高速缓存DNS
来源:互联网 发布:顶级域名证书合法吗 编辑:程序博客网 时间:2024/05/29 05:00
-----------unit3 高速缓存DNS--------
权威名称服务器
存储并提供某区域 ( 整个 DNS 域或 DNS 域的一部分 ) 的实际数据。
非权威 / 递归名称服务器
客户端通过其查找来自权威名称服务器的数据。
DNS 查找:
客户端上的 Stub 解析器 将查询发送至 /etc/resolv.conf 中的名称服务器,如果名称服务器对于请求的信息具有权威性 , 会将权威答案发送至客户端。否则 , 如果名称服务器在其缓存中有请求的信息 , 则会将非权威答案发送至客户端。如果缓存只能该没有信息 , 名称服务器将搜索权威名称服务器以查找信息 , 从根区域开始 , 按照DNS 层次结构向下搜素 , 直至对于信息具有权威性的名称服务器 , 以此为客户端获得答案。
DNS 资源记录:
DNS 区域采用资源记录的形式存储信息。每条资源记录均具有一个类型 , 表明其保留的数据类型。
– A : 名称至 IPv4 地址
– AAAA : 名称至 IPv6 地址
– CNAME : 名称至 ” 规范名称 “ ( 包含 A/AAAA 记录的另一个名称 )
– PTR : IPv4/IPv6 地址至名称
– MX : 用于名称的邮件交换器 ( 向何处发送其电子邮件 )
– NS : 域名的名称服务器
– SOA :” 授权起始 “ , DNS 区域的信息 ( 管理信息)
DNS 排错:它显示来自 DNS 查找的详细信息 , 其中包括为什么查询失败 。
– NOERROR : 查询成功
– NXDOMAIN : DNS 服务器提示不存在这样的名称
– SERVFAIL : DNS 服务器停机或 DNSSEC 响应验证失败
– REFUSED : DNS 服务器拒绝回答 ( 也许是出于访问控制原因)
– 底部的注释指出发送查询的递归名称服务器以及获得响应所花费的时间
BIND 是最广泛使用的开源名称服务器,在 RHEL 中 , 通过 bind 软件包提供。
防火墙开启端口 53/TCP 和 53/UDP
BIND 的主配置文件是 /etc/named.conf;/var/named 目录包含名称服务器所使用的其他数据文件
www.westos.org/etc/named.conf 的语法:
// 或 # 至行末尾是注释 ;/* 与 */ 之间的文本也是注释 ( 可以跨越多行);指令以分号结束 (;)
文件以 options 块开始 , 其中包含控制 named如何运作的指令;
zone 块控制 named 如何查对于其具有权威性的根名称服务器和区域;
www.westos.org一些重要的 options 指令:
listen-on 控制 named 侦听的 IPv4 地址
listen-on-v6 控制 named 侦听的 IPv6 地址
allow-query 控制哪些客户端可以向 DNS 服务器询问信息
forwarders 包含 DNS 查询将转发至的名称服务器的列表
正向解析之前的配置
server端:
Loaded plugins: langpacks
=============================== N/S matched: dns ===============================
dnsmasq.x86_64 : A lightweight DHCP/caching DNS server
dnssec-trigger.x86_64 : NetworkManager plugin to update/reconfigure DNSSEC
: resolving
kdenetwork-kdnssd.x86_64 : Kdnssd
ldns.i686 : Low-level DNS(SEC) library with API
ldns.x86_64 : Low-level DNS(SEC) library with API
perl-Net-DNS.x86_64 : DNS resolver modules for Perl
python-dns.noarch : DNS toolkit for Python
bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System)
: server
bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS server,
: named(8)
bind-libs.i686 : Libraries used by the BIND DNS packages
bind-libs.x86_64 : Libraries used by the BIND DNS packages
bind-libs-lite.i686 : Libraries for working with the DNS protocol
bind-libs-lite.x86_64 : Libraries for working with the DNS protocol
bind-license.noarch : License of the BIND DNS suite
bind-utils.x86_64 : Utilities for querying DNS name servers
c-ares.i686 : A library that performs asynchronous DNS operations
c-ares.x86_64 : A library that performs asynchronous DNS operations
seahorse-sharing.x86_64 : Sharing of PGP public keys via DNS-SD and HKP
unbound.x86_64 : Validating, recursive, and caching DNS(SEC) resolver
Name and summary matches only, use "search all" for everything.
