linux系统中高速缓存以及dns的配置解析

高速缓存

服务端：

1.配置yum源：vim /etc/yum.repos.d/rhel_dvd.repo

http://172.25.254.71/rhel7 更改yum源地址

2.yum clean all 清空缓存

3.yum repolist 列出可下载软件

4.yum install bind -y 安装bind软件

5.systemctl start named 打开服务(注意：打开服务时加密字符不够按键盘或动鼠标)

6.cat /dev/random 查看加密字符

7.netstat -atnlupe | grep named 查看named服务的53端口状态

8.rpm -qc bind 查看bind软件配置文件

9.vim /etc/named.conf 编辑配置文件

内容：

options {

listen-on port 53 { any; }; 打开服务端网络接口的所53端口

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query {any; }; 打开所有人的访问权限

forwarders { 172.25.254.250; }; 服务端不知道，访问的ip

10.systemctl restart named 重启服务

客户端：

1. vim /etc/resolv.conf 编辑配置文件

内容：

# Generated by NetworkManager

domain example.com

search example.com ilt.example.com

nameserver 172.25.254.171 访问的主机ip

2. dig www.baudu.com 询问dns域名服务器，并把缓存保存在高速缓存中

注意访问时：

REFUSED 表示访问被拒绝

NOERROR 表示访问成功

dig www.baudu.com 服务没开

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.baudu.com

;; global options: +cmd

;; connection timed out; no servers could be reached

dns解析

一.dns本地正向解析

1.修改dns解析地址 vim /etc/resolv.conf

# Generated by NetworkManager

search ilt.example.com

nameserver 172.25.254.171

2.vim /etc/named.conf 编辑配置文件

内容：

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query {any; };

3.vim /etc/named.rfc1912.zones 编辑配置文件

内容：

zone "westos.com" IN { 域名

type master;

file "westos.com.zone"; 问题答案

allow-update { none; };

4. rpm -ql bind 查找配置文件

/etc/NetworkManager/dispatcher.d/13-named

/etc/logrotate.d/named

/etc/named

/etc/named.conf

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

/var/named/named.localhost 本地解析配置文件模板

5. cd /var/named/ 进入目录ls

6. cp -p named.localhost westos.com.zone 复制配置文件

7.vim westos.com.zone 编辑配置文件

内容：

$TTL 1D

@ IN SOA @ root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.171

www A 172.25.254.202

hello A 172.25.254.203

8.systemctl restart named 重启服务

本机测试：dig hello.westos.com

二.dns本地反向解析：

1.修改dns解析地址：vim /etc/resolv.conf

2.vim /etc/named.rfc1912.zones 编辑配置文件

内容:

zone "254.25.172.in-addr.arpa" IN {

type master;

file "westos.com.ptr";

allow-update { none; };

3. cp -p named.loopback westos.com.ptr 复制配置文件

4. vim westos.com.ptr 编辑配置文件

内容：

$TTL 1D

@ IN SOA @ root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.200

110 PTR yun.westos.com.

112 PTR hello.westos.com.

5.systemctl restart named 重启服务

本机测试：dig -x 172.25.254.110

注意：本地(正向/反向)解析时，若named配置文件找不到该域名/IP地址，会访问失败。

三.dns轮询

1.在/var/named目录下

修改配置文件： vim westos.com.zone

$TTL 1D

@ IN SOA @ root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.108

hello CNAME www

www A 172.25.254.111

www A 172.25.254.122

2.systemctl restart named 重启服务

3.本地解析时，域名解析出现轮询式

本地测试：dig hello.westos.com

四.dns集群(辅助主机解析)

1.辅助主机配置yum源，安装bind，打开named服务

2.辅助主机修改DNS配置文件: vim /etc/resolv.conf

# Generated by NetworkManager

search example.com

nameserver 172.25.254.171

3.辅助主机修改配置文件:vim /etc/named.rfc1912.zones

zone "westos.com" IN {

type slave;

masters {172.25.254.171;};

file "slaves/westos.com.zone";

allow-update { none; };

