Linux網路服務之快取執行個體解決,linux網路服務
Linux網路服務之快取執行個體解決
1.什麼是DNS:
DNS:
概念:(Domain Name Server,網域名稱伺服器)是進行網域名稱(domain name)和與之相對應的IP地址 (IP address)轉換的伺服器。DNS中儲存了一張網域名稱(domain name)和與之相對應的IP地址 (IP address)的表,以解析訊息的網域名稱。 網域名稱是Internet上某一台電腦或電腦群組的名稱,用於在資料轉送時標識電腦的電子方位(有時也指地理位置)。網域名稱是由一串用點分隔的名字組成的,通常包含組織名,而且始終包括兩到三個字母的尾碼,以指明組織的類型或該域所在的國家或地區。
權威DNS:主機中本身就有
非權威DNS:你來問我,我去找
指定的IP為主機地址/etc/resolv.conf
本地解析檔案/etc/hosts
迴環介面lo:類似條件反射,本機問本機,迴環介面快,對外介面為別人用apache
主設定檔 /etc/named.conf
快取優點:減少網路延遲,降低頻寬使用量
預設時間期限:8630s(1天),到期後需要重新緩衝
2.快取實驗類比
(1)準備
[root@foundation103 ~]# yum repolist list //查看yum源資訊
[root@foundation103 ~]# yum clean all //清除yum緩衝
[root@foundation103 ~]# yum repolist list
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
repolist: 0
(2)安裝DNS服務
[root@foundation103 ~]# yum install bind.x86_64 -y //安裝DNS服務
[root@foundation103 ~]# systemctl start named //啟動服務之後/etc/rndc.key會產生
//啟動DNS,則是校正碼不夠,需要在機子中敲擊鍵盤
[root@foundation103 ~]# ls -l /etc/rndc.key
[root@foundation103 ~]# cat /etc/rndc.key //查看key
[root@foundation103 ~]# vim /etc/resolv.conf
[root@foundation103 ~]# cat /etc/services | grep domain //查看dns服務連接埠
domain 53/tcp # name-domain server
domain 53/udp
domaintime 9909/tcp # domaintime
domaintime 9909/udp # domaintime
[root@foundation103 ~]# firewall-cmd –list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
(3)在火牆中添加dns
[root@foundation103 ~]# firewall-cmd –permanent –add-service=dns
success
[root@foundation103 ~]# firewall-cmd –reload
success
[root@foundation103 ~]# cat /etc/services | grep domain //查看dns服務連接埠
domain 53/tcp # name-domain server
domain 53/udp
domaintime 9909/tcp # domaintime
domaintime 9909/udp # domaintime
[root@foundation103 ~]# firewall-cmd –list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client dns ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
(4)實驗
[root@foundation103 ~]# netstat -antlupe | grep 53 //查看,120連接埠添加了53
[root@foundation103 ~]# ifconfig
lo: flags=73
3.DNS伺服器
.com .cn .edu .org .net 等等共13個 在美國斯科
noerror: 查詢成功
nxdomain: 伺服器不存在這樣的名稱
servfail: DNS伺服器停機或響應失敗
refused: DNS伺服器拒絕回答
4.DNS正向解析
[root@foundation3 Desktop]# dig www.baidu.com
[root@foundation103 ~]# vim /etc/named.conf //查看子設定檔
57 include “/etc/named.rfc1912.zones”;
58 include “/etc/named.root.key”;
刪除第18行forwarders { 172.25.254.250; };
[root@foundation103 ~]# vim /etc/named.rfc1912.zones //查看子設定檔
25 zone “westos.com” IN {
26 type master;
27 file “westos.com.zone”;
28 allow-update { none; };
29 };
[root@foundation103 ~]# cd /var/named
[root@foundation103 named]# cp -p named.localhost westos.com.zone //-p加許可權
[root@foundation103 named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.103
www AAAA 172.25.254.20
~
// @:westos.com,有.的意思就是結束了,沒有‘.’就相當於在後面加上‘.westos.com.’
// 1D表示1天
// @表示westos.com //不是以.結尾的檔案都會自動添加@符號
// SOA表示授權主機
// NS表示nameserver網域名稱伺服器名稱 .表示結束
// AAAA:IPV6解析模式,A:IPV4解析模式
[root@foundation103 named]# systemctl restart named
真機中:
[root@foundation3 Desktop]# dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN A 172.25.254.20 //檔案中解析出來ok
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.103
5.DNS將客戶訪問的名稱轉化為內部的名稱
[root@foundation3 Desktop]# dig www.baidu.com
;; ANSWER SECTION:
www.baidu.com. 901 IN CNAME www.a.shifen.com.
www.a.shifen.com. 1 IN A 220.181.111.188
www.a.shifen.com. 1 IN A 220.181.112.244
[root@foundation103 named]# vim westos.com.zone
NS dns.westos.com.
dns A 172.25.254.103
www CNAME bbs.westos.com.
bbs A 172.25.254.20
[root@foundation103 named]# systemctl restart named
[root@foundation3 Desktop]# dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME bbs.westos.com.
