第九周作業(yè)

1屉更、簡述DNS服務(wù)器原理，并搭建主-輔服務(wù)器

DNS原理

image-20211109193741209.png

DNS通過將名稱與IP進行雙向映射并建立分布式數(shù)據(jù)庫存儲這些信息洒缀，實現(xiàn)名稱與IP的雙向解析瑰谜。

客戶端在訪問Internet上服務(wù)器所發(fā)布的應(yīng)用時，不需要直接訪問服務(wù)器對應(yīng)的IP树绩，只需要訪問與IP建立映射的名稱萨脑，由DNS協(xié)議將名稱解析為IP就能實現(xiàn)對應(yīng)用的網(wǎng)絡(luò)訪問。

DNS對域名的解析可以分為遞歸查詢和迭代查詢饺饭，整個查詢過程中渤早，源和目的都沒有發(fā)生變化的叫做遞歸查詢；查詢過程中瘫俊，源不變鹊杖，但目的多次變化的叫做迭代查詢；DNS通過這兩種方式完成整個解析扛芽。

DNS采用分布式數(shù)據(jù)庫實現(xiàn)對域名資源記錄的存儲骂蓖，將資源記錄劃分為多個級別，各級別間以.隔開川尖，第一個級別叫做根登下，所有域名都起始于根。每一個上級域名服務(wù)器負責存儲下一級域名的映射信息叮喳，因此任何查詢從根發(fā)起都能找到域名所在的區(qū)域數(shù)據(jù)庫位置被芳。

全世界共13臺IPv4根服務(wù)器，主機在安裝DNS服務(wù)器端軟件后馍悟，就能從配置中獲取這13臺根服務(wù)器的映射信息筐钟；

服務(wù)器收到的所有不屬于服務(wù)器已配置的本地域的解析請求（無緩存），服務(wù)器都會從根服務(wù)器開始逐級查詢赋朦。

通過逐級迭代，直到查詢到該域名直接負責存儲的服務(wù)器李破，叫做權(quán)威服務(wù)器宠哄，進而將結(jié)果反饋給客戶端。

搭建主嗤攻、從DNS服務(wù)器

主服務(wù)器配置：

[root@centos8mini ~]# cat /etc/named.conf | grep -E "listen|allow"
    listen-on port 53 { 127.0.0.1; localhost; };  #監(jiān)聽本機所有IP
    listen-on-v6 port 53 { ::1; };
    allow-query     { localhost; any;};  #允許所有主機發(fā)起的查詢
    allow-transfer  { 192.168.156.204; };  #僅允許204 拉取區(qū)域數(shù)據(jù)庫信息
    
[root@centos8mini ~]# cat /etc/named.rfc1912.zones | grep -A 4 mxx.com
zone "mxx.com" IN {
    type master;   #類型為master毛嫉，主服務(wù)器
    file "mxx.zone";   #文件存儲相對路徑，絕對路徑為/var/named/mxx.zone妇菱；dirname可通過/etc/named.conf修改
    allow-update { any; };  #允許遠程更新該區(qū)域數(shù)據(jù)庫
};

#主DNS服務(wù)器的區(qū)域數(shù)據(jù)庫文件承粤，區(qū)域數(shù)據(jù)庫文件的權(quán)限要是640暴区，所屬組為named
[root@centos8mini ~]# cat /var/named/mxx.zone
$TTL 1D     #此處master決定了哪條NS記錄對應(yīng)的DNS服務(wù)器為master
@   IN SOA  master  admin.mxx.com. (
                    6   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
                        NS      master   #指明master的DNS服務(wù)器
                        NS      slave    #指明slave的DNS服務(wù)器，只有指明了才能讓主DNS知道存在從DNS并主動更新從服務(wù)器的區(qū)域數(shù)據(jù)庫
                        MX      20  mail1
                        MX      10  mail2
master                  A       192.168.156.202   #與主服務(wù)器有關(guān)的A記錄
slave.mxx.com.          A       192.168.156.204   #與從服務(wù)器有關(guān)的A記錄
mail1                   A       192.168.156.204
mail2                   A       192.168.156.205
www.mxx.com.            CNAME   websrv.myy.com.
shop.mxx.com.           A    192.168.156.100
ns1.myy.com.            A    192.168.133.1

#啟動DNS服務(wù)
systemctl enable --now named
systemctl disable --now firewalld
setenforce 0

