linux的高速缓冲

高速缓存

虚拟机联网
GATEWAY=172.25.254.77
DNS1=114.114.114.114

一、高速缓存服务配置

1.服务端安装高速缓存服务 yum install bind -y

2.服务端开启高速缓存服务 systemctl start named
注意：开启服务时，会因为加密字符不够，无法正常开启；敲击键盘或移动鼠标即可
systemctl start named
ll /etc/rndc.key

3.客户端修改DNS配置文件 /etc/resolv.conf
1 # Generated by NetworkManager
2 search ilt.example.com example.com
3 nameserver 172.25.254.250

7.服务端配置ok时
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
forwarders {172.25.254.77;};

31 dnssec-enable yes;
32 dnssec-validation no;
33 dnssec-lookaside auto;

客户端实验
[root@foundation8 ~]# dig www.qq.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.qq.com
;; global options: +cmd
;; Got answerF:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59247
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; Query time: 0 msec
;; SERVER: 172.25.254.108#53(172.25.254.108)
;; WHEN: Wed Apr 25 15:13:13 CST 2018
;; MSG SIZE rcvd: 39

二、本地正向解析配置

1.修改dns解析地址 vim /etc/resolv.conf

Generated by NetworkManager

search ilt.example.com
nameserver 172.25.254.177

2.修改named服务配置文件，改为本地解析 vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };

3.修改配置文件 vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
};

4.新建文件 ##在/var/named目录下
cd /var/named/
cp -p named.localhost westos.com.zone
vim westos.com.zone
修改文件
$TTL 1D
@ IN SOA @ root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.177
hello A 172.25.254.150
hi A 172.25.254.151

5.本机测试：
dig hello.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49145
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com. IN A

;; ANSWER SECTION:
hello.westos.com. 86400 IN A 172.25.254.150

;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.177

三、本地反向解析配置

1.修改dns解析地址 vim /etc/resolv.conf

2.修改named服务配置文件，改为本地解析 vim /etc/named.conf

3.修改配置文件 vim /etc/named.rfc1912.zones
zone “254.25.172.in-addr.arpa” IN {
type master;
file “westos.com.ptr”;
allow-update { none; };
};

4.新建文件 ##在/var/named目录下
cp -p named.loopback westos.com.prt
vim westos.com.prt
修改文件
$TTL 1D
@ IN SOA @ root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.177
111 PTR test.westos.com.
112 PTR hello.westos.com.

5.本机测试：
dig -x 172.25.254.111
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3189
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.254.25.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
111.254.25.172.in-addr.arpa. 86400 IN PTR test.westos.com.

;; AUTHORITY SECTION:
254.25.172.in-addr.arpa. 86400 IN NS dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.177

注意：本地（正向/反向）解析时，若named配置文件找不到该域名/IP地址，会访问失败

四、dns解析设置
进行时把zone文件反向解析注释
vim /etc/named.rfc1912.zones
轮询式域名解析
vim westos.com.zone
1.修改配置文件 westos.com.zone ##在/var/named目录下
$TTL 1D
@ IN SOA @ root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.177
hello CNAME www
www A 172.25.254.111
www A 172.25.254.122

2.本地解析时，域名解析出现轮询式
dig hello.westos.com

;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.111
www.westos.com. 86400 IN A 172.25.254.122

;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.122
www.westos.com. 86400 IN A 172.25.254.111

辅助主机解析
1.辅助主机配置yum源，安装bind，打开named服务

2.辅助主机修改DNS配置文件 ##本地
vim /etc/resolv.conf
cd /var/named/slaves

Generated by NetworkManager

search example.com
nameserver 172.25.254.177

3.辅助主机修改配置文件 vim /etc/named.rfc1912.zones
zone “westos.com” IN { 域名
type slave; 从盘接口
masters {172.25.254.177;}; 主盘接口，从177的主机同步信息
file “slaves/westos.com.zone”; 同步后从目录读取文件位置
allow-update { none; }; 不允许远程主机更新
};

4.本地主机修改配置文件
vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
allow-transfer {172.25.254.181;}; ##允许181主机同步
also-notify {172.25.254.181;}; ##当文件变更时，通知181主机
};

5.本地主机修改文件vim westos.com.zone
$TTL 1D
@ IN SOA @ root.westos.com. (
052401 ; serial ##最后一次修改时间
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.177
hello CNAME www
www A 172.25.254.101
www A 172.25.254.102

6.本地主机重启named服务，dig hello.westos.com
;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.101
www.westos.com. 86400 IN A 172.25.254.102

辅助主机重启named服务，dig hello.westos.com
;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.101
www.westos.com. 86400 IN A 172.25.254.102

双向域名解析
其他主机
DNS域名解析文件 vim /etc/resolv.conf

Generated by NetworkManager

search example.com
nameserver 172.25.254.177

本地主机
1.新建文件 ##在目录 cd /var/named
cp -p westos.com.zone westos.com.inter
vim westos.com.inter


修改IP地址
$TTL 1D
@ IN SOA @ root.westos.com. (
052401 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.168.0.108
hello CNAME www
www A 192.168.0.101
www A 192.168.0.102

2.新建配置文件
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
vim /etc/named.rfc1912.inter
修改zones
zone “westos.com” IN {
type master;
file “westos.com.inter”;
allow-update { none; };
allow-transfer {172.25.254.181;};
also-notify {172.25.254.181;};
};

3.修改主配置文件 ##vim /etc/named.conf
注释原来的zone
/*
zone “.” IN {
type hint;
file “named.ca”;
};

include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
*/

新增本地（local）域名解析和其他主机（any）域名解析
view localnet {
match-clients{172.25.254.177;};
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.zones”;
};

view anynet {
match-clients{any;};
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.inter”;
};

