高速缓存

时间:2024-04-06 22:58:47
高速缓存

一、高速缓存服务配置
 
 1.服务端安装高速缓存服务 yum install bind -y

 2.服务端开启高速缓存服务 systemctl start named

高速缓存

  注意:开启服务时,会因为加密字符不够,无法正常开启;敲击键盘或移动鼠标即可

[[email protected] ~]# systemctl start named

高速缓存

wqedwdsacdsvfewfcdscdwfcewqcdcewfcwedscdsvfd bs iubgdwibvcgwtficywi8bdbogciuwdskjcnkcnclkndlcndvccewfefwcdsvcewcdfcdscdsdvevfdvcd[[email protected] ~]# wqedwdsacdstficywi8bdbogciuwdskjcnkcnclkndlcndvccewfefwcdsvcewcdfcdscdsdvevfdvcd^C
  正常开启后生成文件 /etc/rndc.key
[[email protected] ~]# ll /etc/rndc.key
-rw-r----- 1 root named 77 Apr 25 03:02 /etc/rndc.key

 3.客户端修改DNS配置文件  /etc/resolv.conf
  1 # Generated by NetworkManager
  2 search ilt.example.com example.com

  3 nameserver 172.25.254.250

高速缓存


 4.当服务端只允许53接口回环使用时  ##防火墙关闭  /etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };

   客户端无法访问
[[email protected] ~]# dig www.qq.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.qq.com
;; global options: +cmd
;; connection timed out; no servers could be reached

 5.当服务端53接口共享,但只允许本地用户访问时
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };

   客户端访问被拒绝
[[email protected] ~]# dig www.qq.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 53598

 6.当服务端不能解析域名时
 [[email protected] ~]# dig www.qq.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63026
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1  

 7.服务端配置ok时
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

        forwarders  {172.25.254.77;};

高速缓存


  客户端实验
[[email protected] ~]# dig www.qq.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59247
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; Query time: 0 msec
;; SERVER: 172.25.254.108#53(172.25.254.108)
;; WHEN: Wed Apr 25 15:13:13 CST 2018
;; MSG SIZE  rcvd: 39

二、本地正向解析配置

 1.修改dns解析地址  /etc/resolv.conf
# Generated by NetworkManager
search ilt.example.com

nameserver  172.25.254.108

高速缓存


 2.修改named服务配置文件,改为本地解析  /etc/named.conf
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

 3.修改配置文件  /etc/named.rfc1912.zones

高速缓存

zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { none; };

};

高速缓存


 4.新建文件   ##在/var/named目录下

   cp -p named.localhost  westos.com.zone

高速缓存

   修改文件

高速缓存

$TTL 1D
@       IN SOA  @ root.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.177
hello   A       172.25.254.150
hi      A       172.25.254.151
 
 5.本机测试:
    dig hello.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49145
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com.        IN    A

;; ANSWER SECTION:
hello.westos.com.    86400    IN    A    172.25.254.150

;; AUTHORITY SECTION:
westos.com.        86400    IN    NS    dns.westos.com.

;; ADDITIONAL SECTION:

dns.westos.com.        86400    IN    A    172.25.254.177

高速缓存


三、本地反向解析配置

 1.修改dns解析地址  /etc/resolv.conf

高速缓存


 2.修改named服务配置文件,改为本地解析  /etc/named.conf

 3.修改配置文件  /etc/named.rfc1912.zones

高速缓存

高速缓存


zone "254.25.172.in-addr.arpa" IN {
        type master;
        file "westos.com.ptr";
        allow-update { none; };
};
 
 4.新建文件   ##在/var/named目录下

   cp -p named.loopback  westos.com.prt


   修改文件
$TTL 1D
@       IN SOA  @ root.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.177
111     PTR     test.westos.com.

112     PTR     hello.westos.com.

高速缓存

 
 5.本机测试:
   dig -x 172.25.254.111
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3189
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN    PTR    test.westos.com.

