######################################################
#############第十單元.selinux的初級管理##################
######################################################
1.什麼時selinux
selinux,內核級加強型防火牆
2.如何管理selinux級別
selinux開啓或者關閉)
vim /etc/sysconfig/selinux
selinux=disabled ##關閉狀態
selinux=Enforcing ##強制狀態
selinux=Permissive ##警告狀態
getenforce ##查看狀態
當selinux開啓時
setenforce 0|1 ##更改selinux運行級別
3.如何更改文件安全上下文(標籤)
如果文件的安全上下文與服務不匹配,則看不到文件
臨時更改)
chcon -t 安全上下文 文件
chcon -t public_content_t /publicftp -R
實例:
[root@server7 mnt]# chcon -t public_content_t /var/ftp/pub/ -R
永久更改)
semanage fcontext -l ##列出內核安全上下文列表內容
semanage fcontext -a -t public_content_t '/publicftp(/.*)?'
restorecon -FvvR /publicftp/
實例:
做此實驗時,接上面
[root@server7 ~]# lftp 172.25.7.11
lftp 172.25.7.11:~> ls
lftp 172.25.7.11:/> ls
lftp 172.25.7.11:/> quit
[root@server7 ~]# semanage fcontext -a -t public_content_t '/ftpdir(/.*)?'
[root@server7 ~]# semanage fcontext -l | grep ftpdir
/ftpdir(/.*)? all files system_u:object_r:public_content_t:s0
/tftpboot directory system_u:object_r:tftpdir_t:s0
/tftpboot/.* all files system_u:object_r:tftpdir_t:s0
/var/lib/tftpboot(/.*)? all files system_u:object_r:tftpdir_rw_t:s0
[root@server7 ~]# lftp 172.25.7.11
lftp 172.25.7.11:~> ls
lftp 172.25.7.11:/> quit
[root@server7 ~]# restorecon -RvvF /ftpdir/
restorecon reset /ftpdir/lzt3/lzt3file context system_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
[root@server7 ~]# lftp 172.25.7.11
lftp 172.25.7.11:~> ls
drwxr-xr-x 3 0 0 29 Nov 19 01:25 lzt1
drwxr-xr-x 3 0 0 29 Nov 19 01:34 lzt2
drwxr-xr-x 2 0 0 21 Nov 13 07:44 lzt3
lftp 172.25.7.11:/> quit
4.如何控制selinux對服務功能的開關
getsebool -a | grep 服務名稱
getsebool -a | grep ftp
setsebool -P 功能bool值 on|off
setsebool -P ftpd_anon_write on ##此處-P表示永久性,注意P爲大寫
chcon -t public_content_rw_t /var/ftp/pub/ ##修改/var/ftp/pub的標籤爲public_content_rw_t(rw表示可寫)
實例:
[root@server7 ~]# lftp 172.25.7.11
lftp 172.25.7.11:~> ls
drwxrwxr-x 2 0 50 17 Nov 19 02:55 pub
lftp 172.25.7.11:/> cd pub/
lftp 172.25.7.11:/pub> ls
-rw-r--r-- 1 0 0 0 Nov 19 02:55 file
lftp 172.25.7.11:/pub> put /etc/passwd
put: Access failed: 553 Could not create file. (passwd)
lftp 172.25.7.11:/pub> quit
[root@server7 ~]# chcon -t public_content_rw_t /var/ftp/pub
[root@server7 ~]# lftp 172.25.7.11
lftp 172.25.7.11:~> ls
drwxrwxr-x 2 0 50 17 Nov 19 02:55 pub
lftp 172.25.7.11:/> cd pub/
lftp 172.25.7.11:/pub> ls
-rw-r--r-- 1 0 0 0 Nov 19 02:55 file
lftp 172.25.7.11:/pub> put /etc/passwd
put: Access failed: 553 Could not create file. (passwd)
lftp 172.25.7.11:/pub> quit
[root@server7 ~]# setenforce 0 ##將selinux設置成爲警告模式
[root@server7 ~]# lftp 172.25.7.11
lftp 172.25.7.11:~> cd pub/
lftp 172.25.7.11:/pub> put /etc/passwd
2079 bytes transferred
lftp 172.25.7.11:/pub> quit
[root@server7 ~]# getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
