高速缓存dns/ddns

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了高速缓存dns/ddns相关的知识,希望对你有一定的参考价值。

#####高速缓存dns#####

服务端:

[[email protected] ~]# yum search dns               ###安装dns####

Loaded plugins: langpacks

rhel_dvd                                                 | 4.1 kB     00:00     

(1/2): rhel_dvd/group_gz                                   | 134 kB   00:00     

(2/2): rhel_dvd/primary_db                                 | 3.4 MB   00:00     

=============================== N/S matched: dns ===============================

dnsmasq.x86_64 : A lightweight DHCP/caching DNS server

dnssec-trigger.x86_64 : NetworkManager plugin to update/reconfigure DNSSEC

                      : resolving

kdenetwork-kdnssd.x86_64 : Kdnssd

ldns.i686 : Low-level DNS(SEC) library with API

ldns.x86_64 : Low-level DNS(SEC) library with API

perl-Net-DNS.x86_64 : DNS resolver modules for Perl

python-dns.noarch : DNS toolkit for Python

bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System)

            : server

bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS server,

                   : named(8)

bind-libs.i686 : Libraries used by the BIND DNS packages

bind-libs.x86_64 : Libraries used by the BIND DNS packages

bind-libs-lite.i686 : Libraries for working with the DNS protocol

bind-libs-lite.x86_64 : Libraries for working with the DNS protocol

bind-license.noarch : License of the BIND DNS suite

bind-utils.x86_64 : Utilities for querying DNS name servers

c-ares.i686 : A library that performs asynchronous DNS operations

c-ares.x86_64 : A library that performs asynchronous DNS operations

seahorse-sharing.x86_64 : Sharing of PGP public keys via DNS-SD and HKP

unbound.x86_64 : Validating, recursive, and caching DNS(SEC) resolver

 

  Name and summary matches only, use "search all" for everything.

[[email protected] ~]# yum install bind.x86_64 -y

Loaded plugins: langpacks

Resolving Dependencies

--> Running transaction check

---> Package bind.x86_64 32:9.9.4-14.el7 will be installed

--> Finished Dependency Resolution

 

Dependencies Resolved

 

================================================================================

 Package       Arch            Version                  Repository         Size

================================================================================

Installing:

 bind          x86_64          32:9.9.4-14.el7          rhel_dvd          1.8 M

 

Transaction Summary

================================================================================

Install  1 Package

 

Total download size: 1.8 M

Installed size: 4.3 M

Downloading packages:

bind-9.9.4-14.el7.x86_64.rpm                               | 1.8 MB   00:00     

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

  Installing : 32:bind-9.9.4-14.el7.x86_64                                  1/1

  Verifying  : 32:bind-9.9.4-14.el7.x86_64                                  1/1

 

Installed:

  bind.x86_64 32:9.9.4-14.el7                                                   

 

Complete!

[[email protected] ~]# systemctl stop firewalld.service

[[email protected] ~]# ll /etc/rndc.key        ###在没有开启named服务的时候,该文件不存在#####

ls: cannot access /etc/rndc.key: No such file or directory

[[email protected] ~]# systemctl start named     ###开启服务,若是许久没有开启可能是字符不够,在虚拟机上随便输入几个字符####

[[email protected] ~]# ll /etc/rndc.key          

-rw-r-----. 1 root named 77 May  5 22:13 /etc/rndc.key

[[email protected] ~]# vim /etc/named.conf

 

options {

        listen-on port 53 { any; };            ###回环接口不与外界交互,改成any###

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };           ###允许任何人连###

        forwarders {172.25.254.250;};       ####如果高速缓存dns找不到就到172.25.254.250找####

 

        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

@                      

[[email protected]calhost ~]# systemctl restart named      ###重启服务###

 

客户端:

[[email protected] ~]# vim /etc/resolv.conf       ###在里面指明dns服务器###

 

 

# Generated by NetworkManager

search example.com

nameserver  172.25.254.112               ###dns服务器(服务端)为172.25.254.112####

 