bbs.westos.com. 86400 IN A 172.25.254.20
6.DNS伺服器的輪尋
[root@foundation3 Desktop]# dig www.baidu.com
;; ANSWER SECTION:
www.baidu.com. 901 IN CNAME www.a.shifen.com.
www.a.shifen.com. 1 IN A 220.181.111.188
www.a.shifen.com. 1 IN A 220.181.112.244
;; AUTHORITY SECTION:
a.shifen.com. 901 IN NS ns2.a.shifen.com.
a.shifen.com. 901 IN NS ns5.a.shifen.com.
a.shifen.com. 901 IN NS ns4.a.shifen.com.
a.shifen.com. 901 IN NS ns1.a.shifen.com.
a.shifen.com. 901 IN NS ns3.a.shifen.com.
//其中ns12345五台伺服器輪尋服務
[root@foundation103 named]# vim westos.com.zone
NS dns.westos.com.
dns A 172.25.254.103
www CNAME bbs.westos.com.
bbs A 172.25.254.20
bbs A 172.25.254.120
[root@foundation103 named]# systemctl restart named
[root@foundation3 Desktop]# dig www.westos.com //查看
7.反向解析:指定IP解析出網域名稱
[root@foundation103 named]# vim /etc/named.rfc1912.zones
48 zone “254.25.172.in-addr.arpa” IN {
49 type master;
50 file “westos.com.ptr”;
51 allow-update { none; };
52 };
[root@foundation103 named]# cp -p named.loopback westos.com.ptr
[root@foundation103 named]# vim westos.com.ptr
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.103
10 20 PTR www.westos.com.
11 120 PTR bbs.westos.com.
[root@foundation103 named]# systemctl restart named
[root@foundation3 Desktop]# dig -x 172.25.254.20 //-x反向解析
[root@foundation3 Desktop]# dig -x 172.25.254.120
排錯:連接埠,網路,許可權,設定檔
8.雙向解析:
內網本機:企業內的主機 解析192 外網:企業外 解析172
[root@foundation103 ~]# cd /var/named/
[root@foundation103 named]# ls //查看目錄
data named.empty slaves
dynamic named.localhost westos.com.ptr
named.ca named.loopback westos.com.zone
[root@foundation103 named]# cp westos.com.zone westos.com..zone.inter -p//複製檔案
[root@foundation103 etc]# cd /etc/
[root@foundation103 etc]# cp named.rfc1912.zones named.rfc1912.zones.inter -p
[root@foundation103 etc]# vim named.rfc1912.zones.inter
25 zone “westos.com” IN {
26 type master;
27 file “westos.com.inter”;
28 allow-update { none; };
29 };
[root@foundation103 etc]# man 5 named.conf //查看命令
/view
[root@foundation103 etc]# vim named.conf //編輯設定檔
注釋掉51-58行內容
59 view localnet {
60 match-clients { 172.25.254.103; }; //是103的ip用103機器進行解析
61 zone “.” IN{
62 type hint;
63 file “named.ca”;
64 };
65 include “/etc/named.rfc1912.zones.inter”;
66 };
67
68 view internet {
69 match-clients { any; };
70 zone “.” IN {
71 type hint;
72 file “named.ca”;
73 };
74 include “/etc/named.rfc1912.zones”;
75 };
[root@foundation103 named]# vim westos.com.zone.inter
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 192.25.254.103
www CNAME bbs.westos.com.
bbs A 192.25.254.20
bbs A 192.25.254.120
[root@foundation103 etc]# systemctl restart named
真機和虛擬機器同時[root@foundation103 etc]# dig www.westos.com
9.輔助DNS:
3 :識別碼,隨便改
1D:重新整理頻率
1H:重連時間
1W:失效天數
3H:最短訪問時間,第一次訪問後,3小時內訪問的內容一致
[root@server3 ~]# vim /etc/yum.repos.d/rhel_dvd.repo
[root@server3 ~]# yum clean all
[root@server3 ~]# yum install bind -y
[root@server3 ~]# vim /etc/named.conf
11 // listen-on port 53 { 127.0.0.1; }; ##//表示注釋
12 // listen-on-v6 port 53 { ::1; };
17 // allow-query { localhost; };
[root@server3 ~]# vim /etc/named.rfc1912.zones
25 zone “westos.com” IN {
26 type slave;
27 masters { 172.25.254.103; };
28 file “slaves/westos.com.zone”;
29 allow-update { none; };
30 };
[root@server3 ~]# cd /var/named
[root@server3 named]# ls slaves/
[root@server3 named]# systemctl restart named //在虛擬機器敲幾下
[root@server3 named]# ls slaves/
westos.com.zone
[root@foundation103 named]# vim /etc/resolv.conf
nameserver 172.25.254.203
[root@foundation103 named]# vim westos.com.zone //改地址
[root@server3 named]# dig www.westos.com //查看
[root@foundation103 named]# vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
also-notify { 172.25.254.203; };
};
[root@server3 named]# systemctl stop firewalld
[root@foundation103 named]# systemctl restart named
[root@foundation103 named]# systemctl restart named
[root@server3 named]# dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME bbs.westos.com.