;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400    IN    NS    dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.        86400    IN    A    172.25.254.177

 注意:本地(正向/反向)解析时,若named配置文件找不到该域名/IP地址,会访问失败
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18925
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.254.25.172.in-addr.arpa.    IN    PTR


四、dns解析设置

轮询式域名解析
 1.修改配置文件 westos.com.zone   ##在/var/named目录下
$TTL 1D
@       IN SOA  @ root.westos.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.108
hello   CNAME   www
www     A       172.25.254.111
www     A       172.25.254.122

 2.本地解析时,域名解析出现轮询式
  dig hello.westos.com

;; ANSWER SECTION:
hello.westos.com.    86400    IN    CNAME    www.westos.com.
www.westos.com.        86400    IN    A    172.25.254.111
www.westos.com.        86400    IN    A    172.25.254.122


;; ANSWER SECTION:
hello.westos.com.    86400    IN    CNAME    www.westos.com.
www.westos.com.        86400    IN    A    172.25.254.122
www.westos.com.        86400    IN    A    172.25.254.111

辅助主机解析
 1.辅助主机配置yum源,安装bind,打开named服务
 
 2.辅助主机修改DNS配置文件  ##本地
# Generated by NetworkManager
search example.com
nameserver  172.25.254.208
 
 3.辅助主机修改配置文件 /etc/named.rfc1912.zones
zone "westos.com" IN {
        type slave;
        masters {172.25.254.108;};
        file "slaves/westos.com.zone";
        allow-update { none; };
};

 4.本地主机修改配置文件
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { none; };
        allow-transfer {172.25.254.208;};       ##允许208主机同步
        also-notify {172.25.254.208;};          ##当文件变更时,通知208主机
};

 5.本地主机修改文件westos.com.zone
$TTL 1D
@       IN SOA  @ root.westos.com. (
                                        042601  ; serial        ##最后一次修改时间
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       172.25.254.108
hello   CNAME   www
www     A       172.25.254.101
www     A       172.25.254.102

 6.本地主机重启named服务,dig hello.westos.com
;; ANSWER SECTION:
hello.westos.com.    86400    IN    CNAME    www.westos.com.
www.westos.com.        86400    IN    A    172.25.254.101
www.westos.com.        86400    IN    A    172.25.254.102

   辅助主机重启named服务,dig hello.westos.com
;; ANSWER SECTION:
hello.westos.com.    86400    IN    CNAME    www.westos.com.
www.westos.com.        86400    IN    A    172.25.254.101
www.westos.com.        86400    IN    A    172.25.254.102

双向域名解析
其他主机
   DNS域名解析文件 /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver  172.25.254.108
 
本地主机
 1.新建文件  ##在目录 /var/named
  cp -p westos.com.zone westos.com.inter
   修改IP地址
$TTL 1D
@       IN SOA  @ root.westos.com. (
                                        042601  ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.com.
dns     A       192.168.0.108
hello   CNAME   www
www     A       192.168.0.101
www     A       192.168.0.102
     
 2.新建配置文件
  cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
  修改zones
zone "westos.com" IN {
        type master;
        file "westos.com.inter";
        allow-update { none; };
        allow-transfer {172.25.254.208;};
        also-notify {172.25.254.208;};
};

 3.修改主配置文件   ##/etc/named.conf
  注释原来的zone
/*
zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*/
  新增本地(local)域名解析和其他主机(any)域名解析
view    localnet {
        match-clients{172.25.254.108;};
        zone "." IN {
        type hint;
        file "named.ca";
       };
      include "/etc/named.rfc1912.zones";
};

view    anynet {
        match-clients{any;};
        zone "." IN {
        type hint;
        file "named.ca";
       };
      include "/etc/named.rfc1912.inter";
};

 4.重启named服务后实验
  本地域名解析时
;; ANSWER SECTION:
hello.westos.com.    86400    IN    CNAME    www.westos.com.
www.westos.com.        86400    IN    A    172.25.254.101
www.westos.com.        86400    IN    A    172.25.254.102

  其他主机域名解析时
;; ANSWER SECTION:
hello.westos.com.    86400    IN    CNAME    www.westos.com.
www.westos.com.        86400    IN    A    192.168.0.102
www.westos.com.        86400    IN    A    192.168.0.101

远程更新   ##注意:selinux状态不能为Enforcing!
 1.对本地文件进行备份
  cp -p /var/named/westos.com.zone  /mnt

 2.修改本地配置文件 /etc/named.rfc1912.zones
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { 172.25.254.208; };       ##允许208主机远程更新
        allow-transfer {172.25.254.208;};
        also-notify {172.25.254.208;};
};
 
 3.此时目录/var/named/中组内用户没有w权限
  -rw-r----- 1 root  named  229 Apr 26 01:38 westos.com.zone
  远程主机无法实现更新
[[email protected] named]# nsupdate
> server 172.25.254.108
> update delete hello.westos.com
> send
update failed: SERVFAIL
 
