-
DNS(二)
实现 Internet DNS 架构
架构图
实验环境
关闭SELinux、Firewalld。时间保持一致
主机名 IP 角色 client 192.168.28.146 DNS客户端,DNS地址为192.168.28.145 localdns 192.168.28.145 本地DNS服务器(只缓存) forward 192.168.28.144 转发目标DNS服务器 rootdns 192.168.28.141 根DNS服务器 comdns 192.168.28.143 com域DNS服务器 master 192.168.28.158 wenzi.com域的主DNS服务器 slave 192.168.28.156 wenzi.com域的从DNS服务器 web 192.168.28.159 www.wenzi.com的web服务器 一、配置设备网络
将DNS客户端的dns指向本地DNS服务器(只缓存)
- [root@client ~]# nmcli con mod "System ens33" ipv4.address 192.168.28.146/24 ipv4.method manual ipv4.gateway 192.168.28.2 ipv4.dns 192.168.28.145
- [root@client ~]# nmcli con reload
- [root@client ~]# nmcli con up "System ens33"
- Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
- [root@client ~]# cat /etc/resolv.conf
- # Generated by NetworkManager
- nameserver 192.168.28.145
二、实现web服务
[root@web ~]# yum -y install httpd && systemctl enable --now httpd && echo 'This is www.wenzi.com' > /var/www/html/index.html三、实现wenzi.com域的主DNS服务器
修改配置文件
- [root@master ~]# vim /etc/named.conf
- options {
- listen-on port 53 { 127.0.0.1; localhost; }; 监听端口范围
- ...
- allow-query { localhost; 192.168.28.0/24; }; 允许查询范围
- allow-transfer { 192.168.28.156; }; 允许区域传输范围,即从DNS
- ...
定义 wenzi.com 区域
- [root@master ~]# vim /etc/named.rfc1912.zones
- zone "wenzi.com" IN {
- type master;
- file "wenzi.com.zone";
- };
- ...
编译wenzi.com.zone文件
- [root@master ~]# cd /var/named/
- [root@master named]# ll
- total 16
- drwxrwx--- 2 named named 23 Oct 17 21:43 data
- drwxrwx--- 2 named named 60 Oct 17 21:52 dynamic
- -rw-r----- 1 root named 2253 Aug 25 2021 named.ca
- -rw-r----- 1 root named 152 Aug 25 2021 named.empty
- -rw-r----- 1 root named 152 Aug 25 2021 named.localhost
- -rw-r----- 1 root named 168 Aug 25 2021 named.loopback
- drwxrwx--- 2 named named 6 Aug 25 2021 slaves
- [root@master named]# cp -a named.localhost wenzi.com.zone
- [root@master named]# vim wenzi.com.zone
- $TTL 1D
- @ IN SOA master admin.wenzi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
- @ IN NS master.wenzi.com.
- @ IN NS slave.wenzi.com.
- master IN A 192.168.28.158
- slave IN A 192.168.28.156
- www IN A 192.168.28.159
检查语法,重启服务
- [root@master named]# named-checkconf
- [root@master named]# named-checkzone wenzi.com wenzi.com.zone
- zone wenzi.com/IN: loaded serial 0
- OK
- [root@master named]# rndc reload
- server reload successful
四、实现wenzi.com域的从DNS服务器
修改配置
- [root@slave ~]# vim /etc/named.conf
- options {
- listen-on port 53 { 127.0.0.1; localhost; };
- ...
- allow-query { localhost; 192.168.28.0/24; };
- allow-transfer { none; }; 禁止其它设备进行区域传输
- ...
定义区域
- [root@slave ~]# vim /etc/named.rfc1912.zones
- zone "wenzi.com" {
- type slave;
- masters { 192.168.28.158; };
- file "slaves/wenzi.com.zone.slave";
- };
- ...
校验语法,并重启服务,发现区域文件已同步
- [root@slave ~]# named-checkconf
- [root@slave ~]# rndc reload
- server reload successful
- [root@slave ~]# ll /var/named/slaves/
- total 4
- -rw-r--r-- 1 named named 310 Oct 17 22:31 wenzi.com.zone.slave
五、实现com域的主DNS服务器
修改配置
- [root@comdns ~]# vim /etc/named.conf
- options {
- listen-on port 53 { 127.0.0.1;localhost; };
- ...
- allow-query { localhost; 192.168.28.0/24; };
- ...
