标签:permanent 服务器 防火墙 status enable
{**DNS高速缓存**}
服务器端
yum install bind -y **安装域名解析软件
systemctl status named **(若服务卡住,操作下界面,可在cat /dev/random下查看,此过程生成一个key /etc/rndc.key)
systemctl enable named **开机启动
systemctl start named **开启named服务
firewall-cmd --list-all
firewall-cmd --permanent --add-service=dns **防火墙中添加dns服务
firewall-cmd --reload
setenforce 0
netstat -antulpe | grep named **dns端口查看
vim /etc/named.conf **(dns 53端口修改)
options {
listen-on port 53 { any; }; **设定端口开放any表示所有interfacee都开
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; **允许所有人的提问
forwarders { 172.25.254.250; }; **缓存谁的答案问题
*/
recursion yes;
dnssec-enable yes;
dnssec-validation no; **开启相当于全网发布,此时是内网自测
dnssec-lookaside auto;
systemctl restart named **重启named服务
客户端
[root@client ~]# vim /etc/resolv.conf
# Generated by NetworkManager
domain example.com
search example.com
nameserver 172.25.254.100
测试:
[root@client ~]# dig www.baidu.com
;www.baidu.com. IN A
;; Query time: 19 msec 缓存速度19毫秒(配置前)
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed Nov 23 23:21:30 EST 2016
;; MSG SIZE rcvd: 42
[root@client ~]# dig www.baidu.com
;www.baidu.com. IN A
;; Query time: 1 msec 缓存速度1毫秒(配置dns后)
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed Nov 23 23:28:01 EST 2016
;; MSG SIZE rcvd: 42
[dns正向解析]
删除 /etc/named.rfc1912.zones中的 **forwarders { 172.25.254.250; };** 这项
[root@dns-server ~]# vim /etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@dns-server named]# cp -p named.localhost westos.com.zone
[root@dns-server named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback westos.com.zone
[root@dns-server named]# vim westos.com.zone **配置文件
$TTL 1D
@ IN SOA dns.westos.com. root.wewstos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.100
www A 172.25.254.101
[root@dns-server named]# systemctl restart named **重启named服务
[root@client ~]# dig www.westos.com
;www.westos.com. IN A
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.101
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.100
;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Thu Nov 24 00:06:26 EST 2016
;; MSG SIZE rcvd: 93
[dns逆向解析]
[root@dns-server named]# vim westos.com.zone
[root@dns-server named]# cp -p named.loopback westos.com.ptr
[root@dns-server named]# vim westos.com.ptr
[root@dns-server named]# systemctl restart named
[root@dns-server named]# dig -x 172.25.254.100
[dns内外网访问不同指定方法]
[root@dns-server named]# cp -p westos.com.zone westos.com.inter
[root@dns-server named]# vim westos.com.inter
[root@dns-server named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter
[root@dns-server named]# vim /etc/named.rfc1912.zones.inter
[root@dns-server named]# vim /etc/named.conf
[root@dns-server named]# systemctl restart named
本文出自 “12106768” 博客,请务必保留此出处http://12116768.blog.51cto.com/12106768/1876365
标签:permanent 服务器 防火墙 status enable
原文地址:http://12116768.blog.51cto.com/12106768/1876365