# No nameservers found; try putting DNS servers into your

# ifcfg files in /etc/sysconfig/network-scripts like so:

#

# DNS1=xxx.xxx.xxx.xxx

# DNS2=xxx.xxx.xxx.xxx

# DOMAIN=lab.foo.com bar.foo.com

 

[[email protected] ~]# dig www.baidu.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47262

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.baidu.com.INA

 

;; ANSWER SECTION:

www.baidu.com.376INCNAMEwww.a.shifen.com.

www.a.shifen.com.300INA183.232.231.172

www.a.shifen.com.300INA183.232.231.173

 

;; AUTHORITY SECTION:

.513219INNSk.root-servers.net.

.513219INNSc.root-servers.net.

.513219INNSa.root-servers.net.

.513219INNSg.root-servers.net.

.513219INNSi.root-servers.net.

.513219INNSh.root-servers.net.

.513219INNSm.root-servers.net.

.513219INNSe.root-servers.net.

.513219INNSf.root-servers.net.

.513219INNSb.root-servers.net.

.513219INNSl.root-servers.net.

.513219INNSd.root-servers.net.

.513219INNSj.root-servers.net.

 

;; Query time: 349 msec

;; SERVER: 172.25.254.112#53(172.25.254.112)

;; WHEN: Fri May 05 22:17:05 EDT 2017

;; MSG SIZE  rcvd: 312

  

 

####构造dns###

服务端:

[[email protected] ~]# vim /etc/named.conf

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };

 

[[email protected] ~]# vim /etc/named.rfc1912.zones

 

zone "westos.com" IN {

        type master;

        file "westos.com.zone";

        allow-update { none; };

};

 

[[email protected] ~]# cd /var/named/

[[email protected] named]# ll

total 20

drwxrwx---. 2 named named   22 May  5 22:13 data

drwxrwx---. 2 named named   30 May  5 23:30 dynamic

-rw-r-----. 1 root  named 2076 Jan 28  2013 named.ca

-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty

-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost

-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback

drwxrwx---. 2 named named    6 Jan 29  2014 slaves

-rw-r-----. 1 root  named  349 May  5 23:29 westos.com.zone

[[email protected] named]# cp -p named.localhost westos.com.zone

[[email protected] named]# vim westos.com.zone       ###编写A记录文件####

 

 $TTL 1D

@  ##(之后的内容为westos.com)     IN SOA  dns.westos.com. root.westos.com. (

   即/etc/named.conf里面引号内内容 

                                    0       ; serial

                                    1D      ; refresh

                                    1H      ; retry

                                    1W      ; expire

                                    3H )    ; minimum

                NS      dns.westos.com.

dns             A       172.25.254.112

www             A       172.25.254.212

 

[[email protected] named]# systemctl restart named

 

 

客户端:

 

[[email protected] ~]# vim /etc/resolv.conf

 

# Generated by NetworkManager

search example.com

nameserver  172.25.254.112

 

 

[[email protected] ~]# dig www.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29432

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.westos.com.INA

 

;; ANSWER SECTION:

www.westos.com.86400INA172.25.254.212

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.254.112

 

;; Query time: 0 msec

;; SERVER: 172.25.254.112#53(172.25.254.112)

;; WHEN: Fri May 05 23:14:27 EDT 2017

;; MSG SIZE  rcvd: 93

 

 

 

 

 

 

 

#####CNAME,MX#####

服务器:

[[email protected] ~]# vim /var/named/westos.com.zone

$TTL 1D

@       IN SOA  dns.westos.com. root.westos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

                NS      dns.westos.com.

dns             A       172.25.254.112

www             A       172.25.254.212

music           CNAME   music.a.westos.com.

music.a         A       172.25.254.111

music.a         A       172.25.254.222

westos.com.     MX 1    172.25.254.100.

