BIND
Berkely Internet Name Domain
DNS Cache Polution
https://www.cloudflare.com/learning/dns/dns-cache-poisoning/
Root Servers
The authoritative name servers that serve the DNS root zone, commonly known as the “root servers”, are a network of hundreds of servers in many countries around the world. They are configured in the DNS root zone as 13 named authorities, as follows.
Root Server List
安装Bind服务程序
BIND(Berkeley Internet Name Domain,伯克利因特网名称域)服务是全球范围内使用最广泛、最安全可靠且高效的域名解析服务程序。DNS域名解析服务作为互联网基础设施服务,其责任之重可想而知,因此建议大家在生产环境中安装部署bind服务程序时加上chroot(俗称牢笼机制)扩展包,以便有效地限制bind服务程序仅能对自身的配置文件进行操作,以确保整个服务器的安全。
[root@xlnx-lab05 ~]# yum -y install bind-chroot
配置文件
[root@xlnx-lab05 ~]# ls -l /etc/named*
-rw-r-----. 1 root named 1570 Mar 21 16:26 /etc/named.conf
-rw-r--r--. 1 root named 2389 Jan 29 2014 /etc/named.iscdlv.key
-rw-r-----. 1 root named 931 Jun 21 2007 /etc/named.rfc1912.zones
-rw-r--r--. 1 root named 487 Jul 19 2010 /etc/named.root.key
/etc/named:
total 0
DNS Master Configuration
[root@xlnx-lab05 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
DNS configuration file /etc/named.rfc1912.zones explained
The /etc/named.rfc1912.zones file is listed in the include section of the /etc/named.conf file. The /etc/named.rfc1912.zones file contains five zone sections.
Domains are grouped into zones and zones are configured through the use of zone files. The zone statement defines the characteristics of a zone, the location of its zone file, and zone- specific options, which override the global options statements. The following zones are defined in the /etc/named.rfc1912.zones file:
1. localhost.localdomain: Specifies that localhost.localdomain points to 127.0.0.1, preventing the local server from looking upstream for this information
2. localhost: Sets up the normal server on the local system
3. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa: Sets up IPv6 reverse name resolution
4. 1.0.0.127.in-addr.arpa: Sets up IPv4 reverse name resolution
5. 0.in-addr.arpa: Specifies that IP addresses that start with 0 have their reverse lookup handled by the local server, preventing the local server from looking upstream
[root@xlnx-lab05 ~]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "cnblogs.com" IN {
type master;
file "cnblogs.com.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.arpa";
allow-update { none; };
};
[root@xlnx-lab05 ~]# cd /var/named/
[root@xlnx-lab05 named]# ls -l
total 32
drwxr-x---. 7 root named 4096 Mar 21 16:21 chroot
drwxrwx---. 2 named named 4096 Jan 29 2014 data
drwxrwx---. 2 named named 4096 Jan 29 2014 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 29 2014 slaves
[root@xlnx-lab05 named]# cp -a named.localhost cnblogs.com.zone
[root@xlnx-lab05 named]# cp -a named.loopback 192.168.1.arpa
[root@xlnx-lab05 named]# cat cnblogs.com.zone
$TTL 1D
@ IN SOA cnblogs.com. root.cnblogs.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.cnblogs.com.
ns IN A 192.168.1.5
www IN A 192.168.1.5
[root@xlnx-lab05 named]# cat 192.168.1.arpa
$TTL 1D
@ IN SOA cnblogs.com. root.cnblogs.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.cnblogs.com.
ns A 192.168.1.5
5 PTR www.cnblogs.com. #dot
[root@xlnx-lab05 named]# systemctl restart named
[root@xlnx-lab05 named]# systemctl enable named
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
[root@xlnx-lab05 ~]# systemctl restart network
[root@xlnx-lab05 ~]# ping -c 2 www.cnblogs.com
PING www.cnblogs.com (192.168.1.5) 56(84) bytes of data.
64 bytes from www.cnblogs.com (192.168.1.5): icmp_seq=1 ttl=64 time=0.014 ms
64 bytes from www.cnblogs.com (192.168.1.5): icmp_seq=2 ttl=64 time=0.061 ms
--- www.cnblogs.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.014/0.037/0.061/0.024 ms
[root@xlnx-lab05 ~]# nslookup www.cnblogs.com
Server: 192.168.1.5
Address: 192.168.1.5#53
Name: www.cnblogs.com
Address: 192.168.1.5
[root@xlnx-lab05 ~]# nslookup 192.168.1.5
Server: 192.168.1.5
Address: 192.168.1.5#53
5.1.168.192.in-addr.arpa name = www.cnblogs.com.
