DNS----搭建纯缓存型服务器

实验：搭建根域转发DNS服务器：/ 纯缓存DNS
master ---------------》主服务器
slave-------------------》从服务器
forworads------------》转发服务器
先画好架构图，准备好扮演服务器和客户端的机器：
步骤如下：
前提：在服务器和客户端分别装好需要的安装包；
[[email protected] ~]#yum install bind
[[email protected] ~]#yum install bind-utils
[[email protected] ~]#yum install bind-libs
服务器必须能联网，能和根域进行沟通：联网类型设置为NAT类型，可以先用#ip a 命令看一下网卡的名称
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet

BOOTPROTO=static

NAME=ens33

DEVICE=ens33

ONBOOT=yes

HWADDR=00:0c:29:f8:63:ed

IPADDR=192.168.10.11

NETMASK=255.255.255.0

GATEWAY=192.168.10.2
保存退出
[[email protected] ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=128 time=9.45 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=2 ttl=128 time=9.20 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=3 ttl=128 time=10.6 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=4 ttl=128 time=9.30 ms
C64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=5 ttl=128 time=9.89 ms
^H^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4013ms
rtt min/avg/max/mdev = 9.207/9.712/10.697/0.556 ms
证明可以拼通外网，编辑主配置文件如下：注意监听端口的IP地址，还有允许解析的网IP网段，any表示全部 。开启递归
[[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };

    recursion yes;
            dnssec-enable yes;
    dnssec-validation yes;

    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
保存退出
[[email protected] ~]# cd /var/named/
[[email protected] named]# ll
总用量 16
drwxrwx--- 2 named named 23 3月 17 10:20 data
drwxrwx--- 2 named named 6 8月 4 2017 dynamic
-rw-r----- 1 root named 2281 5月 22 2017 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 8月 4 2017 slaves
[[email protected] named]# systemctl start named
查看53号端口是否开启
[[email protected] named]# netstat -nul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 192.168.10.11:53 0.0.0.0:
udp 0 0 127.0.0.1:323 0.0.0.0:
udp6 0 0 ::1:53 :::
udp6 0 0 ::1:323 :::
[[email protected] named]# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.10.11:53 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0: LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0: LISTEN
tcp6 0 0 ::1:53 ::: LISTEN
tcp6 0 0 :::22 ::: LISTEN
tcp6 0 0 ::1:953 ::: LISTEN
tcp6 0 0 ::1:25 ::: LISTEN

客户端不需要上外网，将DNS指向7-7服务器
[[email protected] ~]# vim /etc/resolv.conf
nameserver 192.168.10.11
保存退出
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet

BOOTPROTO=static

NAME=ens33

DEVICE=ens33

ONBOOT=yes

HWADDR=00:0c:29:e6:e2:3e

IPADDR=192.168.10.12

NETMASK=255.255.255.0

#GATEWAY=192.168.10.2

#DNS=192.168.6.2
保存退出
验证：
[[email protected] ~]# nslookup www.baidu.com
Server: 192.168.10.11
Address: 192.168.10.11#53

Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.38
Name: www.a.shifen.com
Address: 14.215.177.39
[[email protected] ~]# dig www.baidu.com

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12563
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com. 975 IN CNAME www.a.shifen.com.
www.a.shifen.com. 75 IN A 14.215.177.38
www.a.shifen.com. 75 IN A 14.215.177.39

;; AUTHORITY SECTION:
a.shifen.com. 975 IN NS ns4.a.shifen.com.
a.shifen.com. 975 IN NS ns1.a.shifen.com.
a.shifen.com. 975 IN NS ns5.a.shifen.com.
a.shifen.com. 975 IN NS ns2.a.shifen.com.
a.shifen.com. 975 IN NS ns3.a.shifen.com.

;; ADDITIONAL SECTION:
ns2.a.shifen.com. 975 IN A 180.149.133.241
ns3.a.shifen.com. 975 IN A 61.135.162.215
ns4.a.shifen.com. 975 IN A 115.239.210.176
ns5.a.shifen.com. 975 IN A 119.75.222.17
ns1.a.shifen.com. 975 IN A 61.135.165.224

;; Query time: 0 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: 六 3月 17 18:46:18 CST 2018
;; MSG SIZE rcvd: 271
如果客户端不能上外网，dig +trace则不能解析，需要上外网才可以完整dig +trace，不知道原因为何？
[[email protected] ~]# dig +trace www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> +trace www.baidu.com
;; global options: +cmd
. 488977 IN NS e.root-servers.net.
. 488977 IN NS j.root-servers.net.
. 488977 IN NS a.root-servers.net.
. 488977 IN NS b.root-servers.net.
. 488977 IN NS k.root-servers.net.
. 488977 IN NS m.root-servers.net.
. 488977 IN NS c.root-servers.net.
. 488977 IN NS i.root-servers.net.
. 488977 IN NS d.root-servers.net.
. 488977 IN NS g.root-servers.net.
. 488977 IN NS f.root-servers.net.
. 488977 IN NS l.root-servers.net.
. 488977 IN NS h.root-servers.net.
. 489007 IN RRSIG NS 8 0 518400 20180329170000 20180316160000 41824 . SzOQxRNumIySwzKTxsJJA90AYuUNqDonQA+inleP2VxwWtTsT7MEWkAq POR4pWIWVfVWp6gil3CMXSTKXByWx6qdj8oo8GI3tV3A7DWSz/cNoxfH Q8z6Wdsfq/SeeB8xn6It4ELnac5CNXNyvfwEXeqvT6wo3plu9uqwOVai 3gbfSSlM2ghUZ4Q5wUWu3dkOYublChR31yf323cHFN/bYBBj9KCMsNQL zPekEJx0eJUcz4TxD80nNjTXARIE+7YhznFr0ljElFEkkgtYQyzkTUnt 9oBNINyB0aJRTNsT7dv9+EpuDInFi+kAqT4yVeBVAZamGDvdr8On1LRt 4ASLjA==
;; Received 1097 bytes from 192.168.10.11#53(192.168.10.11) in 14 ms

原文地址：http://blog.51cto.com/13656243/2087963