西部开源学习笔记BOOK3《DNS本地高速缓存服务器》

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了西部开源学习笔记BOOK3《DNS本地高速缓存服务器》相关的知识,希望对你有一定的参考价值。

#################################

####### 配置高速缓存DNS ########

#################################

 

################

### DNS总揽 ###

################

##权威名称服务器

-存储并提供某个区域整个DNS域或DNS域的一部分的实际数据。权威名称服务器的类型包括

*Master包含原始区域数据。有时称作“主要”名称服务器

*Slaver备份服务器通过区域传送从Master服务器获得的区域数据的副本。有时称作“次要”名称服务器

##非权威/递归名称服务器

-客户端通过其查找来自权威名称服务器的数据。递归名称服务器的类型包括

*仅缓存名称服务器仅用于查找对于非数据之外的任何内容都不具有权威性

##DNS查找

-客户端上的Stub解析器将查询发送至/etc/resolv.conf中的名称服务器

-如果名称服务器

 

 

#########环境搭建##########

1.client

ip172.25.254.119

dns/etc/resolv.conf172.25.254.219

 

1)修改主机名为client

[[email protected] ~]# hostnamectl set-hostname client.example.com

[[email protected] ~]# reboot

Connection to 172.25.254.119 closed by remote host.

Connection to 172.25.254.119 closed.

2配置client端的DNS服务器的地址

[[email protected] ~]# vim /etc/resolv.conf

# Generated by NetworkManager

 domain example.com

 search example.com

 nameserver 172.25.254.219

 

 

2.server

ip172.25.254.219

dhs172.25.254.219

yum仓库/etc/yum.repos.d/rhel_dvd.repohttp://172.25.254.250/rhel7

 

1修改主机名为dns-server

[[email protected] ~]# hostnamectl set-hostname dns-server.example.com

[[email protected] ~]# reboot

Connection to 172.25.254.219 closed by remote host.

Connection to 172.25.254.219 closed.

2)配置yum仓库

[[email protected] ~]# vim /etc/yum.repos.d/rhel_dvd.repo

# Created by cloud-init on Thu, 10 Jul 2014 22:19:11 +0000

[rhel_dvd]

gpgcheck = 0

enabled = 1

baseurl = http://172.25.254.19/rhel7.0

name = Remote classroom copy of dvd

[[email protected] ~]# yum clean all##注意要刷新yum

3安装bind9DNS服务软件

[[email protected] ~]# yum install bind -y

4开启DNS服务

[[email protected] ~]# systemctl status named

named.service - Berkeley Internet Name Domain (DNS)

   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)

   Active: inactive (dead)

 

[[email protected] ~]# systemctl start named

--------------------------------------------------------------------------

注意启动过程太慢也许是因为系统刚开机所以加密字符不够导致的。可以通过在server端上敲击键盘或移动鼠标来增加无序字符来解决该问题。

系统会将无序字符存储在/dev/ramdom中可以cat /dev.random查看

[[email protected] ~]# cat /dev/random

3:HxYK)T

加密字符存放在/etc/rndc.key中可以cat /etc/rndc.key查看

[[email protected] ~]# cat /etc/rndc.key

key "rndc-key" {

algorithm hmac-md5;

secret "SriFRo71w6fL0Gf8tAeapA==";

};

---------------------------------------------------------------------------

5配置防火墙

[[email protected] ~]# firewall-cmd --list-all

public (default, active)

  interfaces: eth0

  sources:

  services: dhcpv6-client ftp ssh

  ports:

  masquerade: no

  forward-ports:

  icmp-blocks:

  rich rules:

[[email protected] ~]# firewall-cmd --permanent --add-service=dns

success

[[email protected] ~]# firewall-cmd --reload

success

[[email protected] ~]# firewall-cmd --list-all

public (default, active)

  interfaces: eth0

  sources:

  services: dhcpv6-client dns ftp ssh

  ports:

  masquerade: no

  forward-ports:

  icmp-blocks:

  rich rules:

