######################################################

#############第十单元.selinux的初级管理##################

######################################################

1.什么时selinux

selinux,内核级加强型防火墙


2.如何管理selinux级别

selinux开启或者关闭)

vim /etc/sysconfig/selinux

selinux=disabled ##关闭状态

selinux=Enforcing ##强制状态

selinux=Permissive ##警告状态


getenforce ##查看状态

当selinux开启时

setenforce 0|1 ##更改selinux运行级别


3.如何更改文件安全上下文(标签)

如果文件的安全上下文与服务不匹配,则看不到文件

临时更改)

chcon -t 安全上下文 文件

chcon -t public_content_t /publicftp -R


实例:

[root@server7 mnt]# chcon -t public_content_t /var/ftp/pub/ -R


永久更改)

semanage fcontext -l ##列出内核安全上下文列表内容

semanage fcontext -a -t public_content_t '/publicftp(/.*)?'

restorecon -FvvR /publicftp/


实例:

做此实验时,接上面

[root@server7 ~]# lftp 172.25.7.11

lftp 172.25.7.11:~> ls

lftp 172.25.7.11:/> ls           

lftp 172.25.7.11:/> quit

[root@server7 ~]# semanage fcontext -a -t public_content_t '/ftpdir(/.*)?'

[root@server7 ~]# semanage fcontext -l | grep ftpdir

/ftpdir(/.*)?                                      all files          system_u:object_r:public_content_t:s0 

/tftpboot                                          directory          system_u:object_r:tftpdir_t:s0 

/tftpboot/.*                                       all files          system_u:object_r:tftpdir_t:s0 

/var/lib/tftpboot(/.*)?                            all files          system_u:object_r:tftpdir_rw_t:s0 

[root@server7 ~]# lftp 172.25.7.11

lftp 172.25.7.11:~> ls

lftp 172.25.7.11:/> quit             

[root@server7 ~]# restorecon -RvvF /ftpdir/

restorecon reset /ftpdir/lzt3/lzt3file context system_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

[root@server7 ~]# lftp 172.25.7.11

lftp 172.25.7.11:~> ls

drwxr-xr-x    3 0        0              29 Nov 19 01:25 lzt1

drwxr-xr-x    3 0        0              29 Nov 19 01:34 lzt2

drwxr-xr-x    2 0        0              21 Nov 13 07:44 lzt3

lftp 172.25.7.11:/> quit



4.如何控制selinux对服务功能的开关

getsebool -a | grep 服务名称

getsebool -a | grep ftp

setsebool -P 功能bool值 on|off

setsebool -P ftpd_anon_write on ##此处-P表示永久性,注意P为大写


chcon -t public_content_rw_t /var/ftp/pub/ ##修改/var/ftp/pub的标签为public_content_rw_t(rw表示可写)

实例:

[root@server7 ~]# lftp 172.25.7.11

lftp 172.25.7.11:~> ls

drwxrwxr-x    2 0        50             17 Nov 19 02:55 pub

lftp 172.25.7.11:/> cd pub/

lftp 172.25.7.11:/pub> ls

-rw-r--r--    1 0        0               0 Nov 19 02:55 file

lftp 172.25.7.11:/pub> put /etc/passwd

put: Access failed: 553 Could not create file. (passwd)

lftp 172.25.7.11:/pub> quit

[root@server7 ~]# chcon -t public_content_rw_t /var/ftp/pub

[root@server7 ~]# lftp 172.25.7.11

lftp 172.25.7.11:~> ls

drwxrwxr-x    2 0        50             17 Nov 19 02:55 pub

lftp 172.25.7.11:/> cd pub/

lftp 172.25.7.11:/pub> ls

-rw-r--r--    1 0        0               0 Nov 19 02:55 file

lftp 172.25.7.11:/pub> put /etc/passwd

put: Access failed: 553 Could not create file. (passwd)

