In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
# # caching DNS####
# # Learning goals
Configure cached DNS
General Manager of 1.DNS
Authoritative name server
-stores and provides actual data for an area (the entire DNS domain or part of the DNS domain). The types of authoritative name servers include
Master: contains the original zone data. Sometimes called "primary" name server
Slave: a backup server that transmits copies of zone data obtained from a Master server through a zone. Sometimes called "secondary" name server
Non-authoritative / recursive name server
-the client looks for data from the authoritative name server. The types of recursive name servers include
Cache name server only: for lookup only, there is no authority for anything other than non-important data
DNS search
-the Stub parser on the client sends the query to the name server in / etc/resolv.conf
-if the name server is authoritative about the requested information, it sends the authoritative answer to the client
-otherwise, if the name server has the requested information in its cache, it will send the non-authoritative answer to the client
-if the cache can only have no information, the name server will search the authoritative name server for information, starting with the root zone, according to
DNS layer
The secondary structure searches down to the name server that is authoritative for the information, so as to get the answer for the client. In this case, the name ch said that the server passed the information to the client and kept a copy in its own cache for later search.
2.DNS resource record
The DNS area stores information in the form of resource records. Each resource record has a type indicating the type of data it retains
-A: name to IPv4 address
-AAAA: name to IPv6 address
-CNAME: name to "canonical name" (contains another name of the A/AAAA record)
-PTR: IPv4/IPv6 address to name
-MX: the mail exchanger for the name (where to send its email)
-NS: name server of the domain name
-SOA: "start of authorization", information of DNS area (management information)
3.DNS troubleshooting
It displays details from the DNS lookup, including why the query failed:
-NOERROR: query succeeded
-NXDOMAIN: DNS server prompts that such a name does not exist
-SERVFAIL: DNS server is down or DNSSEC response verification failed
-REFUSED: the DNS server refuses to answer (perhaps for access control reasons)
Part of the 4.dig output
The title indicates information about queries and answers, including any special markers for response status and settings (aa for authoritative answers, etc.)
-QUESTION: put forward the actual DNS query
-ANSWER: response (if any)
-AUTHORITY: the name server responsible for the domain / zone
-ADDITIONAL: additional information provided, usually about the name server
-the comment at the bottom indicates the recursive name server that sent the query and the time it took to get the response
5. Cache DNS server
BIND is the most widely used open source name server
In RHEL, it is provided through the bind package
Firewall opens ports 53/TCP and 53/UDP
The main configuration file for BIND is / etc/named.conf
The / var/named directory contains other data files used by the name server
Syntax of 6./etc/named.conf
/ / or # until the end of the line is a comment; the text between / * and * / is also a comment (can span multiple lines)
Instruction ends with a semicolon (;)
Many instructions assume that address matching lists are placed in curly braces, in a list of IP addresses or subnets in CIDR notation, or in named ACL (such as any; [all hosts] and none; [No hosts])
The file starts with an options block that contains instructions to control how named works
The zone block controls how named looks up the authoritative root name server and zone for it
7. Some important options instructions
Listen-on controls the IPv4 address that named listens on
Listen-on-v6 controls the IPv6 address that named listens on
Allow-query controls which clients can ask the DNS server for information
Forwarders contains a list of name servers to which the DNS query will be forwarded (instead of contacting the external name server directly; useful when there is a fire wall)
All of these instructions treat the semicolon-separated elements in parentheses as address matching lists. Such as
-listen-on {any;}
-allow-query {127.0.0.1; 10.0.0.0 Universe 8}
8. Configure the name server
Install the bind package
-yum install bind-y
Edit / etc/named.conf # # modify the configuration file
-listen-on port 53 {any;}; # # allow anyone to open the ipv4 port
-listen-on-v6 port 53 {any;}; # # allow anyone to open the ipv6 port
-allow-query {any;}; # # allow anyone to dns to query the address
-forwarders {172.25.254.254;}; # # visit 172.25.254.254
Start and enable the DNS server
Systemctl start named
Systemctl enable named
Test from desktopX:
-dig cla***oom.example.com
I. DNS service
1.yum install bind.x86_64-y
2.vim / etc/named.conf # # modify configuration file
11 listen-on port 53 {any;}; # # allow anyone to open the ipv4 port
17 allow-query {any;}; # # allow anyone to dns to query the address
55zone "westos.com" IN {
56 type hint
57 file "westos.com.zone"
58}
3.vim / etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master
27 file "westos.com.zone"
28 allow-update {none;}
29}
4.cp-p / var/named/named.localhost / var/named/westos.com.zone
Vim / var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. Root.westos.com. (
0; serial
1D; refresh
1H; retry
1W; expire
3H); minimum
NS dns.westos.com.
Dns A 172.25.254.60
Www A 172.25.254.162
Music CNAME music.a.westos.com.
Music.an A 172.25.254.111
Music.an A 172.25.254.222
Westos.com. MX 1 172.25.254.60.
