Linux的高速缓存DNS
-
DNS資源記錄:
DNS区域采用资源记录的形式存储信息。每条资源记录均具有一个类型,表明其保留的数据类型
A:名称至IPv4地址
AAAA:名称至IPv6地址
CNAME:名称至“规范名称”(包含A/AAAA记录的另一个名称)
PTR:IPv4/IPv6地址至名称
MX:用于名称的邮件交换器(向何处发送其电子邮件)
NS:域名的名称服务器
SOA:“授权起始”,DNS区域的信息(管理信息) - DNS排錯:
它显示来自DNS查找的详细信息,其中包括为什么查询失败
:
NOERROR:查询成功
NXDOMAIN:DNS服务器提示不存在这样的名称
SERVFAIL:DNS服务器停机或DNSSEC响应验证失败
REFUSED:DNS服务器拒绝回答(也许是出于访问控制原因)
-
安装部署DNS:
下载dns高速缓存服务
yum install bind -y
開啟服務
systemctl start named
关闭火墙systemctl stop firewall systemctl disable firewall -
如何高速緩存DNS:
1)在DNS服务机上
netstat -autlupe | grep named ###查询named服务###
vim /etc/named.conf修改第13行 listen-on port 53 { any; }; ###对任何ip开启53接口###
第19行 allow-query { any; }; ###允许任何人访问###
第20行 forwarders { 114.114.114.114; };
第34行 dnssec-validation no; ###设置网警不检查###
systemctl restart named ###重启服务###
2)在客户机上
vim /etc/resolv.conf
添加一行
nameserver 172.25.61.150
-
权威dns的正向解析:
vim /etc/named.conf
vim /etc/named.rfc1912.zones
cd /var/named/
cp -p named.localhost westos.com.zone
vim westos.com.zone
systemctl restart named
###重启服务,如果提示错误,说明配置文件编写出错###
dig www.westos.com
###测试,查询刚才设定的网络### -
权威dns反向解析:
cp -p named.loopback 172.25.254.ptr
vim 172.25.254.ptr
systemctl restart named
###重启服务###
dig -x 172.25.254.102
###测试### -
权威dns双向解析:
vim /etc/named.conf
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inters -p
###注意名称保持一致###
vim /etc/named.rfc1912.zones.inters :
cp -p westos.com.zone westos.com.inters
###注意名称保持一致###
vim westos.com.inters
systemctl restart named
在其他主机上进行查询是1.1.1.111 -
辅助dns:
主dns的设定
vim /etc/named.conf
为保证环境的纯净,先还原之前的设定
vim /etc/named.rfc1912.inters
19 zone “westos.com” IN {
20 type master;
21 file “westos.com.inter”;
22 allow-update { none; };
23 also-notify { 172.25.61.50; };
24 };
systemctl restart named
vim westos.com.inters
1 $TTL 1D
2 @ IN SOA dns.westos.com. zhang.westos.com. (
3 2019042501 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 1.1.1.144
10 www A 1.1.1.145
辅助dns更改
yum install bind -y
systemctl start named
systemctl stop firewall
ptions {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
include “/etc/named.rfc1912.zones”
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type slave;
masters { 172.25.61.150; }; ##主dns服务器ip
file "slave/westos.com.inters";
allow-update { none; };
};
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.61.50 ##添加本机ip
主dns
辅助dns
-
dns的远程更新:
1)基于ip的
再此之前,要注意以下几点
两台主机时间同步
selinux状态为disabled
150主机/var/named/权限为770
chmod 770 /var/named/
vim /etc/named.rfc1912.zones.inters
systemctl restart named
2)基于key
注意前提条件据基于ip的一样
准备:
cp -p westos.com.zone /mnt/
###备份###
rm -rf westos.com.zone
cp -p /mnt/westos.com.zone .
###还原###
systemctl restart named
在主机上
dnssec-****** -a HMAC-MD5 -b 128 -n HOST westos
cat Kwestos.+157+16771.key
westos. IN KEY 512 3 157 ePTyTPFbw8R6AS8UCCRqSg==
cp /etc/rndc.key /etc/westos.key -p
###复制一个模板###
vim /etc/westos.key
###将生成的**拷贝进去###
vim /etc/named.rfc1912.zones.inters
7 zone “westos.com” IN {
28 type master;
29 file “westos.com.zone”;
30 allow-update { key westos; };
31 also-notify { 172.25.61.50; };
32 };
systemctl restart named
scp Kwestos.+157+16771.key Kwestos.+157+16771.private [email protected]: /mnt/ 将**发给另一台主机
另一台主机上
-
DDNS:
vim /etc/dhcp/dhcpd.conf
systemctl restart named
systemctl restart dhcpd
在另一台主机上
修改主机名
news.westos.com