從服務(wù)器配置：

[root@centos8mini ~]# cat /etc/named.conf | grep -E "listen|allow"
    listen-on port 53 { 127.0.0.1; localhost; };
    listen-on-v6 port 53 { ::1; };
    allow-query     { localhost; any; };
    allow-transfer  { none; };  #從服務(wù)器不需要允許任何主機拉取區(qū)域數(shù)據(jù)庫
    
[root@centos8mini ~]# cat /etc/named.rfc1912.zones | grep -A 4 mxx.com
zone "mxx.com" IN {
    type slave;   #指明當前服務(wù)器的類型是從服務(wù)器
    masters { 192.168.156.202; };  #指明當前從服務(wù)器所屬的主服務(wù)器的IP地址
    file "slaves/mxx.slave";  #相對路徑辛臊，當從服務(wù)器向主服務(wù)器獲取到區(qū)域數(shù)據(jù)庫同步時仙粱，自動存放在/var/named/slaves/mxx.slave文件中
};

#啟動DNS服務(wù)
systemctl enable --now named
systemctl disable --now firewalld
setenforce 0

驗證確認

named-checkconf，檢查配置文件是否有錯誤
named-checkzone mxx.com /var/named/mxx.zone彻舰，檢查區(qū)域數(shù)據(jù)庫文件是否有錯誤


[root@centos8mini ~]# nslookup shop.mxx.com
Server:     192.168.156.204
Address:    192.168.156.204#53

Name:   shop.mxx.com
Address: 192.168.156.100

2伐割、搭建并實現(xiàn)智能DNS

`一定要格外注意文件的權(quán)限是不是640和named屬組，否則區(qū)域數(shù)據(jù)無效`

用一臺服務(wù)器模擬

在named.conf里配置acl和view

[root@centos8mini named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// acl要先配置后調(diào)用刃唤，所以配置在最前面
// 配置acl shanghai匹配源地址是shanghai的地址
acl shanghai {
    192.168.156.207;
};

// 配置acl beijing匹配源地址是beijing的地址
acl beijing {
    192.168.156.208;
};

options {
    listen-on port 53 { 127.0.0.1; localhost; };
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file   "/var/named/data/named.secroots";
    recursing-file  "/var/named/data/named.recursing";
    allow-query     { localhost; any;};
    querylog yes;
    // allow-transfer  { 192.168.156.204; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    // dnssec-enable yes;
    // dnssec-validation yes;

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
// 這里注意隔心，所有的zone相關(guān)配置都不能放在named.conf內(nèi)
// 之前有個根域是默認放在這個文件內(nèi)的，現(xiàn)在都要挪到zone配置文件中
// 一旦開啟view尚胞，就只能使用view方式配置zone


// 配置上海和北京的view硬霍，match-clients匹配的是acl
view beijingvw {
    match-clients { beijing; };
   // 匹配到beijing acl的主機，將去查找/etc/named.rfc1912.zone.bj這個zone配置文件和相關(guān)聯(lián)的zone數(shù)據(jù)庫
    include "/etc/named.rfc1912.zones.bj";
};

// shanghai也是一樣的配置
view shanghaivw {
    match-clients { shanghai; };
    include "/etc/named.rfc1912.zones.sh";
};

// 可以補充一個other笼裳，處理兩者都匹配不到的用戶唯卖，比如廣東用戶把DNS指向上海的時候應(yīng)該怎么處理
include "/etc/named.root.key";

zone配置文件的配置

[root@centos8mini named]# cat /etc/named.rfc1912.zones.bj
// 從named.conf中挪過來的根域配置
zone "." IN {
    type hint;
    file "named.ca";
};

// 匹配到beijingvw的用戶訪問的是mxx.com域的話，就會去mxx.zone的zone數(shù)據(jù)庫中查找RR
zone "mxx.com" IN {
    type master;
    file "mxx.zone";
    allow-update { none; };
};

// 上海是一樣的配置方式
[root@centos8mini named]# cat /etc/named.rfc1912.zones.sh
zone "." IN {
    type hint;
    file "named.ca";
};

zone "mxx.com" IN {
    type master;
    file "mxx.zone.sh";
    allow-update { none; };
};

zone數(shù)據(jù)庫的配置

匹配到beijing acl的侍咱，將匹配到/etc/named.rfc1912.zones.bj耐床，將從mxx.zone中查找RR：

[root@centos8mini named]# cat /var/named/mxx.zone
$TTL 1D
@   IN SOA  master  admin.mxx.com. (
                    12  ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
                        NS      master 
                        NS      slave
shanghai                NS      shns1
                        MX      20  mail1
                        MX      10  mail2
shns1                   A       192.168.156.206
master                  A       192.168.156.202
slave.mxx.com.          A       192.168.156.204
mail1                   A       192.168.156.204
mail2                   A       192.168.156.205
www.mxx.com.            CNAME   websrv.myy.com.
// beijing用戶將解析到192.168.156.100的IP
shop.mxx.com.           A    192.168.156.100