lftp 172.25.7.11:/pub> quit

[root@server7 ~]# setenforce 0 ##将selinux设置成为警告模式

[root@server7 ~]# lftp 172.25.7.11

lftp 172.25.7.11:~> cd pub/

lftp 172.25.7.11:/pub> put /etc/passwd

2079 bytes transferred

lftp 172.25.7.11:/pub> quit

[root@server7 ~]# getsebool -a | grep ftp

ftp_home_dir --> off

ftpd_anon_write --> off

ftpd_connect_all_unreserved --> off

ftpd_connect_db --> off

ftpd_full_access --> off

[root@server7 ~]# setsebool -P ftpd_anon_write on 

[root@server7 ~]# getsebool -a | grep ftp

ftp_home_dir --> off

ftpd_anon_write --> on

ftpd_connect_all_unreserved --> off

ftpd_connect_db --> off

ftpd_full_access --> off

[root@server7 ~]# lftp 172.25.7.11

lftp 172.25.7.11:~> ls

drwxrwxr-x    2 0        50             30 Nov 19 03:40 pub

lftp 172.25.7.11:/pub> put /etc/group

874 bytes transferred

lftp 172.25.7.11:/pub> ls

-rw-r--r--    1 0        0               0 Nov 19 02:55 file

-rw-------    1 14       50            874 Nov 19 03:49 group

-rw-------    1 14       50           2079 Nov 19 03:40 passwd

lftp 172.25.7.11:/pub> quit



5.监控selinux的错误信息

setroubleshoot-server



#########################################

##############第十一单元.系统恢复########

#########################################

1.系统启动流程

通电

  ||

bios(主板上的只读存储中,basic input or output system)

作用,硬件检测,激活硬件

||

grub系统引导(grub引导分为两个阶段)

1)阶段1 mbr(主引导记录)主引导记录在硬盘上的0磁道,一扇区,446个字节

*)dd if=/dev/zero of=/dev/vda bs=446 count=1 可以清空mbr

*)进入到挽救模式,执行chroot /mnt/sysimage切换到真实/环境,

   并执行grub2-install /dev/vda

   然后执行两次exit

   再选择从硬盘启动

2)阶段2 grub文件引导阶段

   找到/boot分区

   读取/boot/grub2/grub.cfg

   文件丢失,没有重启之前,执行:grub2-mkconfig >/boot/grub2/grub.cfg


@@@!!! 情况一(trouble test2,trouble test3的第二步):删除了/boot/grub2/grub.cfg 即,执行 rm -fr /boot/grub2/grub.cfg

 (若执行了reboot,则,选择从网卡或者光盘启动,然后执行:

grub> set root='hd0,msdos1'

grub> linux16 /boot/vmlinuz-3.10.0-123. el7.x86_64 ro root=/dev/vda1

grub> initrd16 /boot/initramfs-3.10.0-123.el7.x86_64.img

grub> boot

然后选择从硬盘启动

)

||

启动内核,只读挂载/设备

检测设备

对设备驱动进行初始化

进入系统初始化阶段

内核丢失,从新安装内核安装包就可以解决

rpm -ivh kernel-xxxxx.rpm --force


@@@!!!情况二(trouble test3的第一步): 删除了/boot/vmlinuz-3.10.0-123. el7.x86_64

(若执行了reboot,则,选择从网卡或者光盘启动,然后执行:

bash-4.2# chroot /mnt/sysimage

bash-4.2# cd /mnt

bash-4.2# lftp 172.25.254.250

lftp 172.25.254.250:/> cd pub/rhel7.0/Packages

lftp 172.25.254.250: cd pub/rhel7.0/Packages/> get kernel-3.10.0-123.el7.x86_64.rpm

lftp 172.25.254.250: cd pub/rhel7.0/Packages/> quit

bash-4.2# rpm2cpio kernel-3.10.0-123.el7.x86_64.rpm  |  cpio -id

bash-4.2# cd boot/

bash-4.2# cp vmlinuz-3.10.0-123. el7.x86_64  /boot

bash-4.2# exit

bash-4.2# exit

然后选择从硬盘启动

)

