DNS 緩存型服務器

實驗：搭建根域轉發DNS服務器：/ 純緩存DNS
master ---------------》主服務器
slave-------------------》從服務器
forworads------------》轉發服務器
先畫好架構圖，準備好扮演服務器和客戶端的機器：
步驟如下：
前提：在服務器和客戶端分別裝好需要的安裝包；
[root@server-124 ~]#yum install bind
[root@server-124 ~]#yum install bind-utils
[root@server-124 ~]#yum install bind-libs
服務器必須能聯網，能和根域進行溝通：聯網類型設置為NAT類型，可以先用#ip a 命令看一下網卡的名稱
[root@server-124 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet

BOOTPROTO=static

NAME=ens33

DEVICE=ens33

ONBOOT=yes

HWADDR=00:0c:29:f8:63:ed

IPADDR=192.168.10.11

NETMASK=255.255.255.0

GATEWAY=192.168.10.2
保存退出
[root@server-124 ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.

64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=128 time=9.45 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=2 ttl=128 time=9.20 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=3 ttl=128 time=10.6 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=4 ttl=128 time=9.30 ms
C64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=5 ttl=128 time=9.89 ms
^H^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4013ms
rtt min/avg/max/mdev = 9.207/9.712/10.697/0.556 ms
證明可以拼通外網，編輯主配置文件如下：註意監聽端口的IP地址，還有允許解析的網IP網段，any表示全部 。開啟遞歸
[root@server-124 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };

    recursion yes;
            dnssec-enable yes;
    dnssec-validation yes;

    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
保存退出
[root@server-124 ~]# cd /var/named/
[root@server-124 named]# ll
總用量 16
drwxrwx--- 2 named named 23 3月 17 10:20 data
drwxrwx--- 2 named named 6 8月 4 2017 dynamic
-rw-r----- 1 root named 2281 5月 22 2017 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 8月 4 2017 slaves
[root@server-124 named]# systemctl start named
查看53號端口是否開啟
[root@server-124 named]# netstat -nul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 192.168.10.11:53 0.0.0.0:
udp 0 0 127.0.0.1:323 0.0.0.0:
udp6 0 0 ::1:53 :::
udp6 0 0 ::1:323 :::
[root@server-124 named]# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.10.11:53 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0: LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0: LISTEN
tcp6 0 0 ::1:53 ::: LISTEN
tcp6 0 0 :::22 ::: LISTEN
tcp6 0 0 ::1:953 ::: LISTEN
tcp6 0 0 ::1:25 ::: LISTEN

客戶端不需要上外網，將DNS指向7-7服務器
[root@server-125 ~]# vim /etc/resolv.conf
nameserver 192.168.10.11
保存退出
[root@server-125 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet

BOOTPROTO=static

NAME=ens33

DEVICE=ens33

ONBOOT=yes

HWADDR=00:0c:29:e6:e2:3e

IPADDR=192.168.10.12

NETMASK=255.255.255.0

#GATEWAY=192.168.10.2

#DNS=192.168.6.2
保存退出
驗證：
[root@server-125 ~]# nslookup www.baidu.com
Server: 192.168.10.11
Address: 192.168.10.11#53

Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.38
Name: www.a.shifen.com
Address: 14.215.177.39
[root@server-125 ~]# dig www.baidu.com

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12563
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com. 975 IN CNAME www.a.shifen.com.
www.a.shifen.com. 75 IN A 14.215.177.38
www.a.shifen.com. 75 IN A 14.215.177.39

;; AUTHORITY SECTION:
a.shifen.com. 975 IN NS ns4.a.shifen.com.
a.shifen.com. 975 IN NS ns1.a.shifen.com.
a.shifen.com. 975 IN NS ns5.a.shifen.com.
a.shifen.com. 975 IN NS ns2.a.shifen.com.
a.shifen.com. 975 IN NS ns3.a.shifen.com.

;; ADDITIONAL SECTION:
ns2.a.shifen.com. 975 IN A 180.149.133.241
ns3.a.shifen.com. 975 IN A 61.135.162.215
ns4.a.shifen.com. 975 IN A 115.239.210.176
ns5.a.shifen.com. 975 IN A 119.75.222.17
ns1.a.shifen.com. 975 IN A 61.135.165.224

;; Query time: 0 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: 六 3月 17 18:46:18 CST 2018
;; MSG SIZE rcvd: 271
如果客戶端不能上外網，dig +trace則不能解析，需要上外網才可以完整dig +trace，不知道原因為何？
[root@server-125 ~]# dig +trace www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> +trace www.baidu.com
;; global options: +cmd
. 488977 IN NS e.root-servers.net.
. 488977 IN NS j.root-servers.net.
. 488977 IN NS a.root-servers.net.
. 488977 IN NS b.root-servers.net.
. 488977 IN NS k.root-servers.net.
. 488977 IN NS m.root-servers.net.
. 488977 IN NS c.root-servers.net.
. 488977 IN NS i.root-servers.net.
. 488977 IN NS d.root-servers.net.
. 488977 IN NS g.root-servers.net.
. 488977 IN NS f.root-servers.net.
. 488977 IN NS l.root-servers.net.
. 488977 IN NS h.root-servers.net.
. 489007 IN RRSIG NS 8 0 518400 20180329170000 20180316160000 41824 . SzOQxRNumIySwzKTxsJJA90AYuUNqDonQA+inleP2VxwWtTsT7MEWkAq POR4pWIWVfVWp6gil3CMXSTKXByWx6qdj8oo8GI3tV3A7DWSz/cNoxfH Q8z6Wdsfq/SeeB8xn6It4ELnac5CNXNyvfwEXeqvT6wo3plu9uqwOVai 3gbfSSlM2ghUZ4Q5wUWu3dkOYublChR31yf323cHFN/bYBBj9KCMsNQL zPekEJx0eJUcz4TxD80nNjTXARIE+7YhznFr0ljElFEkkgtYQyzkTUnt 9oBNINyB0aJRTNsT7dv9+EpuDInFi+kAqT4yVeBVAZamGDvdr8On1LRt 4ASLjA==
;; Received 1097 bytes from 192.168.10.11#53(192.168.10.11) in 14 ms

DNS----搭建純緩存型服務器