DNS Cache for Linux

one. DNS (Domain Name System, DNS), the Internet as the domain name and IP Address one of the mutual mappings Distributed Database To make it easier for users to access Internet , instead of remembering the number of IP strings that can be read directly by the machine. The process of obtaining the IP address of the host name through the hostname is called Domain name resolution (or hostname resolution). The DNS protocol runs on Top of the UDP protocol, using the port number 53.

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/9E/00/wKiom1mJyMmw8Q47AAW8kr3nkzY751.png "title=" Screenshot from 2017-08-08 22-19-46.png "alt=" Wkiom1mjymmw8q47aaw8kr3nkzy751.png "/>

Two. Configure the lab environment

1. Configure the virtual machine Ip,yum warehouse and modify the host name to Dns-server

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/00/wKioL1mJxx7T9K0mAADO_WZgAWI258.png "style=" float : none; "title=" screenshot from 2017-08-08 10-17-48.png "alt=" Wkiol1mjxx7t9k0maado_wzgawi258.png "/>

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/00/wKiom1mJxx3CVz7nAAA1K42Gx_w702.png "style=" float : none; "title=" screenshot from 2017-08-08 10-17-18.png "alt=" Wkiom1mjxx3cvz7naaa1k42gx_w702.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/00/wKioL1mJxxyzbW2fAABOdDQ9NtY054.png "style=" float : none; "title=" screenshot from 2017-08-08 10-15-24.png "alt=" Wkiol1mjxxyzbw2faaboddq9nty054.png "/>

2. Set up a firewall can be configured through DNS, install cache DNS service bind, configure DNS

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/00/wKioL1mJx7DDUJN0AAAqmtX8H3w131.png "style=" float : none; "title=" screenshot from 2017-08-08 11-04-53.png "alt=" Wkiol1mjx7ddujn0aaaqmtx8h3w131.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/00/wKiom1mJx6_gNCmGAAFKMRFZssA857.png "style=" float : none; "title=" screenshot from 2017-08-08 11-03-35.png "alt=" Wkiom1mjx6_gncmgaafkmrfzssa857.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/00/wKiom1mJx7ChSfzTAABZvMVHWos798.png "style=" float : none; "title=" screenshot from 2017-08-08 11-05-26.png "alt=" Wkiom1mjx7chsfztaabzvmvhwos798.png "/>

Vim etc/resolv.conf

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/01/wKiom1mJzCrDI0NjAABPhlcd7Ys696.png "title=" Screenshot from 2017-08-08 12-10-53.png "alt=" Wkiom1mjzcrdi0njaabphlcd7ys696.png "/>

3. Configure the DNS configuration file/etc/named.conf

Listen on monitor all

Allow-query answers All

Forwarders can not find the next level to find 172.25.254.250

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/9E/00/wKiom1mJx7HTkjhvAACTmLFmUZE578.png "style=" float : none; "title=" screenshot from 2017-08-08 11-09-19.png "alt=" Wkiom1mjx7htkjhvaactmlfmuze578.png "/>

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/00/wKioL1mJx7KB-WIuAADsHWjLhIc010.png "style=" float : none; "title=" screenshot from 2017-08-08 11-10-32.png "alt=" Wkiol1mjx7kb-wiuaadshwjlhic010.png "/>

Dig www.baidu.com success, two times speed change

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/07/wKioL1mKZ6rjUcoQAAA-xzKYol4466.png "style=" float : none; "title=" screenshot from 2017-08-08 13-02-22.png "alt=" Wkiol1mkz6rjucoqaaa-xzkyol4466.png "/>

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/07/wKiom1mKZ6uRj6X_AAA83ZX0AzU214.png "style=" float : none; "title=" screenshot from 2017-08-08 13-02-44.png "alt=" Wkiom1mkz6urj6x_aaa83zx0azu214.png "/>

Three. Forward parsing (A)

1. Modify the named.conf file, note the forwarders line, do not specify the next level designated host

Copy name.localhost parse template to Westos.com.zone, Note Plus-P, reserved permissions

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/9E/01/wKioL1mJzuKj-_lrAAD2_RsTMIU564.png "title=" Screenshot from 2017-08-08 13-00-55.png "alt=" Wkiol1mjzukj-_lraad2_rstmiu564.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/01/wKioL1mJzgmz0aR1AADQBe0SSzg861.png "style=" float : none; "title=" screenshot from 2017-08-08 12-58-22.png "alt=" Wkiol1mjzgmz0ar1aadqbe0sszg861.png "/>

2. Edit the Westos.com.zone parsing file configuration file and note the "." In the configuration file Number

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/06/wKioL1mKZIbAaDaGAABgKZUtGI0791.png "title=" Screenshot from 2017-08-09 09-24-26.png "alt=" Wkiol1mkzibaadagaabgkzutgi0791.png "/>

3.DNS Port listening is turned on

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/06/wKiom1mKYQaQP9-eAACgHjqcy2E032.png "style=" float : none; "title=" screenshot from 2017-08-08 13-03-28.png "alt=" Wkiom1mkyqaqp9-eaacghjqcy2e032.png "/>

