linux系统DNS高速缓存
DNS
DNS(Domain Name System,域名系统),万维网上作为域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数串。通过域名,最终得到该域名对应的IP地址的过程叫做域名解析(或主机名解析)。
通过主机名,最终得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。在解析域名时,可以首先采用静态域名解析的方法,如果静态域名解析不成功,再采用动态域名解析的方法。可以将一些常用的域名放入静态域名解析表中,这样可以大大提高域名解析效率。
DNS 总揽
权威名称服务器
存储并提供某区域(整个 DNS 域或 DNS 域的一部分)的实际数据
权威名称服务器类型包括;
Master:包含原始区域数据。有时称作“主要”名称服务器
Slave:备份服务器,通过区域传送从 Master 服务器获得的区域数据的副本。有时称作“次要”名称服务器
非权威/递归名称服务器
客户端通过其查找来自权威名称服务器的数据。递归名称服务器的类型包括仅缓存名称服务器:仅用于查找,对于非重要数据之外的任何内容都不具有权威性
DNS 资源记录
DNS 区域采用资源记录的形式存储信息。每条资源记录均具有一个类型,表明其保留的数据类型
A:名称至 IPv4 地址
AAAA:名称至 IPv6 地址
CNAME:名称至“规范名称”(包含 A/AAAA 记录的另一个名称)
PTR:IPv4/IPv6 地址至名称
MX:用于名称的邮件交换器(向何处发送电子邮件)
NS:域名的名称服务器
SOA:“授权起始”,DNS 区域的信息(管理信息)
1.DNS高速缓存
[[email protected] ~]# yum install bind.x86_64 -y #安装dns服务
[[email protected] ~]# systemctl start named #开启dns服务
[[email protected] ~]# systemctl enable named #开机自启
[[email protected] ~]# systemctl stop firewalld #关闭火墙
[[email protected] ~]# systemctl disable firewalld #持续关闭火墙
[[email protected] ~]# hostnamectl set-hostname dns-server.example.com #修改名称为了方便区分
[[email protected] ~]# vim /etc/named.conf #编辑主配置文件
17 allow-query {any;}; #允许所有主机访问这台dns服务器
18 forwarders {114.114.114.114;}; #从144.144.144.144获取解析
33 dnssec-validation no #关闭网络认证
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 #添加网关
GATEWAY=172.25.254.60
[[email protected] ~]# vim /etc/resolv.conf #配置地址解析文件
[[email protected] ~]# systemctl restart named #重启dns服务
[[email protected] ~]# systemctl restart network #重启网络
在客户端测试:
[[email protected] ~]# vim /etc/resolv.conf #配置地址解析文件
nameserver 172.25.254.102
[[email protected] ~]# dig www.baidu.com
[[email protected] ~]# dig www.baidu.com
第二次访问时速度更快,因为访问一次后,地址解析的文件缓存到本机上
2.DNS正向解析
域名--->ip
[[email protected] named]# vim /etc/named.conf
删除 forwarders {172.25.254.60;};
[[email protected] ~]# vim /etc/named.rfc1912.zones #编辑子配置文件,添加正向解析zone文件
[[email protected] ~]# cd /var/named
[[email protected] named]# cp -p named.localhost westos.com.zone
[[email protected] named]# vim westos.com.zone
@ :子配置文件中“ ”中所写的值
SOA:授权
1D :数据内容自动保存一天
0 ; serial
1D ; refresh 重新刷新
1H ; retry 重新尝试
1W ; expire 最大期限
3H ) ; minimum 最小期限
[[email protected] named]# systemctl restart named
[[email protected] named]# vim /etc/resolv.conf
nameserver 172.25.254.102
在本机测试:
[[email protected] named]# dig hello.westos.com
可以看到hello对应的ip表明dns正向解析已完成!
