Linux 第24天: (09月26日) 练习和作业

原创

mgdengjian 2016-09-26 22:29:43 ©著作权

文章标签 Linux 第24天 文章分类 运维

©著作权归作者所有：来自51CTO博客作者mgdengjian的原创作品，请联系作者获取转载授权，否则将追究法律责任

Linux 第24天: (09月26日) 练习和作业

cd /etc/sudoers.d
vi /etc/sudoers
#includedir /etc/sudoers.d

pwd
/etc/sudoers.d
vi sudotest
#1000 10.1.252.213=(root) /bin/cat /etc/shadow
visudo -c 检查语法
sudo cat /etc/shadow

usermod -aG wheel zhang
su - zhang
sudo cat /etc/shadow
sudo -u zhang sudo cat /etc/shadow

sudo cat /var/log/messages* /etc/shadow 安全隐患

sudoedit /etc/sudoers

sudo -l或-ll 查看授权操作和被禁止操作

systemctl is-enabled firewalld 在7版本
system disable firewalld
iptables -F
chkconfig --list iptables 在6版本
chkconfig iptables off
iptables -F

yum info bind
yum -y install bind
rpm -ql bind

cat /var/named/named.ca 13个根文件
dig +bufsize=1200 +norec @a.root-servers.net 查询13个根
dig -t NS . @114.114.114.114 查询13个根

rpm -qa "bind*"
rpm -qf `which dig`

rpm -q --scripts bind 查看脚本
~
getent passwd named

1安装bind包, 启动服务

rpm -q bind
systemctl is-enabled named 查看
systemctl enable named 启用
systemctl start named 启动
ss -ntlu

2创建zone信息

cp -p /etc/named.conf /etc/named.conf.bak
ll /etc/named.conf
netstat -ntple
ps aux|grep named
netstat -ntl

vim /etc/named.conf
options {
listen-on port 53 { localhost; };
allow-query {localhost;}; 改为any允许访问
allow-transfer {从DNS服务器IP;};
dnssec-enable no;
dnssec-validation no;

rndc reload

3 创建域

vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone";};

4 创建文件

cd /var/named
vim -o named.localhost magedu.com.zone
ctrl w 方向键
STTL 86400
magedu.com. IN SOA ns1.magedu.com. admin.magedu.com. (2016092601 1D 10M 1W 1H)
magedu.com. IN NS ns1
magedu.com. IN NS ns2
ns1 IN A 10.1.252.213
ns2 IN A 10.1.252.210
websrv IN A     10.1.252.213
websrv IN A     10.1.252.210
www     IN CNAME websrv
@       IN MX    10 mailsrv
mailsrv IN A     10.1.252.210
*       IN A     10.1.252.210
@       IN A     10.1.252.210
$GENERATE 1-254 server$ IN A 1.1.1.$
$GENERATE 1-9   server$ IN A 1.1.1.6$

chgrp named magedu.com.zone
chmod 640 magedu.com.zone

5 检查

named-checkconf
named-checkzone "magedu.com" magedu.com.zone
systemctl reload named
rndc reload 专门管理dns工具
netstat -ntlu

客户端修改

cat /etc/resolv.conf
vim /etc/resolv.conf
search magedu.com
nameserver 10.1.252.213

host www.magedu.com
host magedu.com
dig magedu.com

ipconfig /flushdns     windows清除dns缓存
ipconfig /displaydns   windows显示dns
nslookup
set querytype=ns       windows查询根dns
.

iptables -A INPUT -p udp --dport 53 -j REJECT
dig www.magedu.com 被屏蔽无结果

反向区域

vim /etc/named.rfc1912.conf
zone "1.10.in-addr.arpa" IN {
type master;
file "10.1.zone";};

vim 10.1.zone

$TTL 1D
@ IN SOA ns1.magedu.com. admin.magedu.com.(2016092601 1D 5M 3D 1D)
IN NS ns1.magedu.com.
213.252 IN PTR ns1.magedu.com.
210.252 IN PTR www.magedu.com.
1.100 IN PTR ftp.magedu.com.

named-checkconf
named-checkzone "1.10.in-addr.arpa" 10.1.zone
rndc reload

dig -t A magedu.com
dig -t NS magedu.com
dit -t PTR 213.252.1.10.in-addr.arpa
dig -x 10.1.252.213

从DNS服务器

1 装包qidong服务
service named status
service named start

2
vim /etc/named.conf
// listen-on port 53 {127.0.0.1;}; 注释掉表示所有IP
// allow-query { localhost; };     注释掉表示允许所有
allow-tranfer {none;};             不允许dns传输
allow-tranfer { IP ;};             允许某IP传输

3
vim /etc/named.frc1912.zones
zone "magedu.com" {
type slave; master {10.1.252.213;};
file "slaves/magedu.com.slave"}

