DNS

{**DNS高速缓存**}

 

服务器端

yum install bind -y          **安装域名解析软件

systemctl status named       **（若服务卡住，操作下界面，可在cat /dev/random下查看，此过程生成一个key /etc/rndc.key）

systemctl enable named        **开机启动

systemctl start named         **开启named服务

firewall-cmd --list-all

firewall-cmd --permanent --add-service=dns   **防火墙中添加dns服务

firewall-cmd --reload

 

setenforce 0

netstat -antulpe | grep named     **dns端口查看

vim /etc/named.conf               **（dns 53端口修改）

options {

        listen-on port 53 { any; };      **设定端口开放any表示所有interfacee都开

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };       **允许所有人的提问

        forwarders      { 172.25.254.250; };  **缓存谁的答案问题

 

  */

        recursion yes;

 

        dnssec-enable yes;

        dnssec-validation no;        **开启相当于全网发布，此时是内网自测

        dnssec-lookaside auto;

systemctl restart named             **重启named服务

客户端

[root@client ~]# vim /etc/resolv.conf

# Generated by NetworkManager

domain example.com

search example.com

nameserver 172.25.254.100

 

测试：

[root@client ~]# dig www.baidu.com

;www.baidu.com. IN A

 

;; Query time: 19 msec       缓存速度19毫秒（配置前）

;; SERVER: 172.25.254.100#53(172.25.254.100)

;; WHEN: Wed Nov 23 23:21:30 EST 2016

;; MSG SIZE  rcvd: 42

 

[root@client ~]# dig www.baidu.com

;www.baidu.com. IN A

 

;; Query time: 1 msec      缓存速度1毫秒（配置dns后）

;; SERVER: 172.25.254.100#53(172.25.254.100)

;; WHEN: Wed Nov 23 23:28:01 EST 2016

;; MSG SIZE  rcvd: 42

 

[dns正向解析]

删除 /etc/named.rfc1912.zones中的 **forwarders      { 172.25.254.250; };** 这项

[root@dns-server ~]# vim /etc/named.rfc1912.zones

 25 zone "westos.com" IN {

 26         type master;

 27         file "westos.com.zone";

 28         allow-update { none; };

[root@dns-server ~]# cd /var/named/

[root@dns-server named]# ls

data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves

[root@dns-server named]# cp -p named.localhost westos.com.zone

[root@dns-server named]# ls

data     named.ca     named.localhost  slaves

dynamic  named.empty  named.loopback   westos.com.zone

[root@dns-server named]# vim westos.com.zone    **配置文件

$TTL 1D

@       IN SOA  dns.westos.com.  root.wewstos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS          dns.westos.com.

dns     A           172.25.254.100

www     A           172.25.254.101

[root@dns-server named]# systemctl restart named  **重启named服务

 

[root@client ~]# dig www.westos.com

;www.westos.com. IN A

 

;; ANSWER SECTION:

www.westos.com. 86400 IN A 172.25.254.101

 

;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.100

 

;; Query time: 0 msec

;; SERVER: 172.25.254.100#53(172.25.254.100)

;; WHEN: Thu Nov 24 00:06:26 EST 2016

;; MSG SIZE  rcvd: 93

[dns逆向解析]

 

[root@dns-server named]# vim westos.com.zone

[root@dns-server named]# cp -p named.loopback westos.com.ptr

[root@dns-server named]# vim westos.com.ptr

[root@dns-server named]# systemctl restart named

[root@dns-server named]# dig -x 172.25.254.100

[dns内外网访问不同指定方法]

[root@dns-server named]# cp -p westos.com.zone westos.com.inter

[root@dns-server named]# vim westos.com.inter        

[root@dns-server named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter

[root@dns-server named]# vim /etc/named.rfc1912.zones.inter

[root@dns-server named]# vim /etc/named.conf

[root@dns-server named]# systemctl restart named