2. 程式人生 > >+++++++子域授權與編譯安裝(二)

+++++++子域授權與編譯安裝(二)

阿新 發佈:2017-09-18
博客 linux 運維

子域授權、轉發區域<子域解析父域>、DNS安全配置<acl定義,內置變量,acl安全指令>、dns使用view實現智能dns、CDN,全局負載均衡、編譯安裝bind、dns壓力測試


一、恢復快照

二、緩存服務器

三、(正、反)區域解析庫配置

四、主從同步

五、子域授權

六、轉發區域

七、安全配置

八、view實現智能DNS

九、編譯安裝BIND

十、壓力測試


拓撲模型

技術分享


一、配置ntp服務器<192.168.58.131>

1、安裝ntp
# yum -y -q install ntp

2、配置ntp
# cp -v /etc/ntp.conf{,.bak}
在文件中添加:
restrict 192.168.58.0 mask 255.255.255.0 nomodify notrap

3、啟動ntp
# service ntpd start


二、緩存服務器<192.168.58.131>

1、安裝程序包
# yum -y -q install bind bind-utils bind-libs

2、修改配置
#  cp -v /etc/named.conf{,.bak}
# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.58.129; 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        /*bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";*/
};

3、啟動服務
# service named start

4、查看服務是否監聽在53端口
# ss -tunlp | grep 53
udp    UNCONN     0      0         192.168.58.131:53                    *:*      users:(("named",1784,513))
udp    UNCONN     0      0              127.0.0.1:53                    *:*      users:(("named",1784,512))
udp    UNCONN     0      0                    ::1:53                   :::*      users:(("named",1784,514))
tcp    LISTEN     0      3                    ::1:53                   :::*      users:(("named",1784,22))
tcp    LISTEN     0      3         192.168.58.131:53                    *:*      users:(("named",1784,21))
tcp    LISTEN     0      3              127.0.0.1:53                    *:*      users:(("named",1784,20))
tcp    LISTEN     0      128                  ::1:953                  :::*      users:(("named",1784,24))
tcp    LISTEN     0      128            127.0.0.1:953                   *:*      users:(("named",1784,23))


三、(正、反)區域解析庫配置

正向配置

1、配置/etc/named.rfc1912.zones
# vim +  /etc/named.rfc1912.zones
zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
};

2、測試文件
# named-checkconf 

3、添加區域解析庫
# vim /var/named/magedu.com.zone
$TTL 1D
$ORIGIN magedu.com.
@       IN      SOA     @       lccnx.foxmail.com.      (
                20170917
                1H
                10M
                1W
                1D)
        IN      NS      ns1
        IN      NS      ns2
        IN      MX 10   mx1
        IN      MX 20   mx2
ns1     IN      A       192.168.58.131
ns2     IN      A       192.168.58.129
mx1     IN      A       192.168.58.131
mx2     IN      A       192.168.58.129
www     IN      A       192.168.58.131
www     IN      A       192.168.58.129
*       IN      A       192.168.58.131
magedu.com.     IN      A       192.168.58.131
ftp     IN      CNAME   www

4、權限
# ls -l /var/named       //顯示文件的屬主、權限
總用量 32
drwxrwx--- 2 named named 4096 9月  17 18:49 data
drwxrwx--- 2 named named 4096 9月  17 18:50 dynamic
-rw-r--r-- 1 root  root   358 9月  17 18:56 magedu.com.zone   
-rw-r----- 1 root  named 3289 4月  11 23:01 named.ca
-rw-r----- 1 root  named  152 12月 15 2009 named.empty
-rw-r----- 1 root  named  152 6月  21 2007 named.localhost
-rw-r----- 1 root  named  168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 4096 7月   5 17:51 slaves
# ps axu | fgrep named    //named進程名:named
named     1784  0.0  4.0  48040 10128 ?        Ssl  18:49   0:00 /usr/sbin/named -u named
root      1806  0.0  0.2   5752   648 pts/0    S+   18:57   0:00 fgrep named
# id named   //named用戶的組屬於name
uid=25(named) gid=25(named) 組=25(named)
# chgrp named /var/named/magedu.com.zone 
# chmod 640 /var/named/magedu.com.zone
# ls -l /var/named
總用量 32
drwxrwx--- 2 named named 4096 9月  17 18:49 data
drwxrwx--- 2 named named 4096 9月  17 18:50 dynamic
-rw-r----- 1 root  named  358 9月  17 18:56 magedu.com.zone
-rw-r----- 1 root  named 3289 4月  11 23:01 named.ca
-rw-r----- 1 root  named  152 12月 15 2009 named.empty
-rw-r----- 1 root  named  152 6月  21 2007 named.localhost
-rw-r----- 1 root  named  168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 4096 7月   5 17:51 slaves

5、測試文件
# named-checkzone "magedu.com" /var/named/magedu.com.zone 
zone magedu.com/IN: loaded serial 20170917
OK

6、重載配置文件
# pgrep named
1784
# kill -HUP 1784
# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

7、測試解析
# dig -t A www.magedu.com @192.168.58.131

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.magedu.com @192.168.58.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32246
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86400	IN	A	192.168.58.129
www.magedu.com.		86400	IN	A	192.168.58.131

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	ns2.magedu.com.
magedu.com.		86400	IN	NS	ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.		86400	IN	A	192.168.58.131
ns2.magedu.com.		86400	IN	A	192.168.58.129

;; Query time: 2 msec
;; SERVER: 192.168.58.131#53(192.168.58.131)
;; WHEN: Sun Sep 17 19:01:53 2017
;; MSG SIZE  rcvd: 132

# host -t A www.magedu.com 192.168.58.131
Using domain server:
Name: 192.168.58.131
Address: 192.168.58.131#53
Aliases: 

www.magedu.com has address 192.168.58.131
www.magedu.com has address 192.168.58.129

