DNS

{**DNS高速緩存**}

 

服務器端

yum install bind -y          **安裝域名解析軟件

systemctl status named       **（若服務卡住，操作下界面，可在cat /dev/random下查看，此過程生成一個key /etc/rndc.key）

systemctl enable named        **開機啓動

systemctl start named         **開啓named服務

firewall-cmd --list-all

firewall-cmd --permanent --add-service=dns   **防火牆中添加dns服務

firewall-cmd --reload

 

setenforce 0

netstat -antulpe | grep named     **dns端口查看

vim /etc/named.conf               **（dns 53端口修改）

options {

        listen-on port 53 { any; };      **設定端口開放any表示所有interfacee都開

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };       **允許所有人的提問

        forwarders      { 172.25.254.250; };  **緩存誰的答案問題

 

  */

        recursion yes;

 

        dnssec-enable yes;

        dnssec-validation no;        **開啓相當於全網發佈，此時是內網自測

        dnssec-lookaside auto;

systemctl restart named             **重啓named服務

客戶端

[root@client ~]# vim /etc/resolv.conf

# Generated by NetworkManager

domain example.com

search example.com

nameserver 172.25.254.100

 

測試：

[root@client ~]# dig www.baidu.com

;www.baidu.com. IN A

 

;; Query time: 19 msec       緩存速度19毫秒（配置前）

;; SERVER: 172.25.254.100#53(172.25.254.100)

;; WHEN: Wed Nov 23 23:21:30 EST 2016

;; MSG SIZE  rcvd: 42

 

[root@client ~]# dig www.baidu.com

;www.baidu.com. IN A

 

;; Query time: 1 msec      緩存速度1毫秒（配置dns後）

;; SERVER: 172.25.254.100#53(172.25.254.100)

;; WHEN: Wed Nov 23 23:28:01 EST 2016

;; MSG SIZE  rcvd: 42

 

[dns正向解析]

刪除 /etc/named.rfc1912.zones中的 **forwarders      { 172.25.254.250; };** 這項

[root@dns-server ~]# vim /etc/named.rfc1912.zones

 25 zone "westos.com" IN {

 26         type master;

 27         file "westos.com.zone";

 28         allow-update { none; };

[root@dns-server ~]# cd /var/named/

[root@dns-server named]# ls

data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves

[root@dns-server named]# cp -p named.localhost westos.com.zone

[root@dns-server named]# ls

data     named.ca     named.localhost  slaves

dynamic  named.empty  named.loopback   westos.com.zone

[root@dns-server named]# vim westos.com.zone    **配置文件

$TTL 1D

@       IN SOA  dns.westos.com.  root.wewstos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS          dns.westos.com.

dns     A           172.25.254.100

www     A           172.25.254.101

[root@dns-server named]# systemctl restart named  **重啓named服務

 

[root@client ~]# dig www.westos.com

;www.westos.com. IN A

 

;; ANSWER SECTION:

www.westos.com. 86400 IN A 172.25.254.101

 

;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.100

 

;; Query time: 0 msec

;; SERVER: 172.25.254.100#53(172.25.254.100)

;; WHEN: Thu Nov 24 00:06:26 EST 2016

;; MSG SIZE  rcvd: 93

[dns逆向解析]

 

[root@dns-server named]# vim westos.com.zone

[root@dns-server named]# cp -p named.loopback westos.com.ptr

[root@dns-server named]# vim westos.com.ptr

[root@dns-server named]# systemctl restart named

[root@dns-server named]# dig -x 172.25.254.100

[dns內外網訪問不同指定方法]

[root@dns-server named]# cp -p westos.com.zone westos.com.inter

[root@dns-server named]# vim westos.com.inter        

[root@dns-server named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter

[root@dns-server named]# vim /etc/named.rfc1912.zones.inter

[root@dns-server named]# vim /etc/named.conf

[root@dns-server named]# systemctl restart named