DNS学习(五)---构建DNS缓存、转发服务器
实验环境:两台CentOS服务器,地址分别为192.168.0.123和192.168.0.111,dns服务器都搭建在192.168.0.123上。
注意:配置完成后,为实验简单,iptables关闭(为这个折腾了好一会)。
使用bind9搭建一个缓存或者转发服务器都是很简单的一件事情。
首先是转发服务器,配置文件如下:
- options
- {
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.db";
- memstatistics-file "/var/named/data/named_mem_stats.db";
- allow-query { any; };
- recursion yes;
- forwarders { 202.120.223.6;8.8.8.8;}; //转发
- };
- logging //日志输出
- {
- channel named-log {
- file "data/named.run";
- severity info;
- print-time yes;
- };
- };
各个配置选项的作用在上一篇的dns中有说明,这就不详细说明了。
在本机(192.168.0.123)上进行查询:
- [root@centos1 etc]# dig @192.168.0.123 www.google.com
- ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> @192.168.0.123 www.google.com
- ; (1 server found)
- ;; global options: printcmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65326
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4
- ;; QUESTION SECTION:
- ;www.google.com. IN A
- ;; ANSWER SECTION:
- www.google.com. 670 IN CNAME www-g-com-chn.l.google.com.
- www-g-com-chn.l.google.com. 18 IN A 64.233.183.104
- www-g-com-chn.l.google.com. 18 IN A 64.233.183.99
- ;; AUTHORITY SECTION:
- google.com. 47480 IN NS ns3.google.com.
- google.com. 47480 IN NS ns4.google.com.
- google.com. 47480 IN NS ns1.google.com.
- google.com. 47480 IN NS ns2.google.com.
- ;; ADDITIONAL SECTION:
- ns1.google.com. 220257 IN A 216.239.32.10
- ns2.google.com. 220257 IN A 216.239.34.10
- ns3.google.com. 220257 IN A 216.239.36.10
- ns4.google.com. 220257 IN A 216.239.38.10
- ;; Query time: 33 msec
- ;; SERVER: 192.168.0.123#53(192.168.0.123)
- ;; WHEN: Thu Mar 31 22:58:14 2011
- ;; MSG SIZE rcvd: 230
wireshark抓包分析:
可以看到192.168.0.123都把查询转发到202.120.223.6上去了。
在192.168.0.111上查询:
- [root@localhost ~]# dig @192.168.0.123 www.qq.com
- ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @192.168.0.123 www.qq.com
- ; (1 server found)
- ;; global options: printcmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56549
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
- ;; QUESTION SECTION:
- ;www.qq.com. IN A
- ;; ANSWER SECTION:
- www.qq.com. 176 IN A 59.64.114.103
- www.qq.com. 176 IN A 59.64.114.98
- ;; AUTHORITY SECTION:
- www.qq.com. 48120 IN NS ns-edu1.qq.com.
- www.qq.com. 48120 IN NS ns-edu2.qq.com.
- ;; ADDITIONAL SECTION:
- ns-edu2.qq.com. 8129 IN A 222.202.96.235
- ns-edu2.qq.com. 8129 IN A 59.74.45.48
- ;; Query time: 27 msec
- ;; SERVER: 192.168.0.123#53(192.168.0.123)
- ;; WHEN: Thu Mar 31 23:06:36 2011
- ;; MSG SIZE rcvd: 136
wireshark抓包分析:
看到了明显的转发。192.168.0.111主机查询192.168.0.123,然后192.168.0.123将查选转发给202.120.223.6 。
缓存服务器配置如下:
- //仅缓存域名服务器
- options
- {
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.db";
- memstatistics-file "/var/named/data/named_mem_stats.db";
- allow-query { any; };
- recursion yes;
- };
- logging //日志输出
- {
- channel named-log {
- file "data/named.run";
- severity info;
- print-time yes;
- };
- };
- //增加了根。。。
- zone "." IN {
- type hint;
- file "named.ca";
- };
在本机上进行查询:
- [root@centos1 etc]# dig @192.168.0.123 www.sohou.com
- ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> @192.168.0.123 www.sohou.com
- ; (1 server found)
- ;; global options: printcmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17803
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
- ;; QUESTION SECTION:
- ;www.sohou.com. IN A
- ;; ANSWER SECTION:
- www.sohou.com. 3600 IN A 74.55.86.59
- ;; AUTHORITY SECTION:
- sohou.com. 172798 IN NS ns.xinnetdns.com.
- sohou.com. 172798 IN NS ns.xinnet.cn.
- ;; Query time: 4679 msec
- ;; SERVER: 192.168.0.123#53(192.168.0.123)
- ;; WHEN: Fri Apr 1 15:40:10 2011
- ;; MSG SIZE rcvd: 100
这种配置模式下,第一次查询一个域名时会首先向根服务器进行查询,一定程度上降低了速度。用wireshark可以发现有很多包,这就不进行截图了。在192.168.0.111上指定dns为192.168.0.123进行查询时,若是第一次查询该域名,则192.168.0.123向根查询,然后经过一些步骤后,将结果返回给192.168.0.111;若再次查询该域名时,192.168.0.123直接将结果返回给192.168.0.111,这些过程可通过wireshark 抓包分析知道。
总结:DNS转发服务器的效率一定程度上要比缓存服务器效率低些,原因是首次查询时,缓存服务器会直接向根进行查询。在配置过程中注意安装了bind-chroot后,默认启动的配置文件路径为/var/named/chroot/etc/ ,在做实验过程中若不能进行查询,请检查是不是iptables做了限制。