DNS服务器的部署

DNS服务器的部署

DNS----Domain Name System域名系统

作用: 
	1)	将域名, 主机名解析成对应的IP地址 	正向解析
	2)	将IP地址解析成对应的主机名,域名	反向解析

区域zone

正向区域		uplooking.com
反向区域		X.X.X.in-addr.arpa 			172.16.80.0/24			80.16.172.in-addr.arpa

记录Record

A记录		主机记录			www.uplooking.com		A		192.168.1.1 

NS记录		标识DNS服务器自身的名称 

	NS		dns1.uplooking.com.
	dns1.uplooking.com		A	192.168.1.2

MX记录		标识邮件服务器的名称 

	MX	 10		mail.uplooking.com. 
	mail.uplooking.com.		A	192.168.1.3


CNAME记录		别名记录 

	m.mail.com.		CNAME		mail.uplooking.com. 


PTR记录			反向指针记录 

	192.168.1.1		PTR			www.uplooking.com.

DNS域名结构:

.	根域 							www.jd.com------------> www.jd.com.
	com		
		jd
		baidu	
		tabao
	cn
	org
	gov

DNS解析方式:

递归
	客户端只需要向DNS服务器发送一次请求
迭代	
	客户端需要发送多次DNS请求

部署DNS服务器

软件: bind, bind-chroot

		伪根	/var/named/chroot 

			/etc/named.conf ------>  /var/named/chroot/etc/named.conf

配置文件:

	主配置文件		/var/named/chroot/etc/named.conf		建立区域
	记录文件		/var/named/chroot/var/named/*		


服务: named, named-chroot 
端口: 
	53/udp		负责接收客户端DNS请求
	53/tcp		负责主从服务器数据同步

示例:搭建DNS服务器

web.uplooking.com		192.168.1.1		网站服务器
ftp.uplooking.com		192.168.1.2		FTP服务器
mail.uplooking.com		192.168.1.3 	邮件服务器

准备工作:
关闭SELinux, 防火墙
配置YUM源

1 安装软件

[root@localhost ~]# yum install -y bind bind-chroot

2 编辑DNS的主配置文件,创建区域uplooking.com

[root@localhost ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};

zone "uplooking.com" {
type master;
file "uplooking.com.zone";
};

区域类型:
hint 根域
master 主区域
slave 从区域

3 复制记录文件的模板,并编辑

[root@localhost ~]# cp /usr/share/doc/bind-9.8.2/sample/var/named/named.localhost /var/named/chroot/var/named/uplooking.com.zone
[root@localhost ~]# vim /var/named/chroot/var/named/uplooking.com.zone
$TTL 1D
@ IN SOA uplooking.com. 454452000.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.uplooking.com.
dns1 A 192.168.122.105
web A 192.168.1.1
ftp A 192.168.1.2
MX 5 mail.uplooking.com.
mail A 192.168.1.3

4 启动named服务

[root@dns ~]# systemctl start named-chroot
[root@dns ~]# systemctl start named
[root@dns ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@dns ~]# systemctl enable named-chroot
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.
[root@dns ~]#

[root@dns ~]# ss -antp | grep named
LISTEN 0 10 192.168.122.105:53 : users:(("named",pid=2249,fd=21))

[root@dns ~]# ss -anup | grep named
UNCONN 0 0 192.168.122.105:53 : users:(("named",pid=2249,fd=513))

5 测试

注意:

配置方法如下:

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

Generated by dracut initrd

NAME="eth0"
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
IPADDR=192.168.122.121
NETMASK=255.255.255.0
GATEWAY=192.168.122.1
DNS1=192.168.122.105

[root@localhost ~]# cat /etc/resolv.conf

Generated by NetworkManager

nameserver 192.168.122.105
[root@localhost ~]#

测试工具:

  1. nslookup

[root@localhost ~]# nslookup

server
Default server: 192.168.122.105
Address: 192.168.122.105#53

web.uplooking.com
Server: 192.168.122.105
Address: 192.168.122.105#53

Name: web.uplooking.com
Address: 192.168.1.1

ftp.uplooking.com
Server: 192.168.122.105
Address: 192.168.122.105#53

Name: ftp.uplooking.com
Address: 192.168.1.2

mail.uplooking.com
Server: 192.168.122.105
Address: 192.168.122.105#53

Name: mail.uplooking.com
Address: 192.168.1.3

exit

  1. dig

dig -t

[root@localhost ~]# dig -t A web.uplooking.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A web.uplooking.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39100
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;web.uplooking.com. IN A

;; ANSWER SECTION:
web.uplooking.com. 86400 IN A 192.168.1.1

;; AUTHORITY SECTION:
uplooking.com. 86400 IN NS dns1.uplooking.com.