反向配置

# pwd
/var/named
# cp -p magedu.com.zone lcc.org   //復制,修改為反向區域解析庫
# ls -l
總用量 36
drwxrwx--- 2 named named 4096 9月  17 18:49 data
drwxrwx--- 2 named named 4096 9月  17 18:50 dynamic
-rw-r----- 1 root  named  358 9月  17 18:56 lcc.org
-rw-r----- 1 root  named  358 9月  17 18:56 magedu.com.zone
-rw-r----- 1 root  named 3289 4月  11 23:01 named.ca
-rw-r----- 1 root  named  152 12月 15 2009 named.empty
-rw-r----- 1 root  named  152 6月  21 2007 named.localhost
-rw-r----- 1 root  named  168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 4096 7月   5 17:51 slaves

1、添加配置
# vim + /etc/named.rfc1912.zones
zone "58.168.192.in-addr.arpa" IN {
        type master;
        file "lcc.org";     //directory目錄起始的相對路徑下的文件
};

2、測試文件
# named-checkconf

3、修改反向區域解析庫
# vim /var/named/lcc.org
$TTL 1D 
$ORIGIN 58.168.192.in-addr.arpa.
@       IN      SOA     @       lccnx.foxmail.com.      (
                20170917
                1H
                10M
                1W
                1D)
        IN      NS      ns1.magedu.com.
        IN      NS      ns2.magedu.com.
131     IN      PTR     ns1.magedu.com.
129     IN      PTR     ns2.magedu.com.
131     IN      PTR     mx1.magedu.com.
129     IN      PTR     mx2.magedu.com.
131     IN      PTR     www.magedu.com.
129     IN      PTR     

4、測試文件 
# named-checkzone "58.168.192.in-addr.arpa" /var/named/lcc.org
zone 58.168.192.in-addr.arpa/IN: loaded serial 20170917
OK

5、重載配置文件
# rndc reload
server reload successful
# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4
CPUs found: 1
worker threads: 1
number of zones: 21      //多了一個zone
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

6、測試
# nslookup 
> server 192.168.58.131      //DNS服務器的IP
Default server: 192.168.58.131
Address: 192.168.58.131#53
> set q=PTR       //測試類型
> 192.168.58.129  //需要解析的IP
Server:		192.168.58.131
Address:	192.168.58.131#53

129.58.168.192.in-addr.arpa	name = ns2.magedu.com.
129.58.168.192.in-addr.arpa	name = mx2.magedu.com.
129.58.168.192.in-addr.arpa	name = www.magedu.com.
> 192.168.58.131
Server:		192.168.58.131
Address:	192.168.58.131#53

131.58.168.192.in-addr.arpa	name = www.magedu.com.
131.58.168.192.in-addr.arpa	name = ns1.magedu.com.
131.58.168.192.in-addr.arpa	name = mx1.magedu.com.
> exit

#

四、主從同步<192.168.3.129>

1、配置為緩存DNS服務器
        dnssec-enable no;
        dnssec-validation no;
        
        時間同步: ntpdate 192.168.58.131
        
正從
2、配置/etc/named.rfc1912.zones
# vim + /etc/named.rfc1912.zones
zone "magedu.com" IN {
        type slave;
        masters { 192.168.58.131; };
        file "slaves/magedu.com.zone";
};

3、測試語法
# named-checkconf

4、重載配置
# rndc reload
server reload successful

5、查看日誌
# tail -f /var/log/messages 
Sep  9 19:43:45 localhost named[26184]: reloading zones succeeded
Sep  9 19:43:45 localhost named[26184]: zone magedu.com/IN: Transfer started.
Sep  9 19:43:45 localhost named[26184]: transfer of ‘magedu.com/IN‘ from 192.168.58.131#53: connected using 192.168.58.129#37616
Sep  9 19:43:45 localhost named[26184]: zone magedu.com/IN: transferred serial 20170917
Sep  9 19:43:45 localhost named[26184]: transfer of ‘magedu.com/IN‘ from 192.168.58.131#53: Transfer completed: 1 messages, 15 records, 342 bytes, 0.005 secs (68400 bytes/sec)
Sep  9 19:43:45 localhost named[26184]: zone magedu.com/IN: sending notifies (serial 20170917)

6、查看文件

反從
7、配置/etc/named.rfc1912.zones
# vim + /etc/named.rfc1912.zones
zone "58.168.192.in-addr.arpa" IN {
        type slave;
        masters { 192.168.58.131; };
        file "slaves/lcc.org";
};

8、測試文件
# named-checkconf

9、重載
# rndc reload
server reload successful

10、查看日誌
# tail -f /var/log/messages 
Sep  9 19:46:40 localhost named[26184]: reloading zones succeeded
Sep  9 19:46:40 localhost named[26184]: zone 58.168.192.in-addr.arpa/IN: Transfer started.
Sep  9 19:46:40 localhost named[26184]: transfer of ‘58.168.192.in-addr.arpa/IN‘ from 192.168.58.131#53: connected using 192.168.58.129#42508
Sep  9 19:46:40 localhost named[26184]: zone 58.168.192.in-addr.arpa/IN: transferred serial 20170917
Sep  9 19:46:40 localhost named[26184]: transfer of ‘58.168.192.in-addr.arpa/IN‘ from 192.168.58.131#53: Transfer completed: 1 messages, 10 records, 277 bytes, 0.005 secs (55400 bytes/sec)
Sep  9 19:46:40 localhost named[26184]: zone 58.168.192.in-addr.arpa/IN: sending notifies (serial 20170917)

