DNS服务器搭建
1、模拟互联网的搭建DNS服务
搭建流程:方便排错验证,优先搭建web服务器方便下个服务器的模拟验证
-
服务器搭建顺序
WEB服务 ---> 百度DNS主服务 ---> 百度DNS从服务 ---> 顶级域名DNS服务.com ---> 根DNS服务 ---> 企业转发DNS服务 ---> 企业DNS服务 ---> 企业客户机
-
web服务安装httpd服务实现web服务
-
DNS服务安装bind、bind-utils:实现DNS解析服务提供和调试功能
-
全局配置文件/etc/named.conf、/etc/named.rfc1912.zones的修改
-
解析数据库文件的编辑
-
配置文件的语法检查、服务配置文件重载、服务重启
-
wen服务解析测试
-
服务器的规划导图如下
2、DNS服务器搭建实操
#WEB服务器10.0.0.10 centos6系统
[root@centos6 ~]# yum install -y httpd chrony
[root@centos6 ~]# service chronyd start
[root@centos6 ~]# service iptables stop
[root@centos6 ~]# getenforce 0
[root@centos6 ~]# service httpd start
[root@centos6 ~]# echo "this test web 10.0.0.10" > /var/www/http/index.html
#baidu主DNS服务器10.0.0.11 centos8系统
[root@centos8 ~]# yum install -y bind bind-utils chrony
[root@centos8 ~]# systemctl enable --now chronyd
[root@centos8 ~]# systemctl enable --now named.service
[root@centos8 ~]# vim /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
allow-transfer {none}
***
[root@centos8 ~]# vim /etc/named.rfc1912.zones
***
//
zone "yun.com" {
type master;
file "yun.com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[root@centos8 ~]# vim /var/named/yun.com.zone
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1W 1D )
NS ns1
NS ns2
ns1 A 10.0.0.11
ns2 A 10.0.0.12
www A 10.0.0.10
[root@centos8 ~]# rndc reload
[root@centos8 ~]# systemctl restart named
#baidu从DNS服务器 centos6
service iptables stop
[root@centos6 ~]# yum install -y bind bind-utils chrony
[root@centos6 ~]# service chronyd start
[root@centos6 ~]# service named start
[root@centos6 ~]# service iptables stop
[root@centos6 ~]# getenforce 0
[root@centos6 ~]# vim /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-transfer {none}
recursion yes;
***
[root@centos6 ~]# vi /etc/named.rfc1912.zones
***
//
zone "yun.com" {
type slave;
masters {10.0.0.11;};
file "slaves/yun.com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[root@centos6 ~]#ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 347 Feb 13 21:14 yun.com.zone
[root@centos6 ~]# rndc reload
[root@centos6 ~]# service named restart
#互联网顶级域名comDNS服务器 centos7系统
[root@centos7 ~]# yum install -y bind bind-utils chrony
[root@centos7 ~]# systemctl disable --now firewalld
[root@centos7 ~]# getenforce 0
[root@centos7 ~]# systemctl enable --now named chronyd
[root@centos7 ~]# vi /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer {none}
***
[root@centos7 ~]# vi /etc/named.rfc1912.zones
***
//
zone "com"{
type master;
file "com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[root@centos7 ~]# vi /var/named/com.zone
***
$TTL 1D
@ IN SOA ns1 yun ( 2 1D 1H 1W 1D )
NS ns1
yun NS ns2
ns1 A 10.0.0.13
ns2 A 10.0.0.11
ns2 A 10.0.0.12
***
[root@centos7 ~]# rndc reload
[root@centos7 ~]# systemctl restart named
#互联网根DNS服务器 centos7系统
[root@centos7 ~]# yum install -y bind bind-utils chrony
[root@centos7 ~]# systemctl disable --now firewalld
[root@centos7 ~]# getenforce 0
[root@centos7 ~]# systemctl enable --now named chronyd
[root@centos7 ~]# vi /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer {none}
***
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type master;
file "root.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@centos7 ~]# vi /var/named/root.zone
***
$TTL 1D
@ IN SOA ns1 yun ( 2 1D 1H 1W 1D )
NS ns1
com NS ns2
ns1 A 10.0.0.14
ns2 A 10.0.0.13
***
[root@centos7 ~]# rndc reload
[root@centos7 ~]# systemctl restart named
#企业内部转发DNS服务器 ubuntu系统
root@ubuntu:~# apt install -y bind9 chrony
root@ubuntu:~# systemctl disable --now ufw.service
root@ubuntu:~# systemctl enable --now named chronyd
root@ubuntu:~# vim /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replac
// the all-0's placeholder.
forward only;
forwarders {
10.0.0.14;
};
dnssec-validation no; #
***
root@ubuntu:~# systemctl restart named
#企业内部转发DNS centos7系统
[root@centos7 ~]# yum install -y bind bind-utils chrony
[root@centos7 ~]# systemctl disable --now firewalld
[root@centos7 ~]# getenforce 0
[root@centos7 ~]# systemctl enable --now named chronyd
[root@centos7 ~]# vi /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer {none}
***
dnssec-enable no;
dnssec-validation no;
***
[root@centos7 ~]# vi /var/named/named.ca
; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 518400 IN A 10.0.0.14
[root@centos7 ~]# rndc reload
[root@centos7 ~]# systemctl restart named
3、安装过程中遇到坑
-
服务器安装之前一定一定一定要确认时间同步!!!selinux关闭!!!防火墙关闭!!!
-
安装过程中遇到路由不通的现象导致外网不能访问,很奇怪!服务都能正常安装了就是启动了named服务之后,路由不通。经过排查查看服务启动过程的信息提示和系统日志提示发现外网不同,导致named服务启动过程中一直访问根服务器超时。现象如下:
日志提示信息
服务启动状态提示信息
处理过程:
重新弄配置的网络信息、路由表
防火墙和selinux再次确认关闭 -
bind软件的配置文件必须格式无错,否则服务报错不能正常启动。
bind再带rndc命令可以检查配置文件的书写失误
命令:named-checkconf