[root@server7 ~]# setsebool -P ftpd_anon_write on
[root@server7 ~]# getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> on
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
[root@server7 ~]# lftp 172.25.7.11
lftp 172.25.7.11:~> ls
drwxrwxr-x 2 0 50 30 Nov 19 03:40 pub
lftp 172.25.7.11:/pub> put /etc/group
874 bytes transferred
lftp 172.25.7.11:/pub> ls
-rw-r--r-- 1 0 0 0 Nov 19 02:55 file
-rw------- 1 14 50 874 Nov 19 03:49 group
-rw------- 1 14 50 2079 Nov 19 03:40 passwd
lftp 172.25.7.11:/pub> quit
5.監控selinux的錯誤信息
setroubleshoot-server
#########################################
##############第十一單元.系統恢復########
#########################################
1.系統啓動流程
通電
||
bios(主板上的只讀存儲中,basic input or output system)
作用,硬件檢測,激活硬件
||
grub系統引導(grub引導分爲兩個階段)
1)階段1 mbr(主引導記錄)主引導記錄在硬盤上的0磁道,一扇區,446個字節
*)dd if=/dev/zero of=/dev/vda bs=446 count=1 可以清空mbr
*)進入到挽救模式,執行chroot /mnt/sysimage切換到真實/環境,
並執行grub2-install /dev/vda
然後執行兩次exit
再選擇從硬盤啓動
2)階段2 grub文件引導階段
找到/boot分區
讀取/boot/grub2/grub.cfg
文件丟失,沒有重啓之前,執行:grub2-mkconfig >/boot/grub2/grub.cfg
@@@!!! 情況一(trouble test2,trouble test3的第二步):刪除了/boot/grub2/grub.cfg 即,執行 rm -fr /boot/grub2/grub.cfg
(若執行了reboot,則,選擇從網卡或者光盤啓動,然後執行:
grub> set root='hd0,msdos1'
grub> linux16 /boot/vmlinuz-3.10.0-123. el7.x86_64 ro root=/dev/vda1
grub> initrd16 /boot/initramfs-3.10.0-123.el7.x86_64.img
grub> boot
然後選擇從硬盤啓動
)
||
啓動內核,只讀掛載/設備
檢測設備
對設備驅動進行初始化
進入系統初始化階段
內核丟失,從新安裝內核安裝包就可以解決
rpm -ivh kernel-xxxxx.rpm --force
@@@!!!情況二(trouble test3的第一步): 刪除了/boot/vmlinuz-3.10.0-123. el7.x86_64
(若執行了reboot,則,選擇從網卡或者光盤啓動,然後執行:
bash-4.2# chroot /mnt/sysimage
bash-4.2# cd /mnt
bash-4.2# lftp 172.25.254.250
lftp 172.25.254.250:/> cd pub/rhel7.0/Packages
lftp 172.25.254.250: cd pub/rhel7.0/Packages/> get kernel-3.10.0-123.el7.x86_64.rpm
lftp 172.25.254.250: cd pub/rhel7.0/Packages/> quit
bash-4.2# rpm2cpio kernel-3.10.0-123.el7.x86_64.rpm | cpio -id
bash-4.2# cd boot/
bash-4.2# cp vmlinuz-3.10.0-123. el7.x86_64 /boot
bash-4.2# exit
bash-4.2# exit
然後選擇從硬盤啓動
)
||
系統初始化階段
系統初始化階段加載initrd鏡像
開啓初始化進程systemd
開始selinux
加載內核參數
初始化系統時鐘,鍵盤,主機名稱
重新讀寫掛載/設備
激活raid,lvm
激活配額
啓動multi-user.target.wants中的所有服務
服務列表:
runlever0.target -> poweroff.target
runlever1.target -> rescue.target
runlever2.target -> multi-user.target
runlever3.target -> multi-user.target
runlever4.target -> multi-user.target
runlever5.target -> grapical.target
runlever6.target -> reboot.target
設定啓動級別
systemctl set-default + 啓動級別
/etc/systemd/system/default.target
@@重啓示例(trouble test6):
[root@localhost ~]# rm -fr /etc/systemd/system/default.target
[root@localhost ~]# ln -s /usr/lib/systemd/system/reboot.target /etc/systemd/system/default.target
[root@localhost ~]# reboot
(在進入到默認啓動頁面時,按‘e’進入編輯頁面,只修改
fi
linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=9bf...-848e-..883d1 rw rd.break 然後按'ctrl+x'進入新的編輯環境
