【就业班作业】【第十三周】简述DNS服务器原理,并搭建主-辅服务器。
DNS 的全称是 Domain Name System 或者 Domain Name Service,它主要的作用就是将人们所熟悉的网址 (域名) “翻译”出 IP 地址,这个过程叫做 DNS 域名解析。
一、DNS服务器工作原理
这里假设本地某主机去请求www.sankeya.vip域名时的流程:
1、本地主机查询本地dns缓存及本地hosts(/etc/hosts)文件中是否有www.sankeya.vip域名的记录,如果有直接使用,如果没有则会向本地自定义的dns服务器去请求(/etc/resolv.conf);
2、dns服务器收到主机请求则查询dns服务器本地是否有www.sankeya.vip域名的解析记录,如果有直接返回给客户端,如果没有则dns服务器直接向根服务器(.)请求查询;
3、根服务器(.)收到dns服务器的查询请求发现是查询.vip域的信息,然后根服务器则返回.vip域的服务器ip给到dns服务器;
4、dns服务器收到.vip的服务器IP,则再次向.vip的服务器请求sankeya.vip的域名服务器ip;
5、dns服务器收到.vip返回sankeya.vip域名服务器IP则直接再次请求sankeya.vip域名服务器,查询www的解析记录;
6、dns服务器查询到www.sankeya.vip的解析记录后则直接返回给客户端并自己缓存此记录;
7、客户端主机则拿到www.sankeya.vip的ip就直接访问到目标主机了,并缓存了此解析记录;(2-7阶段是一次递归查询)
二、主辅DNS服务器搭建过程
主用DNS服务器主要编辑以下几个文件:
1、编辑/etc/named.conf,启用本机指定网口监听53端口号、指定网口接收DNS查询请求,并允许接收指定备用DNS的区域传送;
2、编辑/etc/named.rfc1912.zones文件,新增指定区域参数;
3、新建zone文件,/var/named/sankeya.vip.zone,添加SOA,NS,A,MX等记录;
4、使用named-checkconf、named-zone检查服务端配置、区域文件配置。
5、使用systemctl start named启动DNS服务
主用DNS配置: yum -y install bind vi /etc/named.conf // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; allow-transfer {192.168.0.103;}; vi /etc/named.rfc1912.zones zone "sankeya.vip" { type master; file "sankeya.vip.zone"; }; vi /var/named/sankeya.vip.zone $TTL 1D @ IN SOA ns1 admin (1 1h 10m 1D 1D) NS ns1 NS ns2 ns1 A 192.168.0.102 ns2 A 192.168.0.103 www A 192.168.0.104 chgrp named /var/named/sankeya.vip.zone chmod 640 /var/named/sankeya.vip.zone named-checkconf /etc/named.conf named-checkzone sankeya.vip sankeya.vip.zone systemctl start named systemctl enable named
备用DNS主要编辑以下几个文件:
1、编辑/etc/named.conf,启用本机指定网口监听53端口号、指定网口接收DNS查询请求,不允许区域传送;
2、编辑/etc/named.rfc1912.zones文件,新增指定区域参数(type类型slave,masters指定主DNS服务器,zone文件是放在/var/named/slaves/下且是自动生成);
3、使用named-checkconf检查服务端配置。
备用DNS配置: yum -y install bind vi /etc/named.conf // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; allow-transfer { none;}; vi /etc/named.rfc1912.zones zone "sankeya.vip" { type slave; masters {192.168.0.102;}; file "slaves/sankeya.vip.zone.slave"; }; named-checkconf /etc/named.conf systemctl start named systemctl enable named
测试备用DNS同步效果及客户端解析结果如下:
新增1条A记录,并且将SOA内的序列号由2改成3.并使用rndc reload 重载配置文件。 vi /var/named/sankeya.vip.zone $TTL 1D @ IN SOA ns1 admin (3 1h 10m 1D 1D) NS ns1 NS ns2 ns1 IN A 192.168.0.102 ns2 IN A 192.168.0.103 www IN A 192.168.0.104 testsync IN A 1.1.1.1 [root@dns-master ~]# rndc reload server reload successful [root@dns-master ~]# 在DNS客户端侧使用dig命令测试解析效果,分别指定主备DNS。 指定主用DNS的测试: [root@dns-lab-client ~]# dig testsync.sankeya.vip @192.168.0.102 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> testsync.sankeya.vip @192.168.0.102 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9705 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;testsync.sankeya.vip. IN A ;; ANSWER SECTION: testsync.sankeya.vip. 86400 IN A 1.1.1.1 ;; AUTHORITY SECTION: sankeya.vip. 86400 IN NS ns2.sankeya.vip. sankeya.vip. 86400 IN NS ns1.sankeya.vip. ;; ADDITIONAL SECTION: ns1.sankeya.vip. 86400 IN A 192.168.0.102 ns2.sankeya.vip. 86400 IN A 192.168.0.103 ;; Query time: 0 msec ;; SERVER: 192.168.0.102#53(192.168.0.102) ;; WHEN: Thu Nov 05 21:50:55 CST 2020 ;; MSG SIZE rcvd: 133 [root@dns-lab-client ~]# 指定备用DNS的测试: [root@dns-lab-client ~]# dig testsync.sankeya.vip @192.168.0.103 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> testsync.sankeya.vip @192.168.0.103 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35770 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;testsync.sankeya.vip. IN A ;; ANSWER SECTION: testsync.sankeya.vip. 86400 IN A 1.1.1.1 ;; AUTHORITY SECTION: sankeya.vip. 86400 IN NS ns2.sankeya.vip. sankeya.vip. 86400 IN NS ns1.sankeya.vip. ;; ADDITIONAL SECTION: ns1.sankeya.vip. 86400 IN A 192.168.0.102 ns2.sankeya.vip. 86400 IN A 192.168.0.103 ;; Query time: 0 msec ;; SERVER: 192.168.0.103#53(192.168.0.103) ;; WHEN: Thu Nov 05 21:51:40 CST 2020 ;; MSG SIZE rcvd: 133 [root@dns-lab-client ~]#
(结束)