3.DNS循环轮叫
[[email protected] ~]# cd /var/named/
[[email protected] named]# vim westos.com.zone
CNAME 表示把规范名称转化为不规范名称
[[email protected] named]# systemctl restart named
[[email protected] named]# dig www.westos.com
[[email protected] named]# dig www.westos.com
第二次dig,ip位置发生变化,循环轮叫
4.DNS反向解析
[[email protected] named]# vim /etc/named.rfc1912.zones
在36行y6y复制6行,在48行p
反向解析ip反着写,修改file "westos.com.ptr";
[[email protected] named]# cp named.loopback westos.com.ptr -p
[[email protected] named]# vim westos.com.ptr
[[email protected] named]# systemctl restart named
[[email protected] named]# dig -x 172.25.254.111
[[email protected] named]# dig -x 172.25.254.222
显示ip所对应的域名,反向解析成功!
5.DNS双向解析
[[email protected] ~]# cd /var/named
[[email protected] named]# cp -p westos.com.zone westos.com.inter
[[email protected] named]# vim westos.com.inter
[[email protected] named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
[[email protected] named]# vim /etc/named.rfc1912.inter
[[email protected] named]# vim /etc/named.conf
注释52--58行
[[email protected] named]# systemctl restart named
在本机测试(内网):
[[email protected] named]# dig www.westos.com
在真机测试(外网):
[[email protected] ~]# vim /etc/resolv.conf
nameserver 172.25.254.102
[[email protected] ~]# dig www.westos.com
在本机和其他主机域名对应的ip不同,说明DNS双向解析成功!
6.DNS的主从集群
[[email protected] named]# vim /etc/named.conf #编辑DNS主配置文件,取消52-58行的注释,把59-75行注释掉
[[email protected] named]# systemctl restart named
打开server虚拟机
[email protected] ~]# hostnamectl set-hostname dns-slave.example.com #设置主机名为dns-slave
[[email protected] ~]# yum install bind.x86_64 -y #下载dns
[[email protected] ~]# vim /etc/named.conf
修改内容:
10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };
18
31 dnssec-enable yes;
32 dnssec-validation no;
33 dnssec-lookaside auto;
34
[[email protected] ~]# systemctl restart named #重启dns服务
在子配置文件中添加同步ip
[[email protected] ~]# systemctl restart named
[[email protected] ~]# vim /etc/named.rfc1912.zones
[[email protected] ~]# systemctl restart named
[[email protected] named]# vim /etc/resolv.conf
nameserver 172.25.254.102
[[email protected] named]# vim westos.com.zone #修改DNS ip解析
[[email protected] named]# systemctl restart named
在server虚拟机:
[[email protected] named]# dig www.westos.com
在server虚拟机:
[[email protected] ~]# cd /var/named/slaves/[[email protected] slaves]# ls
westos.com.zone
[[email protected] slaves]# rm -fr westos.com.zone
在desktop虚拟机:
[[email protected] named]# dig www.westos.com
在server虚拟机:
[[email protected] slaves]# dig www.westos.comDNS解析ip发生改变,实验成功!
[[email protected] named]# vim /etc/named.rfc1912.zones
#加入多个also-notify { 172.25.254.202; 172.25.254.111;};
只有指定的主机可以获得本机dns子与资源
[[email protected] named]# systemctl restart named
[[email protected] named]# vim westos.com.zone #修改DNS ip解析与修改次数
一般在企业中,将修改次数修改为日期+次数,例如:060101表示6月1日第一次修改
注意:每修改一次id,“serial”就修改一次(如果不修改次数,在dig的时候desktop虚拟机DNS id改变,server虚拟机没有同步)
[[email protected] named]# systemctl restart named
[[email protected] named]# dig www.westos.com
在server虚拟机:
[[email protected] named]# dig www.westos.com
DNS解析ip发生改变,实验成功!
7.DNS的更新
[[email protected] named]# cp -p westos.com.zone /mnt #备份
[[email protected] named]# cd
[[email protected] ~]# vim /etc/named.rfc1912.zones
只有172.25.254.60这台主机可以更新该DNS 文件
[[email protected] ~]# systemctl restart named
[[email protected] ~]# chmod 770 /var/named #给该目录一个770的权限
[[email protected] ~]# ll -d /var/named
drwxrwx--- 5 root named 4096 May 20 03:43 /var/named
在真机:
[[email protected] Desktop]$ nsupdate
> server 172.25.254.102
> update add test.westos.com 86400 A 172.25.254.111
> send
>
在desktop:
[[email protected] named]# ls
data named.empty slaves westos.com.zone
dynamic named.localhost westos.com.inter westos.com.zone.jnl
named.ca named.loopback westos.com.ptr
在server:
[[email protected] slaves]# dig test.westos.com
;; ANSWER SECTION:
test.westos.com. 86400 IN A 172.25.254.111 #同步成功
[[email protected] named]# vim westos.com.zone #DNS资源文件已被更新
[[email protected] named]# rm -fr westos.com.zone*
[[email protected] named]# cp -p /mnt/westos.com.zone .
