week_10_DNS、HTTP


Q:

1、简述DNS服务,并搭建DNS服务器,实现主从,子域授权
2、简述HTTP服务,并实现基于用户的访问控制,虚拟主机,https


A:

1、简述DNS服务,并搭建DNS服务器,实现主从,子域授权

DNS提供域名解析服务,FQDN(Fully Qualified Domain Name)


解析过程


本地查询DNS

迭代查询
  • ip --> FQDN 反向解析
  • FQDN --> ip 正向解析

解析答案
├──肯定答案
  ├──权威答案
  └──非权威答案
└──否定答案

主DNS服务器:维护域数据库,可读写
从DNS服务器:备份域数据库,只读
  serial,数据库改变时序列号增加
  refresh,多久查询域数据库版本
  retry,同步失败时,多久重新同步
  expire,主服务器失效时,多久停止服务

  区域传送:
  ├──全量传送:axfr,整个数据库
  └──增量传送:lxfr,变化的数据

配置主从DNS

主服务器

[root@localhost ~]# tail -8 /etc/named.rfc1912.zones 
zone "superb.com" IN {
    type master;
    file "superb.com.zone";
};
zone "168.192.in-addr.arpa" IN {
    type master;
    file "192.168.zone";
};

[root@localhost ~]# cat /var/named/superb.com.zone /var/named/192.168.zone 
@   IN  SOA superb.com. dnsadmin.superb.com. (
    2019040403
    1H
    10M
    1W
    1D
)
    IN  NS  ns1
    IN  NS  ns2
ns1 IN  A   192.168.0.103
ns2 IN  A   192.168.0.102

@   IN  SOA ns1.superb.com. admin.local.domain  (
    2019040403
    2H
    10M
    1W
    1D
)
    IN  NS  ns1.superb.com.
103.0   IN  PTR ns1.superb.com.
102.0   IN  PTR ns2.superb.com.

从服务器

[root@slave ~]# tail -10 /etc/named.rfc1912.zones 
zone "superb.com" IN {
    type slave;
    file "slaves/superb.com.zone";
    masters { 192.168.0.103; };
};
zone "168.192.in-addr.arpa" IN {
    type slave;
    file "slaves/192.168.zone";
    masters { 192.168.0.103; };
};

出现问题(主机不可达)

[root@slave ~]# systemctl status named -l
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-04-04 00:30:59 EDT; 2h 21min ago
  Process: 7328 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 7325 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 7330 (named)
   CGroup: /system.slice/named.service
           └─7330 /usr/sbin/named -u named -c /etc/named.conf

Apr 04 02:52:35 slave.local.domain named[7330]: automatic empty zone: 9.E.F.IP6.ARPA
Apr 04 02:52:35 slave.local.domain named[7330]: automatic empty zone: A.E.F.IP6.ARPA
Apr 04 02:52:35 slave.local.domain named[7330]: automatic empty zone: B.E.F.IP6.ARPA
Apr 04 02:52:35 slave.local.domain named[7330]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Apr 04 02:52:35 slave.local.domain named[7330]: reloading configuration succeeded
Apr 04 02:52:35 slave.local.domain named[7330]: reloading zones succeeded
Apr 04 02:52:35 slave.local.domain named[7330]: zone 168.192.in-addr.arpa/IN: refresh: skipping zone transfer as master 192.168.0.103#53 (source 0.0.0.0#0) is unreachable (cached)
Apr 04 02:52:35 slave.local.domain named[7330]: all zones loaded
Apr 04 02:52:35 slave.local.domain named[7330]: running
Apr 04 02:52:35 slave.local.domain named[7330]: zone superb.com/IN: refresh: skipping zone transfer as master 192.168.0.103#53 (source 0.0.0.0#0) is unreachable (cached)

解决方法在主服务器的配置文件/etc/named.conf中加入allow-transfer { slave.server.ip.address; };

[root@slave ~]# dig -x 192.168.0.103 @192.168.0.102

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.0.103 @192.168.0.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6721
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.0.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
103.0.168.192.in-addr.arpa. 86400 IN    PTR ns1.superb.com.

;; AUTHORITY SECTION:
168.192.in-addr.arpa.   86400   IN  NS  ns1.superb.com.

