Linux网络服务之高速缓存实例解决，linux网络服务

文章由LinuxBoy分享于2019-03-25 12:03:43热评（348）

Linux网络服务之高速缓存实例解决，linux网络服务

Linux网络服务之高速缓存实例解决

1.什么是DNS：

DNS：

概念：(Domain Name Server，域名服务器)是进行域名(domain name)和与之相对应的IP地址 (IP address)转换的服务器。DNS中保存了一张域名(domain name)和与之相对应的IP地址 (IP address)的表，以解析消息的域名。域名是Internet上某一台计算机或计算机组的名称，用于在数据传输时标识计算机的电子方位(有时也指地理位置)。域名是由一串用点分隔的名字组成的，通常包含组织名，而且始终包括两到三个字母的后缀，以指明组织的类型或该域所在的国家或地区。

权威DNS：主机中本身就有

非权威DNS：你来问我，我去找

指定的IP为主机地址/etc/resolv.conf

本地解析文件/etc/hosts

回环接口lo：类似条件反射，本机问本机，回环接口快，对外接口为别人用apache

主配置文件 /etc/named.conf

高速缓存优点：减少网络延迟，降低带宽使用量

默认时间期限：8630s(1天)，过期后需要重新缓存

2.高速缓存实验模拟

(1)准备

[root@foundation103 ~]# yum repolist list //查看yum源信息

[root@foundation103 ~]# yum clean all //清除yum缓存

[root@foundation103 ~]# yum repolist list

Loaded plugins: langpacks

rhel_dvd | 4.1 kB 00:00

(1/2): rhel_dvd/group_gz | 134 kB 00:00

(2/2): rhel_dvd/primary_db | 3.4 MB 00:00

repolist: 0

(2)安装DNS服务

[root@foundation103 ~]# yum install bind.x86_64 -y //安装DNS服务

[root@foundation103 ~]# systemctl start named //启动服务之后/etc/rndc.key会生成

//启动DNS,则是校验码不够，需要在机子中敲击键盘

[root@foundation103 ~]# ls -l /etc/rndc.key

[root@foundation103 ~]# cat /etc/rndc.key //查看key

[root@foundation103 ~]# vim /etc/resolv.conf

[root@foundation103 ~]# cat /etc/services | grep domain //查看dns服务端口

domain 53/tcp # name-domain server

domain 53/udp

domaintime 9909/tcp # domaintime

domaintime 9909/udp # domaintime

[root@foundation103 ~]# firewall-cmd –list-all

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

(3)在火墙中添加dns

[root@foundation103 ~]# firewall-cmd –permanent –add-service=dns

success

[root@foundation103 ~]# firewall-cmd –reload

success

[root@foundation103 ~]# cat /etc/services | grep domain //查看dns服务端口

domain 53/tcp # name-domain server

domain 53/udp

domaintime 9909/tcp # domaintime

domaintime 9909/udp # domaintime

[root@foundation103 ~]# firewall-cmd –list-all

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client dns ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

(4)实验

[root@foundation103 ~]# netstat -antlupe | grep 53 //查看，120端口添加了53

[root@foundation103 ~]# ifconfig

lo: flags=73

3.DNS服务器

.com .cn .edu .org .net 等等共13个在美国斯科

noerror: 查询成功

nxdomain: 服务器不存在这样的名称

servfail: DNS服务器停机或响应失败

refused: DNS服务器拒绝回答

4.DNS正向解析

[root@foundation3 Desktop]# dig www.baidu.com

[root@foundation103 ~]# vim /etc/named.conf //查看子配置文件

57 include “/etc/named.rfc1912.zones”;

58 include “/etc/named.root.key”;

删除第18行forwarders { 172.25.254.250; };

[root@foundation103 ~]# vim /etc/named.rfc1912.zones //查看子配置文件

25 zone “westos.com” IN {

26 type master;

27 file “westos.com.zone”;

28 allow-update { none; };

29 };

[root@foundation103 ~]# cd /var/named

[root@foundation103 named]# cp -p named.localhost westos.com.zone //-p加权限

[root@foundation103 named]# vim westos.com.zone

$TTL 1D

@ IN SOA dns.westos.com. root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.103

www AAAA 172.25.254.20

// @:westos.com，有.的意思就是结束了，没有‘.’就相当于在后面加上‘.westos.com.’