[[email protected] named]# ls
data named.ca named.localhost slaves westos.com.ptr
dynamic named.empty named.loopback westos.com.inter westos.com.zone
8.用加密的方式进行更新(key认证更新)
[[email protected] ~]# cd /mnt
[[email protected] mnt]# dnssec-****** -a HMAC-MD5 -b 128 -n HOST westos #-a:加密类型;-b:加密字节;-n:类型名称
Kwestos.+157+11397 #生成**
[[email protected] mnt]# ls
Kwestos.+157+11397.key Kwestos.+157+11397.private
[[email protected] mnt]# cat Kwestos.+157+11397.key
westos. IN KEY 512 3 157 PcA2qD90tlyAgrm/6p2Xzg==
[[email protected] mnt]# cat Kwestos.+157+11397.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: PcA2qD90tlyAgrm/6p2Xzg==
Bits: AAA=
Created: 20180531192248
Publish: 20180531192248
Activate: 20180531192248
[[email protected] mnt]# cp /etc/rndc.key /etc/westos.key -p #将dns加密文件复制到新的文件里
[[email protected] mnt]# vim /etc/westos.key #编写**文件
[[email protected] mnt]# vim /etc/named.conf
[[email protected]ns-server mnt]# vim /etc/named.rfc1912.zones
28 allow-update { key westos; }; #只允许用密码更新
[[email protected] mnt]# systemctl restart named
[[email protected] mnt]# ls
Kwestos.+157+11397.key Kwestos.+157+11397.private
[[email protected] mnt]# scp Kwestos.+157+11397.* [email protected]:/mnt
The authenticity of host '172.25.254.202 (172.25.254.202)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.202' (ECDSA) to the list of known hosts.
[email protected]'s password:
Kwestos.+157+11397.key 100% 50 0.1KB/s 00:00
Kwestos.+157+11397.private 100% 165 0.2KB/s 00:00
在server:
[[email protected] mnt]# cd
[[email protected] ~]# cd /mnt
[[email protected] mnt]# ls
Kwestos.+157+11397.key Kwestos.+157+11397.private
[[email protected] mnt]# nsupdate -k Kwestos.+157+11397.private
> server 172.25.254.102
> update add hello.westos.com 86400 A 172.25.254.133
> send
在desktop:
[[email protected] mnt]# dig hello.westos.com
hello.westos.com. 86400 IN A 172.25.254.133 #表示更新成功
9.DDNS
在server(客户端):
[[email protected] ~]# hostnamectl set-hostname linux.westos.com
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[[email protected] ~]# systemctl restart network
在desktop(服务端):
[[email protected] ~]# yum install dhcp -y
[[email protected] ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[[email protected] ~]# vim /etc/dhcp/dhcpd.conf
7 option domain-name "westos.com";
8 option domain-name-servers 172.25.254.102;
14 ddns-update-style interim; #打开dhcp对ddns的更新
29 subnet 172.25.254.0 netmask 255.255.255.0 {
30 range 172.25.254.80 172.25.254.90;
31 option routers 172.25.254.102;
32 }
33 key westos {
34 algorithm hmac-md5;
35 secret PcA2qD90tlyAgrm/6p2Xzg==;
36 };
37 zone westos.com. {
38 primary 127.0.0.1;
39 key westos;
40 }
[[email protected] ~]#systemctl restart named
[[email protected] ~]#systemctl restart dhcpd
[[email protected] ~]#systemctl stop firewalld
在server(客户端):
修改获取ip的方式为dhcp
[[email protected] ~]# systemctl restart network
[[email protected] ~]# dig linux.westos.com #即为dhcp分配的ip
可以查看到测试主机ip的主机名,则完成dhcpd对dns服务数据的同步,即完成了ddns智能分析