~                           

[[email protected] ~]# systemctl restart named

[[email protected] ~]#

 

客户端:

[[email protected] ~]# dig music.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> music.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14025

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;music.westos.com.INA

 

;; ANSWER SECTION:

music.westos.com.86400INCNAMEmusic.a.westos.com.

music.a.westos.com.86400INA172.25.254.111

music.a.westos.com.86400INA172.25.254.222

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.254.112

 

;; Query time: 0 msec

;; SERVER: 172.25.254.112#53(172.25.254.112)

;; WHEN: Fri May 05 23:30:33 EDT 2017

;; MSG SIZE  rcvd: 133

 

[[email protected] ~]# dig -t mx westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33372

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;westos.com.INMX

 

;; ANSWER SECTION:

westos.com.86400INMX1 172.25.254.100.

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.254.112

 

;; Query time: 0 msec

;; SERVER: 172.25.254.112#53(172.25.254.112)

;; WHEN: Fri May 05 23:30:46 EDT 2017

;; MSG SIZE  rcvd: 103


 

 

 

####不同网关####

服务端:

[[email protected] ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p

 

[[email protected] ~]# vim /etc/named.rfc1912.inter

 

 zone "westos.com" IN {

        type master;

        file "westos.com.inter";

        allow-update { none; };

};

 

[[email protected] ~]# cp /var/named/westos.com.zone /var/named/westos.com.inter -p

[[email protected] ~]# vim /var/named/westos.com.inter

$TTL 1D

@       IN SOA  dns.westos.com. root.westos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

                NS      dns.westos.com.

dns              A       172.25.12.112

www              A       172.25.12.212

music            CNAME       music.a.westos.com.

music.a         A         172.25.12.111

music.a         A         172.25.12.222

westos.com.         MX 1       172.25.12.100.

~             

[[email protected] ~]# vim /etc/named.conf

 

 view localnet{

        match-clients { 172.25.254.0/24; };

 

        zone "." IN {

        type hint;

        file "named.ca";

        };

        

        include "/etc/named.rfc1912.zones";

};

 

view internet{

        match-clients { 172.25.12.0/24; };

 

        zone "." IN {

        type hint;

        file "named.ca";

        };

        

        include "/etc/named.rfc1912.inter";

};

 

[[email protected] ~]# systemctl restart named

 

客户端:

[[email protected] ~]# dig www.westos.com                ###ip为客户端####

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20946

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.westos.com.INA

 

;; ANSWER SECTION:

www.westos.com.86400INA172.25.254.212

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.254.112

 

;; Query time: 0 msec

;; SERVER: 172.25.254.112#53(172.25.254.112)

;; WHEN: Sat May 06 02:31:35 EDT 2017

;; MSG SIZE  rcvd: 93

 

 

 

[[email protected] ~]# vim /etc/resolv.conf         ###ip为172.25.12.213的客户端###

# Generated by NetworkManager

search example.com

nameserver  172.25.12.113

 

# No nameservers found; try putting DNS servers into your

# ifcfg files in /etc/sysconfig/network-scripts like so:

#

# DNS1=xxx.xxx.xxx.xxx

# DNS2=xxx.xxx.xxx.xxx

# DOMAIN=lab.foo.com bar.foo.com

[[email protected] ~]# dig www.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51552

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.westos.com.INA

 

;; ANSWER SECTION:

www.westos.com.86400INA172.25.12.213

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.12.213

 

;; Query time: 0 msec

;; SERVER: 172.25.12.100#53(172.25.12.100)

;; WHEN: Sat May 06 02:40:07 EDT 2017

;; MSG SIZE  rcvd: 93

 

###反向解析####

服务端:

 

[[email protected] ~]# vim /etc/named.rfc1912.zones   

 

zone "254.25.172.in-addr.arpa" IN {         ###将dns服务器所在网段反着写####

        type master;

        file "westos.comNaNr";

        allow-update { none; };

};

 

 