 4.本地主机修改/var/named/权限
  [[email protected] named]# chmod g+w /var/named/
  远程主机可以实现更新
[[email protected] named]# nsupdate
> server 172.25.254.108
> update delete hello.westos.com       ##删除
> send
 
[[email protected] named]# nsupdate
> server 172.25.254.108
> update add hello.westos.com 86400 A 172.25.254.120   ##添加
> send                                                 ##86400为1天秒数,有效期

 5.本地主机重启named服务
  生成westos.com.zone.jnl文件,且westos.com.zone被改变
$ORIGIN .
$TTL 86400      ; 1 day
westos.com              IN SOA  westos.com. root.westos.com. (
                                42603      ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                        NS      dns.westos.com.
$ORIGIN westos.com.
dns                     A       172.25.254.108
hello                   A       172.25.254.120
www                     A       172.25.254.101
                        A       172.25.254.102

远程更新加密   ##注意:selinux状态不能为Enforcing!

 1.还原配置文件

 2.生成加**匙  ##实验环境为/mnt
  dnssec-****** -a HMAC-MD5 -b 128 -n HOST westos
  -a  ##加密方式      -b  ##密码大小bits  -n  ##nametype,域名解析
[[email protected] mnt]# ls
Kwestos.+157+02231.key  Kwestos.+157+02231.private  westos.com.zone

 3.编辑**文件
  cp -p /etc/rndc.key /etc/westos.key
key "westos" {
        algorithm hmac-md5;
        secret "wLb7wlj95YfZFUK8nZ1Oqw==";
};

 4.修改配置文件  /etc/named.rfc1912.zones
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { key westos; };
        allow-transfer {172.25.254.208;};
        also-notify {172.25.254.208;};
};

 5.修改主配置文件  /etc/named.conf
include "/etc/westos.key";               ##新增**文件
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
 
 6.把**文件传送给远程主机   ##实验环境为/mnt  
  scp Kwestos.+157+02231* [email protected]:/mnt

 7.本地主机重启后,远程主机可以更新dns
[[email protected] named]# cd /mnt
[[email protected] mnt]# ls
Kwestos.+157+02231.key  Kwestos.+157+02231.private
[[email protected] mnt]# nsupdate -k Kwestos.+157+02231.private
> server 172.25.254.108
> update add hello.westos.com 86400 A 172.25.254.120
> send
> quit

五、动态域名解析   ##花生壳

 1.还原配置文件,本地主机(服务端)安装dhcp
 
 2.修改dhcp配置文件  /etc/dhcp/dhcpd.conf
[[email protected] named]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y            ##有覆盖提示,说明文件正确

# option definitions common to all supported networks...
option domain-name "westos.com";                ##域名
option domain-name-servers 172.25.254.108;      ##dns服务器

default-lease-time 600;
max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.
ddns-update-style interim;                 ##dns的更新工作方式

ad-hoc   interim     none
# This is a very basic subnet declaration.
subnet 172.25.254.0 netmask 255.255.255.0 {   ##子网、子网掩码    
  range 172.25.254.50 172.25.254.60;          ##IP地址池
  option routers 172.25.254.108;              ##网关
}

key westos {
         algorithm hmac-md5;               ##key的加密方式
         secret wLb7wlj95YfZFUK8nZ1Oqw==;  ##key的密码
};

zone westos.com. {
         primary 127.0.0.1;       ##主机内部回环接口
         key westos;              ##读取的加密文件为westos
}

 3.远程主机访问dns
  注意:远程主机的网卡工作模式为dhcp,修改主机名为name.westos.com
  建议:格式化虚拟机,修改主机名
  本地主机重启dhcpd服务、named服务,远程主机可dig本机
  (例:远程主机名为bbs.westos.com)
[[email protected] ~]# dig bbs.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> bbs.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29752
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.westos.com.            IN    A

;; ANSWER SECTION:
bbs.westos.com.        300    IN    A    172.25.254.50

  本地主机的域同步更新
$ORIGIN .
$TTL 86400      ; 1 day
westos.com              IN SOA  westos.com. root.westos.com. (
                                42602      ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                        NS      dns.westos.com.
$ORIGIN westos.com.
$TTL 300        ; 5 minutes
bbs                     A       172.25.254.50           ##新增的域名解析内容
                        TXT     "0006177289b2ae3cbee2c9dc00838c2c46"
$TTL 86400      ; 1 day
dns                     A       172.25.254.108
hello                   CNAME   www
www                     A       172.25.254.101
                        A       172.25.254.102