6)修改selinux为警告模式非必要

[[email protected] ~]# setenforce 0

 

 

#########DNS本地高速缓存服务器##########

1开启dns在所有端口上的tcp-53端口

[[email protected] ~]# dig www.baidu.com

connection timed out; no servers could be reached

##此时显示没有dns server可达是因为DNS servertcp端口未开启

[[email protected] ~]# netstat -antuple | grep named

##此处显示namedtcp-53端口只在127.0.0.1环回口开启了。

[[email protected] ~]# rpm -qc bind##查看bind的配置文件都有哪些

/etc/logrotate.d/named

/etc/named.conf##此文件为主配置文件

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

/etc/rndc.conf

/etc/rndc.key

/etc/sysconfig/named

/var/named/named.ca

/var/named/named.empty

/var/named/named.localhost

/var/named/named.loopback

[[email protected] ~]# vim /etc/named.conf

 11         listen-on port 53 { 127.0.0.1; };

  ||

  \/

 11         listen-on port 53 { any; };

[[email protected] ~]# systemctl restart named##重启服务后生效

 

2)配置DNS server回答所有人的dns请求

[[email protected] ~]# dig www.baidu.com

status: REFUSED

##此时clientdns请求被拒绝了是因为DNS server的配置未设置为响应所有人的dns请求

[[email protected] ~]# vim /etc/named.conf

 17         allow-query     { localhost; };

||

\/

 17         allow-query     { any; };

[[email protected] ~]# systemctl restart named##重启服务后生效

 

3)配置本地高速缓存DNS server获取dns的途径

[[email protected] ~]# dig www.baidu.com

status: SERVFAIL

##此时DNS server提供服务失败了是因为本地高速缓存DNS需要从其他DNS服务器上获取dns信息

[[email protected] ~]# vim /etc/named.conf

 18         forwarders      { 172.25.254.250; };##18行添加该信息

[[email protected] ~]# systemctl restart named##重启服务后生效

[[email protected] ~]# dig www.baidu.com##验证成功获取到dns解析

 

最后注意因为是本地高速缓存DNS所以在公网上未注册所以要关闭dns安全认证

4)关闭DNS安全认证(dnssec-validation)

[[email protected] ~]# vim /etc/named.conf

 33         dnssec-validation yes;

       ||

       \/

 33         dnssec-validation no;

[[email protected] ~]# systemctl restart named##重启服务后生效

 

#########DNS正向解析##########

[[email protected] ~]# vim /etc/named.conf

 51 zone "." IN {

 52         type hint;

 53         file "named.ca";

 54 };

 55

 56 include "/etc/named.rfc1912.zones";##指向了该文件

 57 include "/etc/named.root.key";

[[email protected] ~]# vim /etc/named.rfc1912.zones

 19 zone "localhost" IN {

 20         type master;

 21         file "named.localhost";

 22         allow-update { none; };

 23 };

 24

 25 zone "tbr.com" IN {

 26         type master;

 27         file "tbr.com.zone";##指向了该文件

 28         allow-update { none; };

 29 };

##25-29行是模仿19-23行的模板而来的

 

[[email protected] ~]# cd /var/named/

[[email protected] named]# ls

data      named.empty      slaves        

dynamic   named.localhost  

named.ca  named.loopback   

[[email protected] named]# cp -p named.localhost tbr.com.zone

##注意此处cp一定要加-p保证通过模板复制的文件的所属组为named

[[email protected] named]# ll

total 32

drwxrwx---. 2 named named   22 1120 01:23 data

drwxrwx---. 2 named named 4096 1121 02:55 dynamic

-rw-r-----. 1 root  named 2076 1月  28 2013 named.ca

-rw-r-----. 1 root  named  152 1215 2009 named.empty

-rw-r-----. 1 root  named  152 6月  21 2007 named.localhost

-rw-r-----. 1 root  named  168 1215 2009 named.loopback

drwxrwx---. 2 named named    6 1月  29 2014 slaves

-rw-r-----. 1 root  named  210 1120 03:15 tbr.com.zone

否则的话会变成

-rw-r-----. 1 root  root   210 1120 03:15 tbr.com.zone

 