[[email protected] ~]# cd /var/named/

[[email protected] named]# ll

total 28

drwxrwx---. 2 named named   22 May  5 22:13 data

drwxrwx---. 2 named named 4096 May  6 03:07 dynamic

-rw-r-----. 1 root  named 2076 Jan 28  2013 named.ca

-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty

-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost

-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback

drwxrwx---. 2 named named    6 Jan 29  2014 slaves

-rw-r-----. 1 root  named  344 May  6 01:57 westos.com.inter

-rw-r-----. 1 root  named  349 May  5 23:29 westos.com.zone

[[email protected] named]# cp -p named.loopback /var/named/westos.comNaNr

[[email protected] named]# vim /var/named/westos.comNaNr

 

$TTL 1D

@       IN SOA  dns.westos.com. root.westos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns.westos.com.

dns     A       172.25.254.112

111     PTR     www.westos.com.

222     PTR     bbs.westos.com.

 

[[email protected] named]# systemctl restart named

 

 

客户端:

 

 

[[email protected] ~]# dig -x 172.25.254.111

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34839

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;111.254.25.172.in-addr.arpa.INPTR

 

;; ANSWER SECTION:

111.254.25.172.in-addr.arpa. 86400 INPTRwww.westos.com.

 

;; AUTHORITY SECTION:

254.25.172.in-addr.arpa. 86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.254.112

 

;; Query time: 0 msec

;; SERVER: 172.25.254.112#53(172.25.254.112)

;; WHEN: Sat May 06 03:27:08 EDT 2017

;; MSG SIZE  rcvd: 118

 

[[email protected] ~]# dig -x 172.25.254.222

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.222

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14617

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;222.254.25.172.in-addr.arpa.INPTR

 

;; ANSWER SECTION:

222.254.25.172.in-addr.arpa. 86400 INPTRbbs.westos.com.

 

;; AUTHORITY SECTION:

254.25.172.in-addr.arpa. 86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.254.112

 

;; Query time: 1 msec

;; SERVER: 172.25.254.112#53(172.25.254.112)

;; WHEN: Sat May 06 03:30:35 EDT 2017

;; MSG SIZE  rcvd: 118

 

 

 

 

 

####配置钥匙###

 

服务端:

[[email protected] mnt]# dnssec-keygen --help

dnssec-keygen: invalid argument --

Usage:

    dnssec-keygen [options] name

 

Version: 9.9.4-RedHat-9.9.4-14.el7

    name: owner of the key

Options:

    -K <directory>: write keys into directory

    -a <algorithm>:

        RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1 | NSEC3DSA |

        RSASHA256 | RSASHA512 | ECCGOST |

        ECDSAP256SHA256 | ECDSAP384SHA384 |

        DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |

        HMAC-SHA384 | HMAC-SHA512

       (default: RSASHA1, or NSEC3RSASHA1 if using -3)

    -3: use NSEC3-capable algorithm

    -b <key size in bits>:

        RSAMD5:[512..4096]

        RSASHA1:[512..4096]

        NSEC3RSASHA1:[512..4096]

        RSASHA256:[512..4096]

        RSASHA512:[1024..4096]

        DH:[128..4096]

        DSA:[512..1024] and divisible by 64

        NSEC3DSA:[512..1024] and divisible by 64

        ECCGOST:ignored

        ECDSAP256SHA256:ignored

        ECDSAP384SHA384:ignored

        HMAC-MD5:[1..512]

        HMAC-SHA1:[1..160]

        HMAC-SHA224:[1..224]

        HMAC-SHA256:[1..256]

        HMAC-SHA384:[1..384]

        HMAC-SHA512:[1..512]

        (if using the default algorithm, key size

        defaults to 2048 for KSK, or 1024 for all others)

    -n <nametype>: ZONE | HOST | ENTITY | USER | OTHER

        (DNSKEY generation defaults to ZONE)

    -c <class>: (default: IN)

    -d <digest bits> (0 => max, default)

    -E <engine name>

    -f <keyflag>: KSK | REVOKE

    -g <generator>: use specified generator (DH only)

    -L <ttl>: default key TTL

    -p <protocol>: (default: 3 [dnssec])

    -r <randomdev>: a file containing random data

    -s <strength>: strength value this key signs DNS records with (default: 0)