4
rndc reload
cat magedu.com.slave
tail /var/log/messages

iptables -F
iptables -A INPUT -p tcp --dport 53 -j REJECT
rndc reload

named-checkconf
named-checkzone "magedu.com" magedu.com.zone

反向区域从DNS

vim /etc/named.frc1912.zones

zone "1.10.in-addr.arpa" {
type slave;
masters {10.1.252.213;};
file "slaves/10.1.slave.zone";
};

cat 10.1.slave.zone

DNS子域

vim /etc/named.rfc1912.zones
zone "game.magedu.com" IN {
type master;
file "game.magedu.com.zone";
};

vim /var/named/game.magedu.com.zone
named-checkconf
named-checkzone "game.magedu.com" game.mageu.com.zone

vim /etc/named/magedu.com.zone
study IN NS ns1.study.magedu.com
ns1.study IN A 10.1.249.86
www.game IN A 1.1.1.1
www.sports IN A 2.2.2.2

dig www.game.magedu.com @10.1.252.213
dig -t NS study.magedu.com @10.1.252.213

dig -t NS . @114.114.114.114 > named.ca 建立根文件
cat named.ca

dig +trace www.magedu.com 跟踪网站查询dns

host www.magedu.com

rndc retransfer 手动传送不管序列号
rndc querylog 日志功能开启关闭
rndc status

yum -y install bind bind-chroot
systemctl start named
cd /var/named/chroot/etc/named
ll named.conf
vim named.conf
// allow-query { localhost; }; 注释掉

建立根dns

cd /etc/yum.repos.d/
scp 10.1.249.86:/etc/yum.repos.d/base.repo .
[base]
baseurl=http://10.1.0.1/cobbler/ks_mirror/7
gpgcheck=0

yum -y install bind

iptables -F

systemctl status named

vim /etc/named.conf

dnssec-enable no;
dnssec-validation no;

//zone "." IN {
//type hint;
//file "named.ca";
//};
zone"." IN {
type master;
file "root.zone";
};

cd /var/named/
vim root.zone
$TTL 1D
@ IN SOA dns1. admin.magedu.com. (2016092601 1D 5M 1W 1D )
IN NS dns1
dns1 IN A 10.1.252.60
com IN NS comdns1.
comdns1 IN A 10.1.249.86

systemctl restart named

建立com

vim /etc/named.conf

dnssec-enable yes;
dnssec-validation yes;

vim /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 10.1.252.60

scp /var/named/named.ca 10.1.252.210:/var/name
ll /var/named/named.ca

vi /etc/named.rfc1912.zones

dnssec-enable no;
dnssec-validation no;

zone "com" {
type master;
file "com.zone";
};

cd /var/named/
mv study.magedu.com.zone com.zone
vim com.zone

@ IN SOA ns1.com. admin.magedu.com. (2016092606 10 10M 1W 1H)
@ IN NS ns1
ns1 IN A 10.1.249.86
magedu IN NS magedns
magedns IN A 10.1.252.213

systemctl restart named
cat named.ca
scp named.ca 10.1.252.213:/var/name

dig www.magedu.com @127.0.0.1
ll /var/named/named.ca

客户端

dig www.magedu.com @10.1.249.86
dig +trace www.magedu.com @10.1.252.210
dig -t soa. @10.1.252.210

建立magedu.com

yum -y install bind-chroot

cd /var/named/chroot/var/named/
cd /var/named/chroot/etc/

vim /etc/sysconfig/named

ll /var/named/chroot/etc/named.conf /etc/name.conf -i

rpm -q --scripts bind-chroot
mount

设置dns

vim /etc/named.conf
dnssec-enable no;
dnssec-validation no;

vim /etc/named.rfc1912.zones
zone "magedu.com"{
type master;
file "magedu.com.zone";
};

cd /var/named
vim magedu.com.zone
$TTL 1D
@ IN SOA ns1.magedu.com. adm.magedu.com. (1 1D 5M 1W 1H )
NS ns1
ns1 A 10.1.252.210
www CNAME 6.6.6.6

chgrp named magedu.com.zone
chmod 640 magedu.com.zone
named-checkconf
named-checkzone "magedu.com" magedu.com.zone
service named restart
dig www.magedu.com @10.1.252.210

设置转发dns

cd /etc/yum.repos.d/
vim base.repo
[base]
baseurl=http://10.1.0.1/cobbler/ks_mirror/7
gpgcheck=0

yum -y install bind
systemctl enable named 设为开机启动
systemctl start named 启动服务

vim /etc/named.conf
// listen-on port 53 { 127.0.0.1 }; 注释掉
// allow-query { localhost; }; 注释掉
forward only;
forwarders {10.1.252.210;};
iptables -F
systemctl restart named
dig www.magedu.com @10.1.252.210

特区转发dns

vim /etc/named.rfc1912.zones
zone "qq.com"
type forward;
forward only;
forwarders {10.1.252.168;};

vim /etc/named.rfc1912.zones
zone "taobao.com"
type master;
file "taobao.com.zone";

nslookup windows查询dns缓存服务器
set querytype=soa
baidu.com

区域转发dns

vim /etc/named.conf

acl beijingnet {
10.1.249.0/24;
};
acl shanghainet {
10.1.252.0/24;
};
acl othernet {
any;
};

view shanghaiview {
match-clients {shanghainet;};
zone "magedu.com" {
type master;
file "magedu.com.sh.zone";
};
};
view beijingview {
match-clients {beijingnet;};
zone "beijing.com" {
type master;
file "magedu.com.bj.zone"
};
};
view otherview {
match-clients {othernet;};
include "/etc/named.rfc1912.zones";
};