[[email protected] named]# vim tbr.com.zone

$TTL 1D

@       IN SOA  @ rname.invalid. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      @

        A       127.0.0.1

        AAAA    ::1


||

\/

 

$TTL 1D

@       IN SOA  dns.tbr.com. root.tbr.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

                NS      dns.tbr.com.

dns             A       172.25.254.219

www           A       172.25.254.19

wwwA172.25.254.18

bbs             CNAME   www.tbr.com.

tbr.com.        MX 1    172.25.254.219.

##dns.tbr.com.指的是dns server的名称

##注意此处的域名都是以.结尾的否则的话系统会自动加上/etc/named.rfc1912.zones文件中配置的后缀.tbr.com

 

##注意当多个ANAME的一个域名对应多个ip时此时DNS server会对该条dns解析进行轮询机制。现象如下

当频繁地执行dig www.tbr.com时两个ip的先后顺序会不断轮询变换。如图

 

 

[[email protected] ~]# systemctl restart named##重启服务后生效

 

 

测试

[[email protected] ~]# dig -t mx tbr.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx tbr.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41997

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;tbr.com.INMX

 

;; ANSWER SECTION:

tbr.com.86400INMX1 172.25.254.219.

 

;; AUTHORITY SECTION:

tbr.com.86400INNSdns.tbr.com.

 

;; ADDITIONAL SECTION:

dns.tbr.com.86400INA172.25.254.219

 

;; Query time: 1 msec

;; SERVER: 172.25.254.219#53(172.25.254.219)

;; WHEN: 1121 04:06:07 EST 2016

;; MSG SIZE  rcvd: 100

 

[[email protected] ~]# dig www.tbr.com ##测试ANAME

 

[[email protected] ~]# dig bbs.tbr.com##测试CNAME

 

[[email protected] ~]# mail [email protected]##测试MX邮件解析

Subject: dawda

fdawda

caw

.

EOT

[[email protected] ~]# mailq

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

C8A7717E849      462 Sun Nov 20 03:05:10  [email protected]

              (connect to 172.25.254.219[172.25.254.219]:25: No route to host)

                                         [email protected]

 

0938717E857      437 Mon Nov 21 04:09:23  [email protected]

              (connect to 172.25.254.219[172.25.254.219]:25: No route to host)

                                         [email protected]

 

-- 1 Kbytes in 2 Requests.

 

 

 

 

#########DNS反向解析##########

[[email protected] named]# vim /etc/named.rfc1912.zones

 37 zone "1.0.0.127.in-addr.arpa" IN {

 38         type master;

 39         file "named.loopback";

 40         allow-update { none; };

 41 };

 42

 43 zone "254.25.172.in-addr.arpa" IN {##表示172.25.254.0网段

 44         type master;

 45         file "tbr.comNaNr";

 46         allow-update { none; };

 47 };

##43-47行是模仿37-41行的模板而来的

 

[[email protected] ~]# cd /var/named/

[[email protected] named]# ls

data      named.empty      slaves        

dynamic   named.localhost  tbr.com.zone

named.ca  named.loopback   

[root[email protected] named]# cp -p named.localhost tbr.comNaNr##注意此处一定要加-p

[[email protected] named]# vim tbr.com.zone

$TTL 1D

@       IN SOA  dns.tbr.com. root.tbr.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns.tbr.com.