switch_root:/# chroot /sysroot/
sh-4.2# rm -fr /etc/systemd/system/default.target
sh-4.2# ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
sh-4.2# exit
switch_root:/# exit 接着會繼續進入啓動頁面,虛擬機啓動
)
開啓虛擬控制檯
啓動圖形
initramfs-`uname -r`.img的使用:
mkinitrd /boot/initramfs-`uname -r`.img `uname -r` 或
mkinitrd /boot/initramfs-$(uname -r).img $(uname -r) 進行恢復
@@@!!!情況三:刪除了/boot/initramfs-3.10.0-123.el7.x86_64.img 即,rm -fr /boot/initramfs-3.10.0-123.el7.x86_64.img
(然後執行 reboot,選擇從網卡或光盤啓動:
bash-4.2# chroot /mnt/sysimage
bash-4.2# cd /boot/
bash-4.2# mkinitrd /boot/initramfs-$(uname -r).img $(uname -r)
bash-4.2# exit
bash-4.2# exit
然後選擇從硬盤啓動
)
@@@!!!情況四(trouble test4):刪除了/boot分區,即,rm -fr /boot
(然後執行reboot,選擇從網卡或光盤啓動:
bash-4.2# chroot /mnt/sysimage/
bash-4.2# cd /boot/
bash-4.2# ls
bash-4.2# mkinitrd /boot/initramfs-$(uname -r).img $(uname -r)
bash-4.2# cd /boot/
bash-4.2# grub2-install /dev/vda
bash-4.2# cd grub2/
bash-4.2# ls
bash-4.2# cd /
bash-4.2# rpm -ivh kernel-3.10.0-123.el7.x86_64.rpm --force
bash-4.2# cd /boot/grub2
bash-4.2# grub2-mkconfig > grub.cfg
bash-4.2# exit
bash-4.2# exit
然後選擇從硬盤啓動)
@@@!!!注意:如若rpm的數據庫發生錯誤,則,執行:
bash-4.2# cd /var/lib/rpm
bash-4.2# rm -fr _*
bash-4.2# rpmdb --rebuilddb
然後接着執行:rpm -ivh kernel-3.10.0-123.el7.x86_64.rpm --force 直至結束)
修改了超級用戶密碼(忘記)/忘記超級用戶密碼,重啓後:
(在進入到默認啓動頁面時,按‘e’進入編輯頁面,只修改
fi
linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=9bf...-848e-..883d1 rw rd.break 然後按'ctrl+x'進入新的編輯環境
switch_root:/# chroot /sysroot/
bash-4.2# passwd ##修改新密碼
bash-4.2# touch /.autorelabel ##/.autorelabel此文件是讓selinux重新讀取已加載過的配置文件
bash-4.2# exit
switch_root:/# exit
)
下載trouble.rpm包:
然後執行:
ipm -ivh trouble-1.0-1.el7.x86_64.rpm
執行完後就可以使用trouble命令了。
例如: trouble test2
trouble練習:
@@test1:
(在進入到默認啓動頁面時,按‘e’進入編輯頁面,只修改
fi
linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=9bf...-848e-..883d1 rw rd.break 然後按'ctrl+x'進入新的編輯環境
switch_root:/# chroot /sysroot/
bash-4.2# passwd ##修改新密碼
bash-4.2# touch /.autorelabel ##/.autorelabel此文件是讓selinux重新讀取已加載過的配置文件
bash-4.2# exit
switch_root:/# exit
)
@@test2:
(選擇從網卡或者光盤啓動,然後執行:
grub> set root='hd0,msdos1'
grub> linux16 /boot/vmlinuz-3.10.0-123. el7.x86_64 ro root=/dev/vda1
grub> initrd16 /boot/initramfs-3.10.0-123.el7.x86_64.img
grub> boot
然後選擇從硬盤啓動
)
@@test3:
第一步 (選擇從網卡或者光盤啓動,然後執行:
bash-4.2# chroot /mnt/sysimage
bash-4.2# cd /mnt
bash-4.2# rpm2cpio kernel-3.10.0-123.el7.x86_64.rpm | cpio -id
bash-4.2# cd boot/
bash-4.2# cp vmlinuz-3.10.0-123. el7.x86_64 /boot
bash-4.2# exit
bash-4.2# exit
然後選擇從硬盤啓動
第二步
grub> set root='hd0,msdos1'
grub> linux16 /boot/vmlinuz-3.10.0-123. el7.x86_64 ro root=/dev/vda1
grub> initrd16 /boot/initramfs-3.10.0-123.el7.x86_64.img
grub> boot
)
@@test4:
(選擇從網卡或光盤啓動:
bash-4.2# chroot /mnt/sysimage/
bash-4.2# cd /boot/