11、查看文件
# ls /var/named/slaves/
lcc.org  magedu.com.zone

12、修改主dns的serial和Resource Record
$TTL 1D
$ORIGIN 58.168.192.in-addr.arpa.
@       IN      SOA     @       lccnx.foxmail.com.      (
                20170918 //修改Serial
                1H
                10M
                1W
                1D)
        IN      NS      ns1.magedu.com.
        IN      NS      ns2.magedu.com.
131     IN      PTR     ns1.magedu.com.
129     IN      PTR     ns2.magedu.com.
131     IN      PTR     mx1.magedu.com.
129     IN      PTR     mx2.magedu.com.
131     IN      PTR     www.magedu.com.
129     IN      PTR     www.magedu.com.
129     IN      PTR     ftp.magedu.com. //添加一個RR

rndc reload

13、在從DNS查看結果<192.168.58.129>
$ORIGIN .
$TTL 86400      ; 1 day
58.168.192.in-addr.arpa IN SOA  58.168.192.in-addr.arpa. lccnx.foxmail.com. (
                                20170918   ; serial
                                3600       ; refresh (1 hour)
                                600        ; retry (10 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      ns1.magedu.com.
                        NS      ns2.magedu.com.
$ORIGIN 58.168.192.in-addr.arpa.
129                     PTR     ns2.magedu.com.
                        PTR     mx2.magedu.com.
                        PTR     www.magedu.com.
                        PTR     ftp.magedu.com.
131                     PTR     ns1.magedu.com.
                        PTR     mx1.magedu.com.
                        PTR     
                        
14、修改主DNS<192.168.58.131>
# vim magedu.com.zone
$TTL 1D
$ORIGIN magedu.com.
@       IN      SOA     @       lccnx.foxmail.com.      (
                20170918     //序列號+1
                1H
                10M
                1W
                1D)
        IN      NS      ns1
        IN      NS      ns2
        IN      MX 10   mx1
        IN      MX 20   mx2
ns1     IN      A       192.168.58.131
ns2     IN      A       192.168.58.129
mx1     IN      A       192.168.58.131
mx2     IN      A       192.168.58.129
www     IN      A       192.168.58.131
www     IN      A       192.168.58.129
*       IN      A       192.168.58.131
magedu.com.     IN      A       192.168.58.131
ftp     IN      CNAME   www
pop3    IN      CNAME   www   //添加一個pop3RR

15、測試配置文件
#  named-checkzone "magedu.com" magedu.com.zone 
zone magedu.com/IN: loaded serial 20170918
OK

16、重
# rndc reload
server reload successful

17、查看從DNS
$ORIGIN .
$TTL 86400      ; 1 day
magedu.com              IN SOA  magedu.com. lccnx.foxmail.com. (
                                20170918   ; serial  //可見+1
                                3600       ; refresh (1 hour)
                                600        ; retry (10 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      ns1.magedu.com.
                        NS      ns2.magedu.com.
                        A       192.168.58.131
                        MX      10 mx1.magedu.com.
                        MX      20 mx2.magedu.com.
$ORIGIN magedu.com.
*                       A       192.168.58.131
ftp                     CNAME   www
mx1                     A       192.168.58.131
mx2                     A       192.168.58.129
ns1                     A       192.168.58.131
ns2                     A       192.168.58.129
pop3                    CNAME   www           //pop3記錄已經同步過來了
www                     A       192.168.58.131
                        A       192.168.58.129


五、子域授權<192.168.58.130>

1、在主DNS中,授權
# vim magedu.com.zone
$TTL 1D
$ORIGIN magedu.com.
@       IN      SOA     @       lccnx.foxmail.com.      (
                20170918
                1H
                10M
                1W
                1D)
        IN      NS      ns1
        IN      NS      ns2
        IN      MX 10   mx1
        IN      MX 20   mx2
ns1     IN      A       192.168.58.131
ns2     IN      A       192.168.58.129
mx1     IN      A       192.168.58.131
mx2     IN      A       192.168.58.129
www     IN      A       192.168.58.131
www     IN      A       192.168.58.129
*       IN      A       192.168.58.131
magedu.com.     IN      A       192.168.58.131
ftp     IN      CNAME   www
pop3    IN      CNAME   www

ops     IN      NS      ns1.ops.magedu.com.
ops     IN      NS      ns2.ops.magedu.com.
ns1.ops     IN      A       192.168.58.130
ns2.ops     IN      A       192.168.58.139

2、在另一個主機上配置
1)配置緩存DNS服務器
# yum -q -y install bind bind-libs bind-utils

2)配置/etc/named.conf文件
# cp -v /etc/named.conf{,.bak}

3)啟動: # service named start
4)查看:# ss -tunlp | fgrep 53
5)配置/etc/named.rfc1912.zones
zone "ops.magedu.com" IN {
        type master;
        file "ops.magedu.com.zone";
};
6)測試: # named-checkconf
7)區域解析庫:
$TTL 1D
$ORIGIN ops.magedu.com.
@	IN	SOA	@	lccnx.foxmail.com.	(
		20170917
		1H
		10M
		1W
		1D)
	IN	NS	ns1
	IN	NS	ns2
ns1	IN	A	192.168.58.130
ns2	IN	A	192.168.58.139
www	IN	A	192.168.58.130
www	IN	A	192.168.58.139
8)權限
# chmod 640 ops.magedu.com.zone 
# chown :named ops.magedu.com.zone
9)測試
# named-checkzone "ops.magedu.com" ops.magedu.com.zone 
zone ops.magedu.com/IN: loaded serial 20170917
OK
10)重載
# rndc reload
11)測試
# dig -t A www.ops.magedu.com @192.168.58.130

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.ops.magedu.com @192.168.58.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33988
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.ops.magedu.com.		IN	A

;; ANSWER SECTION:
www.ops.magedu.com.	86400	IN	A	192.168.58.139
www.ops.magedu.com.	86400	IN	A	192.168.58.130

;; AUTHORITY SECTION:
ops.magedu.com.		86400	IN	NS	ns2.ops.magedu.com.
ops.magedu.com.		86400	IN	NS	ns1.ops.magedu.com.

;; ADDITIONAL SECTION:
ns1.ops.magedu.com.	86400	IN	A	192.168.58.130
ns2.ops.magedu.com.	86400	IN	A	192.168.58.139

;; Query time: 1 msec
;; SERVER: 192.168.58.130#53(192.168.58.130)
;; WHEN: Sun Sep 17 22:10:00 2017
;; MSG SIZE  rcvd: 136
1、父域解析子域<192.168.58.131>
# dig -t A www.ops.magedu.com @192.168.58.131

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.ops.magedu.com @192.168.58.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15973
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.ops.magedu.com.		IN	A

;; ANSWER SECTION:
www.ops.magedu.com.	86400	IN	A	192.168.58.130
www.ops.magedu.com.	86400	IN	A	192.168.58.139

;; AUTHORITY SECTION:
ops.magedu.com.		86400	IN	NS	ns2.ops.magedu.com.
ops.magedu.com.		86400	IN	NS	ns1.ops.magedu.com.