从 /etc/named.conf 转移
到 /etc/named.rfc1912.zones
zone "." IN {
type hint;
file "named.ca";
};

cd /var/named
cp magedu.com.zone magedu.com.bj.zone
vim magedu.com.bj.zone
websrv IN A 1.1.1.1
cp magedu.com.zone magedu.com.sh.zone
websrv IN A 2.2.2.2

chgrp named megadu.com.*
service named restart

编译安装

get bind-9.10.1-P1.tar.gz
bye
tar xvf bind-9.10.1-P1.tar.gz
cd bind-9.10.1-P1/
yum grouplist
./configure --help
ls /usr/local/
./configure --prefix=/usr/local/bind9
--sysconfdir=/etc/bind9
--without-openssl
du -sh.
make
du -sh.
ss -ntul
systemctl stop named
make install
cd /usr/local/
ls
ll /etc/named
ll /etc/bin
ll /etc/bind9
getent group named

vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
ONBOOT=yes
systemctl start network
cd /etc/yum.repos.d/
ls
rm -f *
vim base.repo
baseurl=http://10.1.0.1/cobbler/ks_mirror/7
gpgcheck=0
yum -y install lftp
yum -y groupinstall "Development Tools"
cd /var/named 目录不存在
getent passwd named 帐号不存在
groupadd named -r
useradd -r -g named named

lftp 10.1.0.1
cd pub/Sources/sources/bind/
get bind9-9.10.1-P1.tar.gz
bye
ls
tar xf bind-9.10.1-P1.tar.gz
cd bind-9.10.1-P1/
ls
./configure --prefix=/usr/local/bind9
--sysconfdir=/etc/bind9
--without-openssl
make;make install
cd
ll /var/named 目录不存在
cd /usr/local/bind9/
ls
pwd
cd bin
ls
cd ../sbin
echo $PATH
vi /etc/profiled.d/bind.sh
export PATH=$PATH:/usr/localbind9/bin:/usr/local/bind9/sbin
一个服务器端一个客户端
. /etc/profile.d/bind.sh

cd/etc/ld.so.conf.d/
vim bind.conf 建立动态库
/usr/local/bind9/lib
ldconfig
cd -
ls
cd ..
cd include/
ls
cd bind9/
ls
cd ..
pwd
ln -sv /usr/local/bind9/include/ /usr/include/bind9
ll /usr/include/bind9

vim /etc/man_db.conf
MANDATORY_MANPATH /usr/local/bind9/share/man

man namd
mandb

vim /etc/bind9/named.conf
options {
dierctory "/var/named";
};
zone "." IN {
type hint;
file "root.zone";
};

mkdir /var/named
ll -d /var/named
chgrp named /var/named
chmod 750 /var/named
ll -d /var/named
cd /var/named
dig -t NS . @114.114.114.114
dig -t NS . @114.114.114.114 > /var/named/root.zone
chgrp named root.zone
chmod 640 root.zone

建立子域

vim /etc/bind9/namd.conf
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};

vim magedu.com.zone
$TTL 1D
@ IN SOA ns1.magedu.com. adm.magedu.com (1 1D 19M 1D 1D)
@ IN NS ns1
ns1 A 10.1.252.167
www A 6.6.6.6

cd /usr/local/bind9/sbin/
named -h
named -f -g -u named
ps aux |grep named
iptalbes -F
dig www.magedu.com @10.1.252.167

echo $PATH
./ec/rofe
. /etc/profile.d/bind.sh
echo $PATH
named-checkconf

named -f -g -u named -d 3 调整debug级别
dig -t NS magedu.com @x.x.x.x

named -u named 后台执行
ps aux }grep named
killall named

rndc status
rndc-confgen 建立rndc工具
rndc-confgen > rndc.conf
tail rndc.conf >> named.conf
killall -l named 重读配置文件
rndc status
rndc querylog
ll rndc.conf
chmod 640 *
chgrp named *

cd
cd bin
cd bind-9.10.1-P1/
cd contrib/
cd queryperf/
ls
./configure
make
makeinstall 或
cp queryperf /usr/local/bind9/bin
queryperf --help

cd
vim testdns
www.magedu.com A
magedu.com NS
magedu.com SOA

:1,$y 复制全部行
p 粘贴

ll -h testdns
wc -l testdns

queryperf -d /root/testdns

scp queryperf 10.1.200.200:/root/bin
mv bin qp
cd
ls
scp testdns 10.1.200.200:/root/bin
./qp -d bin
cd bin
cd contrib/
scp -r queryperf/ 10.1.252.210:/root/

iptables -F
yum groupinstall "Development Tools"

scp testdin 10.1.252.210:/root/
./queryperf -d /root/testdns -s 10.1.252.167