5. test
*) vim / etc/resolv.conf
Nameserver 172.25.254.60
*) dig www.westos.com
*) dig-t mx westos.com
*) dig music.westos.com
two。 Forward analysis
1.cp-p westos.com.zone westos.com.inter
2.vim westos.com.inter
$TTL 1D
@ IN SOA dns.westos.com. Root.westos.com. (
0; serial
1D; refresh
1H; retry
1W; expire
3H); minimum
NS dns.westos.com.
Dns A 172.25.62.60
Www A 172.25.62.162
Music CNAME music.a.westos.com.
Music.an A 172.25.62.111
Music.an A 172.25.62.222
Westos.com. MX 1 172.25.62.60.
3.cp-p / etc/named.rfc1912.zones / etc/named.rfc1912.inter
4.vim / etc/named.rfc1912.inter
Zone "westos.com" IN {
Type master
File "westos.com.inter"
Allow-update {none;}
}
5.vim / etc/named.conf
50 / *
51 zone "." IN {
52 type hint
53 file "named.ca"
54}
fifty-five
56 include "/ etc/named.rfc1912.zones"
57 include "/ etc/named.root.key"
58 * /
fifty-nine
60 view localnet {
61 match-clients {172.25.254.0lap24;}
62 zone "." IN {
63 type hint
64 file "named.ca"
65}
66 include "/ etc/named.rfc1912.zones"
67}
sixty-eight
69 view internet {
70 match-clients {172.25.62.0lap24;}
71 zone "." IN {
72 type hint
73 file "named.ca"
74}
75 include "/ etc/named.rfc1912.inter"
76}
6. test
*) vim / etc/resolv.conf
Nameserver 172.25.62.60
*) [root@dns-client162 ~] # dig www.westos.com
three。 Reverse parsing
1.vim / etc/named.rfc1912.zones
Zone "254.25.172.in-addr.arpa" IN {
Type master
File "westos.com.ptr"
Allow-update {none;}
}
2.cp-p / var/named/named.loopback / var/named/westos.com.ptr
3.vim / var/named/westos.com.ptr
$TTL 1D
@ IN SOA dns.westos.com. Root.westos.com. (
0; serial
1D; refresh
1H; retry
1W; expire
3H); minimum
NS dns.westos.com.
Dns A 127.25.254.60
111 PTR www.westos.com.
222 PTR bbs.westos.com.
4. test
[root@dns-client162] # dig-x 172.25.254.222
IV. Dns updates
1. Backup westos.com.zone
Cp-p / var/named/westos.com.zone / mnt
two。 Allow 172.25.254.162 updates
Vim / etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master
27 file "westos.com.zone"
28 allow-update {172.25.254.162;}
29}
3. Modify permissions
Chmod 770 / var/named/
4. Open the named_write_master_zones service
Setsebool-P named_write_master_zones 1
5. test
[root@dns-client162 ~] # nsupdate
> server 172.25.254.60
> update add .westos.com 86400 A 172.25.254.222
> send
5. DNS encryption update
1. Encrypt
Dnssec-keygen-a HMAC-MD5-b 128-n HOST westoskey # # name westoskey
two。 Secret key
Cp-p / etc/rndc.key / etc/westos.key
Vim / etc/westos.key
Key "westoskey" {
Algorithm hmac-md5
Secret "cO4YCYcToTDA7mWqZSRRtA=="
}
3. Configure the dns service
*) vim / etc/named.conf
43 include "/ etc/westos.key"
*) vim / etc/named.rfc1912.zones
25 zone "westos.com" IN {
26 type master
27 file "westos.com.zone"
28 allow-update {key westoskey;}
29}
4. test
*) scp / mnt/Kwestoskey.+157+37962.* root@172.25.254.162:/mnt
*) on 172.25.254.162 host
[root@dns-client162] # nsupdate-k / mnt/Kwestoskey.+157+37962.private
> server 172.25.254.60
> update add .westos.com 86400 A 172.25.254.222
> send
>
six。 Access query through hostname
1. Install the dhcp service
Yum install dhcp-y
two。 Establish dhcp service configuration
Cp/ usr/share/doc/dhcp-4.2.5/dhcpd.conf.example / etc/dhcp/dhcpd.conf
3. Modify the configuration file
Vim / etc/dhcp/dhcpd.conf
7 option domain-name "westos.com"
8 option domain-name-servers172.25.254.60
14 ddns-update-style interim
30 subnet 172.25.254.0 netmask255.255.255.0 {
31 range 172.25.254.46 172.25.254.55
32 option routers 172.25.254.250
33}
thirty-four
35 key "westoskey" {
36 algorithm hmac-md5
37 secret "cO4YCYcToTDA7mWqZSRRtA=="
38}
thirty-nine
40 zone westos.com {
41 primary 127.0.0.1
42 key westoskey
43}
*) vim / etc/named.conf # # modify the main configuration file
4. test
*) unplug the network cable
*) in the client host
Hostnamectl set-hostname .westos.com # # modify hostname
*) vim / etc/sysconfig//network-scripts/ifcfg-eth0 # # change the network to dynamic
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
: wq
*) restart the network
Systemctl restart network
*) query
*) hostnamectl set-hostname .westos.com # # change the hostname to .westos.com
*) dig .westos.com
*) hostnamectl set-hostname test.westos.com # # change the hostname to test.westos.com
*) dig test.westos.com
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.