 

||

系统初始化阶段

系统初始化阶段加载initrd镜像

开启初始化进程systemd

开始selinux

加载内核参数

初始化系统时钟,键盘,主机名称

重新读写挂载/设备

激活raid,lvm

激活配额

启动multi-user.target.wants中的所有服务

服务列表:

runlever0.target -> poweroff.target

runlever1.target -> rescue.target

runlever2.target -> multi-user.target

runlever3.target -> multi-user.target

runlever4.target -> multi-user.target

runlever5.target -> grapical.target

runlever6.target -> reboot.target


设定启动级别

systemctl set-default + 启动级别

/etc/systemd/system/default.target


@@重启示例(trouble test6):

[root@localhost ~]# rm -fr /etc/systemd/system/default.target

[root@localhost ~]# ln -s /usr/lib/systemd/system/reboot.target /etc/systemd/system/default.target

[root@localhost ~]# reboot

(在进入到默认启动页面时,按‘e’进入编辑页面,只修改

fi

linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=9bf...-848e-..883d1 rw rd.break 然后按'ctrl+x'进入新的编辑环境


switch_root:/# chroot /sysroot/

sh-4.2# rm -fr /etc/systemd/system/default.target

sh-4.2# ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target

sh-4.2# exit

switch_root:/# exit 接着会继续进入启动页面,虚拟机启动

)


开启虚拟控制台

启动图形

initramfs-`uname -r`.img的使用:

mkinitrd /boot/initramfs-`uname -r`.img `uname -r` 或

mkinitrd /boot/initramfs-$(uname -r).img $(uname -r) 进行恢复


@@@!!!情况三:删除了/boot/initramfs-3.10.0-123.el7.x86_64.img 即,rm -fr /boot/initramfs-3.10.0-123.el7.x86_64.img 

(然后执行 reboot,选择从网卡或光盘启动:

bash-4.2# chroot /mnt/sysimage

bash-4.2# cd /boot/

bash-4.2# mkinitrd /boot/initramfs-$(uname -r).img $(uname -r)

bash-4.2# exit

bash-4.2# exit

然后选择从硬盘启动

)



@@@!!!情况四(trouble test4):删除了/boot分区,即,rm -fr /boot

(然后执行reboot,选择从网卡或光盘启动:

bash-4.2# chroot /mnt/sysimage/ 

bash-4.2# cd /boot/

bash-4.2# ls

bash-4.2# mkinitrd /boot/initramfs-$(uname -r).img $(uname -r)

bash-4.2# cd /boot/

bash-4.2# grub2-install /dev/vda

bash-4.2# cd grub2/

bash-4.2# ls

bash-4.2# cd /

bash-4.2# rpm -ivh kernel-3.10.0-123.el7.x86_64.rpm --force

bash-4.2# cd /boot/grub2

bash-4.2# grub2-mkconfig > grub.cfg

bash-4.2# exit

bash-4.2# exit

然后选择从硬盘启动)

@@@!!!注意:如若rpm的数据库发生错误,则,执行:

bash-4.2# cd /var/lib/rpm

bash-4.2# rm -fr _*

bash-4.2# rpmdb --rebuilddb

然后接着执行:rpm -ivh kernel-3.10.0-123.el7.x86_64.rpm --force 直至结束)



修改了超级用户密码(忘记)/忘记超级用户密码,重启后:

(在进入到默认启动页面时,按‘e’进入编辑页面,只修改

fi

linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=9bf...-848e-..883d1 rw rd.break 然后按'ctrl+x'进入新的编辑环境


switch_root:/# chroot /sysroot/

bash-4.2# passwd   ##修改新密码

bash-4.2# touch /.autorelabel ##/.autorelabel此文件是让selinux重新读取已加载过的配置文件

bash-4.2# exit

switch_root:/# exit

)


下载trouble.rpm包:


然后执行:

ipm -ivh trouble-1.0-1.el7.x86_64.rpm

执行完后就可以使用trouble命令了。

例如: trouble test2


trouble练习:

@@test1:

(在进入到默认启动页面时,按‘e’进入编辑页面,只修改

fi

linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=9bf...-848e-..883d1 rw rd.break 然后按'ctrl+x'进入新的编辑环境


switch_root:/# chroot /sysroot/

bash-4.2# passwd   ##修改新密码

bash-4.2# touch /.autorelabel ##/.autorelabel此文件是让selinux重新读取已加载过的配置文件

bash-4.2# exit

switch_root:/# exit

)