定义 com 区域
- [root@comdns ~]# vim /etc/named.rfc1912.zones
- zone "com" {
- type master;
- file "com.zone";
- };
编写 com.zone 文件
- [root@comdns ~]# cd /var/named/
- [root@comdns named]# cp -a named.localhost com.zone
- $TTL 1D
- @ IN SOA master admin.wenzi.com.. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
- @ IN NS master
- wenzi IN NS dnservermaster wenzi.com.的主DNS服务器
- wenzi IN NS dnserverslave wenzi.com.的从DNS服务器
- master IN A 192.168.28.143
- dnservermaster IN A 192.168.28.158 主DNS服务器映射地址
- dnserverslave IN A 192.168.28.156 从DNS服务器映射地址
校验语法,并重启服务
- [root@comdns named]# named-checkconf
- [root@comdns named]# named-checkzone com com.zone
- zone com/IN: loaded serial 0
- OK
- [root@comdns named]# rndc reload
- server reload successful
六、实现根域的主DNS服务器
修改配置
- [root@rootdns ~]# vim /etc/named.conf
- options {
- listen-on port 53 { 127.0.0.1; localhost; };
- ...
- allow-query { localhost; 192.168.28.0/24; };
- ...
定义区域
- [root@rootdns ~]# vim /etc/named.rfc1912.zones
- zone "." IN {
- type master;
- file "root.zone";
- };
编写区域文件
- [root@rootdns named]# cp -a named.localhost root.zone
- [root@rootdns named]# vim root.zone
- $TTL 1D
- @ IN SOA master admin.wenzi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
- IN NS master
- com IN NS comdns
- master IN A 192.168.28.141
- comdns IN A 192.168.28.143
校验语法,重启服务
- [root@rootdns named]# named-checkconf
- [root@rootdns named]# named-checkzone . root.zone
- zone ./IN: loaded serial 0
- OK
- [root@rootdns named]# rndc reload
- server reload successful
七、实现转发目标的DNS服务器
修改配置
- [root@forward ~]# vim /etc/named.conf
- options {
- listen-on port 53 { 127.0.0.1; localhost; };
- ...
- allow-query { localhost; 192.168.28.0/24; };
- ...
修改bind软件自带的根DNS服务器,实现将请求转发给自建DNS根服务器,而不是直接去互联网查找
- [root@forward ~]# vim /var/named/named.ca
- ...
- ;; QUESTION SECTION:
- ;. IN NS
- ;; ANSWER SECTION:
- . 518400 IN NS a.root-servers.net.
- ;; ADDITIONAL SECTION:
- a.root-servers.net. 518400 IN A 192.168.28.141
- ...
校验语法,重启服务
- [root@forward ~]# named-checkconf
- [root@forward ~]# rndc reload
- server reload successful
八、实现本地只缓存DNS服务器
修改配置
- options {
- listen-on port 53 { 127.0.0.1; localhost; };
- ...
- allow-query { localhost; 192.168.28.0/24; };
- forward only;
- forwarders { 192.168.28.144; };
- ...
- recursion yes; 启动dns递归查询
- dnssec-enable no; 不启用DNS安全拓展,通常关闭
- dnssec-validation no; 不验证dnssec数据有效性,通常关闭
- ...
检查语法,重启服务
- [root@localdns ~]# named-checkconf
- [root@localdns ~]# rndc reload
- server reload successful
九、客户端测试
- [root@client ~]# host www.wenzi.com
- www.wenzi.com has address 192.168.28.159
- [root@client ~]# dig www.wenzi.com
- ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.14 <<>> www.wenzi.com
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15173
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;www.wenzi.com. IN A
- ;; ANSWER SECTION:
- www.wenzi.com. 85706 IN A 192.168.28.159
- ;; AUTHORITY SECTION:
- wenzi.com. 85706 IN NS dnservermaster.com.
- wenzi.com. 85706 IN NS dnserverslave.com.
- ;; ADDITIONAL SECTION:
- dnserverslave.com. 85706 IN A 192.168.28.156
- dnservermaster.com. 85706 IN A 192.168.28.158
- ;; Query time: 0 msec
- ;; SERVER: 192.168.28.145#53(192.168.28.145)
- ;; WHEN: Tue Oct 17 23:48:33 CST 2023
- ;; MSG SIZE rcvd: 147
- [root@client ~]# curl www.wenzi.com
- This is www.wenzi.com
-
相关阅读:
elasticsearch使用脚本 滚动关闭索引,更新index setting
Android事件分发机制
Linux基础指令(三)
基于SSM的大学生创新创业平台竞赛管理子系统设计与实现
React 高频面试题1(答案和题目都是根据讯飞星火写的)
Android 录音没有声音,设置AudioSource.VOICE_CALL直接MediaRecorder.start异常等系列问题
LQ0001 方程整数解【枚举】
开发盲盒应该具有哪些特点
金蝶云星空签出元数据提示“数据中心业务对象版本高于应用版本”
【STM32】SDIO—SD 卡读写01
- 原文地址:https://blog.csdn.net/qq_40875048/article/details/133850494
