标签:DNS 缓存型服务器
实验:搭建根域转发DNS服务器:/ 纯缓存DNS
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
HWADDR=00:0c:29:f8:63:ed
IPADDR=192.168.10.11
NETMASK=255.255.255.0
GATEWAY=192.168.10.2
保存退出
[root@server-124 ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=128 time=9.45 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=2 ttl=128 time=9.20 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=3 ttl=128 time=10.6 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=4 ttl=128 time=9.30 ms
C64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=5 ttl=128 time=9.89 ms
^H^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4013ms
rtt min/avg/max/mdev = 9.207/9.712/10.697/0.556 ms
证明可以拼通外网,编辑主配置文件如下:注意监听端口的IP地址,还有允许解析的网IP网段,any表示全部 。开启递归
[root@server-124 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
保存退出
[root@server-124 ~]# cd /var/named/
[root@server-124 named]# ll
总用量 16
drwxrwx--- 2 named named 23 3月 17 10:20 data
drwxrwx--- 2 named named 6 8月 4 2017 dynamic
-rw-r----- 1 root named 2281 5月 22 2017 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 8月 4 2017 slaves
[root@server-124 named]# systemctl start named
查看53号端口是否开启
[root@server-124 named]# netstat -nul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 192.168.10.11:53 0.0.0.0:
udp 0 0 127.0.0.1:323 0.0.0.0:
udp6 0 0 ::1:53 :::
udp6 0 0 ::1:323 :::
[root@server-124 named]# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.10.11:53 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0: LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0: LISTEN
tcp6 0 0 ::1:53 ::: LISTEN
tcp6 0 0 :::22 ::: LISTEN
tcp6 0 0 ::1:953 ::: LISTEN
tcp6 0 0 ::1:25 ::: LISTEN
客户端不需要上外网,将DNS指向7-7服务器
[root@server-125 ~]# vim /etc/resolv.conf
nameserver 192.168.10.11
保存退出
[root@server-125 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
HWADDR=00:0c:29:e6:e2:3e
IPADDR=192.168.10.12
NETMASK=255.255.255.0
#GATEWAY=192.168.10.2
#DNS=192.168.6.2
保存退出
验证:
[root@server-125 ~]# nslookup www.baidu.com
Server: 192.168.10.11
Address: 192.168.10.11#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.38
Name: www.a.shifen.com
Address: 14.215.177.39
[root@server-125 ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12563
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 975 IN CNAME www.a.shifen.com.
www.a.shifen.com. 75 IN A 14.215.177.38
www.a.shifen.com. 75 IN A 14.215.177.39
;; AUTHORITY SECTION:
a.shifen.com. 975 IN NS ns4.a.shifen.com.
a.shifen.com. 975 IN NS ns1.a.shifen.com.
a.shifen.com. 975 IN NS ns5.a.shifen.com.
a.shifen.com. 975 IN NS ns2.a.shifen.com.
a.shifen.com. 975 IN NS ns3.a.shifen.com.
;; ADDITIONAL SECTION:
ns2.a.shifen.com. 975 IN A 180.149.133.241
ns3.a.shifen.com. 975 IN A 61.135.162.215
ns4.a.shifen.com. 975 IN A 115.239.210.176
ns5.a.shifen.com. 975 IN A 119.75.222.17
ns1.a.shifen.com. 975 IN A 61.135.165.224
;; Query time: 0 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: 六 3月 17 18:46:18 CST 2018
;; MSG SIZE rcvd: 271
如果客户端不能上外网,dig +trace则不能解析,需要上外网才可以完整dig +trace,不知道原因为何?
[root@server-125 ~]# dig +trace www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> +trace www.baidu.com
;; global options: +cmd
. 488977 IN NS e.root-servers.net.
. 488977 IN NS j.root-servers.net.
. 488977 IN NS a.root-servers.net.
. 488977 IN NS b.root-servers.net.
. 488977 IN NS k.root-servers.net.
. 488977 IN NS m.root-servers.net.
. 488977 IN NS c.root-servers.net.
. 488977 IN NS i.root-servers.net.
. 488977 IN NS d.root-servers.net.
. 488977 IN NS g.root-servers.net.
. 488977 IN NS f.root-servers.net.
. 488977 IN NS l.root-servers.net.
. 488977 IN NS h.root-servers.net.
. 489007 IN RRSIG NS 8 0 518400 20180329170000 20180316160000 41824 . SzOQxRNumIySwzKTxsJJA90AYuUNqDonQA+inleP2VxwWtTsT7MEWkAq POR4pWIWVfVWp6gil3CMXSTKXByWx6qdj8oo8GI3tV3A7DWSz/cNoxfH Q8z6Wdsfq/SeeB8xn6It4ELnac5CNXNyvfwEXeqvT6wo3plu9uqwOVai 3gbfSSlM2ghUZ4Q5wUWu3dkOYublChR31yf323cHFN/bYBBj9KCMsNQL zPekEJx0eJUcz4TxD80nNjTXARIE+7YhznFr0ljElFEkkgtYQyzkTUnt 9oBNINyB0aJRTNsT7dv9+EpuDInFi+kAqT4yVeBVAZamGDvdr8On1LRt 4ASLjA==
;; Received 1097 bytes from 192.168.10.11#53(192.168.10.11) in 14 ms
标签:DNS 缓存型服务器
原文地址:http://blog.51cto.com/13656243/2087963