[root@dns-server ~]# yum install bind.x86_64 -y #####安装软件,获取dns服务
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-14.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bind x86_64 32:9.9.4-14.el7 rhel_dvd 1.8 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Downloading packages:
bind-9.9.4-14.el7.x86_64.rpm | 1.8 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-9.9.4-14.el7.x86_64 1/1
Verifying : 32:bind-9.9.4-14.el7.x86_64 1/1
Installed:
bind.x86_64 32:9.9.4-14.el7
Complete!
[root@dns-server ~]# systemctl stop firewalld #####关闭防火墙
[root@dns-server ~]# ll /etc/rndc.key
ls: cannot access /etc/rndc.key: No such file or directory
[root@dns-server ~]# systemctl start named ########在server端随意键入字符,可成功开启服务
[root@dns-server ~]# ll /etc/rndc.key
-rw-r-----. 1 root named 77 May 5 22:08 /etc/rndc.key
[root@dns-server ~]# cat /etc/rndc.key ######查看生成的加密字符
key "rndc-key" {
algorithm hmac-md5;
secret "89orT5ew6j3yLOu6fKQjag==";
};
[root@dns-server ~]# vim /etc/named.conf #######修改配置文件
options {
listen-on port 53 { any; }; #####允许所有人访问53端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #####访问权限修改,允许其他用户访问本机
forwarders { 172.25.254.250; }; ######向上询问250
[root@dns-server ~]# systemctl restart named ####修改主配置文件后,重启服务
[root@dns-server ~]# dig www.baidu.com #######服务器端访问
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53462
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 137 IN CNAME www.a.shifen.com. ####内网域名
www.a.shifen.com. 61 IN A 183.232.231.172
www.a.shifen.com. 61 IN A 183.232.231.173
;; AUTHORITY SECTION:
. 512980 IN NS e.root-servers.net.
. 512980 IN NS d.root-servers.net.
. 512980 IN NS i.root-servers.net.
. 512980 IN NS g.root-servers.net.
. 512980 IN NS b.root-servers.net.
. 512980 IN NS c.root-servers.net.
. 512980 IN NS j.root-servers.net.
. 512980 IN NS a.root-servers.net.
. 512980 IN NS h.root-servers.net.
. 512980 IN NS f.root-servers.net.
. 512980 IN NS l.root-servers.net.
. 512980 IN NS k.root-servers.net.
. 512980 IN NS m.root-servers.net.
;; Query time: 14 msec ####连接访问到用时14s
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri May 05 22:21:04 EDT 2017
;; MSG SIZE rcvd: 312
[root@dns-client ~]# vim /etc/resolv.conf #####修改配置文件
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.242 #####添加服务器地址
[root@dns-client ~]# dig www.baidu.com #####客户端访问baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5872
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1052 IN CNAME www.a.shifen.com. ###内网域名
www.a.shifen.com. 47 IN A 183.232.231.173
www.a.shifen.com. 47 IN A 183.232.231.172
;; AUTHORITY SECTION:
. 512659 IN NS h.root-servers.net.
. 512659 IN NS c.root-servers.net.
. 512659 IN NS k.root-servers.net.
. 512659 IN NS j.root-servers.net.
. 512659 IN NS i.root-servers.net.
. 512659 IN NS m.root-servers.net.
. 512659 IN NS e.root-servers.net.
. 512659 IN NS l.root-servers.net.
. 512659 IN NS g.root-servers.net.
. 512659 IN NS b.root-servers.net.
. 512659 IN NS a.root-servers.net.
. 512659 IN NS f.root-servers.net.
. 512659 IN NS d.root-servers.net.
