一、 实验环境
本次使用Centos7.8系统
名称 | IP |
DNS-cache(缓存服务器) | 10.20.177.248 |
DNS-client(客户端) | 10.20.177.97 |
二、所需软件
此处默认大家的yum源都可用
软件 | 安装命令 | 作用 |
bind | yum -y install bind | DNS软件 |
bind-utils | yum -y install bind-utils | bind工具包 |
tcpdump | yum -y install tcpdump | 抓包工具,用于抓包验证缓存是否生效 |
三、软件安装
步骤一的2台服务器均需安装,以下仅举一例:
[root@10-20-177-248 ~]# yum -y install bind
[root@10-20-177-248 ~]# yum -y install bind-utils
[root@10-20-177-248 ~]# yum -y install tcpdump
四、缓存服务器配置
1、临时关闭firewalld、selinux。(重启后恢复)
[root@10-20-177-248 ~]# systemctl stop firewalld
[root@10-20-177-248 ~]# setenforce 0
2、修改/etc/named.conf(此文件为bind的主配置文件)
3、开启服务
[root@10-20-177-248 ~]# systemctl start named
五、客户端配置
客户端可视为我们的个人电脑,此处使用Centos系统仅作实验
1、修改DNS地址为上面的缓存服务器地址:10.20.177.248。并重启网卡
2、清除DNS缓存(2台服务器均要清除,此处仅举例)
[root@10-20-177-97 ~]# rndc flush
3、客户端ping www.baidu.com,发起DNS请求。
(由于DNS缓存服务器配置的公网DNS的IP地址为北京的DNS服务器,而此次测试的服务器在其他省份。所以,当我ping www.baidu.com的时候,客户端会将请求发到北京DNS服务器上去解析,由于地理距离较远,可以实际感受到ping出后有短暂的停顿时间,这也可以从侧面说明我的请求到了较远的DNS服务器上)
[root@10-20-177-97 ~]# ping www.baidu.com
PING www.a.shifen.com (110.242.68.4) 56(84) bytes of data.
64 bytes from 110.242.68.4 (110.242.68.4): icmp_seq=1 ttl=50 time=35.4 ms
64 bytes from 110.242.68.4 (110.242.68.4): icmp_seq=2 ttl=50 time=35.1 ms
64 bytes from 110.242.68.4 (110.242.68.4): icmp_seq=3 ttl=50 time=35.2 ms
[root@10-20-177-97 ~]#
此时,我们得到一个www.baidu.com解析的IP:110.242.68.4
百度搜索这个IP发现,地理位置基本接近:
六、验证
1、清除2台服务器的DNS缓存(具体命令此处不再赘述,请看上文)
2、服务器端启动抓包(此处针对北京DNS和客户端IP做了分别抓包),客户端首次ping www.baidu.com,抓包结果如下:
[root@10-20-177-248 data]# tcpdump -i eth0 -nn 'host 202.106.196.115'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:09:31.461315 IP 10.20.177.248.55993 > 202.106.196.115.53: 9865+% [1au] A? www.baidu.com. (42)
20:09:31.493690 IP 202.106.196.115.53 > 10.20.177.248.55993: 9865 3/0/0 CNAME www.a.shifen.com.,
20:09:31.494169 IP 10.20.177.248.37890 > 202.106.196.115.53: 29759+ A? www.a.shifen.com. (34)
20:09:31.526190 IP 202.106.196.115.53 > 10.20.177.248.37890: 29759 2/0/0 A 110.242.68.3, A 110.24
20:09:31.563797 IP 10.20.177.248.33884 > 202.106.196.115.53: 64805+ PTR? 4.68.242.110.in-addr.arp
20:09:32.764034 IP 10.20.177.248.60514 > 202.106.196.115.53: 53296+ PTR? 4.68.242.110.in-addr.arp
20:09:32.791882 IP 202.106.196.115.53 > 10.20.177.248.60514: 53296 NXDomain 0/1/0 (132)
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel
[root@10-20-177-248 data]#
[root@10-20-177-248 ~]# tcpdump -i eth0 -nn 'host 10.20.177.97'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:09:31.460465 IP 10.20.177.97.49630 > 10.20.177.248.53: 12385+ A? www.baidu.com. (31)
20:09:31.526552 IP 10.20.177.248.53 > 10.20.177.97.49630: 12385 3/0/0 CNAME www.a.shifen.com., A
20:09:31.563337 IP 10.20.177.97.60468 > 10.20.177.248.53: 51262+ PTR? 4.68.242.110.in-addr.arpa.