4.重启named服务后实验
本地域名解析时
;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 172.25.254.101
www.westos.com. 86400 IN A 172.25.254.102

其他主机域名解析时
;; ANSWER SECTION:
hello.westos.com. 86400 IN CNAME www.westos.com.
www.westos.com. 86400 IN A 192.168.0.102
www.westos.com. 86400 IN A 192.168.0.101

远程更新 ##注意：selinux状态不能为Enforcing！
分机slave-desktop vim /etc/sysconfig/selinux 设置为disabled
1.对本地文件进行备份
cp -p /var/named/westos.com.zone /mnt

2.修改本地配置文件 vim /etc/named.rfc1912.zones

zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { 172.25.254.181; }; ##允许181主机远程更新
allow-transfer {172.25.254.181;};
also-notify {172.25.254.181;};
};

vim /etc/named.rfc1912.inter
zone “westos.com” IN {
type master;
file “westos.com.inter”;
allow-update { 172.25.254.181; };
allow-transfer {172.25.254.181;};
also-notify {172.25.254.181;};
};

4.本地主机修改/var/named/权限
chmod g+w /var/named/
远程主机可以实现更新

nsupdate

server 172.25.254.177
update delete hello.westos.com ##删除
update add hello.westos.com 86400 A 172.25.254.119 ##添加
send ##86400为1天秒数，有效期

5.本地主机重启named服务
生成westos.com.zone.jnl文件，且westos.com.zone被改变
westos.com.inter.jnl
$ORIGIN .$TTL 86400 ; 1 day
westos.com IN SOA westos.com. root.westos.com. (
42603 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
$ORIGIN westos.com.
dns A 172.25.254.108
hello A 172.25.254.119
www A 172.25.254.101
A 172.25.254.102

$ORIGIN .$TTL 86400 ; 1 day
westos.com IN SOA westos.com. root.westos.com. (
52403 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
$ORIGIN westos.com.
dns A 192.168.0.177
hello A 172.25.254.119
www A 192.168.0.101
A 192.168.0.102

远程更新加密 ##注意：selinux状态不能为Enforcing！

1.还原配置文件

2.生成加密钥匙 ##实验环境为vim /mnt
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
-a ##加密方式 -b ##密码大小bits -n ##nametype，域名解析

[root@nds-server mnt]# ls
Kwestos.+157+52465.key Kwestos.+157+52465.private westos.com.zone

3.编辑密钥文件
cp -p /etc/rndc.key /etc/westos.key
vim /etc/westos.key

key “rndc-key” {
algorithm hmac-md5;
secret “O5pE1+rBfsvVS2mVwjdDnA==”;
};

4.修改配置文件 vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update {key westos;};
allow-transfer {172.25.254.181;};
also-notify {172.25.254.181;};
};

5.修改主配置文件 vim /etc/named.conf
include “/etc/westos.key”; ##新增密钥文件
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

6.把密钥文件传送给远程主机 ##实验环境为cd /mnt
scp Kwestos.+157+02231* [email protected]:/mnt

7.本地主机重启后，远程主机可以更新dns
[root@slave-desktop mnt]# systemctl restart named
[root@slave-desktop mnt]# ls
Kwestos.+157+52465.key Kwestos.+157+52465.private
[root@slave-desktop mnt]# nsupdate -k Kwestos.+157+52465.private

server 172.25.254.177
update add hello.westos.com 86400 A 172.25.254.119
send

五、动态域名解析 ##花生壳

1.还原配置文件，本地主机（服务端）安装dhcp

2.修改dhcp配置文件 /etc/dhcp/dhcpd.conf
[root@localhost named]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y ##有覆盖提示，说明文件正确

option definitions common to all supported networks…

option domain-name “westos.com”; ##域名
option domain-name-servers 172.25.254.108; ##dns服务器

default-lease-time 600;
max-lease-time 7200;

Use this to enble / disable dynamic dns updates globally.

ddns-update-style interim; ##dns的更新工作方式

ad-hoc interim none

This is a very basic subnet declaration.

subnet 172.25.254.0 netmask 255.255.255.0 { ##子网、子网掩码
range 172.25.254.50 172.25.254.60; ##IP地址池
option routers 172.25.254.108; ##网关
}

key westos {
algorithm hmac-md5; ##key的加密方式
secret wLb7wlj95YfZFUK8nZ1Oqw==; ##key的密码
};

zone westos.com. {
primary 127.0.0.1; ##主机内部回环接口
key westos; ##读取的加密文件为westos
}

3.远程主机访问dns
注意：远程主机的网卡工作模式为dhcp，修改主机名为name.westos.com
建议：格式化虚拟机，修改主机名
本地主机重启dhcpd服务、named服务，远程主机可dig本机
（例：远程主机名为bbs.westos.com）
[root@bbs ~]# dig bbs.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> bbs.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29752
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.westos.com. IN A

;; ANSWER SECTION:
bbs.westos.com. 300 IN A 172.25.254.50

本地主机的域同步更新
ORIGIN. $ORIGIN.$$ORIGIN .$TTL 86400 ; 1 day
westos.com IN SOA westos.com. root.westos.com. (
42602 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.westos.com.
$ORIGIN westos.com.$TTL 300 ; 5 minutes
bbs A 172.25.254.50 ##新增的域名解析内容
TXT “0006177289b2ae3cbee2c9dc00838c2c46”
$TTL 86400 ; 1 day
dns A 172.25.254.108
hello CNAME www
www A 172.25.254.101
A 172.25.254.102