LINUX628 NFS 多web；主从dns；ntp；samba

DNS

多域服务器

定义DNS访问权限

vim /etc/named.conf
any

cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost;any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

定义解析

cat /etc/named.rfc1912.zones
vim /etc/named.rfc1912.zones

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
zone "235.168.192.in-addr.arpa" IN {type master;file "192.168.235.zone";allow-update { none; };
};
zone "test.net" IN {type master;file "test.net.zone";allow-update { none; };
};
zone "mahei.cc" IN {type master;file "mahei.cc.zone";allow-update { none; };
};

定义正向解析

cd /var/named
cp -p named.localhost test.net.zone
cp -p named.localhost mahei.cc.zone
vim test.net.zone
www A webip
vim mahei.cc.zone
www A webip

[root@dns named]# ll test.net.zone
-rw-r----- 1 root named 183 6月  27 21:47 test.net.zone
[root@dns named]# ll mahei.cc.zone
-rw-r----- 1 root named 183 6月  27 21:49 mahei.cc.zone
[root@dns named]# cat test.net.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      @A       127.0.0.1AAAA    ::1
www     A       192.168.235.20
[root@dns named]# cat mahei.cc.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      @A       127.0.0.1AAAA    ::1
www     A       192.168.235.20

检查

named-checkconf /etc/named.conf
named-checkconf /etc/named.rfc1912.zones
cd /var/named
named-checkzone test.net.zone test.net.zone
named-checkzone mahei.cc.zone mahei.cc.zone

[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
[root@dns named]# named-checkzone test.net.zone
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-J filename] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename
[root@dns named]# named-checkzone test.net.zone test.net.zone
zone test.net.zone/IN: loaded serial 0
OK
[root@dns named]# named-checkzone mahei.cc.zone
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-J filename] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename
[root@dns named]# named-checkzone mahei.cc.zone mahei.cc.zone
zone mahei.cc.zone/IN: loaded serial 0
OK

启动DNS服务：named

systemctl start named

[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 五 2025-06-27 21:06:30 CST; 15h agoProcess: 26150 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 26167 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 26164 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 26169 (named)CGroup: /system.slice/named.service└─26169 /usr/sbin/named -u named -c /etc/named.conf6月 27 21:06:31 dns.nfs.cn named[26169]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
6月 27 21:06:31 dns.nfs.cn named[26169]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
6月 28 12:39:43 dns.nfs.cn named[26169]: no longer listening on 192.168.235.100#53
6月 28 12:39:43 dns.nfs.cn named[26169]: no longer listening on 127.0.0.1#53
6月 28 12:39:43 dns.nfs.cn named[26169]: no longer listening on ::1#53
6月 28 12:39:43 dns.nfs.cn named[26169]: not listening on any interfaces
6月 28 12:39:43 dns.nfs.cn named[26169]: not listening on any interfaces
6月 28 12:39:43 dns.nfs.cn named[26169]: listening on IPv4 interface lo, 127.0.0.1#53
6月 28 12:39:43 dns.nfs.cn named[26169]: listening on IPv6 interface lo, ::1#53
6月 28 12:39:47 dns.nfs.cn named[26169]: listening on IPv4 interface ens33, 192.168.235.100#53

ntp

准备NTP服务器

bind named

安装ntp

yum install ntp

设置配置

vim /etc/ntp.conf
restrict 192.168.235.0 mask 255.255.255.0

启动ntp

ntpdate cn.ntp.org.cn
systemctl start ntpd

[root@localhost ~]# ntpdate cn.ntp.org.cn
28 Jun 12:42:46 ntpdate[75325]: the NTP socket is in use, exiting
[root@localhost ~]# systemctl status ntpd
● ntpd.service - Network Time Service

测试

ntpdate ntpip

[root@web ~]# ntpdate 192.168.235.15
28 Jun 12:41:24 ntpdate[10709]: adjust time server 192.168.235.15 offset -0.001716 sec
[root@web ~]# crontab -e

主从DNS配置

环境配置

hostnamectl set-hostname slave
ip

systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config
SELINUX=disabled

yum

权限设置

slave(错误) 主DNS服务器:
cat /etc/named.conf
options{
allow-transfer{slave ip;};
}
systemctl restart named

[root@dns named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };allow-transfer {192.168.235.9;};directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost;any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

slave:
yum install bind
cat /etc/named.conf
vim /etc/named.conf
options{
any
any
}

[root@slave ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost;any; };/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

解析

slave
cat /etc/named.rfc1912.zones
vim /etc/named.rfc1912.zones
zone “test.net” IN{
type slave；
file “slaves/test.net”；
masters{master ip;}；