bash-4.2# ls
bash-4.2# mkinitrd /boot/initramfs-$(uname -r).img $(uname -r)
bash-4.2# cd /boot/
bash-4.2# grub2-install /dev/vda
bash-4.2# cd grub2/
bash-4.2# ls
bash-4.2# cd /
bash-4.2# rpm -ivh kernel-3.10.0-123.el7.x86_64.rpm --force
bash-4.2# cd /boot/grub2
bash-4.2# grub2-mkconfig > grub.cfg
bash-4.2# exit
bash-4.2# exit
然後選擇從硬盤啓動)
@@test5:
(選擇從網卡或光盤啓動:
sh-4.2# chroot /mnt/sysimage/
報錯信息:failed to run command /bin/bash:No such file or dirrectory
sh-4.2# cp /bin/bash /mnt/sysimage/bin/bash
sh-4.2# boot
然後選擇從硬盤啓動)
@@test6:
(在進入到默認啓動頁面時,按‘e’進入編輯頁面,只修改
fi
linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=9bf...-848e-..883d1 rw rd.break 然後按'ctrl+x'進入新的編輯環境
switch_root:/# chroot /sysroot/
sh-4.2# rm -fr /etc/systemd/system/default.target
sh-4.2# ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target
sh-4.2# exit
switch_root:/# exit 接着會繼續進入啓動頁面,虛擬機啓動
)
#############dns高速緩存#########
第一步(服務配置):
修改server主機ip爲172.25.254.107 (作爲dns服務器端)
修改server主機ip爲172.25.254.207 (作爲dns客戶端)
兩臺主機同時做:
修改yum源爲http://172.25.254.250/rhel7
yum install bind -y
systemctl status named
systemctl start named
systemctl enable named
server主機:
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
vim /etc/named.conf
修改內容爲:
行數 內容
11 listen-on port 53 { any; }; ##設定端口開放,any表示所有interface都開
17 allow-query { any; }; ##回答所有人的問題
18 forwarders { 172.25.254.250; }; ##緩存誰的答案
32 dnssec-validation no; ##表示不發佈dns表
desktop主機:
vim /etc/resolv.conf
添加內容爲:
nameserver 172.25.254.107 ##在第三行添加
然後進行測試,如:
dig www.xxx.com
示例:
[root@client-dns ~]# dig www.qq.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26942
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.qq.com. IN A
;; ANSWER SECTION:
www.qq.com. 300 IN A 113.142.21.81
;; AUTHORITY SECTION:
www.qq.com. 83653 IN NS ns-cnc1.qq.com.
www.qq.com. 83653 IN NS ns-tel1.qq.com.
www.qq.com. 83653 IN NS ns-os1.qq.com.
www.qq.com. 83653 IN NS ns-cmn1.qq.com.
;; ADDITIONAL SECTION:
ns-cmn1.qq.com. 2939 IN A 183.232.120.59
ns-cmn1.qq.com. 2939 IN A 182.254.16.102
ns-cmn1.qq.com. 2939 IN A 182.254.111.100
;; Query time: 53 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 01:53:10 EST 2016
;; MSG SIZE rcvd: 190
第二步(正向解析,規範名稱-CNAME):
配置(server主機):
修改/etc/named.conf文件的內容:
刪除第18行,即,刪除 forwarders { 172.25.254.250; };
退出保存
vim /etc/named.rfc1912.zones
修改內容爲:
在第25行添加內容爲:
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 };
30
退出保存,然後執行:
cd /var/named
cp -p named.localhost westos.com.zone ##一定要加-p,-p的作用是權限
vim /var/named/westos.com.zone
修改文件/var/named/westos.com.zone內容爲:
(!!!@@@注意:修改此文件時一定要注意“.”的存在,若不帶"."則系統自動往後面添加.westos.com)
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (注意“.”) (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.(注意“.”)
9 dns A 172.25.254.107
10 www A 172.25.254.108
11 AAAA ::1
12 bbs CNAME www.westos.com.