    -T <rrtype>: DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0))

        ECCGOST:ignored

    -t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF)

    -h: print usage and exit

    -m <memory debugging mode>:

       usage | trace | record | size | mctx

    -v <level>: set verbosity level (0 - 10)

Timing options:

    -P date/[+-]offset/none: set key publication date (default: now)

    -A date/[+-]offset/none: set key activation date (default: now)

    -R date/[+-]offset/none: set key revocation date

    -I date/[+-]offset/none: set key inactivation date

    -D date/[+-]offset/none: set key deletion date

    -G: generate key only; do not set -P or -A

    -C: generate a backward-compatible key, omitting all dates

    -S <key>: generate a successor to an existing key

    -i <interval>: prepublication interval for successor key (def[r[

[[email protected] mnt]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westoskey

Kwestoskey.+157+33334

[[email protected] mnt]# ls

Kwestoskey.+157+33334.key      westos.com.zone

Kwestoskey.+157+33334.private

[[email protected] mnt]#cat Kwestoskey.+157+33334.private

Private-key-format: v1.3

Algorithm: 157 (HMAC_MD5)

Key: TKSWfTJrHFxAmJXz7LWHbg==    

Bits: AAA=

Created: 20170509052622

Publish: 20170509052622

Activate: 20170509052622

[[email protected] mnt]# cp -p /etc/rndc.key /etc/westos.key

[[email protected] mnt]# vim /etc/westos.key

[[email protected] mnt]# cat /etc/westos.key

key "westoskey" {

algorithm hmac-md5;

secret "TKSWfTJrHFxAmJXz7LWHbg==";

};

 

[[email protected] mnt]# vim /etc/named.conf

[[email protected] mnt]# systemctl restart named

[[email protected] mnt]# vim /etc/named.rfc1912.zones

[[email protected] mnt]# systemctl restart named

[[email protected] mnt]# scp Kwestoskey.+157+33334.* [email protected]:/mnt/    ##把密码给客户端

The authenticity of host ‘172.25.254.213 (172.25.254.213)‘ can‘t be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘172.25.254.213‘ (ECDSA) to the list of known hosts.

[email protected]‘s password:

Kwestoskey.+157+33334.key                        100%   53     0.1KB/s   00:00    

Kwestoskey.+157+33334.private                    100%  165     0.2KB/s   00:00    

[[email protected] named]# systemctl restart named

 

 

 

客户端:

[[email protected] mnt]# nsupdate -k /mnt/Kwestoskey.+157+33334.private

> server 172.25.254.113

> update add hello.westos.com 86400 A 172.25.254.111

> send

>

[[email protected] mnt]# dig hello.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60850

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;hello.westos.com.INA

 

;; ANSWER SECTION:

hello.westos.com.86400INA172.25.254.111

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.254.113

 

;; Query time: 3 msec

;; SERVER: 172.25.254.113#53(172.25.254.113)

;; WHEN: Tue May 09 02:50:19 EDT 2017

;; MSG SIZE  rcvd: 95

 

 

 

####dns的更新###

   ///但重启服务时,文件就变了,与缓存文件同步

1.

cp -p /var/named/westos.com.zone /mnt

 

2.

vim /etc/named.rfc1912.zones

 

zone "westos.com" IN {

        type master;

        file "westos.com.zone";

        allow-update { 172.25.254.213; };     ##允许谁更新

};

3.

 chmod 770 /var/named

4.

[[email protected] ~]# setsebool -P named_write_master_zones 1

[[email protected] ~]# getsebool -a | grep named

named_tcp_bind_http_port --> off

named_write_master_zones --> on

 

 

systemctl restart named

 

5.check on 172.25.254.213

[[email protected] ~]# nsupdate

> server 172.25.254.113   ##服务端

> update add hello.westos.com 86400 A 172.25.254.111

> send

>

 

[[email protected] named]# vim /var/named/westos.com.zone

 

$ORIGIN .

