Linux 第24天: (09月26日) 練習和做業

Linux 第24天: (09月26日) 練習和做業

 

 

cd /etc/sudoers.d
vi /etc/sudoers
#includedir /etc/sudoers.d

pwd
/etc/sudoers.d
vi sudotest
#1000 10.1.252.213=(root) /bin/cat /etc/shadow
visudo -c 檢查語法
sudo cat /etc/shadow

usermod -aG wheel zhang
su - zhang
sudo cat /etc/shadow
sudo -u zhang sudo cat /etc/shadow

sudo cat /var/log/messages* /etc/shadow 安全隱患

sudoedit /etc/sudoers

sudo -l或-ll 查看受權操做和被禁止操做

systemctl is-enabled firewalld   在7版本
system disable firewalld
iptables -F
chkconfig --list iptables        在6版本
chkconfig iptables off
iptables -F

yum info bind
yum -y install bind
rpm -ql bind

cat /var/named/named.ca     13個根文件
dig +bufsize=1200 +norec @a.root-servers.net 查詢13個根
dig -t NS . @114.114.114.114 查詢13個根

rpm -qa "bind*"
rpm -qf `which dig`

rpm -q --scripts bind 查看腳本
~
getent passwd named

 

 

1安裝bind包, 啓動服務

rpm -q bind
systemctl is-enabled named 查看
systemctl enable named     啓用
systemctl start named      啓動
ss -ntlu

 

 

2建立zone信息

cp -p /etc/named.conf /etc/named.conf.bak
ll /etc/named.conf
netstat -ntple
ps aux|grep named
netstat -ntl

vim /etc/named.conf
options {
listen-on port 53 { localhost; };
allow-query {localhost;}; 改成any容許訪問
allow-transfer {從DNS服務器IP;};
dnssec-enable no;
dnssec-validation no;

rndc reload

 

3 建立域

vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone";};

 

4 建立文件

cd /var/named
vim -o named.localhost magedu.com.zone
ctrl w 方向鍵
STTL 86400
magedu.com.  IN SOA ns1.magedu.com. admin.magedu.com. (2016092601 1D 10M 1W 1H)
magedu.com.  IN NS  ns1
magedu.com.  IN NS  ns2
ns1 IN A 10.1.252.213
ns2 IN A 10.1.252.210
websrv  IN A     10.1.252.213
websrv  IN A     10.1.252.210
www     IN CNAME websrv
@       IN MX    10 mailsrv
mailsrv IN A     10.1.252.210
*       IN A     10.1.252.210
@       IN A     10.1.252.210
$GENERATE 1-254 server$ IN A 1.1.1.$
$GENERATE 1-9   server$ IN A 1.1.1.6$

chgrp named magedu.com.zone
chmod 640 magedu.com.zone

 

 

5 檢查

named-checkconf
named-checkzone "magedu.com" magedu.com.zone
systemctl reload named
rndc reload 專門管理dns工具
netstat -ntlu

 

 

客戶端修改

cat /etc/resolv.conf
vim /etc/resolv.conf
search magedu.com
nameserver 10.1.252.213

host www.magedu.com
host magedu.com
dig  magedu.com

ipconfig /flushdns     windows清除dns緩存
ipconfig /displaydns   windows顯示dns
nslookup
set querytype=ns       windows查詢根dns
.

 
iptables -A INPUT -p udp --dport 53 -j REJECT
dig www.magedu.com  被屏蔽無結果

 

 

反向區域

 

vim /etc/named.rfc1912.conf
zone "1.10.in-addr.arpa" IN {
type master;
file "10.1.zone";};

vim 10.1.zone

$TTL 1D
@ IN SOA ns1.magedu.com. admin.magedu.com.(2016092601 1D 5M 3D 1D)
IN NS ns1.magedu.com.
213.252 IN PTR ns1.magedu.com.
210.252 IN PTR www.magedu.com.
1.100   IN PTR ftp.magedu.com.

named-checkconf
named-checkzone "1.10.in-addr.arpa" 10.1.zone
rndc reload

dig -t A    magedu.com
dig -t NS   magedu.com
dit -t PTR  213.252.1.10.in-addr.arpa
dig -x 10.1.252.213

 

從DNS服務器

 

1 裝包qidong服務
service named status
service named start

2
vim /etc/named.conf
// listen-on port 53 {127.0.0.1;}; 註釋掉表示全部IP
// allow-query { localhost; };     註釋掉表示容許全部
allow-tranfer {none;};             不容許dns傳輸
allow-tranfer { IP ;};             容許某IP傳輸

 

3
vim /etc/named.frc1912.zones
zone "magedu.com" {
type slave; master {10.1.252.213;};
file "slaves/magedu.com.slave"}

4
rndc reload
cat magedu.com.slave
tail /var/log/messages

iptables -F
iptables -A INPUT -p tcp --dport 53 -j REJECT
rndc reload

named-checkconf
named-checkzone "magedu.com" magedu.com.zone

 

反向區域從DNS

 

vim /etc/named.frc1912.zones

zone "1.10.in-addr.arpa" {
type slave;
masters {10.1.252.213;};
file "slaves/10.1.slave.zone";
};

cat 10.1.slave.zone

 