bbs.westos.com. 86400 IN A 172.25.254.50
bbs.westos.com. 86400 IN A 172.25.254.220
[root@foundation103 named]# vim /etc/named.rfc1912.zones
zone “westos.com” IN {
type master;
file “westos.com.zone”;
allow-update { none; };
also-notify { 172.25.254.203; };
};
[root@server3 named]# systemctl stop firewalld
[root@foundation103 named]# vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
1 ; serial //1 :識別碼,隨便改
1D ; refresh //1D:重新整理頻率
1H ; retry //1H:重連時間
1W ; expire //1W:失效天數
3H ) ; minimum
//3H:最短訪問時間,第一次訪問後,3小時內訪問的內容一致
NS dns.westos.com.
dns A 172.25.254.103
www CNAME bbs.westos.com.
bbs A 172.25.254.50
bbs A 172.25.254.220
[root@server3 named]# dig www.westos.com
;; ANSWER SECTION:
www.westos.com. 86400 IN CNAME bbs.westos.com.
bbs.westos.com. 86400 IN A 172.25.254.50
bbs.westos.com. 86400 IN A 172.25.254.220
3H:最短訪問時間,第一次訪問後,3小時內訪問的內容一致
10.DNS遠程解析:
(1)準備
[root@foundation103 named]# cp -p westos.com.zone /mnt/
[root@foundation103 named]# ls /mnt/
westos.com.zone
(2)實驗
[root@foundation103 named]# vim /etc/named.rfc1912.zones
28 allow-update { 172.25.254.203; };
[root@server3 named]# vim /etc/named.rfc1912.zones
[root@localhost ~]# vim /etc/named.conf
注釋59到最後的所有行,恢複51-58行
[root@localhost ~]# systemctl restart named
[root@server3 named]# nsupdate
server 172.25.254.103
update add hello.westos.com 86400 A 172.25.254.120 //86400s A->Ipv4
send
update failed: REFUSED
[root@foundation103 named]# vim /var/log/messages
Feb 5 03:24:44 localhost named[2763]: client 172.25.254.203#24244: view internet: update ‘westos.com/IN’ denied //需要添加許可權
[root@foundation103 named]# ls -ld
drwxr-x— 5 root named 4096 Feb 5 02:42
[root@foundation103 named]# chmod g+w /var/named/
[root@foundation103 named]# ls -ld
drwxrwx— 5 root named 4096 Feb 5 02:42
[root@foundation103 named]# > /var/log/messages
[root@server3 named]# nsupdate
update add hello.westos.com 86400 A 172.25.254.120
send
update failed: REFUSED //設定SELinux
[root@localhost ~]# setsebool -P named_write_master_zones 1
[root@server3 named]# nsupdate
update add hello.westos.com 86400 A 172.25.254.120
update add hello.westos.com 86400 A 172.25.254.122
send
[root@localhost ~]# vim /var/named/westos.com.zone
hello A 172.25.254.120
A 172.25.254.122
加密的更新
還原以前的備份
[root@localhost mnt]# cd /var/named/
[root@localhost named]# rm -fr westos.com.zone westos.com.zone.jnl
[root@localhost named]# cp -p /mnt/westos.com.zone /var/named/
[root@localhost named]# vim westos.com.zone //查看是否還原成功
[root@localhost named]# vim /etc/rndc.key //查看key的模板
key “rndc-key” {
algorithm hmac-md5;
secret “/W3/O/dH7EaKNJqqZwuxIQ==”;
};
[root@localhost named]# cp /etc/rndc.key /etc/westos.key //製作key
[root@localhost named]# dnssec-keygen –help //查看產生鑰匙的協助
[root@localhost named]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos
//-a加密方式 -b長度0-512 -n:HOST解析 westos名稱
Kwestos.+157+14973 //在虛擬機器中多敲幾次
[root@localhost named]# ls
Kwestos.+157+14973.private
Kwestos.+157+14973.key
[root@localhost named]# cat Kwestos.+157+14973.private
Key: T3ltQ1Ypb8YNfQIeP61i6w== //密文
[root@localhost named]# cat Kwestos.+157+14973.key
westos. IN KEY 512 3 157 T3ltQ1Ypb8YNfQIeP61i6w== //密文
//二者密文相同—>md5加密方式為對稱式加密方式
[root@localhost named]# vim /etc/westos.key //更改加密檔案
key “westos” {
algorithm hmac-md5;
secret “T3ltQ1Ypb8YNfQIeP61i6w==”;
};
[root@localhost named]# vim /etc/named.conf //更改設定檔
44 include “/etc/westos.key”;
[root@localhost named]# vim /etc/named.rfc1912.zones
28 allow-update { key westos; };
[root@localhost named]# systemctl restart named
[root@localhost named]# scp Kwestos.+157+14973.* root@172.25.254.203:/mnt/ //發密碼
[root@server3 mnt]# nsupdate -k Kwestos.+157+14973.private
server 172.25.254.103
update add hello.westos.com 86400 A 172.25.254.9
send
quit
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