;; ADDITIONAL SECTION:
ns1.ops.magedu.com.	86400	IN	A	192.168.58.130
ns2.ops.magedu.com.	86400	IN	A	192.168.58.139

;; Query time: 15 msec
;; SERVER: 192.168.58.131#53(192.168.58.131)
;; WHEN: Sun Sep 17 22:12:10 2017
;; MSG SIZE  rcvd: 136

2、子域解析父域
# dig -t A www.magedu.com @192.168.58.130

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.magedu.com @192.168.58.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 562
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 16

;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		477	IN	A	101.200.188.230

;; AUTHORITY SECTION:
magedu.com.		172677	IN	NS	ns1.alidns.com.
magedu.com.		172677	IN	NS	ns2.alidns.com.

;; ADDITIONAL SECTION:
ns1.alidns.com.		172677	IN	A	106.11.141.121
ns1.alidns.com.		172677	IN	A	106.11.211.51
ns1.alidns.com.		172677	IN	A	106.11.211.61
ns1.alidns.com.		172677	IN	A	140.205.41.11
ns1.alidns.com.		172677	IN	A	140.205.41.21
ns1.alidns.com.		172677	IN	A	140.205.81.11
ns1.alidns.com.		172677	IN	A	140.205.81.21
ns1.alidns.com.		172677	IN	A	106.11.141.111
ns2.alidns.com.		172677	IN	A	106.11.211.52
ns2.alidns.com.		172677	IN	A	106.11.211.62
ns2.alidns.com.		172677	IN	A	140.205.41.12
ns2.alidns.com.		172677	IN	A	140.205.41.22
ns2.alidns.com.		172677	IN	A	140.205.81.12
ns2.alidns.com.		172677	IN	A	140.205.81.22
ns2.alidns.com.		172677	IN	A	106.11.141.112
ns2.alidns.com.		172677	IN	A	106.11.141.122

;; Query time: 1 msec
;; SERVER: 192.168.58.130#53(192.168.58.130)
;; WHEN: Sun Sep 17 22:12:59 2017
;; MSG SIZE  rcvd: 347

六、轉發區域<192.168.1.130>

1、全部轉發
# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.58.0/24; 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
        forward first;
        forwarders { 192.168.58.131; };

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
//      bindkeys-file "/etc/named.iscdlv.key";

//      managed-keys-directory "/var/named/dynamic";
};

# named-checkconf
# rndc reload
# dig -t A www.magedu.com @192.168.58.130

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.magedu.com @192.168.58.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15274
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86400	IN	A	192.168.58.129
www.magedu.com.		86400	IN	A	192.168.58.131

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	ns2.magedu.com.
magedu.com.		86400	IN	NS	ns1.magedu.com.

;; ADDITIONAL SECTION:
ns2.magedu.com.		86400	IN	A	192.168.58.129
ns1.magedu.com.		86400	IN	A	192.168.58.131

;; Query time: 6 msec
;; SERVER: 192.168.58.130#53(192.168.58.130)
;; WHEN: Sun Sep 17 22:21:14 2017
;; MSG SIZE  rcvd: 132

2、區域轉發
# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
        type forward;
        forward first;
        forwarders { 192.168.58.129; };
};

# named-checkconf
# rndc reload

在從DNS上查詢<192.168.58.129>
首先改變主DNSserial, rndc reload,同步之後
在從DNS上開啟查詢日誌: rndc querylog
Sep 17 22:24:13 localhost named[26184]: query logging is now on
Sep 17 22:24:31 localhost named[26184]: client 192.168.58.130#30952: query: www.magedu.com IN A +EDC (192.168.58.129)

在進行查詢
[[email protected] named]# dig -t A www.magedu.com @192.168.58.130

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.magedu.com @192.168.58.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62811
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86400	IN	A	192.168.58.129
www.magedu.com.		86400	IN	A	192.168.58.131

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	ns2.magedu.com.
magedu.com.		86400	IN	NS	ns1.magedu.com.

;; ADDITIONAL SECTION:
ns2.magedu.com.		86400	IN	A	192.168.58.129
ns1.magedu.com.		86400	IN	A	192.168.58.131

;; Query time: 9 msec
;; SERVER: 192.168.58.130#53(192.168.58.130)
;; WHEN: Sun Sep 17 22:24:41 2017
;; MSG SIZE  rcvd: 132


七、安全配置

1、查詢 allow-query { any; };
2、傳送:主DNS僅允許從
allow-transfer { 192.168.58.129; };
其它: allow-transfer { none; };

acl slaves {          //在options之上
    192.168.58.129;
};

zone
allow-transfer { slaves; };  

3、遞歸,只為內部主機遞歸
acl mynet {          //在options之上
    192.168.58.0/24;
    127.0.0.1;
};
options {
    allow-transfer { mynet; };
};
4、查詢只允許dhcp服務器,一般都不允許
zone
allow-update { none; };



模型

技術分享

八、view實現智能DNS

1、搭建實驗環境<恢復快照>

1)不開snat和net.ipv4.ip_forward,從172.16網絡的主機ping192.168.1網絡內的主機

技術分享

技術分享

2)打開net.ipv4.ip_forward,從172.16網絡的主機ping192.168.1網絡內的主機

技術分享

技術分享


1、在172.16.128.1主機之上配置DNS

1、掛載光盤
# [ -d /media/cdrom ] || install -d /media/cdrom
# mount -r /dev/cdrom /media/cdrom
2、配置yum源
# rm -rf /etc/yum.repos.d/*
# vim /etc/yum.repos.d/CentOS-Base.repo
[Base]
name=Base repo for CentOS 6.9
failovermethod=priority
baseurl=file:///media/cdrom
gpgcheck=1
gpgkey=file:///media/cdrom/RPM-GPG-KEY-CentOS-6
enabled=1