@@test2:

(选择从网卡或者光盘启动,然后执行:

grub> set root='hd0,msdos1'

grub> linux16 /boot/vmlinuz-3.10.0-123. el7.x86_64 ro root=/dev/vda1

grub> initrd16 /boot/initramfs-3.10.0-123.el7.x86_64.img

grub> boot

然后选择从硬盘启动

)

@@test3:

第一步  (选择从网卡或者光盘启动,然后执行:

bash-4.2# chroot /mnt/sysimage

bash-4.2# cd /mnt

bash-4.2# rpm2cpio kernel-3.10.0-123.el7.x86_64.rpm  |  cpio -id

bash-4.2# cd boot/

bash-4.2# cp vmlinuz-3.10.0-123. el7.x86_64  /boot

bash-4.2# exit

bash-4.2# exit

然后选择从硬盘启动


第二步 

grub> set root='hd0,msdos1'

grub> linux16 /boot/vmlinuz-3.10.0-123. el7.x86_64 ro root=/dev/vda1

grub> initrd16 /boot/initramfs-3.10.0-123.el7.x86_64.img

grub> boot

)


@@test4:

(选择从网卡或光盘启动:

bash-4.2# chroot /mnt/sysimage/ 

bash-4.2# cd /boot/

bash-4.2# ls

bash-4.2# mkinitrd /boot/initramfs-$(uname -r).img $(uname -r)

bash-4.2# cd /boot/

bash-4.2# grub2-install /dev/vda

bash-4.2# cd grub2/

bash-4.2# ls

bash-4.2# cd /

bash-4.2# rpm -ivh kernel-3.10.0-123.el7.x86_64.rpm --force

bash-4.2# cd /boot/grub2

bash-4.2# grub2-mkconfig > grub.cfg

bash-4.2# exit

bash-4.2# exit

然后选择从硬盘启动)


@@test5:

(选择从网卡或光盘启动:

sh-4.2# chroot /mnt/sysimage/

报错信息:failed to run command /bin/bash:No such file or dirrectory

sh-4.2# cp /bin/bash /mnt/sysimage/bin/bash

sh-4.2# boot

然后选择从硬盘启动)


@@test6:

(在进入到默认启动页面时,按‘e’进入编辑页面,只修改

fi

linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=9bf...-848e-..883d1 rw rd.break 然后按'ctrl+x'进入新的编辑环境


switch_root:/# chroot /sysroot/

sh-4.2# rm -fr /etc/systemd/system/default.target

sh-4.2# ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target

sh-4.2# exit

switch_root:/# exit 接着会继续进入启动页面,虚拟机启动

)




#############dns高速缓存#########

第一步(服务配置):

修改server主机ip为172.25.254.107  (作为dns服务器端)

修改server主机ip为172.25.254.207  (作为dns客户端)


两台主机同时做:

修改yum源为http://172.25.254.250/rhel7

yum install bind -y

systemctl status named

systemctl start named

systemctl enable named


server主机:

firewall-cmd --permanent --add-service=dns

firewall-cmd --reload

vim /etc/named.conf

修改内容为:

行数 内容

11         listen-on port 53 { any; }; ##设定端口开放,any表示所有interface都开

17         allow-query     { any; }; ##回答所有人的问题

18         forwarders      { 172.25.254.250; }; ##缓存谁的答案

32         dnssec-validation no; ##表示不发布dns表


desktop主机:

vim /etc/resolv.conf

添加内容为:

nameserver 172.25.254.107 ##在第三行添加

然后进行测试,如:

dig www.xxx.com

示例:

[root@client-dns ~]# dig www.qq.com


; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.qq.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26942

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.qq.com. IN A


;; ANSWER SECTION:

www.qq.com. 300 IN A 113.142.21.81


;; AUTHORITY SECTION:

www.qq.com. 83653 IN NS ns-cnc1.qq.com.

www.qq.com. 83653 IN NS ns-tel1.qq.com.

www.qq.com. 83653 IN NS ns-os1.qq.com.

www.qq.com. 83653 IN NS ns-cmn1.qq.com.