;; Query time: 0 msec ######高速缓存成功,访问很快
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Fri May 05 22:26:25 EDT 2017
;; MSG SIZE rcvd: 312
1.配置正向解析:
server端:
[root@dns-server ~]# vim /etc/named.conf ######修改配置文件
listen-on port 53 { any; }; ####允许所有人访问53端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #####访问权限修改
[root@dns-server ~]# vim /etc/named.rfc1912.zones
zone "westos.com" IN { #####指定维护域名
type master;
file "westos.com.zone"; ####指定A记录文件名
allow-update { none; };
};
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# pwd
/var/named
[root@dns-server named]# ll
total 16
drwxrwx---. 2 named named 22 May 5 22:08 data
drwxrwx---. 2 named named 30 May 5 22:16 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
[root@dns-server named]# cp -p named.localhost westos.com.zone ####复制模板,加-p不忽略权限复制
[root@dns-server named]# vim westos.com.zone ####编辑dns表
$TTL 1D #####一天之内生效可访问
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com. ####指定dns主机
dns A 172.25.254.242 ######指定dns主机的ip,服务器的A记录
www A 172.25.254.142 ######要添加的A记录
注:
@ 表示westos.com; dns.westos.com自域名 ; root.westos.com维护用户 ; dns后不加. 自动补上westos.com
[root@dns-server named]# systemctl restart named ######重启服务使修改生效
client端:
[root@dns-client ~]# dig www.westos.com #######查看dns解析
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@dns-client ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.142
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.242
;; Query time: 0 msec
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Fri May 05 23:05:04 EDT 2017
;; MSG SIZE rcvd: 93
2.dns的规范域名和邮件域名解析
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.242
www A 172.25.254.142
music CNAME music.a.westos.com. ####用户可通过定义的CNAME记录中的别名来访问,定义了music.a的规范域名名称为music
music.a A 172.25.254.111 #####内网域名解析
music.a A 172.25.254.222 #####内网域名解析
westos.com. MX 1 172.25.254.242. ####向何处发送电子邮件
[root@dns-server named]# systemctl restart named
[root@dns-client ~]# dig music.westos.com ####连接到music.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> music.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 128
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;music.westos.com. IN A
;; ANSWER SECTION:
music.westos.com. 86400 IN CNAME music.a.westos.com.
music.a.westos.com. 86400 IN A 172.25.254.111
music.a.westos.com. 86400 IN A 172.25.254.222
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.242
;; Query time: 0 msec
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Fri May 05 23:29:48 EDT 2017
;; MSG SIZE rcvd: 133
[root@dns-client ~]# dig -t mx westos.com #####用于名称邮件交换器(向何处发送邮件)
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60389
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.242.
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.242
;; Query time: 0 msec
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Fri May 05 23:31:11 EDT 2017
;; MSG SIZE rcvd: 103
在虚拟机控制台添加网卡eth1,配置两块网卡
3.多项解析dns服务器:(不同网段的客户机解析出的IP也不同)
server端:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.242 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:2a0b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:2a:0b txqueuelen 1000 (Ethernet)
RX packets 481594 bytes 701863532 (669.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 241799 bytes 16448758 (15.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:4c:48:8a txqueuelen 1000 (Ethernet)
RX packets 74 bytes 10223 (9.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@dns-server named]# cd /etc/sysconfig/network-scripts/
[root@dns-server network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@dns-server network-scripts]# vim ifcfg-eth1 #####修改eth1的ip,设置一个不同网段的ip172.25.42.100
DEVICE=eth1
BOOTPROTO=none
IPADDR=172.25.42.100
[root@dns-server network-scripts]# systemctl restart network ######重启网络
[root@dns-server network-scripts]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.242 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:2a0b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:2a:0b txqueuelen 1000 (Ethernet)
RX packets 484293 bytes 702193867 (669.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 242330 bytes 16523516 (15.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.42.100 netmask 255.255.255.0 broadcast 172.25.42.255
inet6 fe80::5054:ff:fe4c:488a prefixlen 64 scopeid 0x20<link>
ether 52:54:00:4c:48:8a txqueuelen 1000 (Ethernet)
RX packets 2054 bytes 280893 (274.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 29 bytes 4149 (4.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 734 bytes 67493 (65.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 734 bytes 67493 (65.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# cp -p westos.com.zone westos.com.inter ######将原来配置文件生成一份
[root@dns-server named]# vim westos.com.inter #######编辑westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.44.242
www A 172.25.44.142
music CNAME music.a.westos.com.
