【就业班作业】【第十三周】搭建并实现智能DNS。
一、智能DNS工作原理
发起访问的域名通过智能DNS进行判断,根据DNS服务中ACL预先设定IP列表进行判断,判断出IP规属地,再返回一个对应的运营商公司给出的一个最佳的IP,然后进行访问。
二、智能DNS实现过程
1、定义ACL列表,定义view功能模块
vi /etc/named.conf //ACL定义归属地IP列表 acl guangzhounet { 192.168.0.101; }; acl zhaoqinnet { 192.168.0.250; }; acl qitanet { any; }; //options模块中注释掉监听和查询的限制,这里还定义成主DNS服务器 options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; allow-transfer { 192.168.0.103;}; //定义view模块,将此文件中根区域的部分删除,将在include里中指定的文件里再补充。 view guangzhouview { match-clients { guangzhounet; }; include "/etc/named.rfc1912.zones.gz"; }; view zhaoqinview { match-clients { zhaoqinnet; }; include "/etc/named.rfc1912.zones.zq"; }; view qitaview { match-clients { qitanet; }; include "/etc/named.rfc1912.zones.qita"; };
2、定义zone文件
//参考named.rfc1912.zones文件,增加根区域配置和对应归属区域配置 cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.gz cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.zq cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.qita //编辑/etc/named.rfc1912.zones.gz如下: vi /etc/named.rfc1912.zones.gz zone "." IN { type hint; file "named.ca"; }; zone "sankeya.vip" IN { type master; file "sankeya.vip.zone.gz"; }; //编辑/etc/named.rfc1912.zones.zq如下: vi /etc/named.rfc1912.zones.zq zone "." IN { type hint; file "named.ca"; }; zone "sankeya.vip" IN { type master; file "sankeya.vip.zone.zq"; }; //编辑/etc/named.rfc1912.zones.qita如下: vi /etc/named.rfc1912.zones.qita zone "." IN { type hint; file "named.ca"; }; zone "sankeya.vip" IN { type master; file "sankeya.vip.zone.qita"; };
3、定义解析数据库
编辑三个区域数据库文件 vi /var/named/sankeya.vip.zone.gz $TTL 1D @ IN SOA ns1 admin (7 1h 10m 1D 1D) NS ns1 NS ns2 gz IN NS ns3 ns1 IN A 192.168.0.102 ns2 IN A 192.168.0.103 ns3 IN A 192.168.0.104 websrv IN A 192.168.0.105 www IN CNAME websrv vi /var/named/sankeya.vip.zone.zq $TTL 1D @ IN SOA ns1 admin (7 1h 10m 1D 1D) NS ns1 NS ns2 gz IN NS ns3 ns1 IN A 192.168.0.102 ns2 IN A 192.168.0.103 ns3 IN A 192.168.0.104 websrv IN A 192.168.0.106 www In CNAME websrv vi /var/named/sankeya.vip.zone.qita $TTL 1D @ IN SOA ns1 admin (7 1h 10m 1D 1D) NS ns1 NS ns2 gz IN NS ns3 ns1 IN A 192.168.0.102 ns2 IN A 192.168.0.103 ns3 IN A 192.168.0.104 websrv IN A 6.6.6.6 www IN CNAME websrv
4、启动服务
[root@dns-master /]# named-checkconf [root@dns-master /]# named-checkzone /etc/named.rfc1912.zones.gz /var/named/sankeya.vip.zone.gz /var/named/sankeya.vip.zone.gz:2: warning: ns1./etc/named.rfc1912.zones.gz: bad name (check-names) /var/named/sankeya.vip.zone.gz:2: warning: admin./etc/named.rfc1912.zones.gz: bad name (check-names) /var/named/sankeya.vip.zone.gz:3: warning: ns1./etc/named.rfc1912.zones.gz: bad name (check-names) /var/named/sankeya.vip.zone.gz:4: warning: ns2./etc/named.rfc1912.zones.gz: bad name (check-names) /var/named/sankeya.vip.zone.gz:5: warning: ns3./etc/named.rfc1912.zones.gz: bad name (check-names) /var/named/sankeya.vip.zone.gz:6: ns1./etc/named.rfc1912.zones.gz: bad owner name (check-names) /var/named/sankeya.vip.zone.gz:7: ns2./etc/named.rfc1912.zones.gz: bad owner name (check-names) /var/named/sankeya.vip.zone.gz:8: ns3./etc/named.rfc1912.zones.gz: bad owner name (check-names) /var/named/sankeya.vip.zone.gz:9: websrv./etc/named.rfc1912.zones.gz: bad owner name (check-names) zone /etc/named.rfc1912.zones.gz/IN: loaded serial 7 OK [root@dns-master /]# named-checkzone /etc/named.rfc1912.zones.zq /var/named/sankeya.vip.zone.zq /var/named/sankeya.vip.zone.zq:2: warning: ns1./etc/named.rfc1912.zones.zq: bad name (check-names) /var/named/sankeya.vip.zone.zq:2: warning: admin./etc/named.rfc1912.zones.zq: bad name (check-names) /var/named/sankeya.vip.zone.zq:3: warning: ns1./etc/named.rfc1912.zones.zq: bad name (check-names) /var/named/sankeya.vip.zone.zq:4: warning: ns2./etc/named.rfc1912.zones.zq: bad name (check-names) /var/named/sankeya.vip.zone.zq:5: warning: ns3./etc/named.rfc1912.zones.zq: bad name (check-names) /var/named/sankeya.vip.zone.zq:6: ns1./etc/named.rfc1912.zones.zq: bad owner name (check-names) /var/named/sankeya.vip.zone.zq:7: ns2./etc/named.rfc1912.zones.zq: bad owner name (check-names) /var/named/sankeya.vip.zone.zq:8: ns3./etc/named.rfc1912.zones.zq: bad owner name (check-names) /var/named/sankeya.vip.zone.zq:9: websrv./etc/named.rfc1912.zones.zq: bad owner name (check-names) zone /etc/named.rfc1912.zones.zq/IN: loaded serial 7 OK [root@dns-master /]# named-checkzone /etc/named.rfc1912.zones.qita /var/named/sankeya.vip.zone.qita /var/named/sankeya.vip.zone.qita:2: warning: ns1./etc/named.rfc1912.zones.qita: bad name (check-names) /var/named/sankeya.vip.zone.qita:2: warning: admin./etc/named.rfc1912.zones.qita: bad name (check-names) /var/named/sankeya.vip.zone.qita:3: warning: ns1./etc/named.rfc1912.zones.qita: bad name (check-names) /var/named/sankeya.vip.zone.qita:4: warning: ns2./etc/named.rfc1912.zones.qita: bad name (check-names) /var/named/sankeya.vip.zone.qita:5: warning: ns3./etc/named.rfc1912.zones.qita: bad name (check-names) /var/named/sankeya.vip.zone.qita:6: ns1./etc/named.rfc1912.zones.qita: bad owner name (check-names) /var/named/sankeya.vip.zone.qita:7: ns2./etc/named.rfc1912.zones.qita: bad owner name (check-names) /var/named/sankeya.vip.zone.qita:8: ns3./etc/named.rfc1912.zones.qita: bad owner name (check-names) /var/named/sankeya.vip.zone.qita:9: websrv./etc/named.rfc1912.zones.qita: bad owner name (check-names) zone /etc/named.rfc1912.zones.qita/IN: loaded serial 7 OK [root@dns-master /]# systemctl start named [root@dns-master /]# [root@dns-master /]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 10 192.168.0.102:53 *:* LISTEN 0 10 127.0.0.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:953 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 10 ::1:53 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 ::1:953 :::* LISTEN 0 100 ::1:25 :::* [root@dns-master /]#
5、验证解析效果
//从192.168.0.101访问的解析效果 [root@centos-client ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:02:da:7e brd ff:ff:ff:ff:ff:ff inet 192.168.0.101/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe02:da7e/64 scope link valid_lft forever preferred_lft forever [root@centos-client ~]# dig www.sankeya.vip @192.168.0.102 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.sankeya.vip @192.168.0.102 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10581 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.sankeya.vip. IN A ;; ANSWER SECTION: www.sankeya.vip. 86400 IN CNAME websrv.sankeya.vip. websrv.sankeya.vip. 86400 IN A 192.168.0.105 ;; AUTHORITY SECTION: sankeya.vip. 86400 IN NS ns1.sankeya.vip. sankeya.vip. 86400 IN NS ns2.sankeya.vip. ;; ADDITIONAL SECTION: ns1.sankeya.vip. 86400 IN A 192.168.0.102 ns2.sankeya.vip. 86400 IN A 192.168.0.103 ;; Query time: 7 msec ;; SERVER: 192.168.0.102#53(192.168.0.102) ;; WHEN: Fri Nov 13 00:25:29 CST 2020 ;; MSG SIZE rcvd: 149 [root@centos-client ~]# //从192.168.0.105访问的解析效果 [root@httpd-server ~]# dig www.sankeya.vip @192.168.0.102 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.sankeya.vip @192.168.0.102 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1371 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.sankeya.vip. IN A ;; ANSWER SECTION: www.sankeya.vip. 86400 IN CNAME websrv.sankeya.vip. websrv.sankeya.vip. 86400 IN A 192.168.0.106 ;; AUTHORITY SECTION: sankeya.vip. 86400 IN NS ns1.sankeya.vip. sankeya.vip. 86400 IN NS ns2.sankeya.vip. ;; ADDITIONAL SECTION: ns1.sankeya.vip. 86400 IN A 192.168.0.102 ns2.sankeya.vip. 86400 IN A 192.168.0.103 ;; Query time: 1 msec ;; SERVER: 192.168.0.102#53(192.168.0.102) ;; WHEN: Fri Nov 13 00:29:58 CST 2020 ;; MSG SIZE rcvd: 149 [root@httpd-server ~]# //从192.168.0.106访问的解析效果 [root@httpd2-server ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:f3:4a:2e brd ff:ff:ff:ff:ff:ff inet 192.168.0.106/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fef3:4a2e/64 scope link valid_lft forever preferred_lft forever [root@httpd2-server ~]# [root@httpd2-server ~]# [root@httpd2-server ~]# dig www.sankeya.vip @192.168.0.102 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.sankeya.vip @192.168.0.102 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8901 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.sankeya.vip. IN A ;; ANSWER SECTION: www.sankeya.vip. 86400 IN CNAME websrv.sankeya.vip. websrv.sankeya.vip. 86400 IN A 6.6.6.6 ;; AUTHORITY SECTION: sankeya.vip. 86400 IN NS ns1.sankeya.vip. sankeya.vip. 86400 IN NS ns2.sankeya.vip. ;; ADDITIONAL SECTION: ns1.sankeya.vip. 86400 IN A 192.168.0.102 ns2.sankeya.vip. 86400 IN A 192.168.0.103 ;; Query time: 3 msec ;; SERVER: 192.168.0.102#53(192.168.0.102) ;; WHEN: Fri Nov 13 00:30:37 CST 2020 ;; MSG SIZE rcvd: 149
测试中的问题:
1、检查区域文件时报警告:bad name (check-names);但没影响服务启动,后续再查;
2、主备DNS服务同步正常,但使用备用DNS地址解析时,总是解析到6.6.6.6,后续核查.
(结束)