一、 实验环境

本次使用Centos7.8系统

名称

IP

DNS-cache(缓存服务器)

10.20.177.248

DNS-client(客户端)

10.20.177.97

二、所需软件

此处默认大家的yum源都可用

软件

安装命令

作用

bind

yum -y install bind

DNS软件

bind-utils

yum -y install bind-utils

bind工具包

tcpdump

yum -y install tcpdump

抓包工具,用于抓包验证缓存是否生效

三、软件安装

步骤一的2台服务器均需安装,以下仅举一例:

[root@10-20-177-248 ~]# yum -y install bind
[root@10-20-177-248 ~]# yum -y install bind-utils
[root@10-20-177-248 ~]# yum -y install tcpdump

四、缓存服务器配置

1、临时关闭firewalld、selinux。(重启后恢复)

[root@10-20-177-248 ~]# systemctl stop firewalld
[root@10-20-177-248 ~]# setenforce 0

2、修改/etc/named.conf(此文件为bind的主配置文件)

CentOS7 NSCD怎么将程序的DNS请求缓存下来的 centos7清理dns缓存_缓存


3、开启服务

[root@10-20-177-248 ~]# systemctl start named

五、客户端配置

客户端可视为我们的个人电脑,此处使用Centos系统仅作实验

1、修改DNS地址为上面的缓存服务器地址:10.20.177.248。并重启网卡

CentOS7 NSCD怎么将程序的DNS请求缓存下来的 centos7清理dns缓存_bind_02


2、清除DNS缓存(2台服务器均要清除,此处仅举例)

[root@10-20-177-97 ~]# rndc flush

3、客户端ping www.baidu.com,发起DNS请求。
(由于DNS缓存服务器配置的公网DNS的IP地址为北京的DNS服务器,而此次测试的服务器在其他省份。所以,当我ping www.baidu.com的时候,客户端会将请求发到北京DNS服务器上去解析,由于地理距离较远,可以实际感受到ping出后有短暂的停顿时间,这也可以从侧面说明我的请求到了较远的DNS服务器上)

[root@10-20-177-97 ~]# ping www.baidu.com
PING www.a.shifen.com (110.242.68.4) 56(84) bytes of data.
64 bytes from 110.242.68.4 (110.242.68.4): icmp_seq=1 ttl=50 time=35.4 ms
64 bytes from 110.242.68.4 (110.242.68.4): icmp_seq=2 ttl=50 time=35.1 ms
64 bytes from 110.242.68.4 (110.242.68.4): icmp_seq=3 ttl=50 time=35.2 ms
[root@10-20-177-97 ~]#

此时,我们得到一个www.baidu.com解析的IP:110.242.68.4

百度搜索这个IP发现,地理位置基本接近:

CentOS7 NSCD怎么将程序的DNS请求缓存下来的 centos7清理dns缓存_dns服务器_03

六、验证

1、清除2台服务器的DNS缓存(具体命令此处不再赘述,请看上文)
2、服务器端启动抓包(此处针对北京DNS和客户端IP做了分别抓包),客户端首次ping www.baidu.com,抓包结果如下:

[root@10-20-177-248 data]# tcpdump -i eth0 -nn 'host 202.106.196.115'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:09:31.461315 IP 10.20.177.248.55993 > 202.106.196.115.53: 9865+% [1au] A? www.baidu.com. (42)
20:09:31.493690 IP 202.106.196.115.53 > 10.20.177.248.55993: 9865 3/0/0 CNAME www.a.shifen.com., 
20:09:31.494169 IP 10.20.177.248.37890 > 202.106.196.115.53: 29759+ A? www.a.shifen.com. (34)
20:09:31.526190 IP 202.106.196.115.53 > 10.20.177.248.37890: 29759 2/0/0 A 110.242.68.3, A 110.24
20:09:31.563797 IP 10.20.177.248.33884 > 202.106.196.115.53: 64805+ PTR? 4.68.242.110.in-addr.arp
20:09:32.764034 IP 10.20.177.248.60514 > 202.106.196.115.53: 53296+ PTR? 4.68.242.110.in-addr.arp
20:09:32.791882 IP 202.106.196.115.53 > 10.20.177.248.60514: 53296 NXDomain 0/1/0 (132)
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel
[root@10-20-177-248 data]#
[root@10-20-177-248 ~]# tcpdump -i eth0 -nn 'host 10.20.177.97'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:09:31.460465 IP 10.20.177.97.49630 > 10.20.177.248.53: 12385+ A? www.baidu.com. (31)
20:09:31.526552 IP 10.20.177.248.53 > 10.20.177.97.49630: 12385 3/0/0 CNAME www.a.shifen.com., A 
20:09:31.563337 IP 10.20.177.97.60468 > 10.20.177.248.53: 51262+ PTR? 4.68.242.110.in-addr.arpa. 
20:09:32.792264 IP 10.20.177.248.53 > 10.20.177.97.60468: 51262 NXDomain 0/1/0 (132)
20:09:36.467310 ARP, Request who-has 10.20.177.248 tell 10.20.177.97, length 46
20:09:36.467347 ARP, Reply 10.20.177.248 is-at fa:6e:a5:24:7f:00, length 28
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@10-20-177-248 ~]#