$TTL 86400      ; 1 day

westos.com              IN SOA  dns.westos.com. root.westos.com. (

                                1          ; serial

                                86400      ; refresh (1 day)

                                3600       ; retry (1 hour)

                                604800     ; expire (1 week)

                                10800      ; minimum (3 hours)

                                )

                        NS      dns.westos.com.

                        MX      1 172.25.254.100.

$ORIGIN westos.com.

music.a                 A       172.25.254.111

                        A       172.25.254.222

dns                     A       172.25.254.112

hello                   A       172.25.254.222

music                   CNAME   music.a

www                     A       172.25.254.212

 

 

[[email protected] named]# ls

data      named.empty      slaves            westos.com.zone

dynamic   named.localhost  westos.com.inter  westos.com.zone.jnl

named.ca  named.loopback   westos.comNaNr

[[email protected] named]# vim /var/named/westos.com.zone

[[email protected] named]# rm -fr westos.com.zone westos.com.zone.jnl ###将缓存文件和变了的文件删除###

[[email protected] named]# cp -p /mnt/westos.com.zone .   ###将之前的文件复制过来###

[[email protected] named]# ls

data      named.empty      slaves            westos.com.zone

dynamic   named.localhost  westos.com.inter

named.ca  named.loopback   westos.comNaNr

 

[[email protected] named]# systemctl restart named

[[email protected] named]# vim /var/named/westos.com.zone

 

$TTL 1D

@       IN SOA  dns.westos.com. root.westos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expir                                        3H )    ; minimum

                NS      dns.westos.com.

dns             A       172.25.254.113

www             A       172.25.254.213

music           CNAME   music.a.westos.com.

music.a         A       172.25.254.111

westos.com.     MX 1    172.25.254.113.

~

技术分享

                                                                                 

~                                          

 

 

####dhcp更新dns(ddns)####

 

1.install  software

 yum install dhcp -y

 

2.mk configfile

[[email protected] ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y   ##

 

3.change configfile

 vim /etc/dhcp/dhcpd.conf

 

[[email protected] ~]# cat /etc/dhcp/dhcpd.conf

# dhcpd.conf

#

# Sample configuration file for ISC dhcpd

#

 

# option definitions common to all supported networks...

option domain-name "westos.com";

option domain-name-servers 172.25.254.113;

 

default-lease-time 600;

max-lease-time 7200;

 

# Use this to enble / disable dynamic dns updates globally.

ddns-update-style interim;

 

# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.

#authoritative;

 

# Use this to send dhcp log messages to a different log file (you also

# have to hack syslog.conf to complete the redirection).

log-facility local7;

 

# No service will be given on this subnet, but declaring it helps the

# DHCP server to understand the network topology.

# This is a very basic subnet declaration.

 

subnet 172.25.254.0 netmask 255.255.255.0 {

  range 172.25.254.60 172.25.254.70;

  option routers 172.25.254.250;

}

 

key "westoskey" {

algorithm hmac-md5;

secret "TKSWfTJrHFxAmJXz7LWHbg==";

};

 

zone westos.com. {

primary 127.0.0.1;

key westoskey;

}

 

4.check

*)拔掉网线

*)在客户端检测

hostnamectl set-hostname test.westos.com

vim /etc/sysconfig/network-scripts/ifcfg-eth0

[[email protected] ~]# hostnamectl set-hostname dns.westos.com

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

[[email protected] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=dhcp

ONBOOT=yes

 

systemctl restart network

 

dig test.westos.com

技术分享

本文出自 “AELY木” 博客,请务必保留此出处http://12768057.blog.51cto.com/12758057/1924102

以上是关于高速缓存dns/ddns的主要内容,如果未能解决你的问题,请参考以下文章

Cloudflare配置动态dns(ddns)

企业dns服务器部署详解(上)—高速缓存dns搭建/dns正反向解析

三.高速缓存DNS

3-unit3 高速缓存DNS

高速缓存dns

DNS篇(7.0) 04. FortiGuard动态DNS (DDNS) ❀ 飞塔 (Fortinet) 防火墙