music.a A 172.25.44.111
music.a A 172.25.44.222
westos.com. MX 1 172.25.44.242
[root@dns-server named]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p
[root@dns-server named]# vim /etc/named.rfc1912.inter #######编辑配置文件
zone "westos.com" IN {
type master;
file "westos.com.inter";
allow-update { none; };
};
[root@dns-server named]# cd
[root@dns-server ~]# vim /etc/named.conf ######编辑主配置文件
/*
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/ #####用/* */将之前的配置注释掉
view localnet {
match-clients {172.25.254.0/24;}; ####匹配254网段
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones"; ####匹配254网段的客户端去查看.zones文件,相应去看所维护域名的A记录
};
view internet {
match-clients {172.25.42.0/24;}; #####匹配42网段
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter"; ####匹配42网段的客户端去查看.inter文件,相应去看所维护域名的A记录
};
client端:
配置客户端网址为:172.25.254.142
[root@dns-client ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.242 #####dns主机ip
[root@dns-client ~]# dig www.westos.com ####测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62420
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.142
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.242
配置客户端网址为 172.25.42.200
[root@dns-client ~]# vim /etc/resolv.conf
Generated by NetworkManager
search westos.com
nameserver 172.25.42.100 ###dns主机ip
[root@dns-client ~]# dig www.westos.com ####测试
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62420
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.42.142
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.42.100
4.配置反向解析
[root@dns-server ~]# vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN { #####172.25.254网段的反向域名解析
type master;
file "westos.com.ptr"; #####指定A记录文件名
allow-update { none; };
};
[root@dns-server ~]# cp -p /var/named/named.loopback /var/named/westos.com.ptr
[root@dns-server ~]# vim /var/named/westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.242
111 PTR www.westos.com. #####反向域名解析对应ip
222 PTR bbs.westos.com. #####反向域名解析对应ip
[root@dns-server ~]# systemctl restart named
client端:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23583
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR www.westos.com. #####反向解析到host
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.242
;; Query time: 0 msec
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Sat May 06 03:39:43 EDT 2017
;; MSG SIZE rcvd: 118
[root@dns-client ~]# dig -x 172.25.254.222
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24131
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
222.254.25.172.in-addr.arpa. 86400 IN PTR bbs.westos.com. #####反向解析到host
;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.242
;; Query time: 0 msec
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Sat May 06 03:40:01 EDT 2017
;; MSG SIZE rcvd: 118
5.DNS更新
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# ls
data named.ca named.localhost slaves westos.com.ptr
dynamic named.empty named.loopback westos.com.inter westos.com.zone
[root@dns-server named]# cp westos.com.zone /mnt #####文件备份
[root@dns-server named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.142; }; #####允许142上传dns更新
};
[root@dns-server named]# chmod 770 /var/named #####加权限
[root@dns-server named]# setsebool -P named_write_master_zones 1 ####更改selinux布尔值
[root@dns-server named]# systemctl restart named
client端:
[root@dns-client ~]# nsupdate> server 172.25.254.242
> update add hello.westos.com 86400 A 172.25.254.222 ####添加hello.westos.com的域名解析
> send
> #####上传dns成功
server端:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62420
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.222
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.242
;; Query time: 0 msec
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Sat May 06 04:07:01 EDT 2017
;; MSG SIZE rcvd: 95
client端:
[root@dns-client ~]# nsupdate
> update delete hello.westos.com
> send ######删除上传
server端:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41879
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A
;; AUTHORITY SECTION:
westos.com. 10800 IN SOA dns.westos.com. root.westos.com. 2 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Sat May 06 04:08:12 EDT 2017
;; MSG SIZE rcvd: 90
[root@dns-server named]# systemctl restart named ######重启服务
[root@dns-server named]# vim westos.com.zone ######查看文件,已经被修改
$ORIGIN .
$TTL 86400 ; 1 day
westos.com IN SOA dns.westos.com. root.westos.com. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
MX 1 172.25.254.242.
$ORIGIN westos.com.
music.a A 172.25.254.111
A 172.25.254.222
dns A 172.25.254.242
hello A 172.25.254.222
music CNAME music.a
www A 172.25.254.142
[root@dns-server named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter westos.com.zone.jnl
named.ca named.loopback westos.com.ptr
[root@dns-server named]# rm -fr westos.com.zone westos.com.zone.jnl ######删除以及相关日志
[root@dns-server named]# cp -p /mnt/westos.com.zone . #######复制之前备份文件
[root@dns-server named]# ls -l
total 32
drwxrwx---. 2 named named 22 May 5 22:08 data
drwxrwx---. 2 named named 4096 May 6 03:57 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 2014 slaves
-rw-r-----. 1 root named 363 May 6 02:30 westos.com.inter
-rw-r-----. 1 root named 236 May 6 03:35 westos.com.ptr
-rw-r-----. 1 root root 368 May 6 03:53 westos.com.zone
[root@dns-server named]# systemctl restart named
[root@dns-server named]# vim westos.com.zone ######查看文件,恢复到之前
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.242
www A 172.25.254.142
music CNAME music.a.westos.com.
music.a A 172.25.254.111
music.a A 172.25.254.222
westos.com. MX 1 172.25.254.242.
