一、高速缓存
本次实验在虚拟机上进行
首先开启虚拟机，虚拟机添加ip确保能ping通真机，说明网卡没坏

接下来让真机当作路由器，给真机添加masquart服务，让虚拟机能ping通114.114.114.114

接下来配置虚拟机的网关

可以看到已经能成功ping通114域名服务器
eth0配置文件内容

接下来开始安装DNS服务并修改配置文件



配置文件修改如下

配置完毕后，在另一台机子开始测试
先修改/etc/resolv.conf文件里域名解析指向


可以看到第二次解析速度非常快，为0毫秒，这就是高速缓存

二、正向解析
在DNS服务器端，就是安装DNS的那台虚拟机

/etc/named.conf不做修改ia
/etc/named.rfc1912.zones配置如下

westos.com.zone配置如下

在客户端测试

三、两个子域名
以百度为例

只需要修改westos.com.zone就行，修改如下

测试

四，反向
虚拟机：
[root@localhost named]# vim /etc/named.conf
[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost named]# cp -p named.lo
named.localhost named.loopback
[root@localhost named]# cp -p named.loopback westos.com.ptr
[root@localhost named]# vim westos.com.ptr
[root@localhost named]# systemctl restart named
/etc/named.rfc1912.zones配置如下

westos.com.ptr配置如下

四、双向
虚拟机：
[root@localhost named]# cp -p westos.com.zone westos.com.initr
[root@localhost named]# vim westos.com.inter ########修改域名的ip即可
[root@localhost named]# cp -p /etc/named.rfc1912.zones /etc/named.r
named.rfc1912.zones named.root.key
[root@localhost named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1913.zones
[root@localhost named]# vim /etc/named.rfc1913.zones

[root@localhost named]# vim /etc/named.conf


[root@localhost named]# systemctl restart named
[root@localhost named]# vim /etc/resolve.conf
注意把虚拟机本身也定向
在本地测试

在客户端测试

五、DNS集群
新建一个DNS

/etc/named/rfc1912.zones设置如下
vim /etc/resolv.conf 注意设置自己的指向
systemctl status firewalld
systemctl stop firewalld
#####关闭火墙
并在DNS1里设置更新
vim /etc/named.rfc1913.zones

修改DNS1里named.rfc1913.zones某个ip，并重启在DNS2上测试

可以看到也发生改变

六、DNS更新
[root@localhost named]# vim /etc/named.rfc1913.zones
编辑allow-update

[root@localhost named]# chmod 770 /var/named/
赋予权限
[root@localhost named]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead) since Thu 2018-11-01 22:39:38 EDT; 5h 11min ago
Main PID: 472 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/firewalld.service

Nov 01 21:45:59 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 01 22:39:35 localhost systemd[1]: Stopping firewalld - dynamic firewall d…
Nov 01 22:39:38 localhost systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
关掉防火墙
[root@localhost named]# cp -p westos.com.inter /mnt/
备份
[root@localhost named]# ls
data named.ca named.localhost slaves westos.com.ptr
dynamic named.empty named.loopback westos.com.inter westos.com.zone
[root@localhost named]# systemctl restart named
查错：
[root@localhost named]# ll -ld /var/named/
drwxrwx—. 5 root named 4096 Nov 2 02:59 /var/named/
如果172.25.254.31更新失败，回到服务器上看日志可能是selinux的错误

加密
[root@localhost mnt]# cp -p /etc/rndc.key /etc/westos.key
编辑westos.key
[root@localhost mnt]# vim /etc/westos.key

[root@localhost mnt]# vim /etc/named.conf
识别钥匙include “/etc/westos.key”

[root@localhost mnt]# vim /etc/named.rfc1913.zones
更改allow-update { key dnskey; };

[root@localhost mnt]# ls
Kdnskey.+157+32887.key Kdnskey.+157+32887.private westos.com.inter
[root@localhost mnt]# systemctl restart named
现在用真机进行测试，被拒绝

[root@localhost mnt]# scp Kdnskey.+157+32887.* root@172.25.254.31:/mnt/
The authenticity of host ‘172.25.254.31 (172.25.254.31)’ can’t be established.
ECDSA key fingerprint is 55:72:63:89:bb:af:cf:b9:b3:7b:8e:35:98:a5:19:a4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.25.254.31’ (ECDSA) to the list of known hosts.
root@172.25.254.31’s password:
Kdnskey.+157+32887.key 100% 50 0.1KB/s 00:00
Kdnskey.+157+32887.private 100% 165 0.2KB/s 00:00
发送密钥，再测试

可以更新