man.dnssec-keymgr.html
/usr/share/doc/bind-9.11.4/man.dnssec-revoke.html
/usr/share/doc/bind-9.11.4/man.dnssec-settime.html
/usr/share/doc/bind-9.11.4/man.dnssec-signzone.html
/usr/share/doc/bind-9.11.4/man.dnssec-verify.html
/usr/share/doc/bind-9.11.4/man.dnstap-read.html
/usr/share/doc/bind-9.11.4/man.genrandom.html
/usr/share/doc/bind-9.11.4/man.host.html
/usr/share/doc/bind-9.11.4/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.11.4/man.lwresd.html
/usr/share/doc/bind-9.11.4/man.mdig.html
/usr/share/doc/bind-9.11.4/man.named-checkconf.html
/usr/share/doc/bind-9.11.4/man.named-checkzone.html
/usr/share/doc/bind-9.11.4/man.named-journalprint.html
/usr/share/doc/bind-9.11.4/man.named-nzd2nzf.html
/usr/share/doc/bind-9.11.4/man.named-rrchecker.html
/usr/share/doc/bind-9.11.4/man.named.conf.html
/usr/share/doc/bind-9.11.4/man.named.html
/usr/share/doc/bind-9.11.4/man.nsec3hash.html
/usr/share/doc/bind-9.11.4/man.nslookup.html
/usr/share/doc/bind-9.11.4/man.nsupdate.html
/usr/share/doc/bind-9.11.4/man.pkcs11-destroy.html
/usr/share/doc/bind-9.11.4/man.pkcs11-keygen.html
/usr/share/doc/bind-9.11.4/man.pkcs11-list.html
/usr/share/doc/bind-9.11.4/man.pkcs11-tokens.html
/usr/share/doc/bind-9.11.4/man.rndc-confgen.html
/usr/share/doc/bind-9.11.4/man.rndc.conf.html
/usr/share/doc/bind-9.11.4/man.rndc.html
/usr/share/doc/bind-9.11.4/named.conf.default
/usr/share/doc/bind-9.11.4/notes.html
/usr/share/doc/bind-9.11.4/notes.pdf
/usr/share/doc/bind-9.11.4/sample
/usr/share/doc/bind-9.11.4/sample/etc
/usr/share/doc/bind-9.11.4/sample/etc/named.conf
/usr/share/doc/bind-9.11.4/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.11.4/sample/var
/usr/share/doc/bind-9.11.4/sample/var/named
/usr/share/doc/bind-9.11.4/sample/var/named/data
/usr/share/doc/bind-9.11.4/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/named.ca
/usr/share/doc/bind-9.11.4/sample/var/named/named.empty
/usr/share/doc/bind-9.11.4/sample/var/named/named.localhost
/usr/share/doc/bind-9.11.4/sample/var/named/named.loopback
/usr/share/doc/bind-9.11.4/sample/var/named/slaves
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man1/named-rrchecker.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-checkds.8.gz
/usr/share/man/man8/dnssec-coverage.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-importkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-keymgr.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/dnssec-verify.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/usr/share/man/man8/tsig-keygen.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost //正向解析区域的模板(重要,需要修改)
/var/named/named.loopback //反向解析区域的模板(重要,需要修改)
/var/named/slaves
②修改DNS相关的四个配置文件
①修改主配置文件
[root@localhost named]# cp /etc/named.conf /etc/named.conf.bak
[root@localhost named]# vim /etc/named.conf
[root@localhost named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1;any; }; //使用53端口进行监听。加上“any;”----表示监听局域网内本地和任意所有地址,并给予反馈
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost;any; }; //加上“any;”----表示全网都所有设备都可以查找DNS服务器
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no; //no表示不需要校验(由于是我们本地自己搭建的DNS服务器,所以不需要校验)
dnssec-validation no; //no表示不需要校验
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[rootlocalhost Desktop]# ls /etc/ l grep "name" //检索文件(但不需要/建议精确简述)
hostname
named
named.conf
named.conf.bak
named.iscdlv.key
named.rfc1912.zones
named.root.key
②//修改定义域文件--正向/反向区域相关的文件(实现域名与IP地址的对应关系)
[root@localhost named]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost"; //套用该模板进行正向解析改写(需要与正向区域相关文件的文件名对应上)
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