[root@centos8mini named]# cat /var/named/mxx.zone.sh
$TTL 1D
@   IN SOA  master  admin.mxx.com. (
                    12  ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
                        NS      master 
                        NS      slave
shanghai                NS      shns1
                        MX      20  mail1
                        MX      10  mail2
shns1                   A       192.168.156.206
master                  A       192.168.156.202
slave.mxx.com.          A       192.168.156.204
mail1                   A       192.168.156.204
mail2                   A       192.168.156.205
www.mxx.com.            CNAME   websrv.myy.com.
// shanghai用戶將解析到192.168.156.206的IP
shop.mxx.com.           A    192.168.156.206

測試結(jié)果

207用戶使用shanghai的DNS：

64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=47 ttl=64 time=0.600 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=48 ttl=64 time=0.542 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=49 ttl=64 time=0.521 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=50 ttl=64 time=0.593 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=51 ttl=64 time=0.526 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=52 ttl=64 time=0.541 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=53 ttl=64 time=0.728 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=54 ttl=64 time=0.568 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=55 ttl=64 time=0.522 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=56 ttl=64 time=0.558 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=57 ttl=64 time=0.584 ms
64 bytes from 192.168.156.206 (192.168.156.206): icmp_seq=58 ttl=64 time=0.494 ms
^C
--- shop.mxx.com ping statistics ---
58 packets transmitted, 58 received, 0% packet loss, time 58379ms
rtt min/avg/max/mdev = 0.408/0.554/0.834/0.080 ms
[root@centos8mini ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.156.207  netmask 255.255.255.0  broadcast 192.168.156.255
        inet6 fe80::ab89:796c:4162:ce44  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c2:ab:b4  txqueuelen 1000  (Ethernet)
        RX packets 10730  bytes 12018084 (11.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2601  bytes 215000 (209.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

beijing用戶使用beijing的dns：

64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=53 ttl=64 time=0.627 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=54 ttl=64 time=0.460 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=55 ttl=64 time=0.528 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=56 ttl=64 time=0.703 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=57 ttl=64 time=0.482 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=58 ttl=64 time=0.512 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=59 ttl=64 time=0.651 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=60 ttl=64 time=0.626 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=61 ttl=64 time=0.596 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=62 ttl=64 time=0.606 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=63 ttl=64 time=0.586 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=64 ttl=64 time=0.493 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=65 ttl=64 time=0.730 ms
64 bytes from 192.168.156.100 (192.168.156.100): icmp_seq=66 ttl=64 time=0.644 ms
^C
--- shop.mxx.com ping statistics ---
66 packets transmitted, 66 received, 0% packet loss, time 66575ms
rtt min/avg/max/mdev = 0.405/0.581/0.730/0.075 ms
[root@centos8mini ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.156.208  netmask 255.255.255.0  broadcast 192.168.156.255
        inet6 fe80::20c:29ff:fe82:d14d  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:82:d1:4d  txqueuelen 1000  (Ethernet)
        RX packets 10621  bytes 11983430 (11.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2986  bytes 243926 (238.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

非上海，非北京的楔脯，由于沒有配置撩轰，所以解析不到任何記錄：

[root@centos6 ~]# dig shop.mxx.com @192.168.156.202

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> shop.mxx.com @192.168.156.202
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 28871
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;shop.mxx.com.          IN  A

;; Query time: 1 msec
;; SERVER: 192.168.156.202#53(192.168.156.202)
;; WHEN: Tue Nov 16 13:07:07 2021
;; MSG SIZE  rcvd: 30

3、使用iptable實現(xiàn): 放行ssh,telnet, ftp, web服務(wù)80端口昧廷，其他端口服務(wù)全部拒絕

#OUTPUT鏈默認允許
iptables -A INPUT -p tcp -m multiport --dports 22,23,80,21 -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -j REJECT

[root@centos8mini ~]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m multiport --dports 22,23,80,21 -m state --state NEW -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable

[root@centos8mini ~]# ss -ntua | grep -E ":20|:21"
tcp   LISTEN     0      9                   0.0.0.0:21            0.0.0.0:*           
tcp   ESTAB      0      0           192.168.156.208:21    192.168.156.207:43336       
tcp   CLOSE-WAIT 1      0           192.168.156.208:21      192.168.156.2:12777       
tcp   TIME-WAIT  0      0           192.168.156.208:20    192.168.156.207:51223       
tcp   LISTEN     0      9                      [::]:21               [::]:*

3堪嫂、NAT原理總結(jié)

局域網(wǎng)客戶端訪問公網(wǎng)：

SNAT：內(nèi)部訪問外部時，將源地址轉(zhuǎn)換為公網(wǎng)地址木柬，外部給內(nèi)部回包時皆串，將目的地址轉(zhuǎn)回原來的源地址；

PAT：多個內(nèi)部主機共享一個公網(wǎng)IP時眉枕，單存靠IP無法區(qū)分多臺內(nèi)網(wǎng)主機恶复，因此額外增加端口號的轉(zhuǎn)換；內(nèi)部主機訪問公網(wǎng)將源地址和源端口同時轉(zhuǎn)換為公網(wǎng)IP和隨機端口速挑；外部給內(nèi)部回包時谤牡，將目的地址和目的端口轉(zhuǎn)回原來記錄的源地址和源端口；

公網(wǎng)訪問內(nèi)網(wǎng)服務(wù)器：

DNAT：將公網(wǎng)IP和端口號如80姥宝，靜態(tài)映射為內(nèi)部主機IP和特定端口翅萤，如8080，Intenret用戶可以直接訪問映射后的公網(wǎng)IP和端口號腊满，因為在防火墻上已經(jīng)建立了靜態(tài)映射套么，因此都會被自動轉(zhuǎn)為內(nèi)網(wǎng)主機的內(nèi)網(wǎng)IP和端口培己，實現(xiàn)將內(nèi)網(wǎng)主機的應(yīng)用發(fā)布到公網(wǎng)的目的；

4胚泌、iptables實現(xiàn)SNAT和DNAT省咨，并對規(guī)則持久保存。

#開啟Linux轉(zhuǎn)發(fā)功能
[root@centos8mini ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1                                                        
[root@centos8mini ~]# sysctl -p
net.ipv4.ip_forward = 1

#源NAT,將內(nèi)部主機IP轉(zhuǎn)為出接口IP
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 ! -d 10.0.0.0/24 -j MASQUERADE

#DNAT诸迟，將外部訪問公網(wǎng)IP的80端口轉(zhuǎn)為內(nèi)網(wǎng)IP的8080端口
iptables -t nat -A PREROUTING -s 0/0 -d 192.168.156.208 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.8:8080

持久保存Iptables規(guī)則配置：

#將本機iptables配置存入/etc/sysconfig/iptables
yum -y install iptables-services
[root@centos8mini ~]# /usr/libexec/iptables/iptables.init save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@centos8mini ~]# 
[root@centos8mini ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.8.4 on Wed Nov 17 21:16:24 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Nov 17 21:16:24 2021
# Generated by iptables-save v1.8.4 on Wed Nov 17 21:16:24 2021
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -d 192.168.156.208/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.8:8080
-A POSTROUTING -s 10.0.0.0/24 ! -d 10.0.0.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Nov 17 21:16:24 2021

[root@centos8mini ~]# systemctl enable --now iptables.service 
Created symlink /etc/systemd/system/multi-user.target.wants/iptables.service → /usr/lib/systemd/system/iptables.service.
[root@centos8mini ~]# 

#重啟后策略依然存在
[root@centos8mini ~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 6 packets, 1291 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.156.208      tcp dpt:80 to:10.0.0.8:8080

Chain INPUT (policy ACCEPT 3 packets, 359 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 41 packets, 3098 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      *       10.0.0.0/24         !10.0.0.0/24         

Chain OUTPUT (policy ACCEPT 41 packets, 3098 bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@centos8mini ~]#