DNS子域

 

vim /etc/named.rfc1912.zones
zone "game.magedu.com" IN {
type master;
file "game.magedu.com.zone";
};

vim /var/named/game.magedu.com.zone
named-checkconf
named-checkzone "game.magedu.com" game.mageu.com.zone

vim /etc/named/magedu.com.zone
study IN NS ns1.study.magedu.com
ns1.study IN A 10.1.249.86
www.game IN A 1.1.1.1
www.sports IN A 2.2.2.2

 

dig www.game.magedu.com @10.1.252.213
dig -t NS study.magedu.com @10.1.252.213

 

 
dig -t NS . @114.114.114.114 > named.ca  創建根文件
cat named.ca

dig +trace www.magedu.com   跟蹤網站查詢dns

host www.magedu.com

rndc retransfer 手動傳送 無論序列號
rndc querylog   日誌功能開啓關閉
rndc status

yum -y install bind bind-chroot
systemctl start named
cd /var/named/chroot/etc/named
ll named.conf
vim named.conf
// allow-query { localhost; }; 註釋掉

 

 

創建根dns

cd /etc/yum.repos.d/
scp 10.1.249.86:/etc/yum.repos.d/base.repo  .
[base]
baseurl=http://10.1.0.1/cobbler/ks_mirror/7
gpgcheck=0

yum -y install bind

iptables -F

systemctl status named

vim /etc/named.conf

dnssec-enable no;
dnssec-validation no;

//zone "." IN {
//type hint;
//file "named.ca";
//};
zone"." IN {
type master;
file "root.zone";
};

cd /var/named/
vim root.zone
$TTL 1D
@ IN SOA dns1. admin.magedu.com. (2016092601 1D 5M 1W 1D )
  IN NS dns1
dns1 IN A 10.1.252.60
com IN NS comdns1.
comdns1 IN A 10.1.249.86

systemctl restart named

 

 

創建com

 

vim /etc/named.conf

dnssec-enable yes;
dnssec-validation yes;

vim /var/named/named.ca
.                   518400  IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A  10.1.252.60

scp /var/named/named.ca 10.1.252.210:/var/name
ll  /var/named/named.ca

 

vi /etc/named.rfc1912.zones

dnssec-enable no;
dnssec-validation no;

zone "com" {
type master;
file "com.zone";
};

cd /var/named/
mv study.magedu.com.zone com.zone
vim com.zone

@ IN SOA ns1.com. admin.magedu.com. (2016092606 10 10M 1W 1H)
@ IN NS ns1
ns1      IN A 10.1.249.86
magedu   IN NS magedns
magedns  IN A 10.1.252.213

systemctl restart named
cat named.ca
scp named.ca 10.1.252.213:/var/name

dig www.magedu.com @127.0.0.1
ll /var/named/named.ca

 

 

客戶端

dig www.magedu.com @10.1.249.86
dig +trace www.magedu.com @10.1.252.210
dig -t soa. @10.1.252.210

 

創建magedu.com

 

yum -y install bind-chroot

cd /var/named/chroot/var/named/
cd /var/named/chroot/etc/

vim /etc/sysconfig/named

ll /var/named/chroot/etc/named.conf /etc/name.conf -i

rpm -q --scripts bind-chroot
mount

 

 

設置dns

 

vim /etc/named.conf
dnssec-enable no;
dnssec-validation no;

vim /etc/named.rfc1912.zones
zone "magedu.com"{
type master;
file "magedu.com.zone";
};

cd /var/named
vim magedu.com.zone
$TTL 1D
@ IN SOA ns1.magedu.com. adm.magedu.com. (1 1D 5M 1W 1H )
     NS  ns1
ns1  A   10.1.252.210
www  CNAME 6.6.6.6

 

chgrp named magedu.com.zone
chmod 640 magedu.com.zone
named-checkconf
named-checkzone "magedu.com" magedu.com.zone
service named restart
dig www.magedu.com @10.1.252.210

 

 

設置轉發dns

cd /etc/yum.repos.d/
vim base.repo
[base]
baseurl=http://10.1.0.1/cobbler/ks_mirror/7
gpgcheck=0

yum -y install bind
systemctl enable named 設爲開機啓動
systemctl start named  啓動服務

vim /etc/named.conf
// listen-on port 53 { 127.0.0.1 }; 註釋掉
// allow-query { localhost; }; 註釋掉
forward only;
forwarders {10.1.252.210;};
iptables -F
systemctl restart named
dig www.magedu.com @10.1.252.210

 

 

特區轉發dns

vim /etc/named.rfc1912.zones
zone "qq.com"
type forward;
forward only;
forwarders {10.1.252.168;};

vim /etc/named.rfc1912.zones
zone "taobao.com"
type master;
file "taobao.com.zone";

nslookup           windows查詢dns緩存服務器
set querytype=soa
baidu.com

 

  