4. Testing

Dig www.westos.com Positive parsing success

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/06/wKioL1mKYQahvCKjAACn7cxWnuw373.png "style=" float : none; "title=" screenshot from 2017-08-08 13-04-01.png "alt=" Wkiol1mkyqahvckjaacn7cxwnuw373.png "/>

Dig new.westos.com Positive parsing success

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/9E/06/wKiom1mKYQfDcFP4AADNI6noLRc970.png "style=" float : none; "title=" screenshot from 2017-08-08 13-05-09.png "alt=" Wkiom1mkyqfdcfp4aadni6nolrc970.png "/>

Three. parsing aliases in forward parsing to the regular domain name and DNS round robin mechanism

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/9E/07/wKiom1mKap_SltpRAABE6PExI1o866.png "style=" float : none; "title=" screenshot from 2017-08-08 13-40-00.png "alt=" Wkiom1mkap_sltpraabe6pexi1o866.png "/>

1. Edit Westos.com.zone Parsing file configuration file, add BBS domain name resolution to news.westos.com

Add the call mechanism of news to 172.25.254.222

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/9E/07/wKioL1mKap-yZRaeAABwpQVucEI275.png "style=" float : none; "title=" screenshot from 2017-08-08 13-38-41.png "alt=" Wkiol1mkap-yzraeaabwpqvucei275.png "/>

2.dig bbs.westos.com successfully resolved to news.westos.com

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/07/wKioL1mKaqCz_r5dAADINWBScbg974.png "style=" float : none; "title=" screenshot from 2017-08-08 13-40-07.png "alt=" Wkiol1mkaqcz_r5daadinwbscbg974.png "/>

3.dig news.westos.com two times, two resolutions to different addresses

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/07/wKiom1mKaqDD9t1EAADjN52nWqM200.png "style=" float : none; "title=" screenshot from 2017-08-08 13-40-48.png "alt=" Wkiom1mkaqdd9t1eaadjn52nwqm200.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/07/wKiom1mKaqHgd87fAADk_bcOjp0552.png "style=" float : none; "title=" screenshot from 2017-08-08 13-40-56.png "alt=" Wkiom1mkaqhgd87faadk_bcojp0552.png "/>

Four. Reverse parsing (PTR)

1. Edit/etc/named.rfc1912.zones domain profile, copy reverse parse template named.loopback to Westos.com.ptr

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/07/wKioL1mKbkCDjKU_AABuU8SlOjM922.png "style=" float : none; "title=" screenshot from 2017-08-08 13-59-25.png "alt=" Wkiol1mkbkcdjku_aabuu8slojm922.png "/>

2. Edit the domain configuration file in/etc/named.rfc1912.zones

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/08/wKiom1mKbjzTAe-pAAAs7TwZ34s676.png "style=" float : none; "title=" screenshot from 2017-08-08 13-55-06.png "alt=" Wkiom1mkbjztae-paaas7twz34s676.png "/>

3. Edit Westos.com.ptr Reverse parsing file

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/9E/08/wKiom1mKbj2RARSLAABhopUfmfA840.png "style=" float : none; "title=" screenshot from 2017-08-08 13-58-53.png "alt=" Wkiom1mkbj2rarslaabhopufmfa840.png "/>

4. Test results with dig-x, reverse resolution successful

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/9E/07/wKioL1mKbkGAxozdAAE2d8WnMc8798.png "style=" float : none; "title=" screenshot from 2017-08-08 13-59-54.png "alt=" Wkiol1mkbkgaxozdaae2d8wnmc8798.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/9E/08/wKiom1mKbkKSk0vTAAE1GPsJAR0284.png "style=" float : none; "title=" screenshot from 2017-08-08 14-00-11.png "alt=" Wkiom1mkbkksk0vtaae1gpsjar0284.png "/>

Five. Resolve the different addresses (bidirectional parsing) between the intranet and the external network respectively.

1. Create different parsing files between intranet and extranet, inter end-of-network files

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/09/wKioL1mKgC7gEMJjAAAfC3RprgE275.png "style=" float : none; "title=" screenshot from 2017-08-09 11-19-35.png "alt=" Wkiol1mkgc7gemjjaaafc3rprge275.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/0A/wKiom1mKgtqDjpl0AAB0Zv-geuc418.png "title=" Screenshot from 2017-08-09 11-34-30.png "alt=" Wkiom1mkgtqdjpl0aab0zv-geuc418.png "/>

Edit the external network parsing configuration and modify the address to resolve the address to the 1.1.1 network segment

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/09/wKiom1mKgC6BA1iKAAAZh66Hyq8529.png "style=" float : none; "title=" screenshot from 2017-08-09 11-22-31.png "alt=" Wkiom1mkgc6ba1ikaaazh66hyq8529.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/09/wKiom1mKfGDyT83CAABi-NPs7HA159.png "style=" float : none; "title=" screenshot from 2017-08-08 14-33-44.png "alt=" Wkiom1mkfgdyt83caabi-nps7ha159.png "/>