//直接在原有模板上操作
zone "1.16.172.in-addr.arpa" IN { //修改域名(反向填写,只写网络位的原因:让域名对应多个IP地址)
type master;
file "172.16.1.zone"; //修改文件名(无特殊要求),切记一定需要与反向区域相关文件的文件名对应上
allow-update { none; };
};
zone "0.in-addr.arpa" IN { //套用该模板进行反向解析改写(需要与反向区域相关文件的文件名对应上)
type master;
file "named.empty";
allow-update { none; };
};
//套用以上的模板在末尾再添加一条
zone "xzm.com" IN { //修改域名
type master;
file "xzm.com.zone"; //修改文件名(无特殊要求),切记一定需要与正向区域相关文件的文件名对应上
allow-update { none; };
};
③//改两个模板文件
先进行备份(备份名必须与正向/反向区域相关的文件保持一致)
[root@localhost Desktop]# cd /var/named/
[root@localhost named]# ll
total 16
drwxrwx---. 2 named named 6 Oct 13 2020 data
drwxrwx---. 2 named named 6 Oct 13 2020 dynamic
-rw-r-----. 1 root named 2253 Apr 5 2018 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Oct 13 2020 slaves
//注意cp的文件名(cp完之后就可以直接修改xzm.com.zone和172.16.1.zone文件-->原因是上面我们已经将定义域文件进行修改了)
[root@localhost named]# cp -p named.localhost xzm.com.zone //cp带参数-p表示复制时将权限也一并复制过去
[root@localhost named]# cp -p named.loopback 172.16.1.zone
[root@localhost named]# ll
total 24
-rw-r-----. 1 root named 168 Dec 15 2009 172.16.1.zone
drwxrwx---. 2 named named 6 Oct 13 2020 data
drwxrwx---. 2 named named 6 Oct 13 2020 dynamic
-rw-r-----. 1 root named 2253 Apr 5 2018 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Oct 13 2020 slaves
-rw-r-----. 1 root named 152 Jun 21 2007 xzm.com.zone
//进行编辑
[root@localhost named]# vim xzm.com.zone
[root@localhost named]# vim 172.16.1.zone
//修改后的文件内容如下:
//正向解析文件:
[root@localhost named]# cat xzm.com.zone
$TTL 1D //TTL:生存值/生存周期。TTL 1D代表生存值为一天
@ IN SOA xzm.com. rname.invalid. ( //@修改成xzm.com.。原@代表当前域。在xzm.com.末尾必须加上一个点,必须要将根域名补上。
0; serial//域名后加点的原因:在公网服务器上域名末尾会主动补齐末尾点。而现在在自己的服务器上,由于没有公网服务器相关发服务所以必须加点
1D; refresh
1H; retry
1W; expire
3H ); minimum
@ NS dns.xzm.com. //将@修改成dns.xzm.com.。然后在该行首处加上@表示要写一个当前域。
dns A 192.168.126.131 //A:一个A表示是一个IPv4的地址。 192.168.126.131是本台DNS服务器所对应的IP地址
www A 172.16.1.1 //www表示要写一个阿帕奇网站之类的。 172.16.1.1是xzm.com.对应的IP地址
//实现将xzm.com.解析成172.16.1.1
//反向解析文件:
[root@localhost named]# cat 172.16.1.zone
$TTL 1D
@IN SOA xzm.com. rname.invalid. ( //xzm.com.:最后一个点表示根域名
0; serial
1D; refresh
1H; retry
1W; expire
3H ); minimum
@ NS dns.xzm.com.
dns A 192.168.126.131
1 PTR xzm.com. //PTR:反向解析。这里写主机名,域dns对应
//域名解析文件介绍:
$TTL:缓存的生存周期
@:当前域
IN:互联网
SOA:开始授权
NS:DNS服务端
A:lPv4正向记录
AAAA:lPv6正向记录
③检查命令
//检查命令
[root@localhost named]# named-checkconf /etc/named.conf
[root@localhost named]# named-checkconf /etc/named.rfc1912.zones
[root@localhost named]# named-checkzone xzm.com.zone xzm.com.zone
zone xzm.com.zone/IN: loaded serial 0
OK
[root@localhost named]# named-checkzone 172.16.1.zone 172.16.1.zone
zone 172.16.1.zone/IN: loaded serial 0
OK
④重启dns服务
[root@localhost named]# systemctl restart named
客户端配置
[root@localhost ~]# cat /etc/resolv.conf //当前整个系统里的DNS缓存
# Generated by NetworkManager
nameserver 218.85.157.99
nameserver 114.114.114.114 //下面命令是将本地DNS服务器的地址指向已搭建完成的DNS服务器地址
[root@localhost ~]# echo nameserver 192.168.126.131 > /etc/resolv.conf
[root@localhost ~]# nslookup www.xzm.com //测试DNS服务器的小工具
Server: 192.168.126.131
Address: 192.168.126.131#53
Name: www.xzm.com
Address: 172.16.1.1
[root@localhost ~]# nslookup 172.16.1.1
1.1.16.172.in-addr.arpa name = xzm.com.
//kali linux 测试:
┌──(root㉿kali)-[~]
└─# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.126.2
┌──(root㉿kali)-[~]
└─# echo nameserver 192.168.126.131 > /etc/resolv.conf
┌──(root㉿kali)-[~]
└─# nslookup www.xzm.com
Server: 192.168.126.131
Address: 192.168.126.131#53
Name: www.xzm.com
Address: 172.16.1.1
┌──(root㉿kali)-[~]
└─# nslookup 172.16.1.1
1.1.16.172.in-addr.arpa name = xzm.com.