最后編輯于：2021.11.17 21:39:20

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者

人面猴
序言：七十年代末茸炒，一起剝皮案震驚了整個濱河市，隨后出現(xiàn)的幾起案子阵苇，更是在濱河造成了極大的恐慌壁公，老刑警劉巖，帶你破解...
沈念sama閱讀 211,123評論 6贊 490
死咒
序言：濱河連續(xù)發(fā)生了三起死亡事件绅项，死亡現(xiàn)場離奇詭異紊册，居然都是意外死亡，警方通過查閱死者的電腦和手機快耿，發(fā)現(xiàn)死者居然都...
沈念sama閱讀 90,031評論 2贊 384
救了他兩次的神仙讓他今天三更去死
文/潘曉璐我一進店門囊陡，熙熙樓的掌柜王于貴愁眉苦臉地迎上來，“玉大人掀亥，你說我怎么就攤上這事撞反。” “怎么了搪花？”我有些...
開封第一講書人閱讀 156,723評論 0贊 345
道士緝兇錄：失蹤的賣姜人
文/不壞的土叔我叫張陵遏片，是天一觀的道長。經(jīng)常有香客問我撮竿，道長吮便，這世上最難降的妖魔是什么？我笑而不...
開封第一講書人閱讀 56,357評論 1贊 283
?港島之戀（遺憾婚禮）
正文為了忘掉前任幢踏，我火速辦了婚禮髓需，結(jié)果婚禮上，老公的妹妹穿的比我還像新娘房蝉。我一直安慰自己僚匆，他們只是感情好，可當我...
茶點故事閱讀 65,412評論 5贊 384
惡毒庶女頂嫁案：這布局不是一般人想出來的
文/花漫我一把揭開白布搭幻。她就那樣靜靜地躺著白热，像睡著了一般。火紅的嫁衣襯著肌膚如雪粗卜。梳的紋絲不亂的頭發(fā)上，一...
開封第一講書人閱讀 49,760評論 1贊 289
城市分裂傳說
那天纳击，我揣著相機與錄音续扔，去河邊找鬼攻臀。笑死，一個胖子當著我的面吹牛纱昧，可吹牛的內(nèi)容都是我干的刨啸。我是一名探鬼主播，決...
沈念sama閱讀 38,904評論 3贊 405
雙鴛鴦連環(huán)套：你想象不到人心有多黑
文/蒼蘭香墨我猛地睜開眼识脆，長吁一口氣：“原來是場噩夢啊……” “哼设联！你這毒婦竟也來了？” 一聲冷哼從身側(cè)響起灼捂，我...
開封第一講書人閱讀 37,672評論 0贊 266
萬榮殺人案實錄
序言：老撾萬榮一對情侶失蹤离例，失蹤者是張志新（化名）和其女友劉穎，沒想到半個月后悉稠，有當?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體宫蛆，經(jīng)...
沈念sama閱讀 44,118評論 1贊 303
?護林員之死
正文獨居荒郊野嶺守林人離奇死亡，尸身上長有42處帶血的膿包…… 初始之章·張勛以下內(nèi)容為張勛視角年9月15日...
茶點故事閱讀 36,456評論 2贊 325
?白月光啟示錄
正文我和宋清朗相戀三年的猛，在試婚紗的時候發(fā)現(xiàn)自己被綠了耀盗。大學(xué)時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片。...
茶點故事閱讀 38,599評論 1贊 340
活死人
序言：一個原本活蹦亂跳的男人離奇死亡卦尊，死狀恐怖叛拷，靈堂內(nèi)的尸體忽然破棺而出，到底是詐尸還是另有隱情岂却，我是刑警寧澤忿薇，帶...
沈念sama閱讀 34,264評論 4贊 328
?日本核電站爆炸內(nèi)幕
正文年R本政府宣布，位于F島的核電站淌友，受9級特大地震影響煌恢，放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜震庭，卻給世界環(huán)境...
茶點故事閱讀 39,857評論 3贊 312
男人毒藥：我在死后第九天來索命
文/蒙蒙一瑰抵、第九天我趴在偏房一處隱蔽的房頂上張望。院中可真熱鬧器联，春花似錦二汛、人聲如沸。這莊子的主人今日做“春日...
開封第一講書人閱讀 30,731評論 0贊 21
一樁弒父案肴颊，背后竟有這般陰謀
文/蒼蘭香墨我抬頭看了看天上的太陽。三九已至渣磷，卻和暖如春婿着，著一層夾襖步出監(jiān)牢的瞬間，已是汗流浹背。一陣腳步聲響...
開封第一講書人閱讀 31,956評論 1贊 264
情欲美人皮
我被黑心中介騙來泰國打工竟宋，沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留提完，地道東北人。一個月前我還...
沈念sama閱讀 46,286評論 2贊 360
代替公主和親
正文我出身青樓丘侠，卻偏偏與公主長得像徒欣，于是被迫代替她去往敵國和親。傳聞我的和親對象是個殘疾皇子蜗字，可洞房花燭夜當晚...
茶點故事閱讀 43,465評論 2贊 348