20:09:32.792264 IP 10.20.177.248.53 > 10.20.177.97.60468: 51262 NXDomain 0/1/0 (132)
20:09:36.467310 ARP, Request who-has 10.20.177.248 tell 10.20.177.97, length 46
20:09:36.467347 ARP, Reply 10.20.177.248 is-at fa:6e:a5:24:7f:00, length 28
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@10-20-177-248 ~]#
通过抓包可发现,本次缓存服务器向公网DNS做了域名解析请求
3、在不清除缓存的情况下,客户端再次ping www.baidu.com,抓包结果如下:
[root@10-20-177-248 data]# tcpdump -i eth0 -nn 'host 202.106.196.115'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:14:05.794949 IP 10.20.177.248.60653 > 202.106.196.115.53: 64942+ PTR? 3.68.242.110.in-addr.arpa. (43)
20:14:06.995367 IP 10.20.177.248.39769 > 202.106.196.115.53: 1872+ PTR? 3.68.242.110.in-addr.arpa. (43)
20:14:07.024789 IP 202.106.196.115.53 > 10.20.177.248.39769: 1872 NXDomain 0/0/0 (43)
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
[root@10-20-177-248 data]#
[root@10-20-177-248 ~]# tcpdump -i eth0 -nn 'host 10.20.177.97'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:14:05.755494 IP 10.20.177.97.33145 > 10.20.177.248.53: 48640+ A? www.baidu.com. (31)
20:14:05.755831 IP 10.20.177.248.53 > 10.20.177.97.33145: 48640 3/0/0 CNAME www.a.shifen.com., A 110.242.68.3, A 110.242.68.4 (90)
20:14:05.794555 IP 10.20.177.97.34796 > 10.20.177.248.53: 34447+ PTR? 3.68.242.110.in-addr.arpa. (43)
20:14:07.025150 IP 10.20.177.248.53 > 10.20.177.97.34796: 34447 NXDomain 0/0/0 (43)
20:14:10.759439 ARP, Request who-has 10.20.177.97 tell 10.20.177.248, length 28
20:14:10.759708 ARP, Reply 10.20.177.97 is-at fa:c3:eb:9c:25:00, length 46
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@10-20-177-248 ~]#
通过抓包可发现,本次缓存服务器直接回复了客户端的域名解析请求
4、如何查看服务器缓存了哪些解析到的地址?
缓存仅保存在服务器内存中,此处有一个命令:rndc dumpdb。可将内存数据保存成文件:/var/named/data/cache_dump.db
[root@10-20-177-248 data]#pwd
/var/named/data
[root@10-20-177-248 data]# ls
named.run
[root@10-20-177-248 data]# rndc dumpdb
[root@10-20-177-248 data]# ls
cache_dump.db named.run
[root@10-20-177-248 data]# cat cache_dump.db
;
; Start view _default
;
;
; Cache dump of view '_default' (cache _default)
;
$DATE 20201227122121
; answer
4.68.242.110.in-addr.arpa. 2627 IN \-ANY ;-$NXDOMAIN
; 110.in-addr.arpa. SOA ns1.apnic.net. read-txt-record-of-zone-first-dns-admin.apnic.net. 3006096239 7200 1800 604800 3600
; answer
www.baidu.com. 279 IN CNAME www.a.shifen.com.
; answer
www.a.shifen.com. 47 A 110.242.68.4
47 A 110.242.68.3
;
; Address database dump
;
; [edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout]
; [plain success/timeout]
;
;
; Unassociated entries
;
; 202.106.196.115 [srtt 146314] [flags 00000008] [edns 1/0/0/0/0] [plain 7/6] [udpsize 512] [ttl 1090]
;
; Bad cache
;
;
; SERVFAIL cache
;
;
; Start view _bind
;
;
; Cache dump of view '_bind' (cache _bind)
;
$DATE 20201227122121
;
; Address database dump
;
; [edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout]
; [plain success/timeout]
;
;
; Unassociated entries
;
;
; Bad cache
;
;
; SERVFAIL cache
;
; Dump complete
[root@10-20-177-248 data]#
查看文件内容可以看到,www.baidu.com解析的地址在里面。