Linux Basic Learning (16) DNS server-related configuration

DNS Cache

What is a DNS cache?

The dns  server can cache  DNS  records received from other  DNS  servers.   can also use caching in  DNS  customer service as a way to cache information cached by the  DNS  client during the most recent query.   Overall is to improve the resolution speed. We need two VMs, one server, one client server: Installing the DNS service yum install bind -y running the DNS service systemctl start  Named add the DNS service firewall-cmd  --list-all     (list the service names allowed by firewall) in the firewall firewall-cmd   --permanent  --add-service=dns     (add DNS for firewall-allowed services) firewall-cmd  - -reload         (refresh firewall) and start DNS configuration first configure the/etc/named.conf file vim /etc/ Named.conf Line 11th to 17th below, options { 11         listen-on  port 53 { 127.0.0.1; }; 12          listen-on-v6 port 53 { ::1; }; 13          directory        "/var/named"; 14         dump-file        "/var/named/data/ Cache_dump.db "; 15         statistics-file "/var/named/ Data/named_stats.txt "; 16         memstatistics-file "/ Var/named/data/named_mem_stats.txt ";  17         allow-query      { localhost; }; change it to:options { 11          listen-on port 53 { any; }; 12          listen-on-v6 port 53 { ::1; }; 13          directory        "/var/named "; 14         dump-file         "/var/named/daTa/cache_dump.db "; 15         statistics-file "/var/ Named/data/named_stats.txt ";  16         memstatistics-file   "/var/named/data/named_mem_stats.txt"; 17          allow-query     { any; };  to modify the 32nd line  32          dnssec-validation yes;       -->      32         dnssec-validation  no;   client:  read domain name resolution from server host  vim /etc/resolv.conf nameserver 172.25.254.101      (server-side host IP)                                                           Configuration of the      dns server (forward parsing) after completing the above steps and then starting to configure/etc/named.rfc1912.zones vim /etc/ named.rfc1912.zones  the 19th to 23rd lines to line 25th, modify the pasted content  jpg  set a record to enter/var/named, Completely copy the Named.localhost to the file name you just wrote cd /var/namedcp -p named.localhost lcdqqq.com.zonevim  Lcdqqq.com.zone the changes, change the DNS service to restart after changing the JPG as shown below systemctl restart named at this time on the client dig  Www.lcdqqq.com can convert a domain name to an IP address 3.jpg                                                               dns Server configuration (reverse resolution) service side: vim /etc/ Named.rfc1912.zones Copy the 37th to 42nd line to 43 lines and modify it to:zone  "254.25.172"  in { 44         type master; 45          file  "Lcdqqq.loopback"; 46          allow-update { none; }; 47 };vim /var/ Namedll Copy the Named.loopback to lcdqqq.loopbackcp -p named.loopback lcdqqq.loopback    ( -P: Full replication, even permissions are copied) into the file to modify: (In this configuration file to. end, otherwise auto-complete lcdqqq.com) @       in  soa dns.lcdqqq.com.   root.lcdqqq.com.  (                                          0        ; serial                                          1D      ; refresh                                          1H       ; retry                                          1W      ; expire                                           3H )     ; minimum                 NS      dns.lcdqqq.com.                 A        172.25.254.2011               ptr      www.lcdqqq.com.101        PTR      www.hello.com. At this point, the client dig -x 172.25.254.1 will connect to                                                                     &nbSp; dns of the internal and external network detection modified etc/name.conf: view localnet {match-clients { 172.25.254.101; } ;        zone  "."  IN {        type hint;         file  "named.ca";}; include  "/etc/named.rfc1912.zones";}; view internet {        match-clients {any;};         zone  "."  IN {        type hint;         file  "named.ca";}; include  "/etc/named.rfc1912.zones.inter";}; Make a copy of the/etc/named.rfc1912.zones named Name.rfc1912.zones.inter in/var/ Named the Lcdqqq.com.zone Copy to Lcdqqq.com.inter. Change all 254 to 0 in/var/ Named, copy Lcdqqq.loopback to lcdqqq.loopback.inter. Change all 254 to 0 test     with 172.25.254.101 and 172.25.254.1 respectively                                                                         dns master-Slave server   If the DNS server is overloaded, multiple DNS servers, one master server, and multiple slaves server practices are required: Install bind on another server change his nameserver to himself vim /etc/named.conf changing 4 configurations vim /etc/ Named.rfc1912.zones Copy the 19th to 24th line and paste it on line 25, modify  25 zone  "lcdqqq.com"  IN { 26          type slave;         masters { 172.25.254.100; }; 27          file  "Lcdqqq.com.zone";  28         allow-update  { none; }; 29 }; re- vim /etc/named.rf the master serverC1912.zones to modify  25 zone  "lcdqqq.com"  IN { 26          type master; 27         file  " Lcdqqq.com.zone "; 28         allow-update {  172.25.254.1; };        allow-transfer { 172.25.254.1;  };        also-notify { 172.25.254.1; }; 29  }; chmod 770 /var/named  when the master server changes the a record, the   0        ; serial modification, change 0 to 2016112601 (first modified on November 26, 2016)   This will automatically synchronize the permissions from the server   From the server can also update the master server's a record nsuploadserver 172.25.254.101     (IP of the primary server) upload delete  send                                                                                            KEY  But there's a problem, That is, all IP 172.25.254.1 users can change the master server's a record, if others through   manually change their IP, then get the permissions, it is not secure   so we introduced key  on the primary server to generate a public private key  dnssec-keygen -a HMAC-MD5 -b 128 -n HOST lcdqqq  View the file name of the generated public key by using LS, view the contents of the key via cat   logging the above line in/etc/named.conf include  "/etc/lcdqqq.key"   So we need to have this lcdqqq.key file in/etc  cp -p /etc/rndc.key  /etc/lcdqqq.key vim /etc/ Lcdqq.key Modify   Change the contents of the quotation marks to your key name   Replace the following key contents with the one you just generated  vim /etc/named.rfc1912.zones  Change the parameter in Allow-update from IP to key lcdqqq  and then send the key through SCP to the directory from the server   access the key from the server  nsupdate -k  private Key Name   server 172.25.254.101 update add  86400 a  172.252.54.101 send

Linux Basic Learning (16) DNS server-related configuration