};
zone “mahei.cc” IN{
type slave;
file “slaves/mahei.cc”；
masters{master ip;};

} ；

[root@slave ~]# vim /etc/named.rfc1912.zones
[root@slave ~]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "test.net" IN {type slave;file "slaves/test.net";masters { 192.168.235.100; };
};zone "mahei.cc" IN {type slave;file "slaves/mahei.cc";masters { 192.168.235.100; };
};

检查

slave:
named-checkconf /etc/named.conf
named-checkconf /etc/named.rfc1912.zones

[root@slave ~]# named-checkconf /etc/named.conf
[root@slave ~]# named-checkconf /etc/named.rfc1912.zones

重启

slave:
systemctl restart named

client

测试

写入DNS

echo ‘nameserver slaveip’>/etc/resolv.conf
cat /etc/resolv.conf
nslookup www.mahei.cc
nslookup www.test.net
curl http://www.mahei.cc

[root@client caozx26]# cat /etc/resolv.conf
nameserver 192.168.235.9
[root@client caozx26]# nslookup www.test.net
Server:         192.168.235.9
Address:        192.168.235.9#53Name:   www.test.net
Address: 192.168.235.20[root@client caozx26]# curl http://www.mahei.cc
<<video width="800" height="450" controls>
<source src="media/share.mp4">
</video>
DNS Test ...
[root@client caozx26]# nslookup www.mahei.cc
Server:         192.168.235.9
Address:        192.168.235.9#53Name:   www.mahei.cc
Address: 192.168.235.20[root@client caozx26]#

samba

user01在/samba/share创建、删除 windows linux

yum install samba

[root@samba caozx26]# yum install shmba -y
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
没有可用软件包 shmba。
错误：无须任何处理
[root@samba caozx26]# yum install samba 
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
软件包 samba-4.10.16-5.el7.x86_64 已安装并且是最新版本
无须任何处理

mkdir /samba/share -p

vim /etc/samba/smb.conf

[smb_share]
comment = samba service
path = /samba/share
guest ok = no
writable = yes

user01

useradd user01
smbpasswd -a user01

[root@samba samba]# tail -5 /etc/passwd
caozx26:x:1000:1000:caozx26:/home/caozx26:/bin/bash
code:x:1001:1001::/home/code:/bin/bash
rsync:x:1002:1002::/home/rsync:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
user01:x:1003:1003::/home/user01:/bin/bash
[root@samba samba]# smbpasswd -a user01
New SMB password:
Retype new SMB password:

启动服务nmbd smbd

systemctl start nmbd
systemctl start smbd

windows

连接

测试

[root@samba share]# ls
1.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]# ls
1.txt  2.txt  6435271d350f980bad2ef3e68e60adf.jpg

[root@samba share]# cat 2.txt
[root@samba share]# cat 2.txt
123321[root@samba share]# echo '133333'>>2,txt
[root@samba share]# cat 2.txt
123321[root@samba share]# ls
1.txt  2,txt  2.txt  6435271d350f980bad2ef3e68e60adf.jpg

[root@samba share]# echo '1333333'>>2.txt
[root@samba share]# ls
1.txt  2,txt  2.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]# cat 2.txt
1233211333333

[root@samba share]# rm -rf 2,txt
[root@samba share]# ls
1.txt  2.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]# 