13 westos.com. MX 1 172.25.254.107. ##發送郵件的地址
退出保存後,執行:
systemctl restart named
測試(desktop主機):
[root@client-dns ~]# dig www.westos.com
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.108
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.107
;; Query time: 2 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 02:26:03 EST 2016
;; MSG SIZE rcvd: 93
[root@client-dns ~]# dig bbs.westos.com
;bbs.westos.com. IN A
;; ANSWER SECTION:
bbs.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.108
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.107
;; Query time: 2 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 02:54:42 EST 2016
;; MSG SIZE rcvd: 111
第三步(反向解析):
vim /etc/named.rfc1912.zones
編寫/etc/named.rfc1912.zones文件內容:
在第43行添加:
43 zone "254.25.172.in-addr.arpa" IN {
44 type master;
45 file "westos.com.ptr";
46 allow-update { none; };
47 };
退出保存後
cd /var/named
cp -p named.loopback westos.com.ptr
vim westos.com.ptr
內容爲:
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 A 172.25.254.107
10 AAAA ::1
11 111 PTR www.westos.com.
12 110 PTR www.lover.com.
退出保存後,執行:
systemctl restart named
測試(desktop主機):
使用命令: dig -x 172.25.254.110 (ip值)
[root@client-dns ~]# dig -x 172.25.254.110
;110.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
110.254.25.172.in-addr.arpa. 86400 IN PTR www.lover.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.107
;; Query time: 2 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 03:09:51 EST 2016
;; MSG SIZE rcvd: 124
[root@client-dns ~]# dig -x 172.25.254.111
;111.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.107
;; Query time: 2 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 03:09:57 EST 2016
;; MSG SIZE rcvd: 118
第四步(雙向解析):
配置/etc/named.conf文件,如下:
50 /*zone "." IN {
51 type hint;
52 file "named.ca";
53 };
54
55 include "/etc/named.rfc1912.zones";
56 include "/etc/named.root.key";
57 */
58 view localnet {
59 match-clients { 172.25.254.107; };
60 zone "." IN {
61 type hint;
62 file "named.ca";
63 };
64 include "/etc/named.rfc1912.zones";
65 };
66
67
68 view internet {
69 match-clients { any; };
70 zone "." IN {
71 type hint;
72 file "named.ca";
73 };
74 include "/etc/named.rfc1912.zones.inter";
75 };
退出保存
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
vim /etc/named.rfc1912.zones.inter
內容爲:
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.inter";
28 allow-update { none; };
29 };
30
43 zone "254.25.172.in-addr.arpa" IN {
44 type master;
45 file "westos.com.ptr.inter";
46 allow-update { none; };
退出保存
cp -p /var/named/westos.com.zone /var/named/westos.com.inter
vim /etc/named/westos.com.inter
修改內容爲:
8 NS dns.westos.com.
9 dns A 172.25.0.107
10 www A 172.25.0.108
11 AAAA ::1
12 bbs CNAME www.westos.com.
13 westos.com. MX 1 172.25.0.207.
退出保存
cp -p /var/named/westos.com.ptr /var/named/westos.com.ptr.inter
vim /var/named/westos.com.ptr.inter
修改內容爲:
8 NS dns.westos.com.
9 A 172.25.254.107
10 AAAA ::1
11 111 PTR www.force.com.
12 110 PTR www.250.com.
退出保存
然後執行:
systemctl restart named
按照上述順序,在此處重啓服務正常,若想在配置完/etc/named.conf文件後,立即restart服務,則需要把上述順序顛倒
測試一(server主機):
@@@注意:若出現不匹配現象,則需要修改/etc/resolv.conf 文件,文件內容修改爲:
nameserver 172.25.254.107 ##在第三行添加
[root@dns-server named]# dig -x 172.25.254.110
;110.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
110.254.25.172.in-addr.arpa. 86400 IN PTR www.lover.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.107
;; Query time: 2 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 04:04:21 EST 2016
;; MSG SIZE rcvd: 124
[root@dns-server ~]# dig www.westos.com
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.108
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.107
;; Query time: 1 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 04:00:23 EST 2016
;; MSG SIZE rcvd: 93
測試二(desktop主機):
[root@client-dns ~]# dig www.westos.com
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.0.108
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.0.107
;; Query time: 2 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 04:00:02 EST 2016
;; MSG SIZE rcvd: 93
[root@client-dns ~]# dig -x 172.25.254.110
;110.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
110.254.25.172.in-addr.arpa. 86400 IN PTR www.250.com.
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.0.107
;; Query time: 1 msec
;; SERVER: 172.25.254.107#53(172.25.254.107)
;; WHEN: Sun Nov 20 04:04:38 EST 2016
;; MSG SIZE rcvd: 122