6.更新dns加密
[root@dns-server named]# cd /mnt/
[root@dns-server mnt]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "89orT5ew6j3yLOu6fKQjag==";
};
[root@dns-server mnt]# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST westoskey ######建立加密文件,-a表示加密类型,-b表示加密字符大小,-n表示加密文件名称
Kwestoskey.+157+32989
[root@dns-server mnt]# ls
Kwestoskey.+157+32989.key Kwestoskey.+157+32989.private westos.com.zone
[root@dns-server mnt]# cat Kwestoskey.+157+32989.private ####查看私钥
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: ZZCVPBvK4nen97J0o8gqTQ0Qs+Y2+7FfTd4C2MW+meg= ######生成的钥匙
Bits: AAA=
Created: 20170506084802
Publish: 20170506084802
Activate: 20170506084802
[root@dns-server mnt]# cp -p /etc/rndc.key /etc/westos.key #####复制规范密钥文件为模板
[root@dns-server mnt]# vim /etc/westos.key #####编辑密钥文件
key "westoskey" {
algorithm hmac-md5;
secret "ZZCVPBvK4nen97J0o8gqTQ0Qs+Y2+7FfTd4C2MW+meg=";
};
[root@dns-server named]# vim /etc/named.conf
include "/etc/westos.key"; #######密钥文件包含到配置文件里
[root@dns-server named]# vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { key westoskey; }; ####允许使用密钥更新
[root@dns-server named]# scp Kwestoskey.+157+32989.* root@172.25.254.142:/mnt/ #######传送钥匙到客户端
client端:
[root@dns-client mnt]# nsupdate -k /mnt/Kwestoskey.+157+32989.private
> server 172.25.254.242> update add hello.westos.com 86400 A 172.25.254.111
> send
> #####使用密钥,上传成功
7.动态域名解析:在dhcp服务动态分配地址时,同时上传到服务器的dns表中,实现同步
实验准备:删除/var/named/westos.com.zone 和/var/named/westos.com.zone.jnl文件
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 136 kB 00:00
(2/2): rhel_dvd/primary_db | 3.6 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package dhcp.x86_64 12:4.2.5-42.el7 will be installed
--> Processing Dependency: dhcp-common = 12:4.2.5-42.el7 for package: 12:dhcp-4.2.5-42.el7.x86_64
--> Processing Dependency: dhcp-libs(x86-64) = 12:4.2.5-42.el7 for package: 12:dhcp-4.2.5-42.el7.x86_64
--> Running transaction check
---> Package dhcp-common.x86_64 12:4.2.5-27.el7 will be updated
--> Processing Dependency: dhcp-common = 12:4.2.5-27.el7 for package: 12:dhclient-4.2.5-27.el7.x86_64
---> Package dhcp-common.x86_64 12:4.2.5-42.el7 will be an update
---> Package dhcp-libs.x86_64 12:4.2.5-27.el7 will be updated
---> Package dhcp-libs.x86_64 12:4.2.5-42.el7 will be an update
--> Running transaction check
---> Package dhclient.x86_64 12:4.2.5-27.el7 will be updated
---> Package dhclient.x86_64 12:4.2.5-42.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
dhcp x86_64 12:4.2.5-42.el7 rhel_dvd 511 k
Updating for dependencies:
dhclient x86_64 12:4.2.5-42.el7 rhel_dvd 279 k
dhcp-common x86_64 12:4.2.5-42.el7 rhel_dvd 172 k
dhcp-libs x86_64 12:4.2.5-42.el7 rhel_dvd 128 k
Transaction Summary
================================================================================
Install 1 Package
Upgrade ( 3 Dependent packages)
Total download size: 1.1 M
Downloading packages:
No Presto metadata available for rhel_dvd
(1/4): dhclient-4.2.5-42.el7.x86_64.rpm | 279 kB 00:00