        A       172.25.254.219

19      PTR     www.tbr.com.

18      PTR     www.hello.com.

 

##ip地址172.25.254.19---->www.tbr.com

##ip地址172.25.254.18---->www.hello.com

 

[[email protected] ~]# systemctl restart named##重启服务后生效

 

测试

[[email protected] ~]# dig -x 172.25.254.19##反向查询域名

 

 

#########DNS的内网外网解析##########

假设172.25.254.119为内网测试主机172.25.254.219为外网测试主机

 

1.主配置文件修改

[[email protected] named]# vim /etc/named.conf

 51 /*\

 52 zone "." IN {|

 53         type hint;|

 54         file "named.ca";|

 55 };|->这部分注释掉

 56 |

 57 include "/etc/named.rfc1912.zones";|

 58 include "/etc/named.root.key";|

 59 *//

==================================================================

 60 view localnet {

 61         match-clients { 172.25.254.119;  };##client端匹配172.25.254.119的主机

 62         zone "." IN {\

 63         type hint|

 64         file "named.ca";|->52-55行复制而来

 65 };/

 66 include "/etc/named.rfc1912.zones";

 67 };

 68

 69

 70 view internet {

 71         match-clients { 172.25.254.219;  };##client端匹配172.25.254.219的主机

 72         zone "." IN {

 73         type hint;

 74         file "named.ca";

 75 };

 76 include "/etc/named.rfc1912.zones.inter";

 77 };

##6171行中可以写成网段{ 172.25.254.0/24; };

      /client端是172.25.254.119的区查看/etc/named.rfc1912.zones文件

##此部分的意义是|

     \client端是172.25.254.119的区查看/etc/named.rfc1912.zones.inter文件

 

2./etc/named.rfc1912.zoneetc/named.rfc1912.zone.inter文件的配置

[[email protected] named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter##注意此处一定要加-p

##/etc/named.rfc1912.zones为模板复制出外网主机读取的文件

[[email protected] named]# vim /etc/named.rfc1912.zones.inter

 25 zone "tbr.com" IN {

 26         type master;

 27         file "tbr.com.zone.inter";##外网主机再区查看该文件

 28         allow-update { none; };

 29 };

 

3./var/named/tbr.com.zone.inter文件的配置

[[email protected] named]# ls

data      named.empty      slaves       

dynamic   named.localhost  tbr.comNaNr

named.ca  named.loopback   tbr.com.zone

[[email protected] named]# cp -p tbr.com.zone tbr.com.zone.inter##注意此处一定要加-p

[[email protected] named]# ls

data      named.empty      slaves        tbr.com.zone.inter

dynamic   named.localhost  tbr.comNaNr

named.ca  named.loopback   tbr.com.zone

[[email protected] named]# vim tbr.com.zone.inter

$TTL 1D

@       IN SOA  dns.tbr.com. root.tbr.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

                NS      dns.tbr.com.

dns             A       172.25.0.219

www            A       172.25.0.19

www            A        172.25.0.18

bbs             CNAME   www.tbr.com.

tbr.com.        MX 1    172.25.0.219.

[[email protected] ~]# systemctl restart named##重启服务后生效

 

《总结》

各个文件之间的逻辑关系

                /client端是172.25.254.119的区查看/etc/named.rfc1912.zones文件

               |                                    ||

               |                                    \/

               |                    /var/named/tbr.com.zone

/etc/named.conf -->|

   (主配置文件)  |                                    /var/named/tbr.com.zone.inter

                |                                /\

                |                                ||

                \client端是172.25.254.119的区查看/etc/named.rfc1912.zones.inter文件

 

 

 

补充

man 5 named.conf##查看named.conf文件的信息


以上是关于西部开源学习笔记BOOK3《DNS本地高速缓存服务器》的主要内容,如果未能解决你的问题,请参考以下文章

西部开源学习笔记BOOK3《unit 3.MYSQL》

西部开源学习笔记BOOK3《unit 3.MYSQL》

西部开源学习笔记BOOK3《unit 4.SMTP》

linux 笔记3-3 dns高速缓存

Linux学习254 Unit 3 高速缓存dns

西部开源学习笔记BOOK2《vsftp服务》