;; ADDITIONAL SECTION:

ns-cmn1.qq.com. 2939 IN A 183.232.120.59

ns-cmn1.qq.com. 2939 IN A 182.254.16.102

ns-cmn1.qq.com. 2939 IN A 182.254.111.100


;; Query time: 53 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 01:53:10 EST 2016

;; MSG SIZE  rcvd: 190


第二步(正向解析,规范名称-CNAME):

配置(server主机):

修改/etc/named.conf文件的内容:

删除第18行,即,删除 forwarders      { 172.25.254.250; };

退出保存

vim /etc/named.rfc1912.zones

修改内容为:

在第25行添加内容为:

 25 zone "westos.com" IN {

 26         type master;

 27         file "westos.com.zone";

 28         allow-update { none; };

 29 };

 30 

退出保存,然后执行:

cd /var/named

cp -p named.localhost westos.com.zone ##一定要加-p,-p的作用是权限

vim /var/named/westos.com.zone

修改文件/var/named/westos.com.zone内容为:

(!!!@@@注意:修改此文件时一定要注意“.”的存在,若不带"."则系统自动往后面添加.westos.com)

  1 $TTL 1D

  2 @       IN SOA  dns.westos.com. root.westos.com. (注意“.”) (

  3                                         0       ; serial

  4                                         1D      ; refresh

  5                                         1H      ; retry

  6                                         1W      ; expire

  7                                         3H )    ; minimum

  8                 NS      dns.westos.com.(注意“.”)

  9 dns             A       172.25.254.107

 10 www             A       172.25.254.108

 11                 AAAA    ::1

 12 bbs             CNAME   www.westos.com.

 13 westos.com.     MX 1    172.25.254.107. ##发送邮件的地址

退出保存后,执行:

systemctl restart named


测试(desktop主机):

[root@client-dns ~]# dig www.westos.com


;www.westos.com. IN A


;; ANSWER SECTION:

www.westos.com. 86400 IN A 172.25.254.108


;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.


;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.107


;; Query time: 2 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 02:26:03 EST 2016

;; MSG SIZE  rcvd: 93


[root@client-dns ~]# dig bbs.westos.com


;bbs.westos.com. IN A


;; ANSWER SECTION:

bbs.westos.com. 86400 IN CNAME www.westos.com.

www.westos.com. 86400 IN A 172.25.254.108


;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.


;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.107


;; Query time: 2 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 02:54:42 EST 2016

;; MSG SIZE  rcvd: 111


第三步(反向解析):

vim /etc/named.rfc1912.zones

编写/etc/named.rfc1912.zones文件内容:

在第43行添加:

 43 zone "254.25.172.in-addr.arpa" IN {

 44         type master;

 45         file "westos.com.ptr";

 46         allow-update { none; };

 47 };

退出保存后

cd /var/named

cp -p named.loopback westos.com.ptr

vim westos.com.ptr

内容为:

  1 $TTL 1D

  2 @       IN SOA  dns.westos.com. root.westos.com. (

  3                                         0       ; serial

  4                                         1D      ; refresh

  5                                         1H      ; retry

  6                                         1W      ; expire

  7                                         3H )    ; minimum

  8         NS      dns.westos.com.

  9         A       172.25.254.107

 10         AAAA    ::1

 11 111     PTR     www.westos.com.

 12 110     PTR     www.lover.com.

退出保存后,执行:

systemctl restart named


测试(desktop主机):

使用命令: dig -x 172.25.254.110 (ip值)


[root@client-dns ~]# dig -x 172.25.254.110


;110.254.25.172.in-addr.arpa. IN PTR


;; ANSWER SECTION:

110.254.25.172.in-addr.arpa. 86400 IN PTR www.lover.com.


;; AUTHORITY SECTION:

254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.


;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.107


;; Query time: 2 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 03:09:51 EST 2016

;; MSG SIZE  rcvd: 124


[root@client-dns ~]# dig -x 172.25.254.111


;111.254.25.172.in-addr.arpa. IN PTR


;; ANSWER SECTION:

111.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com.


