本文已参与「新人创作礼」活动，一起开启掘金创作之路。

1.实战案例：实现DNS forward（缓存）服务器

1.1 实验目的

搭建DNS转发（缓存）服务器

1.2 环境要求

需要四台主机
DNS主服务器：172.31.1.8
DNS只缓存服务器：172.31.1.18
web服务器：172.31.0.7
DNS客户端：172.31.0.17

1.3 前提准备

关闭SElinux
关闭防火墙
时间同步

1.4 实现步骤

1.4.1 实现主DNS服务器

[root@rocky8 ~]# dnf -y install bind

[root@rocky8 ~]# vim /etc/named.conf
options {
//  listen-on port 53 { 127.0.0.1; }; #注释此行
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file   "/var/named/data/named.secroots";
    recursing-file  "/var/named/data/named.recursing";
//  allow-query     { localhost; }; #注释此行

#关闭加密验证
    dnssec-enable no;
    dnssec-validation no

[root@rocky8 ~]# vim /etc/named.rfc1912.zones 
#加上下面这段
zone "raymonds.cc" {
    type master;
    file "raymonds.cc.zone";                              
};

[root@rocky8 ~]# cp -p /var/named/named.localhost /var/named/raymonds.cc.zone
#如果没有-p，需要改权限。chgrp named raymonds.cc.zone

[root@rocky8 ~]# vim /var/named/raymonds.cc.zone
$TTL 1D
@   IN SOA master admin.raymonds.cc. (
          1 ; serial
          1D ; refresh
          1H ; retry
          1W ; expire
          3H ) ; minimum
          NS master
master  A 172.31.1.8
www     A 172.31.0.7

[root@rocky8 ~]# systemctl enable --now named

1.4.2 实现转发（只缓存）DNS服务器

[root@rocky8-2 ~]# dnf -y install bind

[root@rocky8-2 ~]# vim /etc/named.conf
options {
//  listen-on port 53 { 127.0.0.1; }; #注释此行
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file   "/var/named/data/named.secroots";
    recursing-file  "/var/named/data/named.recursing";
//  allow-query     { localhost; }; #注释此行

vim /etc/named.conf
#注释掉两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
    forward first;
    forwarders { 172.31.1.8; }; 

#关闭dnsec功能
    dnssec-enable no;
    dnssec-validation no; 

[root@rocky8-2 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.

1.4.3 web服务器配置

[root@centos7 ~]# yum -y install httpd;systemctl enable --now httpd;echo www.raymonds.cc > /var/www/html/index.html

1.4.4 在客户端测试

[root@centos7-2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=172.31.1.18

[root@centos7-2 ~]# nmcli conn reload
[root@centos7-2 ~]# nmcli conn up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

[root@centos7-2 ~]# dig www.raymonds.cc
-bash: dig: command not found
[root@centos7-2 ~]# yum -y install bind-utils

[root@centos7-2 ~]# dig www.raymonds.cc

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> www.raymonds.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26263
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.raymonds.cc.       IN  A

;; ANSWER SECTION:
www.raymonds.cc.    86400   IN  A   172.31.0.7

;; AUTHORITY SECTION:
.           518092  IN  NS  h.root-servers.net.
.           518092  IN  NS  k.root-servers.net.
.           518092  IN  NS  e.root-servers.net.
.           518092  IN  NS  i.root-servers.net.
.           518092  IN  NS  d.root-servers.net.
.           518092  IN  NS  b.root-servers.net.
.           518092  IN  NS  a.root-servers.net.
.           518092  IN  NS  f.root-servers.net.
.           518092  IN  NS  j.root-servers.net.
.           518092  IN  NS  c.root-servers.net.
.           518092  IN  NS  g.root-servers.net.
.           518092  IN  NS  m.root-servers.net.
.           518092  IN  NS  l.root-servers.net.

;; ADDITIONAL SECTION:
b.root-servers.net. 518092  IN  A   199.9.14.201
a.root-servers.net. 518092  IN  A   198.41.0.4
h.root-servers.net. 518092  IN  A   198.97.190.53
j.root-servers.net. 518092  IN  A   192.58.128.30
e.root-servers.net. 518092  IN  A   192.203.230.10
d.root-servers.net. 518092  IN  A   199.7.91.13
c.root-servers.net. 518092  IN  A   192.33.4.12
g.root-servers.net. 518092  IN  A   192.112.36.4
f.root-servers.net. 518092  IN  A   192.5.5.241
i.root-servers.net. 518092  IN  A   192.36.148.17
k.root-servers.net. 518092  IN  A   193.0.14.129
l.root-servers.net. 518092  IN  A   199.7.83.42
m.root-servers.net. 518092  IN  A   202.12.27.33
b.root-servers.net. 518092  IN  AAAA    2001:500:200::b
a.root-servers.net. 518092  IN  AAAA    2001:503:ba3e::2:30
h.root-servers.net. 518092  IN  AAAA    2001:500:1::53
j.root-servers.net. 518092  IN  AAAA    2001:503:c27::2:30
e.root-servers.net. 518092  IN  AAAA    2001:500:a8::e
d.root-servers.net. 518092  IN  AAAA    2001:500:2d::d
c.root-servers.net. 518092  IN  AAAA    2001:500:2::c
g.root-servers.net. 518092  IN  AAAA    2001:500:12::d0d
f.root-servers.net. 518092  IN  AAAA    2001:500:2f::f
i.root-servers.net. 518092  IN  AAAA    2001:7fe::53
k.root-servers.net. 518092  IN  AAAA    2001:7fd::1
l.root-servers.net. 518092  IN  AAAA    2001:500:9f::42
m.root-servers.net. 518092  IN  AAAA    2001:dc3::35

;; Query time: 1 msec
;; SERVER: 172.31.1.18#53(172.31.1.18) #可以看到通过10.0.0.18转发
;; WHEN: Sun Dec 05 22:04:23 CST 2021
;; MSG SIZE  rcvd: 843

[root@centos7-2 ~]# curl www.raymonds.cc
www.raymonds.cc

s21.实战案例：实现DNS forward（缓存）服务器

1.实战案例：实现DNS forward（缓存）服务器

1.1 实验目的

1.2 环境要求

1.3 前提准备

1.4 实现步骤

1.4.1 实现主DNS服务器

1.4.2 实现转发（只缓存）DNS服务器

1.4.3 web服务器配置

1.4.4 在客户端测试