};

4.systemctl restart named 重启服务

5.本地主机修改配置文件:vim /etc/named.rfc1912.zones

zone "westos.com" IN {

type master;

file "westos.com.zone";

allow-update { none; };

allow-transfer {172.25.254.171;}; 允许171主机同步

also-notify {172.25.254.171;}; 当文件变更时，通知171主机

};

6..本地主机修改文件:vim westos.com.zone

$TTL 1D

@ IN SOA @ root.westos.com. (

050201 ; serial 最后一次修改时间

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.171

hello CNAME www

www A 172.25.254.101

www A 172.25.254.102

7.systemctl restart named 重启服务

8.测试：本地主机：dig hello.westos.com

五.dns双向解析(171主机)

1.cd /var/named/ 进入目录

2.cp -p westos.com.zone westos.com.inter 复制配置文

3.vim westos.com.inter

内容：

$TTL 1D

@ IN SOA dns.westos.com. lee.westos.com. (

2018042603 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 192.168.0.207

hello CNAME www

www A 192.168.0.207

dong A 192.168.0.203

4.cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter

5.vim /etc/named.rfc1912.inter 编辑配置文件

内容：

zone "westos.com" IN {

type master;

file "westos.com.inter";

allow-update { none; };

allow-transfer { 172.25.254.107; };

also-notify { 172.25.254.107; };

};

6.vim /etc/named.conf 编辑配置文件

内容：

注释：

/*

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

*/

添加：

view localnet {

match-clients { 172.25.254.207; }; 主的访问

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

};

view Anynet {

match-clients { any; }; 其他人访问

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.inter";

};

7.systemctl restart named 重启服务

8.测试(107)：dig dong.westos.com

切换另一台主机(207)：vim /etc/resolv.conf 更改dns解析地址

9.systemctl restart named 重启服务

内容：

# Generated by NetworkManager

search example.com

nameserver 172.25.254.107

测试：dig dong.westos.com

六.远程更新dns解析

1. vim /etc/resolv.conf

内容：

# Generated by NetworkManager

search example.com

nameserver 172.25.254.207

2.vim /etc/named.conf

内容:

注释：

/*

view localnet {

match-clients { 172.25.254.207; };

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

};

view Anynet {

match-clients { any; };

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.inter";

};

*/

打开：

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

3.systemctl restart named 重启服务

4.vim /etc/named.rfc1912.zones 编辑文件

内容：

zone "westos.com" IN {

type master;

file "westos.com.zone";

allow-update { 172.25.254.107; }; 允许谁更新我的

allow-transfer { 172.25.254.107; };

also-notify { 172.25.254.107; };

};

5.systemctl restart named 重启服务

6.cp -p westos.com.zone /mnt/ 把文件备份到/mnt/

7.ls -ld /var/named/ 查看目录权限

8.chmod g+w /var/named/ 改变目录权限

9.[root@localhost named]# setenforce 0 selinux改成警告

测试(107)：

10.[root@localhost named]# nsupdate

> server 172.25.254.207

> update delete www.westos.com 删除www.westos.com

> send 发送

11.[root@localhost named]# nsupdate

> server 172.25.254.207

> update add dong.westos.com 86400 A 172.25.254.107 添加dong.westos.com(86400表示86400秒是一天)

> send 发送

查看(207)：

[root@localhost named]# ls

data named.empty slaves westos.com.zone

dynamic named.localhost westos.com.inter westos.com.zone.jnl

named.ca named.loopback westos.com.ptr

查看有westos.com.zone.jnl文件

恢复文件：

1.rm - fr westos.com.zone.jnl 删除文件

2.cp -p /mnt/westos.com.zone . 把/mnt/文件复制回来

3.systemctl restart named 重启服务