// 1D表示1天

// @表示westos.com //不是以.结尾的文件都会自动添加@符号

// SOA表示授权主机

// NS表示nameserver域名服务器名称 .表示结束

// AAAA：IPV6解析模式，A：IPV4解析模式

[root@foundation103 named]# systemctl restart named

真机中：

[root@foundation3 Desktop]# dig www.westos.com

;; ANSWER SECTION:

www.westos.com. 86400 IN A 172.25.254.20 //文件中解析出来ok

;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.

;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.103

5.DNS将客户访问的名称转化为内部的名称

[root@foundation3 Desktop]# dig www.baidu.com

;; ANSWER SECTION:

www.baidu.com. 901 IN CNAME www.a.shifen.com.

www.a.shifen.com. 1 IN A 220.181.111.188

www.a.shifen.com. 1 IN A 220.181.112.244

[root@foundation103 named]# vim westos.com.zone

NS dns.westos.com.

dns A 172.25.254.103

www CNAME bbs.westos.com.

bbs A 172.25.254.20

[root@foundation103 named]# systemctl restart named

[root@foundation3 Desktop]# dig www.westos.com

;; ANSWER SECTION:

www.westos.com. 86400 IN CNAME bbs.westos.com.

bbs.westos.com. 86400 IN A 172.25.254.20

6.DNS服务器的轮寻

[root@foundation3 Desktop]# dig www.baidu.com

;; ANSWER SECTION:

www.baidu.com. 901 IN CNAME www.a.shifen.com.

www.a.shifen.com. 1 IN A 220.181.111.188

www.a.shifen.com. 1 IN A 220.181.112.244

;; AUTHORITY SECTION:

a.shifen.com. 901 IN NS ns2.a.shifen.com.

a.shifen.com. 901 IN NS ns5.a.shifen.com.

a.shifen.com. 901 IN NS ns4.a.shifen.com.

a.shifen.com. 901 IN NS ns1.a.shifen.com.

a.shifen.com. 901 IN NS ns3.a.shifen.com.

//其中ns12345五台服务器轮寻服务

[root@foundation103 named]# vim westos.com.zone

NS dns.westos.com.

dns A 172.25.254.103

www CNAME bbs.westos.com.

bbs A 172.25.254.20

bbs A 172.25.254.120

[root@foundation103 named]# systemctl restart named

[root@foundation3 Desktop]# dig www.westos.com //查看

7.反向解析：指定IP解析出域名

[root@foundation103 named]# vim /etc/named.rfc1912.zones

48 zone “254.25.172.in-addr.arpa” IN {

49 type master;

50 file “westos.com.ptr”;

51 allow-update { none; };

52 };

[root@foundation103 named]# cp -p named.loopback westos.com.ptr

[root@foundation103 named]# vim westos.com.ptr

1 $TTL 1D

2 @ IN SOA dns.westos.com. root.westos.com. (

3 0 ; serial

4 1D ; refresh

5 1H ; retry

6 1W ; expire

7 3H ) ; minimum

8 NS dns.westos.com.

9 dns A 172.25.254.103

10 20 PTR www.westos.com.

11 120 PTR bbs.westos.com.

[root@foundation103 named]# systemctl restart named

[root@foundation3 Desktop]# dig -x 172.25.254.20 //-x反向解析

[root@foundation3 Desktop]# dig -x 172.25.254.120

排错：端口，网络，权限，配置文件

8.双向解析：

内网本机：企业内的主机解析192 外网：企业外解析172

[root@foundation103 ~]# cd /var/named/

[root@foundation103 named]# ls //查看目录

data named.empty slaves

dynamic named.localhost westos.com.ptr

named.ca named.loopback westos.com.zone

[root@foundation103 named]# cp westos.com.zone westos.com..zone.inter -p//复制文件

[root@foundation103 etc]# cd /etc/

[root@foundation103 etc]# cp named.rfc1912.zones named.rfc1912.zones.inter -p

[root@foundation103 etc]# vim named.rfc1912.zones.inter

25 zone “westos.com” IN {

26 type master;