3、重建緩存
# yum makecache

4、緩存服務器
# yum install bind bind-utils bind-libs

# cp -v /etc/ntp.conf{,.bak}
# vim
# service ntpd start
# cp -v /etc/named.conf{,.bak}
# vim /etc/named.conf
# named-checkconf
# service named start
# ss -tunlp | fgrep 53

5、配置view
所有zone在同一個文件中
1、刪除/etc/named.conf文件中根域
2、在/etc/named.rfc1912.zones添加根域<僅在匹配的客戶端可以遞歸的客戶端的VIEW中添加根域>
3、添加後測試語法 
# named-checkconf
4、添加正向解析區域
1)配置
zone "magedu.com" IN {	
	type master;
	file "magedu.com.zone";
	allow-update { none; };
	allow-transfer { 127.0.0.1; };
};
2)解析庫
# vim /var/named/magedu.com.zone
$TTL 1D
$ORIGIN magedu.com.
@	IN	SOA	@	lccnx.foxmail.com.	(
		20170918	
		1H
		10M
		1W
		1D)
	IN	NS	ns1.magedu.com.
ns1	IN	A	172.16.128.1
www	IN	A	172.16.100.13
3)權限
# chmod 640 /var/named/magedu.com.zone
# chown :named /var/named/magedu.com.zone 
4)重載配置文件
# rndc reload
5)測試
# dig -t A www.magedu.com @172.16.128.1

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> -t A www.magedu.com @172.16.128.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12511
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86400	IN	A	172.16.100.13

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.		86400	IN	A	172.16.128.1

;; Query time: 4 msec
;; SERVER: 172.16.128.1#53(172.16.128.1)
;; WHEN: Sun Sep 17 19:27:22 2017
;; MSG SIZE  rcvd: 82

# nslookup 
> server 172.16.128.1
Default server: 172.16.128.1
Address: 172.16.128.1#53
> set q=A  
> www.magedu.com 
Server:		172.16.128.1
Address:	172.16.128.1#53

Name:	www.magedu.com
Address: 172.16.100.13
> exit

5、添加view
172.16解析至內網
192.168.3其他解析至外網

172.16解析至內網
# vim /etc/named.conf
acl mynet {     
        172.16.0.0/16;
        127.0.0.1;
};
options {};

# vim /etc/named.rfc1912.zones
view internal {
	match-clients { mynet; };
	recursion yes;
zone "." IN {	
	type hint;
	file "named.ca";
};
zone "localhost.localdomain" IN {
	type master;
	file "named.localhost";
	allow-update { none; };
};

zone "localhost" IN {
	type master;
	file "named.localhost";
	allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
	type master;
	file "named.loopback";
	allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
	type master;
	file "named.loopback";
	allow-update { none; };
};

zone "0.in-addr.arpa" IN {
	type master;
	file "named.empty";
	allow-update { none; };
};

zone "magedu.com" IN {	
	type master;
	file "magedu.com.zone";
	allow-update { none; };
	allow-transfer { 127.0.0.1; };
};
};

# named-checkconf
# rndc reload
# dig -t A www.magedu.com @172.16.128.1

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> -t A www.magedu.com @172.16.128.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64602
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86400	IN	A	172.16.100.13

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.		86400	IN	A	172.16.128.1

;; Query time: 2 msec
;; SERVER: 172.16.128.1#53(172.16.128.1)
;; WHEN: Sun Sep 17 19:34:33 2017
;; MSG SIZE  rcvd: 82

192.168.3其他解析至外網
# vim /etc/named.rfc1912.zones
view external {
        match-clients { any; };
        recursion no;
zone "magedu.com" IN {
        type master;
        file "magedu.com.external";
        allow-update { none; };
        allow-transfer { 127.0.0.1; };
};
};

# named-checkconf 
# rndc reload
server reload successful

# cp -p /var/named/magedu.com.zone /var/named/magedu.com.external  //權限
# vim /var/named/magedu.com.external 
$TTL 1D
$ORIGIN magedu.com.
@	IN	SOA	@	lccnx.foxmail.com.	(
		20170918	
		1H
		10M
		1W
		1D)
	IN	NS	ns1.magedu.com.
ns1	IN	A	172.16.128.1
www	IN	A	2.2.2.2

測試
# named-checkzone "magedu.com" magedu.com.external 
zone magedu.com/IN: loaded serial 20170918
OK

重載
# rndc reload

在192.168.3網絡內的3.3主機上測試

技術分享

九、編譯安裝BIND

1、恢復快照

2、下載bind , C源碼

# wget -c -nc https://www.isc.org/downloads/file/bind-9-10-6/

3、展開編譯

4、編譯後操作

5、配置文件

6、區域解析庫

7、rndc文件

8、準備一個服務腳本


3、展開編譯
# tar xf bind-9.10.6.tar.gz
#  cd bind-9.10.6
# yum groupinstall "Development Tools" "Server Platform Development"
# groupadd -r -g 53 named
# useradd -r -g 53 -u 53 named
# ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --disable-ipv6 --disable-chroot --enable-threads
			--disable-chroot  	chroot不方便使用 
			--prefix= 			便於刪除 
			--enable-threads 	多核CPU,更好使用
# make -j 4 && make install
4、編譯後操作
導出PATH
# ls /usr/local/bind9/
bin  include  lib  sbin  share  var
# vim /etc/profile.d/named.sh
declare -x PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
# . /etc/profile.d/named.sh

庫
#  vim /etc/ld.so.conf.d/named.conf
/usr/local/bind9/lib
# ldconfig -v

頭文件
# ln -sv /usr/local/bind9/include /usr/include/named

MAN手冊
# vim /etc/man.config
MANPATH /usr/man
MANPATH /usr/share/man
MANPATH /usr/local/man
MANPATH /usr/local/share/man
MANPATH /usr/X11R6/man
MANPATH /usr/local/bind9/share/man

5、配置文件
# vim /etc/named/named.conf
options {
        directory "/var/named";
        allow-query { any; };
        allow-recursion { any; };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { any; };
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.loopback";
        allow-update { any; };
};

6、區域解析庫
# install -d /var/named
# vim /var/named/named.localhost
$TTL 1D
$ORIGIN localhost.
@       IN      SOA     @       lccnx.foxmail.com       (
                20170918
                1H
                10M
                1W
                1D)
        IN      NS      localhost.
        IN      A       127.0.0.1

# vim /var/named/named.loopback
$TTL 1D	
$ORIGIN 0.0.127.in-addr.arpa.
@	IN	SOA	@	lccnx.foxmail.com. (
		20170918
		1H
		10M
		1W
		1D)

	IN	NS	localhost.
1	IN	PTR	localhost.