通过抓包可发现,本次缓存服务器向公网DNS做了域名解析请求

3、在不清除缓存的情况下,客户端再次ping www.baidu.com,抓包结果如下:

[root@10-20-177-248 data]# tcpdump -i eth0 -nn 'host 202.106.196.115'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:14:05.794949 IP 10.20.177.248.60653 > 202.106.196.115.53: 64942+ PTR? 3.68.242.110.in-addr.arpa. (43)
20:14:06.995367 IP 10.20.177.248.39769 > 202.106.196.115.53: 1872+ PTR? 3.68.242.110.in-addr.arpa. (43)
20:14:07.024789 IP 202.106.196.115.53 > 10.20.177.248.39769: 1872 NXDomain 0/0/0 (43)
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
[root@10-20-177-248 data]#
[root@10-20-177-248 ~]# tcpdump -i eth0 -nn 'host 10.20.177.97'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:14:05.755494 IP 10.20.177.97.33145 > 10.20.177.248.53: 48640+ A? www.baidu.com. (31)
20:14:05.755831 IP 10.20.177.248.53 > 10.20.177.97.33145: 48640 3/0/0 CNAME www.a.shifen.com., A 110.242.68.3, A 110.242.68.4 (90)
20:14:05.794555 IP 10.20.177.97.34796 > 10.20.177.248.53: 34447+ PTR? 3.68.242.110.in-addr.arpa. (43)
20:14:07.025150 IP 10.20.177.248.53 > 10.20.177.97.34796: 34447 NXDomain 0/0/0 (43)
20:14:10.759439 ARP, Request who-has 10.20.177.97 tell 10.20.177.248, length 28
20:14:10.759708 ARP, Reply 10.20.177.97 is-at fa:c3:eb:9c:25:00, length 46
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@10-20-177-248 ~]#

通过抓包可发现,本次缓存服务器直接回复了客户端的域名解析请求

4、如何查看服务器缓存了哪些解析到的地址?
缓存仅保存在服务器内存中,此处有一个命令:rndc dumpdb。可将内存数据保存成文件:/var/named/data/cache_dump.db

[root@10-20-177-248 data]#pwd
/var/named/data
[root@10-20-177-248 data]# ls
named.run
[root@10-20-177-248 data]# rndc dumpdb
[root@10-20-177-248 data]# ls
cache_dump.db  named.run
[root@10-20-177-248 data]# cat cache_dump.db 
;
; Start view _default
;
;
; Cache dump of view '_default' (cache _default)
;
$DATE 20201227122121
; answer
4.68.242.110.in-addr.arpa. 2627	IN \-ANY ;-$NXDOMAIN
; 110.in-addr.arpa. SOA ns1.apnic.net. read-txt-record-of-zone-first-dns-admin.apnic.net. 3006096239 7200 1800 604800 3600
; answer
www.baidu.com.		279	IN CNAME www.a.shifen.com.
; answer
www.a.shifen.com.	47	A	110.242.68.4
			47	A	110.242.68.3
;
; Address database dump
;
; [edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout]
; [plain success/timeout]
;
;
; Unassociated entries
;
;	202.106.196.115 [srtt 146314] [flags 00000008] [edns 1/0/0/0/0] [plain 7/6] [udpsize 512] [ttl 1090]
;
; Bad cache
;
;
; SERVFAIL cache
;
;
; Start view _bind
;
;
; Cache dump of view '_bind' (cache _bind)
;
$DATE 20201227122121
;
; Address database dump
;
; [edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout]
; [plain success/timeout]
;
;
; Unassociated entries
;
;
; Bad cache
;
;
; SERVFAIL cache
;
; Dump complete
[root@10-20-177-248 data]#

查看文件内容可以看到,www.baidu.com解析的地址在里面。