;; ADDITIONAL SECTION:
dns1.uplooking.com. 86400 IN A 192.168.122.105

;; Query time: 1 msec
;; SERVER: 192.168.122.105#53(192.168.122.105)
;; WHEN: 三 2月 22 11:45:42 CST 2017
;; MSG SIZE rcvd: 97

利用DNS记录实现负载均衡效果:

web A 192.168.1.1
web A 192.168.1.4

泛域名记录

uplooking.com. A 192.168.1.1

*.uplooking.com. A 192.168.1.1

示例2:

建立DNS反向区域,实现反向解析

1)编辑主配置文件named.conf

[root@masterdns ~]# vim /var/named/chroot/etc/named.conf
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
};

2)创建反向区域的记录

[root@dns named]# cat /var/named/chroot/var/named/192.168.1.zone
$TTL 1D
@ IN SOA uplooking.com. 454452000.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.uplooking.com.
dns1 A 192.168.122.105
1 PTR web.uplooking.com.
2 PTR ftp.uplooking.com.
3 PTR mail.uplooking.com.

[root@dns named]# systemctl restart named
[root@dns named]# systemctl restart named-chroot

3)测试

[root@masterdns ~]# nslookup

ftp.uplooking.com
Server: 192.168.122.166
Address: 192.168.122.166#53

Name: ftp.uplooking.com
Address: 192.168.1.2

192.168.1.2
Server: 192.168.122.166
Address: 192.168.122.166#53

2.1.168.192.in-addr.arpa name = ftp.uplooking.com.

示例:DNS主从服务器部署

环境描述:

192.168.122.166			DNS主服务器
192.168.122.167			DNS从服务器

将主服务器上uplooking.com区域的记录与从服务同步

主服务器:

1) 编辑主配置文件named.conf

[root@masterdns ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};

zone "uplooking.com" {
type master;
allow-transfer { 192.168.122.167; }; >>>指定从服务器的IP地址
file "uplooking.com.zone";
};

zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
};

2)编辑uplooking.com区域的记录文件,添加从服务器的NS记录

[root@masterdns ~]# cat /var/named/chroot/var/named/uplooking.com.zone
$TTL 1D
@ IN SOA uplooking.com. cisco_wjc.126.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.uplooking.com.
NS dns2.uplooking.com.
dns1 A 192.168.122.166
dns2 A 192.168.122.167
web A 192.168.1.1
web A 192.168.1.4
uplooking.com. A 192.168.1.1
*.uplooking.com. A 192.168.1.1
ftp A 192.168.1.2
MX 5 mail.uplooking.com.
mail A 192.168.1.3

[root@localhost named]# systemctl restart named
[root@localhost named]# systemctl restart named-chroot

从服务器:

1) 安装软件

yum install -y bind bind-chroot

  1. 编辑主配置文件

[root@slavedns ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};

zone "uplooking.com" {
type slave;
masters { 192.168.122.166; }; >>>指定主服务器IP地址
file "slaves/uplooking.com.zone";
};
[root@slavedns ~]#

3) 启动named服务

[root@localhost ~]# systemctl start named-chroot
[root@localhost ~]# systemctl start named

  1. 测试

[root@slavedns ~]# ls /var/named/chroot/var/named/slaves/
uplooking.com.zone
[root@slavedns ~]#

[root@slavedns ~]# nslookup

server 192.168.122.167
Default server: 192.168.122.167
Address: 192.168.122.167#53
web.uplooking.com
Server: 192.168.122.167
Address: 192.168.122.167#53

Name: web.uplooking.com
Address: 192.168.1.4
Name: web.uplooking.com
Address: 192.168.1.1

exit

练习:

部署DNS服务器完成如下解析:

www.a.org 		192.168.10.1
bbs.a.org 		192.168.10.2

discuz.b.org 	192.168.20.1
game.b.org 		192.168.20.2
mail.b.org 		192.168.20.3
posted @ 2020-05-17 12:56  知秋一叶9527  阅读(644)  评论(0编辑  收藏  举报