# dig -t NS . > /var/named/named.ca

權限
# chmod 640 /var/named/named.ca
# chown :named /var/named/named.ca
# ls -l /var/named/named.ca
-rw-r----- 1 root named 2188 Sep  9 20:40 /var/named/named.ca

# chown :named /etc/named/named.conf  /var/named/named.lo*
# chmod 640 /etc/named/named.conf  /var/named/named.lo*
# ls -l /etc/named/named.conf  /var/named/named.lo*
-rw-r----- 1 root named 512 Sep  9 20:25 /etc/named/named.conf
-rw-r----- 1 root named 125 Sep  9 20:27 /var/named/named.localhost
-rw-r----- 1 root named 143 Sep  9 20:30 /var/named/named.loopback

7、rndc文件
# rndc-confgen  -r /dev/urandom > /etc/named/rndc.conf
key "rndc-key" {
      algorithm hmac-md5;
      secret "ZaRjlHwFaun/mfn648NDGQ==";
};

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};
8、測試起動
# chown root.named /usr/local/bind9/var/run
# ls -ld /usr/local/bind9/var/run
drwxr-xr-x 2 root named 4096 Sep  9 19:58 /usr/local/bind9/var/run
# chmod g+w /usr/local/bind9/var/run
# named -u named -f -g -d 3

9、查看監聽端口
[[email protected] ~]# ss -tunlp | fgrep 53
udp    UNCONN     0      0          192.168.1.100:53                    *:*      users:(("named",6870,513))
udp    UNCONN     0      0              127.0.0.1:53                    *:*      users:(("named",6870,512))
tcp    LISTEN     0      10         192.168.1.100:53                    *:*      users:(("named",6870,22))
tcp    LISTEN     0      10             127.0.0.1:53                    *:*      users:(("named",6870,21))
tcp    LISTEN     0      128            127.0.0.1:953                   *:*      users:(("named",6870,23))

10、服務腳本
# install -d /usr/local/bind9/var/lock
#!/bin/bash
#
# Author: lcc.org
# Verion: 1.1.1
# chkconfig: - 12 88
# Description: BIND(Berkerley Information Name Domain) 

prog=$(echo $0 | sed ‘s,/$,,‘ | sed -r ‘[email protected](.*/)([^/]+)@\[email protected]‘)
lockfile=/var/lock/subsys/$prog

start() {
	if killall -0 $prog 2> /dev/null; then
		if [ -e $lockfile ]; then
	  		echo "$prog is already started"
			return 0
		fi
	else
		if named -u named; then
			[ ! -e $lockfile ] &&  touch $lockfile 
			echo "start $prog finished"
		fi	
	fi
}

stop() {
	[ -e $lockfile ] && rm -rf $lockfile
	if killall -0 $prog 2> /dev/null; then
		pkill named && echo "stop $prog ok"
	else
		echo "stop $prog ok"
	fi	
}
	
status() {
	if [ -e $lockfile ] && killall -0 named 2> /dev/null; then
		echo "$prog is running...."
	elif [ ! -e $lockfile ] && ! killall -0 named 2> /dev/null; then
		echo "$prog is stpped yet..."
	else
		echo "WARINING....."
		stop	
	fi 
}
		
reload() {
	rndc reload 2> /dev/null
}
	
case $1 in
start)
	start
	;;
stop)
	stop
	;;
restart)
	stop
	start
	;;
status)
	status
	;;
reload)
	reload
	;;
*)
	echo "Usage: $0 {start|stop|restart|status|reload}"
	;;
esac

11、添加進/etc/rc.d/init.d/中
# chmod +x named
# cp -p named /etc/init.d/named
# chkconfig --add named
# chkconfig --list named
named          	0:off	1:off	2:off	3:off	4:off	5:off	6:off 

12、手動測試配置正反向解析區域,看是否有任何差錯
.....


十、壓力測試

1、進入源碼目錄中的contrib目錄中
# cd ~/bind-9.10.6/contrib/
2、進入queryperf目錄中
# cd queryperf
3、編譯
# less README
# ./configure
# make

4、復制
# cp -a  queryperf /usr/local/bind9/bin/

5、benchmark

queryperf命令<DNS Bench Mark>

Usage: queryperf [-d datafile] [-s server_addr]

[[email protected] queryperf]# queryperf -d file -s 192.168.1.100

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with 192.168.1.100)
[Status] Testing complete

Statistics:

  Parse input file:     once
  Ended due to:         reaching end of file

  Queries sent:         702000 queries
  Queries completed:    702000 queries
  Queries lost:         0 queries
  Queries delayed(?):   0 queries

  RTT max:         	0.184500 sec
  RTT min:              0.000148 sec
  RTT average:          0.003078 sec
  RTT std deviation:    0.001178 sec
  RTT out of range:     0 queries

  Percentage completed: 100.00%
  Percentage lost:        0.00%

  Started at:           Sun Sep 10 03:13:45 2017
  Finished at:          Sun Sep 10 03:15:34 2017
  Ran for:              109.150809 seconds

  Queries per second:   6431.468593 qps
  
TOP
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                                                          
 7774 named     20   0 50152  12m 2748 S 53.4  5.3   2:06.29 named                                                                                                                             
22591 root      20   0 20032  17m  676 S 45.2  7.4   0:05.06 queryperf    