2. Create different domain files between intranet and external network, intranet is 1912, external network is 1913

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/0B/wKiom1mKjFzjbZofAAAqVsvqb7E073.png "title=" Screenshot from 2017-08-09 12-11-48.png "alt=" Wkiom1mkjfzjbzofaaaqvsvqb7e073.png "/>

Vim/etc/named.rfc1912.zone Intranet Domain File

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/09/wKiom1mKfGGiSudDAACDs0tZ2wY540.png "style=" float : none; "title=" screenshot from 2017-08-08 14-37-25.png "alt=" Wkiom1mkfggisuddaacds0tz2wy540.png "/>

Vim/etc/named.rfc1913.zone External domain file

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/0B/wKiom1mKjb6BLOBgAAB-La6wcU8750.png "title=" Screenshot from 2017-08-09 12-20-25.png "alt=" Wkiom1mkjb6blobgaab-la6wcu8750.png "/>

3. Configure the domain name Master profile/etc/named.conf

This experiment is convenient for the experiment, the intranet network segment is set to 172.25.254.28, the external network is set to any

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/09/wKiom1mKfGLTP7VXAADZJkovLjE553.png "style=" float : none; "title=" screenshot from 2017-08-08 14-46-28.png "alt=" Wkiom1mkfgltp7vxaadzjkovlje553.png "/>

4. Restart the service

Systemctl Restart named

5. Test results

Modify the DNS of the 172.25.254.28 host, dig www.westos.com display the intranet IP

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/0B/wKiom1mKlz_QiDQrAAAwafbUx3I200.png "style=" float : none; "title=" screenshot from 2017-08-09 12-56-43.png "alt=" Wkiom1mklz_qidqraaawafbux3i200.png "/>

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/0B/wKioL1mKl0Oi89nQAAEZ8IJa4u4058.png "style=" float : none; "title=" screenshot from 2017-08-09 13-00-22.png "alt=" Wkiol1mkl0oi89nqaaez8ija4u4058.png "/>

Use IP dig www.westos.com other than 172.25.254.28 to display the resolved address of the extranet

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9E/0B/wKiom1mKl0OTi7jRAADlC_TQCqY618.png "style=" float : none; "title=" screenshot from 2017-08-09 13-00-37.png "alt=" Wkiom1mkl0oti7jraadlc_tqcqy618.png "/>

Six. master-slave DNS server settings

Set the pressure from the DNS server to mitigate the primary DNS server because the load becomes larger when a single DNS server resolves more people

1. Create a Slave server environment

Set DNS to 172.25.254.228,IP address of 172.25.254.228

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/0B/wKiom1mKmnyTPGmfAAApMTLFwSs889.png "style=" float : none; "title=" screenshot from 2017-08-08 15-32-50.png "alt=" Wkiom1mkmnytpgmfaaapmtlfwss889.png "/>

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9E/0B/wKioL1mKmnyAmcgdAAE7qEGfuJk599.png "style=" float : none; "title=" screenshot from 2017-08-08 15-32-37.png "alt=" Wkiol1mkmnyamcgdaae7qegfujk599.png "/>

2. Configure master profile/etc/named.conf and domain file/etc/named.rfc1912.zones,westos.com The primary domain address is 172.25.254.128

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/0B/wKioL1mKmn2BaPWWAAB5TUxqY9I986.png "style=" float : none; "title=" screenshot from 2017-08-08 15-33-19.png "alt=" Wkiol1mkmn2bapwwaab5tuxqy9i986.png "/>

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/0B/wKiom1mKmn3B4bn2AAA6w8pv0y4721.png "style=" float : none; "title=" screenshot from 2017-08-08 15-33-54.png "alt=" Wkiom1mkmn3b4bn2aaa6w8pv0y4721.png "/>

3. Dig www.westos.com from the DNS server 172.25.254.228

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/0C/wKioL1mKp63gQxvVAAFlVxoVrZg667.png "title=" Screenshot from 2017-08-09 14-00-52.png "alt=" Wkiol1mkp63gqxvvaaflvxovrzg667.png "/>

From the results, the service originates from the 172.25.254.228 server, which embodies the pressure to share the primary DNS server.

4. If the primary DNS server resolves a file modification but is not accepted from the server in a timely manner, it resolves 2 addresses, so in order to maintain the accuracy of the DNS server cluster, all servers need to be synchronized with the modified information

/etc/named.rfc1912.zones and/etc/named.rfc1913.zones files that need to be configured on the primary DNS server

If there are multiple slave servers, IP addresses are used

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/0D/wKiom1mKrs7i-v8WAABII9gc64Y463.png "style=" float : none; "title=" screenshot from 2017-08-09 14-42-02.png "alt=" Wkiom1mkrs7i-v8waabii9gc64y463.png "/>

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/0D/wKioL1mKrs6h1btKAABJcH7vJvE242.png "style=" float : none; "title=" screenshot from 2017-08-09 14-41-38.png "alt=" Wkiol1mkrs6h1btkaabjch7vjve242.png "/>

Seven. DDNS Service configuration

DNS Cache for Linux