笔记

源码

丢失
samba

[code@code ~]$ date
2025年 06月 28日 星期六 19:58:57 CST
[code@code ~]$ yum install samba -y
已加载插件：fastestmirror, langpacks
您需要 root 权限执行此命令。
[code@code ~]$ su - caozx26
密码：
上一次登录：日 6月 22 15:48:06 CST 2025pts/1 上
[caozx26@samba ~]$ sudo su
[sudo] caozx26 的密码：
[root@samba caozx26]# yum install shmba -y
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
没有可用软件包 shmba。
错误：无须任何处理
[root@samba caozx26]# yum install samba 
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
软件包 samba-4.10.16-5.el7.x86_64 已安装并且是最新版本
无须任何处理
[root@samba caozx26]# cd /samba/share
[root@samba share]# ls
1.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]# cd /etc/samba
[root@samba samba]# cat smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.[global]workgroup = SAMBAsecurity = userpassdb backend = tdbsamprinting = cupsprintcap name = cupsload printers = yescups options = raw[homes]comment = Home Directoriesvalid users = %S, %D%w%Sbrowseable = Noread only = Noinherit acls = Yes[printers]comment = All Printerspath = /var/tmpprintable = Yescreate mask = 0600browseable = No[print$]comment = Printer Driverspath = /var/lib/samba/driverswrite list = @printadmin rootforce group = @printadmincreate mask = 0664directory mask = 0775
[smb_share]comment = samba servicepath = /samba/shareguest ok = nowritable = yes
[root@samba samba]# tail -5 /etc/passwd
caozx26:x:1000:1000:caozx26:/home/caozx26:/bin/bash
code:x:1001:1001::/home/code:/bin/bash
rsync:x:1002:1002::/home/rsync:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
user01:x:1003:1003::/home/user01:/bin/bash
[root@samba samba]# smbpasswd -a user01
New SMB password:
Retype new SMB password:
[root@samba samba]# sysatemct status nmb
bash: sysatemct: 未找到命令...
[root@samba samba]# systemctl status nmb
● nmb.service - Samba NMB DaemonLoaded: loaded (/usr/lib/systemd/system/nmb.service; disabled; vendor preset: disabled)Active: active (running) since 日 2025-06-22 09:11:58 CST; 6 days agoDocs: man:nmbd(8)man:samba(7)man:smb.conf(5)Main PID: 13228 (nmbd)Status: "nmbd: ready to serve connections..."Tasks: 1CGroup: /system.slice/nmb.service└─13228 /usr/sbin/nmbd --foreground --no-process-group6月 28 19:57:54 samba.web.cn nmbd[13228]: [2025/06/28 19:57:54.374676,  0] ../../source3/libsmb/nmblib.c:924(send_udp)
6月 28 19:57:54 samba.web.cn nmbd[13228]:   Packet send failed to 192.168.235.255(138) ERRNO=网络不可达
6月 28 19:57:54 samba.web.cn nmbd[13228]: [2025/06/28 19:57:54.378097,  0] ../../source3/libsmb/nmblib.c:924(send_udp)
6月 28 19:57:54 samba.web.cn nmbd[13228]:   Packet send failed to 192.168.235.255(138) ERRNO=网络不可达
6月 28 20:03:24 samba.web.cn nmbd[13228]: [2025/06/28 20:03:24.067818,  0] ../../source3/nmbd/nmbd_become_lmb.c:397(b...tage2)
6月 28 20:03:24 samba.web.cn nmbd[13228]:   *****
6月 28 20:03:24 samba.web.cn nmbd[13228]: 
6月 28 20:03:24 samba.web.cn nmbd[13228]:   Samba name server SAMBA is now a local master browser for workgroup SAMBA...235.10
6月 28 20:03:24 samba.web.cn nmbd[13228]: 
6月 28 20:03:24 samba.web.cn nmbd[13228]:   *****
Hint: Some lines were ellipsized, use -l to show in full.
[root@samba samba]# systemctl status smb
● smb.service - Samba SMB DaemonLoaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)Active: active (running) since 日 2025-06-22 15:11:52 CST; 6 days agoDocs: man:smbd(8)man:samba(7)man:smb.conf(5)Main PID: 16027 (smbd)Status: "smbd: ready to serve connections..."Tasks: 6CGroup: /system.slice/smb.service├─16027 /usr/sbin/smbd --foreground --no-process-group├─16032 /usr/sbin/smbd --foreground --no-process-group├─16033 /usr/sbin/smbd --foreground --no-process-group├─16035 /usr/sbin/smbd --foreground --no-process-group├─18957 /usr/sbin/smbd --foreground --no-process-group└─21934 /usr/sbin/smbd --foreground --no-process-group6月 22 15:11:51 samba.web.cn systemd[1]: Starting Samba SMB Daemon...
6月 22 15:11:52 samba.web.cn smbd[16027]: [2025/06/22 15:11:52.146584,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
6月 22 15:11:52 samba.web.cn systemd[1]: Started Samba SMB Daemon.
6月 22 15:11:52 samba.web.cn smbd[16027]:   daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
[root@samba samba]# pdbedit -L
user01:1003:
[root@samba samba]# ls
lmhosts  smb.conf  smb.conf.example
[root@samba samba]# ls
lmhosts  smb.conf  smb.conf.example
[root@samba samba]# cd /samba/share
[root@samba share]# ks
bash: ks: 未找到命令...
[root@samba share]# ls
1.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]# ls
1.txt  2.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]# cat 2.txt
[root@samba share]# cat 2.txt
123321[root@samba share]# echo '133333'>>2,txt
[root@samba share]# cat 2.txt
123321[root@samba share]# ls
1.txt  2,txt  2.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]# echo '1333333'>>2.txt
[root@samba share]# ls
1.txt  2,txt  2.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]# cat 2.txt
1233211333333
[root@samba share]# rm -rf 2,txt
[root@samba share]# ls
1.txt  2.txt  6435271d350f980bad2ef3e68e60adf.jpg
[root@samba share]#