(2/4): dhcp-4.2.5-42.el7.x86_64.rpm | 511 kB 00:00
(3/4): dhcp-common-4.2.5-42.el7.x86_64.rpm | 172 kB 00:00
(4/4): dhcp-libs-4.2.5-42.el7.x86_64.rpm | 128 kB 00:00
--------------------------------------------------------------------------------
Total 5.6 MB/s | 1.1 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 12:dhcp-libs-4.2.5-42.el7.x86_64 1/7
Updating : 12:dhcp-common-4.2.5-42.el7.x86_64 2/7
Installing : 12:dhcp-4.2.5-42.el7.x86_64 3/7
Updating : 12:dhclient-4.2.5-42.el7.x86_64 4/7
Cleanup : 12:dhclient-4.2.5-27.el7.x86_64 5/7
Cleanup : 12:dhcp-common-4.2.5-27.el7.x86_64 6/7
Cleanup : 12:dhcp-libs-4.2.5-27.el7.x86_64 7/7
Verifying : 12:dhcp-common-4.2.5-42.el7.x86_64 1/7
Verifying : 12:dhcp-4.2.5-42.el7.x86_64 2/7
Verifying : 12:dhclient-4.2.5-42.el7.x86_64 3/7
Verifying : 12:dhcp-libs-4.2.5-42.el7.x86_64 4/7
Verifying : 12:dhcp-common-4.2.5-27.el7.x86_64 5/7
Verifying : 12:dhcp-libs-4.2.5-27.el7.x86_64 6/7
Verifying : 12:dhclient-4.2.5-27.el7.x86_64 7/7
Installed:
dhcp.x86_64 12:4.2.5-42.el7
Dependency Updated:
dhclient.x86_64 12:4.2.5-42.el7 dhcp-common.x86_64 12:4.2.5-42.el7
dhcp-libs.x86_64 12:4.2.5-42.el7
Complete!
[root@dns-server ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[root@dns-server ~]# vim /etc/dhcp/dhcpd.conf ####编辑主配置文件
7 option domain-name "westos.com"; ######维护域名
8 option domain-name-servers 172.25.254.242; #######dns服务器ip
14 ddns-update-style interim; #####允许通过钥匙更新dns
30 subnet 172.25.254.0 netmask 255.255.255.0 { ####设置网段
31 range 172.25.254.188 172.25.254.199; #####可获取ip段
32 option routers 172.25.254.250; ######网关
33 }
34 key westoskey { #####密钥文件
35 algorithm hmac-md5;
36 secret ZZCVPBvK4nen97J0o8gqTQ0Qs+Y2+7FfTd4C2MW+meg=;
37 };
38
39 zone westos.com {
40 primary 127.0.0.1; ####回送地址,即本机地址
41 key westoskey;
42 }
client:
[root@dns-client ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 ######设置动态获取ip
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
[root@dns-client ~]# systemctl restart network ######重启网络
[root@dns-client ~]# dig test.westos.com #####得到dhcp分配的ip
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> test.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62420
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.westos.com. IN A
;; ANSWER SECTION:
test.westos.com. 300 IN A 172.25.254.188
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.242
;; Query time: 0 msec
;; SERVER: 172.25.254.242#53(172.25.254.242)
;; WHEN: Sat May 06 04:07:01 EDT 2017
;; MSG SIZE rcvd: 95
- dns高速缓存
- 高速缓存DNS
- 高速缓存DNS
- 高速缓存DNS
- 高速缓存DNS
- 高速缓存dns
- 高速缓存DNS
- 高速缓存dns
- DNS高速缓存服务器
- 高速缓存区dns
- Linux系统DNS高速缓存
- linux的dns高速缓存
- dns高速缓存服务器
- 手动清空DNS高速缓存
- linux基础3.3高速缓存DNS
- 高速缓存服务器——dns
- Linux——高速缓存dns
- Linux——dns高速缓存
- hrbust mengxiang000000 题册
- linux下安装nginx
- SQL查询语句例题
- 4~5月总结---杭州PAT天梯-ACM山东省赛-ACM总结
- Java 学习笔记6-访问权限控制
- 高速缓存DNS
- windows10下alexnet模型训练步骤
- IE条件注释学习记录
- 170509 汇编-断点
- 蓝桥杯-K好数(java)
- G480BIOS刷新升级
- OpenGL学习笔记(七)
- bootstrap的两种模态框
- python-函数装饰器的使用-25