DNS Slave Configuration
[root@xlnx-lab15 named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Slave Zone Configuration
[root@xlnx-lab15 ~]# cat /etc/named.rfc1912.zones
zone "cnblogs.com" IN {
type slave;
masters { 192.168.1.5; };
file "slaves/cnblogs.com.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.1.5; };
file "slaves/192.168.1.arpa";
};
Master Zone Configuration
[root@xlnx-lab05 ~]# cat /etc/named.rfc1912.zones
zone "cnblogs.com" IN {
type master;
file "cnblogs.com.zone";
allow-update { 192.168.1.15; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.arpa";
allow-update { 192.168.1.15; };
};
Master
[root@xlnx-lab05 ~]# iptables -F
[root@xlnx-lab05 ~]# systemctl restart named
Slave
[root@xlnx-lab15 ~]# iptables -F
[root@xlnx-lab15 ~]# systemctl restart named
[root@xlnx-lab15 ~]# ls -l /var/named/slaves/
total 8
-rw-r--r--. 1 named named 301 Mar 22 16:45 192.168.1.arpa
-rw-r--r--. 1 named named 246 Mar 22 16:45 cnblogs.com.zone
[root@xlnx-lab15 ~]# nm-connection-editor #DNS
[root@xlnx-lab15 ~]# systemctl restart network
[root@xlnx-lab15 ~]# ping -c 2 www.cnblogs.com
PING www.cnblogs.com (192.168.1.5) 56(84) bytes of data.
64 bytes from www.cnblogs.com (192.168.1.5): icmp_seq=1 ttl=64 time=1.07 ms
64 bytes from www.cnblogs.com (192.168.1.5): icmp_seq=2 ttl=64 time=0.655 ms
--- www.cnblogs.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.655/0.862/1.070/0.209 ms
[root@xlnx-lab15 ~]# nslookup www.cnblogs.com
Server: 192.168.1.15
Address: 192.168.1.15#53
Name: www.cnblogs.com
Address: 192.168.1.5
[root@xlnx-lab15 ~]# nslookup 192.168.1.15
Server: 192.168.1.15
Address: 192.168.1.15#53
** server can't find 15.1.168.192.in-addr.arpa.: NXDOMAIN
[root@xlnx-lab15 ~]# nslookup 192.168.1.5
Server: 192.168.1.15
Address: 192.168.1.15#53
5.1.168.192.in-addr.arpa name = www.cnblogs.com.
TSIG Encryption
Master Configuration
[root@xlnx-lab05 ~]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST master-salve
Kmaster-salve.+157+24579
[root@xlnx-lab05 ~]# ls -la Kmaster-salve.+157+24579.*
-rw-------. 1 root root 56 Mar 22 17:00 Kmaster-salve.+157+24579.key
-rw-------. 1 root root 165 Mar 22 17:00 Kmaster-salve.+157+24579.private
[root@xlnx-lab05 ~]# cat Kmaster-salve.+157+24579.key
master-salve. IN KEY 512 3 157 NwsYbRybWu+mBOozgpCAmg==
[root@xlnx-lab05 ~]# cat Kmaster-salve.+157+24579.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: NwsYbRybWu+mBOozgpCAmg==
Bits: AAA=
Created: 20200322090018
Publish: 20200322090018
Activate: 20200322090018
[root@xlnx-lab05 ~]# cd /var/named/chroot/etc/
[root@xlnx-lab05 etc]# ls -l
total 12
-rw-r--r--. 1 root root 405 Mar 22 15:26 localtime
drwxr-x---. 2 root named 4096 Jan 29 2014 named
drwxr-x---. 3 root named 4096 Mar 22 15:26 pki
[root@xlnx-lab05 etc]# vim transfer.key
[root@xlnx-lab05 etc]# cat transfer.key
key "master-slave" {
algorithm hmac-md5;
secret "NwsYbRybWu+mBOozgpCAmg==";
};
[root@xlnx-lab05 etc]# ls -l transfer.key
-rw-r--r--. 1 root root 79 Mar 22 17:16 transfer.key
[root@xlnx-lab05 etc]# chown root:named transfer.key
[root@xlnx-lab05 etc]# chmod 640 transfer.key
[root@xlnx-lab05 etc]# ln transfer.key /etc/
[root@xlnx-lab05 etc]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
include "/etc/transfer.key";
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer {key master-slave; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@xlnx-lab05 etc]# systemctl restart named
Slave Configuration
[root@xlnx-lab15 ~]# cd /var/named/slaves/
[root@xlnx-lab15 slaves]# ls -l
total 8
-rw-r--r--. 1 named named 301 Mar 22 17:14 192.168.1.arpa
-rw-r--r--. 1 named named 246 Mar 22 17:16 cnblogs.com.zone
[root@xlnx-lab15 slaves]# rm -rf *
[root@xlnx-lab15 slaves]# ls -l
total 0
[root@xlnx-lab15 slaves]# systemctl restart named
[root@xlnx-lab15 slaves]# ls -l
total 0
[root@xlnx-lab15 slaves]# scp -rp 192.168.1.5:/var/named/chroot/etc/transfer.key /var/named/chroot/etc/
[email protected]'s password:
transfer.key 100% 79 0.1KB/s 00:00
[root@xlnx-lab15 slaves]# ls -l /var/named/chroot/etc/
total 16
-rw-r--r--. 1 root root 405 Mar 22 16:22 localtime
drwxr-x---. 2 root named 4096 Jan 29 2014 named
drwxr-x---. 3 root named 4096 Mar 22 16:22 pki
-rw-r-----. 1 root root 79 Mar 22 17:16 transfer.key
[root@xlnx-lab15 slaves]# chown root:named /var/named/chroot/etc/transfer.key
[root@xlnx-lab15 slaves]# chmod 640 /var/named/chroot/etc/transfer.key
[root@xlnx-lab15 slaves]# ln /var/named/chroot/etc/transfer.key /etc/