;; ADDITIONAL SECTION:
ns1.superb.com.     86400   IN  A   192.168.0.103

;; Query time: 0 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Thu Apr 04 03:15:20 EDT 2019
;; MSG SIZE  rcvd: 113

[root@slave ~]# dig -t axfr superb.com @192.168.0.102

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -t axfr superb.com @192.168.0.102
;; global options: +cmd
superb.com.     86400   IN  SOA superb.com. dnsadmin.superb.com. 2019040403 3600 600 604800 86400
superb.com.     86400   IN  NS  ns1.superb.com.
superb.com.     86400   IN  NS  ns2.superb.com.
ns1.superb.com.     86400   IN  A   192.168.0.103
ns2.superb.com.     86400   IN  A   192.168.0.102
superb.com.     86400   IN  SOA superb.com. dnsadmin.superb.com. 2019040403 3600 600 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Thu Apr 04 03:15:40 EDT 2019
;; XFR size: 6 records (messages 1, bytes 177)

配置子域

主服务器

[root@localhost ~]# cat /var/named/superb.com.zone
@   IN  SOA superb.com. dnsadmin.superb.com. (
    2019040403
    1H
    10M
    1W
    1D
)
    IN  NS  ns1
    IN  NS  ns.sub
ns1 IN  A   192.168.0.103
ns.sub  IN  A   192.168.0.102

子域服务器

[root@slave ~]# tail -4 /etc/named.rfc1912.zones 
zone "sub.superb.com" IN {
    type master;
    file "sub.superb.com.zone";
};

[root@slave ~]# cat /var/named/sub.superb.com.zone
@   IN  SOA ns1.sub.superb.com. admin.sub.superb.com    (
    2019040401
    2H
    10M
    1W
    1D
)
    IN  NS  ns1
ns1 IN  A   192.168.0.102
www IN  A   192.168.0.111

区域转发

[root@slave ~]# tail -9 /etc/named.rfc1912.zones 
zone "sub.superb.com" IN {
    type master;
    file "sub.superb.com.zone";
};
zone "superb.com" IN {
    type forward;
    forward only;
    forwarders { 192.168.0.103; };
};

[root@slave ~]# rndc flush

[root@slave ~]# dig -t A ns1.superb.com @192.168.0.102

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -t A ns1.superb.com @192.168.0.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35142
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns1.superb.com.            IN  A

;; ANSWER SECTION:
ns1.superb.com.     86400   IN  A   192.168.0.103

;; AUTHORITY SECTION:
superb.com.     86400   IN  NS  ns.sub.superb.com.
superb.com.     86400   IN  NS  ns1.superb.com.

;; ADDITIONAL SECTION:
ns.sub.superb.com.  86400   IN  A   192.168.0.102

;; Query time: 1 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Thu Apr 04 04:21:37 EDT 2019
;; MSG SIZE  rcvd: 110

全局转发在/etc/named.conf定义

options {
    ...
    forward only;
    forwarders { ip.add.re.ss };
    ...
};

主服务器查询子域

[root@localhost ~]# dig -t A www.sub.superb.com @192.168.0.103

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -t A www.sub.superb.com @192.168.0.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44318
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.sub.superb.com.        IN  A

;; ANSWER SECTION:
www.sub.superb.com. 86400   IN  A   192.168.0.111

;; AUTHORITY SECTION:
sub.superb.com.     86400   IN  NS  ns1.sub.superb.com.

;; ADDITIONAL SECTION:
ns1.sub.superb.com. 86400   IN  A   192.168.0.102

;; Query time: 1 msec
;; SERVER: 192.168.0.103#53(192.168.0.103)
;; WHEN: Thu Apr 04 04:36:00 EDT 2019
;; MSG SIZE  rcvd: 97

2、简述HTTP服务,并实现基于用户的访问控制,虚拟主机,https

超文本传输协议HTTP)是一种应用协议用于分布式,协作,超媒体信息系统。HTTP是万维网数据通信的基础,其中超文本文档包括用户可以轻松访问的其他资源的超链接,例如通过鼠标点击或通过在Web浏览器中点击屏幕。开发HTTP是为了促进超文本和万维网。

HTTP会话是一系列网络请求 - 响应事务。HTTP客户端通过建立到服务器上特定端口的传输控制协议(TCP)连接来启动请求(通常是端口80,有时是端口8080)。侦听该端口的HTTP服务器等待客户端的请求消息。收到请求后,服务器返回状态行,例如“HTTP / 1.1 200 OK”,以及自己的消息。此消息的正文通常是请求的资源,但也可能返回错误消息或其他信息。

HTTP是无状态协议。无状态协议不要求HTTP服务器在多个请求期间保留有关每个用户的信息或状态。

HTTP状态代码主要分为五组,以便更好地解释客户端和服务器之间的请求和响应,如下所示:

  • 信息化 1XX
  • 成功 2XX
  • 重定向 3XX
  • 客户端错误 4XX
  • 服务器错误 5XX

https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

基于用户的访问控制

添加用户和密码

[root@localhost ~]# htpasswd -cb /var/www/html/passwd admin pw4admin
Adding password for user admin

定义安全域

[root@localhost ~]# cat /etc/httpd/conf.d/authorize.conf
<Directory "/var/www/html/images">
    Options Indexes
    AllowOverride None
    AuthType Basic
    AuthName "images folder"
    AuthUserFile "/var/www/html/passwd"
    Require valid-user
</Directory>
[root@localhost ~]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost ~]# systemctl restart httpd.service 
[root@localhost ~]# curl http://192.168.0.103/images
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

虚拟主机

[root@localhost ~]# cat /etc/httpd/conf.d/virtual.conf
<virtualhost 192.168.0.104:80>
    ServerName images
    DocumentRoot "/var/www/html/images"
</virtualhost>
[root@localhost ~]# ip add add 192.168.0.104/24 dev ens33
[root@localhost ~]# ip add show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:ae:46:bc brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.103/24 brd 192.168.0.255 scope global noprefixroute dynamic ens33
       valid_lft 4088sec preferred_lft 4088sec
    inet 192.168.0.104/24 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::e537:3c3b:9ce6:ce37/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

https

配置httpd支持https:

  1. 为服务器申请数字证书;
    测试:通过私建CA发证书
    (a) 创建私有CA
[root@localhost ~]# rpm -q --whatprovides /etc/pki/tls/openssl.cnf 
openssl-libs-1.0.2k-16.el7.x86_64
[root@localhost ~]# rpm -qc openssl-libs
/etc/pki/tls/openssl.cnf
[root@localhost ~]# rpm -qc openssl
[root@localhost ~]# 

openssl.cnf中关于CA的配置

####################################################################
[ ca ]
default_ca  = CA_default        # The default ca section

####################################################################
[ CA_default ]

dir     = /etc/pki/CA       # Where everything is kept
certs       = $dir/certs        # Where the issued certs are kept
crl_dir     = $dir/crl      # Where the issued crl are kept
database    = $dir/index.txt    # database index file.
#unique_subject = no            # Set to 'no' to allow creation of
                    # several ctificates with same subject.
new_certs_dir   = $dir/newcerts     # default place for new certs.

certificate = $dir/cacert.pem   # The CA certificate
serial      = $dir/serial       # The current serial number
crlnumber   = $dir/crlnumber    # the current crl number
                    # must be commented out to leave a V1 CRL
crl     = $dir/crl.pem      # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE    = $dir/private/.rand    # private random number file

x509_extensions = usr_cert      # The extentions to add to the cert

# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt    = ca_default        # Subject Name options
cert_opt    = ca_default        # Certificate field options

# Extension copying option: use with caution.
# copy_extensions = copy

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions    = crl_ext

default_days    = 365           # how long to certify for
default_crl_days= 30            # how long before next CRL
default_md  = sha256        # use SHA-256 by default
preserve    = no            # keep passed DN ordering

创建CA私钥

[root@localhost ~]# ( umask 077 ; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096 )
Generating RSA private key, 4096 bit long modulus
..................++
...................................................................................++
e is 65537 (0x10001)

私有CA自签

[root@localhost ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:zhejiang
Locality Name (eg, city) [Default City]:hanghzou
Organization Name (eg, company) [Default Company Ltd]:superb
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:ca.superb.com
Email Address []:

(b) 在服务器创建证书签署请求
创建https服务器私钥

[root@localhost ~]# (umask 077;openssl genrsa -out /etc/httpd/conf.d/ssl/prikey.pem)
Generating RSA private key, 2048 bit long modulus
......................+++
......................................................................................+++
e is 65537 (0x10001)