VMSTAT
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 2  0   4160   3876   8032 150904    0    0    74    75   62  128  2  3 90  6  0	
 2  0   4160   3868   8032 150904    0    0     0     0  965 12360  4 96  0  0  0	
 2  0   4160   3808   8032 150960    0    0    68     0  988 11908 20 80  0  0  0	
 2  0   4160   3688   8040 151040    0    0    72    12  981 11791  4 96  0  0  0	
 2  0   4160   3688   8040 151044    0    0     0     0  990 11952  4 96  0  0  0	
 2  0   4160   3628   8040 151044    0    0     0     0  979 11990  3 97  0  0  0	
 2  0   4160   3628   8040 151044    0    0     0     0  991 12712 16 84  0  0  0
 
 IOSTAT
 # iostat 1
Linux 2.6.32-696.el6.i686 (localhost.localdomain) 	09/10/2017 	_i686_	(1 CPU)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           1.25    0.46    2.62    5.61    0.00   90.06

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
scd0              0.00         0.01         0.00        376          0
sda               3.91       146.89       150.43    5265774    5392628
dm-0              4.04        20.10        28.64     720634    1026544
dm-1              0.05         0.18         0.25       6520       9032
dm-2              0.01         0.06         0.00       2018         56
dm-3             14.64       106.06        97.85    3802226    3507896
dm-4              3.30        20.31        23.68     728258     849040

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
          19.39    2.04   78.57    0.00    0.00    0.00

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
scd0              0.00         0.00         0.00          0          0
sda             117.35      4693.88        57.14       4600         56
dm-0             72.45      3126.53         0.00       3064          0
dm-1              0.00         0.00         0.00          0          0
dm-2              0.00         0.00         0.00          0          0
dm-3              4.08       146.94         0.00        144          0
dm-4             67.35       481.63        57.14        472         56

技術分享

[[email protected] queryperf]# rndc querylog
[[email protected] queryperf]# rndc status
version: BIND 9.10.6 <id:9d1ea0b>
boot time: Sat, 09 Sep 2017 17:45:08 GMT
last configured: Sat, 09 Sep 2017 18:04:13 GMT
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 103
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON          //開啟查詢日誌,每次請求都會有IO產生
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

[[email protected] queryperf]# queryperf -d file -s 192.168.1.100

DNS Query Performance Testing Tool
Version: $Id: queryperf.c,v 1.12 2007/09/05 07:36:04 marka Exp $

[Status] Processing input data
[Status] Sending queries (beginning with 192.168.1.100)
top[Status] Testing complete

Statistics:

  Parse input file:     once
  Ended due to:         reaching end of file

  Queries sent:         702000 queries
  Queries completed:    702000 queries
  Queries lost:         0 queries
  Queries delayed(?):   0 queries

  RTT max:         	1.141619 sec
  RTT min:              0.000149 sec
  RTT average:          0.006632 sec
  RTT std deviation:    0.008464 sec
  RTT out of range:     0 queries

  Percentage completed: 100.00%
  Percentage lost:        0.00%

  Started at:           Sun Sep 10 03:22:50 2017
  Finished at:          Sun Sep 10 03:26:45 2017
  Ran for:              235.257594 seconds

  Queries per second:   2983.963187 qps
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                                                          
 7774 named     20   0 50152  13m 2784 S 50.8  5.4   3:39.84 named                                                                                                                             
23274 root      20   0 20032  17m  672 S 24.5  7.4   0:17.01 queryperf                      

# vmstat 1
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 2  0   4160   8052   6944 148324    0    0    77    78   67  187  2  3 89  6  0	
 2  0   4160   8060   6944 148352    0    0    24    12  999 13770  4 96  0  0  0	
 1  1   4160   8052   6944 148348    0    0    12     0  977 12900  4 96  0  0  0	
 2  0   4160   7992   6952 148428    0    0    56    52  988 12689 21 79  0  0  0	
 2  0   4160   7872   6960 148436    0    0     0    56  989 14114  3 97  0  0  0	
 1  1   4160   7880   6960 148440    0    0    16    56  974 13079  3 97  0  0  0	
 1  1   4160   7872   6960 148528    0    0    84    88 1008 13114  8 92  0  0  0	
 2  0   4160   7880   6960 148540    0    0     0     0  981 13744 15 85  0  0  0	
 2  1   4160   7700   6968 148776    0    0   232    52 1013 14028  2 98  0  0  0	
 
 # iostat 1
Linux 2.6.32-696.el6.i686 (localhost.localdomain) 	09/10/2017 	_i686_	(1 CPU)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           1.27    0.54    3.01    5.79    0.00   89.40

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
scd0              0.00         0.01         0.00        376          0
sda               4.04       154.73       156.98    5587614    5669060
dm-0              4.09        20.75        28.96     749330    1045720
dm-1              0.05         0.18         0.25       6520       9032
dm-2              0.01         0.06         0.00       2018         56
dm-3             15.51       113.36       104.19    4093554    3762752
dm-4              3.29        20.19        23.58     729154     851440

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           3.12    1.04   95.83    0.00    0.00    0.00

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
scd0              0.00         0.00         0.00          0          0
sda               3.12        41.67        75.00         40         72
dm-0              0.00         0.00         0.00          0          0
dm-1              0.00         0.00         0.00          0          0
dm-2              0.00         0.00         0.00          0          0
dm-3             11.46        41.67        75.00         40         72
dm-4              0.00         0.00         0.00          0          0


本文出自 “Reading” 博客,請務必保留此出處http://sonlich.blog.51cto.com/12825953/1966447

+++++++子域授權與編譯安裝(二)

相關推薦

+++++++授權編譯安裝()

博客 linux 運維 子域授權、轉發區域<子域解析父域>、DNS安全配置<acl定義,內置變量,acl安全指令>、dns使用view實現智能dns、CDN,全局負載均衡、編譯安裝bind、dns壓力測試一、恢復快照二、緩存服務器三、(正、反)區域解析庫配置四、主從同步五、

+++++++授權編譯安裝(一)