27 file “westos.com.inter”;

28 allow-update { none; };

29 };

[root@foundation103 etc]# man 5 named.conf //查看命令

/view

[root@foundation103 etc]# vim named.conf //编辑配置文件

注释掉51-58行内容

59 view localnet {

60 match-clients { 172.25.254.103; }; //是103的ip用103机器进行解析

61 zone “.” IN{

62 type hint;

63 file “named.ca”;

64 };

65 include “/etc/named.rfc1912.zones.inter”;

66 };

68 view internet {

69 match-clients { any; };

70 zone “.” IN {

71 type hint;

72 file “named.ca”;

73 };

74 include “/etc/named.rfc1912.zones”;

75 };

[root@foundation103 named]# vim westos.com.zone.inter

$TTL 1D

@ IN SOA dns.westos.com. root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 192.25.254.103

www CNAME bbs.westos.com.

bbs A 192.25.254.20

bbs A 192.25.254.120

[root@foundation103 etc]# systemctl restart named

真机和虚拟机同时[root@foundation103 etc]# dig www.westos.com

9.辅助DNS：

3 ：识别码，随便改

1D：刷新频率

1H：重连时间

1W：失效天数

3H：最短访问时间，第一次访问后，3小时内访问的内容一致

[root@server3 ~]# vim /etc/yum.repos.d/rhel_dvd.repo

[root@server3 ~]# yum clean all

[root@server3 ~]# yum install bind -y

[root@server3 ~]# vim /etc/named.conf

11 // listen-on port 53 { 127.0.0.1; }; ##//表示注释

12 // listen-on-v6 port 53 { ::1; };

17 // allow-query { localhost; };

[root@server3 ~]# vim /etc/named.rfc1912.zones

25 zone “westos.com” IN {

26 type slave;

27 masters { 172.25.254.103; };

28 file “slaves/westos.com.zone”;

29 allow-update { none; };

30 };

[root@server3 ~]# cd /var/named

[root@server3 named]# ls slaves/

[root@server3 named]# systemctl restart named //在虚拟机敲几下

[root@server3 named]# ls slaves/

westos.com.zone

[root@foundation103 named]# vim /etc/resolv.conf

nameserver 172.25.254.203

[root@foundation103 named]# vim westos.com.zone //改地址

[root@server3 named]# dig www.westos.com //查看

[root@foundation103 named]# vim /etc/named.rfc1912.zones

zone “westos.com” IN {

type master;

file “westos.com.zone”;

allow-update { none; };

also-notify { 172.25.254.203; };

};

[root@server3 named]# systemctl stop firewalld

[root@foundation103 named]# systemctl restart named

[root@server3 named]# dig www.westos.com

;; ANSWER SECTION:

www.westos.com. 86400 IN CNAME bbs.westos.com.

bbs.westos.com. 86400 IN A 172.25.254.50

bbs.westos.com. 86400 IN A 172.25.254.220

[root@foundation103 named]# vim /etc/named.rfc1912.zones

zone “westos.com” IN {

type master;

file “westos.com.zone”;

allow-update { none; };

also-notify { 172.25.254.203; };

};

[root@server3 named]# systemctl stop firewalld

[root@foundation103 named]# vim /var/named/westos.com.zone

$TTL 1D

@ IN SOA dns.westos.com. root.westos.com. (

1 ; serial //1 ：识别码，随便改

1D ; refresh //1D：刷新频率

1H ; retry //1H：重连时间

1W ; expire //1W：失效天数

3H ) ; minimum

//3H：最短访问时间，第一次访问后，3小时内访问的内容一致

NS dns.westos.com.

dns A 172.25.254.103

www CNAME bbs.westos.com.

bbs A 172.25.254.50

bbs A 172.25.254.220

[root@server3 named]# dig www.westos.com

;; ANSWER SECTION:

www.westos.com. 86400 IN CNAME bbs.westos.com.

bbs.westos.com. 86400 IN A 172.25.254.50

bbs.westos.com. 86400 IN A 172.25.254.220

3H：最短访问时间，第一次访问后，3小时内访问的内容一致

10.DNS远程解析：

(1)准备

[root@foundation103 named]# cp -p westos.com.zone /mnt/

[root@foundation103 named]# ls /mnt/

westos.com.zone

(2)实验

[root@foundation103 named]# vim /etc/named.rfc1912.zones

28 allow-update { 172.25.254.203; };

[root@server3 named]# vim /etc/named.rfc1912.zones

[root@localhost ~]# vim /etc/named.conf

注释59到最后的所有行，恢复51-58行

[root@localhost ~]# systemctl restart named

[root@server3 named]# nsupdate

server 172.25.254.103

update add hello.westos.com 86400 A 172.25.254.120 //86400s A->Ipv4

send

update failed: REFUSED

[root@foundation103 named]# vim /var/log/messages

Feb 5 03:24:44 localhost named[2763]: client 172.25.254.203#24244: view internet: update ‘westos.com/IN’ denied //需要添加权限

[root@foundation103 named]# ls -ld

drwxr-x— 5 root named 4096 Feb 5 02:42

[root@foundation103 named]# chmod g+w /var/named/

[root@foundation103 named]# ls -ld

drwxrwx— 5 root named 4096 Feb 5 02:42

[root@foundation103 named]# > /var/log/messages

[root@server3 named]# nsupdate

update add hello.westos.com 86400 A 172.25.254.120

send

update failed: REFUSED //设置SELinux

[root@localhost ~]# setsebool -P named_write_master_zones 1

[root@server3 named]# nsupdate

update add hello.westos.com 86400 A 172.25.254.120

update add hello.westos.com 86400 A 172.25.254.122

send

[root@localhost ~]# vim /var/named/westos.com.zone

hello A 172.25.254.120

A 172.25.254.122

加密的更新

还原以前的备份

[root@localhost mnt]# cd /var/named/

[root@localhost named]# rm -fr westos.com.zone westos.com.zone.jnl

[root@localhost named]# cp -p /mnt/westos.com.zone /var/named/

[root@localhost named]# vim westos.com.zone //查看是否还原成功

[root@localhost named]# vim /etc/rndc.key //查看key的模板

key “rndc-key” {

algorithm hmac-md5;

secret “/W3/O/dH7EaKNJqqZwuxIQ==”;

};

[root@localhost named]# cp /etc/rndc.key /etc/westos.key //制作key

[root@localhost named]# dnssec-keygen –help //查看生成钥匙的帮助

[root@localhost named]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST westos

//-a加密方式 -b长度0-512 -n:HOST解析 westos名称

Kwestos.+157+14973 //在虚拟机中多敲几次

[root@localhost named]# ls

Kwestos.+157+14973.private

Kwestos.+157+14973.key

[root@localhost named]# cat Kwestos.+157+14973.private

Key: T3ltQ1Ypb8YNfQIeP61i6w== //密文

[root@localhost named]# cat Kwestos.+157+14973.key

westos. IN KEY 512 3 157 T3ltQ1Ypb8YNfQIeP61i6w== //密文

//二者密文相同—>md5加密方式为对称加密方式

[root@localhost named]# vim /etc/westos.key //更改加密文件

key “westos” {

algorithm hmac-md5;

secret “T3ltQ1Ypb8YNfQIeP61i6w==”;

};

[root@localhost named]# vim /etc/named.conf //更改配置文件

44 include “/etc/westos.key”;

[root@localhost named]# vim /etc/named.rfc1912.zones

28 allow-update { key westos; };

[root@localhost named]# systemctl restart named

[root@localhost named]# scp Kwestos.+157+14973.* root@172.25.254.203:/mnt/ //发密码

[root@server3 mnt]# nsupdate -k Kwestos.+157+14973.private

server 172.25.254.103

update add hello.westos.com 86400 A 172.25.254.9

send

quit

推荐文章：

Linux网络服务之高速缓存实例解决，linux网络服务