生成CSR(certificate signing request)文件

[root@localhost ~]# openssl req -new -key /etc/httpd/conf.d/ssl/prikey.pem -out /etc/httpd/conf.d/ssl/https.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:zhejiang
Locality Name (eg, city) [Default City]:hangzhou
Organization Name (eg, company) [Default Company Ltd]:superb
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:www.superb.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

(c) CA签证

[root@localhost ~]# openssl ca -in /etc/httpd/conf.d/ssl/https.csr -out /etc/pki/CA/certs/https.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 10 06:23:31 2019 GMT
            Not After : Apr  9 06:23:31 2020 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = zhejiang
            organizationName          = superb
            organizationalUnitName    = devops
            commonName                = www.superb.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                33:3D:5E:FB:46:11:06:74:89:6F:9E:9F:2C:3C:13:72:35:75:A3:2F
            X509v3 Authority Key Identifier: 
                keyid:F4:7B:DA:BB:BC:84:C3:67:64:77:A8:14:87:69:8D:6B:93:07:FD:F9

Certificate is to be certified until Apr  9 06:23:31 2020 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
  1. 配置httpd支持使用ssl,及使用的证书;
    # yum -y install mod_ssl
    配置文件:/etc/httpd/conf.d/ssl.conf
    DocumentRoot
    ServerName
    SSLCertificateFile
    SSLCertificateKeyFile
...

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
ServerName www.superb.com:443

...

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/CA/certs/https.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/prikey.pem

...

  1. 测试基于https访问相应的主机;
    openssl s_client [-connect host:port] [-cert filename] [-CApath directory] [-CAfile filename]

导入私有CA根证书后,显示证书missing又说san missing 😅



wiki SAN


重新在CA上颁发给https服务器证书

[root@localhost ~]# openssl req -new -key /etc/httpd/conf.d/ssl/prikey.pem -reqexts SAN \
> -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.superb.com")) \
> -out /etc/httpd/conf.d/ssl/https.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:zhejiang   
Locality Name (eg, city) [Default City]:hangzhou
Organization Name (eg, company) [Default Company Ltd]:superb
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:www.superb.com
Email Address []:www@superb.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:none

[root@localhost ~]# openssl ca -in /etc/httpd/conf.d/ssl/https.csr -extensions SAN \
> -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.superb.com")) \
> -out /etc/pki/CA/certs/https.crt
Using configuration from /dev/fd/63
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 10 08:49:05 2019 GMT
            Not After : Apr  9 08:49:05 2020 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = zhejiang
            organizationName          = superb
            organizationalUnitName    = devops
            commonName                = www.superb.com
            emailAddress              = www@superb.com
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:*.superb.com
Certificate is to be certified until Apr  9 08:49:05 2020 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

参考
http://liaoph.com/openssl-san/
https://zhuanlan.zhihu.com/p/26646377

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 214,504评论 6 496
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 91,434评论 3 389
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 160,089评论 0 349
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 57,378评论 1 288
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 66,472评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 50,506评论 1 292
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,519评论 3 413
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 38,292评论 0 270
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,738评论 1 307
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 37,022评论 2 329
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 39,194评论 1 342
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,873评论 5 338
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,536评论 3 322
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 31,162评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,413评论 1 268
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 47,075评论 2 365
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 44,080评论 2 352

推荐阅读更多精彩内容

  • 1. 概述 在网络环境中一般用户只需要在浏览器中输入url如www.sunny.com就可以到对应服务器获取相应的...
    ghbsunny阅读 2,880评论 0 7
  • 一、常见的加密算法及其原理 利用加密算法和协议对通信数据进行加密是保证安全通讯的常用方法,以保证通讯数据的保密性、...
    烟雨江南_e5eb阅读 2,526评论 0 0
  • 目录: 一些基本概念主机名DNS名称解析DNS 解析的后端存储名称解析总结 大规模域名解析的体系架构DNS 解析需...
    C86guli阅读 12,490评论 3 34
  • 1、前言 在当下互联网时代,我们日常生活和工作基本都离开不域名和 DNS ,如通过一个网址打开一个网站进行购物、使...
    cinder_lv阅读 3,549评论 1 27
  • DNS(Domain Name System,域名系统),因特网上作为域名和IP地址相互映射的一个分布式数据库,能...
    一直在努力hard阅读 4,625评论 3 19