區域轉發dns

 

vim /etc/named.conf

acl beijingnet {
10.1.249.0/24;
};
acl shanghainet {
10.1.252.0/24;
};
acl othernet {
any;
};

view shanghaiview {
match-clients {shanghainet;};
zone "magedu.com" {
type master;
file "magedu.com.sh.zone";
};
};
view beijingview {
match-clients {beijingnet;};
zone "beijing.com" {
type master;
file "magedu.com.bj.zone"
};
};
view otherview {
match-clients {othernet;};
include "/etc/named.rfc1912.zones";
};

 

從 /etc/named.conf 轉移
到 /etc/named.rfc1912.zones
zone "." IN {
type hint;
file "named.ca";
};

cd /var/named
cp magedu.com.zone magedu.com.bj.zone
vim magedu.com.bj.zone
websrv IN A 1.1.1.1
cp magedu.com.zone magedu.com.sh.zone
websrv IN A 2.2.2.2

chgrp named megadu.com.*
service named restart

 

 

編譯安裝

 

get bind-9.10.1-P1.tar.gz
bye
tar xvf bind-9.10.1-P1.tar.gz
cd bind-9.10.1-P1/
yum grouplist
./configure --help
ls /usr/local/
./configure --prefix=/usr/local/bind9
--sysconfdir=/etc/bind9
--without-openssl
du -sh.
make
du -sh.
ss -ntul
systemctl stop named
make install
cd /usr/local/
ls
ll /etc/named
ll /etc/bin
ll /etc/bind9
getent group named

vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
ONBOOT=yes
systemctl start network
cd /etc/yum.repos.d/
ls
rm -f *
vim base.repo
baseurl=http://10.1.0.1/cobbler/ks_mirror/7
gpgcheck=0
yum -y install lftp
yum -y groupinstall "Development Tools"
cd /var/named 目錄不存在
getent passwd named 賬號不存在
groupadd named -r
useradd -r -g named named

lftp 10.1.0.1
cd pub/Sources/sources/bind/
get bind9-9.10.1-P1.tar.gz
bye
ls
tar xf bind-9.10.1-P1.tar.gz
cd bind-9.10.1-P1/
ls
./configure --prefix=/usr/local/bind9
--sysconfdir=/etc/bind9
--without-openssl
make;make install
cd
ll /var/named 目錄不存在
cd /usr/local/bind9/
ls
pwd
cd bin
ls
cd ../sbin
echo $PATH
vi /etc/profiled.d/bind.sh
export PATH=$PATH:/usr/localbind9/bin:/usr/local/bind9/sbin
一個服務器端一個客戶端
. /etc/profile.d/bind.sh

cd/etc/ld.so.conf.d/
vim bind.conf    創建動態庫
/usr/local/bind9/lib
ldconfig
cd -
ls
cd ..
cd include/
ls
cd bind9/
ls
cd ..
pwd
ln -sv /usr/local/bind9/include/ /usr/include/bind9
ll /usr/include/bind9

vim /etc/man_db.conf
MANDATORY_MANPATH     /usr/local/bind9/share/man

man namd
mandb

vim /etc/bind9/named.conf
options {
dierctory "/var/named";
};
zone "." IN {
type hint;
file "root.zone";
};

mkdir /var/named
ll -d /var/named
chgrp named /var/named
chmod 750 /var/named
ll -d /var/named
cd /var/named
dig -t NS . @114.114.114.114
dig -t NS . @114.114.114.114 > /var/named/root.zone
chgrp named root.zone
chmod 640 root.zone

 

 

創建子域

 

vim /etc/bind9/namd.conf
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};

vim magedu.com.zone
$TTL 1D
@ IN SOA ns1.magedu.com. adm.magedu.com (1 1D 19M 1D 1D)
@ IN NS  ns1
ns1 A 10.1.252.167
www A 6.6.6.6

cd /usr/local/bind9/sbin/
named -h
named -f -g -u named
ps aux |grep named
iptalbes -F
dig www.magedu.com @10.1.252.167

echo $PATH
./ec/rofe
. /etc/profile.d/bind.sh
echo $PATH
named-checkconf

named -f -g -u named -d 3 調整debug級別
dig -t NS magedu.com @x.x.x.x

named -u named 後臺執行
ps aux }grep named
killall named

rndc status
rndc-confgen 創建rndc工具
rndc-confgen > rndc.conf
tail rndc.conf >> named.conf
killall -l named 重讀配置文件
rndc status
rndc querylog
ll rndc.conf
chmod 640 *
chgrp named *

 

 
cd
cd bin
cd bind-9.10.1-P1/
cd contrib/
cd queryperf/
ls
./configure
make
makeinstall 或
cp queryperf /usr/local/bind9/bin
queryperf --help

cd
vim testdns
www.magedu.com A
magedu.com NS
magedu.com SOA

:1,$y 複製所有行
p 粘貼

ll -h testdns
wc -l testdns

queryperf -d /root/testdns

scp queryperf 10.1.200.200:/root/bin
mv bin qp
cd
ls
scp testdns 10.1.200.200:/root/bin
./qp -d bin
cd bin
cd contrib/
scp -r queryperf/ 10.1.252.210:/root/

iptables -F
yum groupinstall "Development Tools"

scp testdin 10.1.252.210:/root/./queryperf -d /root/testdns -s 10.1.252.167