;; AUTHORITY SECTION:

254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.


;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.107


;; Query time: 2 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 03:09:57 EST 2016

;; MSG SIZE  rcvd: 118


第四步(双向解析):

配置/etc/named.conf文件,如下:

50 /*zone "." IN {

 51         type hint;

 52         file "named.ca";

 53 };

 54 

 55 include "/etc/named.rfc1912.zones";

 56 include "/etc/named.root.key";

 57 */

 58 view localnet {

 59         match-clients { 172.25.254.107; };

 60         zone "." IN {

 61         type hint;

 62         file "named.ca";

 63 };

 64 include "/etc/named.rfc1912.zones";

 65 };

 66 

 67 

 68 view internet {

 69         match-clients { any; };

 70         zone "." IN {

 71         type hint;

 72         file "named.ca";

 73 };

 74 include "/etc/named.rfc1912.zones.inter";

 75 };

退出保存


cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter

vim /etc/named.rfc1912.zones.inter

内容为:

 25 zone "westos.com" IN {

 26         type master;

 27         file "westos.com.inter";

 28         allow-update { none; };

 29 };

 30 


 43 zone "254.25.172.in-addr.arpa" IN {

 44         type master;

 45         file "westos.com.ptr.inter";

 46         allow-update { none; };

退出保存


cp -p /var/named/westos.com.zone /var/named/westos.com.inter

vim /etc/named/westos.com.inter

修改内容为:

  8                 NS      dns.westos.com.

  9 dns             A       172.25.0.107

 10 www             A       172.25.0.108

 11                 AAAA    ::1

 12 bbs             CNAME   www.westos.com.

 13 westos.com.     MX 1    172.25.0.207.

退出保存


cp -p /var/named/westos.com.ptr /var/named/westos.com.ptr.inter

vim /var/named/westos.com.ptr.inter

修改内容为:

  8         NS      dns.westos.com.

  9         A       172.25.254.107

 10         AAAA    ::1

 11 111     PTR     www.force.com.

 12 110     PTR     www.250.com.

退出保存


然后执行:

systemctl restart named

按照上述顺序,在此处重启服务正常,若想在配置完/etc/named.conf文件后,立即restart服务,则需要把上述顺序颠倒


测试一(server主机):


@@@注意:若出现不匹配现象,则需要修改/etc/resolv.conf 文件,文件内容修改为:

nameserver 172.25.254.107 ##在第三行添加


[root@dns-server named]# dig -x 172.25.254.110


;110.254.25.172.in-addr.arpa. IN PTR


;; ANSWER SECTION:

110.254.25.172.in-addr.arpa. 86400 IN PTR www.lover.com.


;; AUTHORITY SECTION:

254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.


;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.107


;; Query time: 2 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 04:04:21 EST 2016

;; MSG SIZE  rcvd: 124


[root@dns-server ~]# dig www.westos.com


;www.westos.com. IN A


;; ANSWER SECTION:

www.westos.com. 86400 IN A 172.25.254.108


;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.


;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.107


;; Query time: 1 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 04:00:23 EST 2016

;; MSG SIZE  rcvd: 93



测试二(desktop主机):

[root@client-dns ~]# dig www.westos.com


;www.westos.com. IN A


;; ANSWER SECTION:

www.westos.com. 86400 IN A 172.25.0.108


;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.


;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.0.107


;; Query time: 2 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 04:00:02 EST 2016

;; MSG SIZE  rcvd: 93



[root@client-dns ~]# dig -x 172.25.254.110


;110.254.25.172.in-addr.arpa. IN PTR


;; ANSWER SECTION:

110.254.25.172.in-addr.arpa. 86400 IN PTR www.250.com.


;; AUTHORITY SECTION:

254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.


;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.0.107


;; Query time: 1 msec

;; SERVER: 172.25.254.107#53(172.25.254.107)

;; WHEN: Sun Nov 20 04:04:38 EST 2016

;; MSG SIZE  rcvd: 122