博客 linux 運維 子域授權、轉發區域<子域解析父域>、DNS安全配置<acl定義,內置變量,acl安全指令>、dns使用view實現智能dns、編譯安裝bind、dns壓力測試關閉dnssec子域授權: 分布式數據庫的主要手段基於授權將功能分散出去,讓多個主機分別處理

DNS解析Bind的使用(7)——授權、轉發及訪問控制列表配置

訪問控制 子域授權 轉發 十四、Bind軟件的子域授權全球網絡的DNS服務器都是由多級所構成的,每一臺主機通過域名服務找到所要訪問的主機IP地址都是通過一層層DNS服務器找到的。而這樣的結構就決定了,上級域名服務器必須具備找到子域的能力,例如tianxia.com.這個域名,在頂級域com.下就必

Centos下Sphinx的下載編譯安裝

onf total osi training art exe .gz clas com 官方下載地址 http://sphinxsearch.com/downloads/release/ 百度雲下載地址 https://pan.baidu.com/s/1gfmPbd5

授權

部門 min clas 記錄 ron pop3 3.1 /var/ $origin 子域授權 前言:如果我們現在在公司的內網搭建一個內部的DNS服務,那麽現在對於yhyblog.cn來說,公司內部有很多部門。例如ops.yhyblog.cn,java.yhyblog.cn,

DNS服務基礎 、 特殊解析 、 DNS授權 、 緩存DNS

dns################################################################################################### 虛擬機A 1. 將防火墻狀態設置為trusted 2.SELinux當前修改為permis

DNS的主從、授權和轉發服務器

還需 class bind name 多個 放置 dnssec 時間 rst DNS的主從、子域授權和轉發服務器 主從DNS 註意: 1.全局配置options{} 裏面的內容,其中 listen-on port 53 {an

DNS授權

子域授權一、子域授權 子域授權是實現DNS分布式數據庫的一種手段, 每個域的名稱服務器都是通過其上級名稱服務器在解析庫進行授權, 類似於根域授權TLD. 正向解析區域的子域授權方法: # 定義一個子區域: ops.magedu.com. IN NS ns1.ops.maged

?DNS授權、view配置詳解

red cdn 定義 spa flags 子域 p s 反饋 con DNS子域授權、view配置詳解子域授權:其實就是將一個比較大的域再分割成小區域,每個小區域可以交由一組或多組服務器管理,這些服務器只解析其管轄範圍內的域名,超出其範圍的解析請求一般會轉發給父域或直接轉發

02: DNS服務基礎 特殊解析 DNS授權 快取DNS 總結和答疑

Top NSD SERVICES DAY02 案例1:搭建單區域DNS伺服器 案例2:特殊DNS解析 案例3:配置DNS子域授權 案例4:搭建並測試快取DNS 1 案例1:搭建單區域DNS伺服器 1.1 問題 本例要求要求為DNS區域tedu.c

多區域 DNS 服務,授權,緩存 DNS及Split 分離解析的原理和實現

修改配置 master 127.0.0.1 direct 支持 壓力 -- start http DNS 服務器的功能: 正向解析:根據註冊的域名查找其對應的 IP 地址 反向解析:根據 IP 地址查找對應的註冊域名(不常用) DNS(域名解析)服務器:解析域名--->

DNS區域傳送、授權

主服務器 erro query 進行 not end slave 服務器搭建 ubuntu 前言 DNS服務器搭建參考上一篇; DNS主從復制,就是將主DNS服務器的解析庫復制傳送至從DNS服務器,進而從服務器就可以進行正向、反向解析了。從服務器向主服務器更新查詢數據,保證

dns視圖功能和授權

網段 ant sys client color 視圖 網絡 表名 dns dns視圖 DNS視圖:通過視圖功能可以實現內網、外網解析出不同的ip地址。即解析同一個域名時,對於不同網段的客戶機查詢出不同的ip地址。警告:在使用DNS視圖功能的 DNS服務器上要在/etc/na

Linux 基礎知識(十)DNS服務器主從復制,授權

recursion 監聽 ever slaves ons dns服務器 hint 測試 dynamic DNS域名系統是互聯網的一項服務。它作為將域名和IP地址相互映射的一個分布式數據庫,能夠使人更方便地訪問互聯網。DNS使用TCP和UDP端口53 DNS服務器主從復制

HTTP 配置編譯安裝

list 網頁 多個 所有 disabled apach 配置文件 文件名 mat 目錄 HTTP 配置與編譯安裝 HTTP 相關配置 DSO 定義‘Main’ Serve

MySQl編譯安裝進制安裝介紹

ont 僅支持 asp .sh -- class bar 站點 entos MySQL介紹 官方站點:http://www.mysql.com/ MySQL是一個開放源碼的小型關聯式數據庫管理系統。目前MySQL被廣泛地應用在Internet上的中小型網站中。由於其體積

基於YUM安裝源碼編譯進制多實例安裝Mariadb,mysql

服務器 安裝mysql down print zlib sed pat blackhole efi 基於YUM 1 安裝 yum install mariadb 2 創建多實例對應的目錄結構 mkdir /mysql/{3306,3307,3308}/{data,e

Linux-rhel6.4 編譯安裝PHP,Nginxphp連接

linux php rhel 編譯安裝php 連接nginx 確定依賴包安裝gcc gcc-c++ libxml2 libxml2-devel bzip2 bzip2-devel libmcrypt libmcrypt-devel openssl openssl-devel libcurl

#13 yum、編譯安裝sed命令的使用

yum、編譯安裝與sed命令的使用Linux程序包管理之二 程序包管理的前端工具: CentOS系,yum,dnf yum: Yellowdog Updater Modified Yellowdog是一款發行版linux,使用rpm作為默認的程序包管理工具 URL: yum定位軟件

Centos 7.0 編譯安裝LAMP(Linxu+apache+mysql+php)之源碼安裝Mysql (

php mysql apache mysql 簡介: MySQL是一個關系型數據庫管理系統,關系數據庫將數據保存在不同的表中,這樣就增加了速度並提高了靈活性。目前其屬於 Oracle 旗下產品。MySQL 是最流行的關系型數據庫管理系統之一,在 WEB 應用方面,MySQL是最好的 RD