[root@xlnx-lab15 slaves]# ls -l /etc/transfer.key
-rw-r-----. 2 root named 79 Mar 22 17:16 /etc/transfer.key
[root@xlnx-lab15 slaves]# vim /etc/named.conf
[root@xlnx-lab15 slaves]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
include "/etc/transfer.key";
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
server 192.168.1.5
{
keys { master-slave; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@xlnx-lab15 slaves]# ls -l
total 0
[root@xlnx-lab15 slaves]# systemctl restart named
[root@xlnx-lab15 slaves]# ls -l
total 8
-rw-r--r--. 1 named named 301 Mar 22 17:37 192.168.1.arpa
-rw-r--r--. 1 named named 246 Mar 22 17:37 cnblogs.com.zone
[root@xlnx-lab15 slaves]# nslookup
> www.cnblogs.com
Server: 192.168.1.15
Address: 192.168.1.15#53
Name: www.cnblogs.com
Address: 192.168.1.5
> 192.168.1.15
Server: 192.168.1.15
Address: 192.168.1.15#53
** server can't find 15.1.168.192.in-addr.arpa.: NXDOMAIN
> 192.168.1.5
Server: 192.168.1.15
Address: 192.168.1.15#53
5.1.168.192.in-addr.arpa name = www.cnblogs.com.
> exit
[root@xlnx-lab15 slaves]#
配置DNS缓存服务器
[root@xlnx-lab05 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
forwarders { 8.8.8.8; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Server IP
Client IP
分离解析技术
[root@xlnx-lab05 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@xlnx-lab05 ~]# cat /etc/named.rfc1912.zones
acl "china" { 122.71.115.0/24; };
acl "america" { 106.185.25.0/24; };
view "china" {
match-clients {"china;"};
zone "cnblogs.com" {
type master;
file "cnblogs.com.china";
};
};
view "america" {
match-clients {"america;"};
zone "cnblogs.com" {
type master;
file "cnblogs.com.america";
};
};
[root@xlnx-lab05 ~]# cd /var/named/
[root@xlnx-lab05 named]# cp -a named.localhost named.cnblogs.com.china
[root@xlnx-lab05 named]# cp -a named.localhost named.cnblogs.com.america
[root@xlnx-lab05 ~]# cd /var/named/
[root@xlnx-lab05 named]# cp -a named.localhost cnblogs.com.china
[root@xlnx-lab05 named]# cp -a named.localhost cnblogs.com.america
[root@xlnx-lab05 named]# cat cnblogs.com.china
$TTL 1D
@ IN SOA www.cnblogs.com. root.cnblogs.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.cnblogs.com.
ns IN A 122.71.115.1
www IN A 122.71.115.1
[root@xlnx-lab05 named]# cat cnblogs.com.america
$TTL 1D
@ IN SOA www.cnblogs.com. root.cnblogs.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.cnblogs.com.
ns IN A 106.185.25.1
www IN A 106.185.25.1
[PS. Linux and Windows NAT Network]
[root@xlnx-lab05 ~]# systemctl restart network
[root@xlnx-lab05 ~]# systemctl restart named
[root@xlnx-lab05 ~]# systemctl enable named
[root@xlnx-lab05 ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled)
Active: inactive (dead)
[root@xlnx-lab05 ~]# iptables -F
[root@xlnx-lab05 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ad:b8:84 brd ff:ff:ff:ff:ff:ff
inet 106.185.25.1/24 brd 106.185.25.255 scope global eth0
valid_lft forever preferred_lft forever
inet 122.71.115.1/24 brd 122.71.115.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fead:b884/64 scope link
valid_lft forever preferred_lft forever
America Windows Host
C:\Users\Xilong Jin>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC01
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-1F-43-7C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 106.185.25.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 106.185.25.1
DNS Servers . . . . . . . . . . . : 106.185.25.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\Xilong Jin>ping -n 2 www.cnblogs.com
Pinging www.cnblogs.com [106.185.25.1] with 32 bytes of data:
Reply from 106.185.25.1: bytes=32 time<1ms TTL=64
Reply from 106.185.25.1: bytes=32 time<1ms TTL=64
Ping statistics for 106.185.25.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
China Windows Host
C:\Users\Xilong Jin>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC01
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-1F-43-7C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 122.71.115.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 122.71.115.1
DNS Servers . . . . . . . . . . . : 122.71.115.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\Xilong Jin>ping -n 2 www.cnblogs.com
Pinging www.cnblogs.com [122.71.115.1] with 32 bytes of data:
Reply from 122.71.115.1: bytes=32 time<1ms TTL=64
Reply from 122.71.115.1: bytes=32 time<1ms TTL=64
Ping statistics for 122.71.115.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms