DNS之六----一条龙DNS服务搭建
DNS一条龙服务搭建过程
1、DNS架构图:
搭建架构分析:首先,我们需要在192.168.7.100web服务的访问域名,方便我们可以通过客户端进行测试验证是否存在问题,在搭建的过程中,搭建一步,验证一步,否则搭建完排错比较困难。
2、环境准备:
3、在HTTP服务器上安装服务并启动
[root@web ~]# yum install httpd -y [root@web ~]# systemctl start httpd [root@web ~]# echo welcome to shanghai > /var/www/html/index.html
4、配置客户端DNS地址
1、在客户端配置DNS地址,指向LDNS的IP地址
[root@client network-scripts]# pwd /etc/sysconfig/network-scripts [root@client network-scripts]# cat ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static IPADDR=192.168.7.107 PREFIX=24 GATEWAY=192.168.7.2 DNS1=192.168.7.106 # 写上LDNS服务器的IP地址 ONBOOT=yes [root@client network-scripts]# systemctl restart network
2、由于此时HTTP服务器还未域名解析,只能在客户端访问IP地址。
[root@client ~]# curl 192.168.7.100 welcome to shanghai
5、安装主DNS服务器并配置
1、安装DNS服务器并修改主配置文件
[root@dns-master~]#yum install bind -y options { // listen-on port 53 { 127.0.0.1; }; # 注释掉此行 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; # 注释掉此行 allow-transfer { 192.168.7.102; }; # 允许DNS从服务器复制
2、创建一级域名
[root@dns-master~]#vim /etc/named.rfc1912.zones zone "magedu.org" IN { # 创建一个magedu.org域名 type master; file "magedu.org.zone"; # 指定magedu.org域名文件 };
3、修改主DNS的域名解析配置文件
[root@dns-masternamed]#cd /var/named [root@dns-masternamed]#cp -p named.localhost magedu.org.zone # 复制后修改的文件名要与上面/etc/named.rfc1912.zone里边的file文件名称一致 [root@dns-masternamed]#vim magedu.org.zone $TTL 1D @ IN SOA ns1 admin ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1 NS ns2 ns1 A 192.168.7.101 # 指定本机,即主DNS主机的域名解析 ns2 A 192.168.7.102 # 指定从DNS域名解析 www A 192.168.7.100 # 指定http服务器的域名解析
4、重启主DNS服务器
[root@dns-masternamed]#systemctl restart named
6、在客户端进行验证此时的域名解析效果
[root@client network-scripts]# yum install bind-utils -y # 安装dig命令 [root@client network-scripts]# dig www.magedu.org @192.168.7.101 # 测试主DNS域名解析效果 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46168 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN A 192.168.7.100 # 此时已经返回了http地址和域名的效果 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS ns2.magedu.org. magedu.org. 86400 IN NS ns1.magedu.org. ;; ADDITIONAL SECTION: ns1.magedu.org. 86400 IN A 192.168.7.101 # 主DNS的域名解析 ns2.magedu.org. 86400 IN A 192.168.7.102 # 从DNS的域名解析 ;; Query time: 2 msec ;; SERVER: 192.168.7.101#53(192.168.7.101) ;; WHEN: Tue Jul 14 22:07:22 CST 2020 ;; MSG SIZE rcvd: 127
7、安装并配置从DNS服务器,实现主从复制
1、安装从DNS服务,并配置。
[root@dns-slave~]#yum install bind -y [root@dns-slave~]#vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; # 注释掉此行 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; # 注释掉此行 allow-transfer { none;}; # 不允许其他主机访问
2、配置从DNS服务器,与主DNS服务器关联,实现主从复制
[root@dns-slave~]#vim /etc/named.rfc1912.zones zone "magedu.org" IN { # 与主DNS域名一致 type slave; masters { 192.168.7.101; }; # 指定主DNS的IP地址 file "slaves/magedu.org.zone"; # 指定一个文件名,默认会在/var/named/slaves目录下创建出来,如果有,说明主从复制成功 };
3、查看此时从DNS服务器上已经存在文件,说明主从复制没问题。
[root@dns-slave~]#ll /var/named/slaves/ total 4 -rw-r--r-- 1 named named 306 Jul 14 22:13 magedu.org.zone
8、在客户端验证主从复制效果
1、在客户端测试验证主从DNS服务器效果
[root@client ~]# dig www.magedu.org @192.168.7.101 # 客户端上验证主DNS,可以看出DNS能解析http服务器的域名 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65287 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN A 192.168.7.100 # 能解析http服务器域名 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS ns1.magedu.org. magedu.org. 86400 IN NS ns2.magedu.org. ;; ADDITIONAL SECTION: ns1.magedu.org. 86400 IN A 192.168.7.101 ns2.magedu.org. 86400 IN A 192.168.7.102 ;; Query time: 1 msec ;; SERVER: 192.168.7.101#53(192.168.7.101) ;; WHEN: Tue Jul 14 22:24:34 CST 2020 ;; MSG SIZE rcvd: 127 [root@client ~]# dig www.magedu.org @192.168.7.102 # 在从DNS服务器上验证也能解析http服务域名 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.102 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10275 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN A 192.168.7.100 # 解析http域名效果 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS ns2.magedu.org. magedu.org. 86400 IN NS ns1.magedu.org. ;; ADDITIONAL SECTION: ns1.magedu.org. 86400 IN A 192.168.7.101 ns2.magedu.org. 86400 IN A 192.168.7.102 ;; Query time: 1 msec ;; SERVER: 192.168.7.102#53(192.168.7.102) ;; WHEN: Tue Jul 14 22:24:37 CST 2020 ;; MSG SIZE rcvd: 127
9、实现子域委派效果
1、安装DNS服务器,并修改主配置文件
[root@orgdnsnamed]#yum install bind -y [root@orgdnsnamed]#vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; };
2、创建顶级域
[root@orgdnsnamed]#vim /etc/named.rfc1912.zones zone "org" IN { type master; file "org.zone"; };
3、在/var/named目录下创建一个org.zone的配置文件,这里直接将主DNS服务器的配置文件复制过来,不再手动写了
[root@dns-masternamed]#scp -p magedu.org.zone 192.168.7.103:/var/named/org.zone # 一定要注意org.zone的属组权限,否则就会问题 [root@orgdnsnamed]#ll total 20 drwxrwx--- 2 named named 23 Jul 14 22:40 data drwxrwx--- 2 named named 60 Jul 14 22:44 dynamic -rw-r----- 1 root named 2253 Apr 5 2018 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback -rw-r----- 1 root named 221 Jul 14 22:31 org.zone # 属组权限一定要是named drwxrwx--- 2 named named 6 Jun 1 23:26 slaves [root@orgdnsnamed]#vim org.zone # 创建一个org.zone文件 $TTL 1D @ IN SOA ns1 admin ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1 # 指向第一个ns1域名,也是本主机 magedu NS ns2 # 定义主DNS服务器的二级域,因为前面已经定义了magedu.org,因此magedu不能随意变化 magedu NS ns3 # 同理,定义了从DNS服务器 ns1 A 192.168.7.103 # 定义本主机为顶级域,并解析为IP地址 ns2 A 192.168.7.101 # 定义主DNS服务器为二级域,进行委派 ns3 A 192.168.7.102 # 定义从DNS服务器为二级域,进行委派
4、启动二级域的DNS服务器:systemctl start named
10、在客户端进行测试验证子域委派效果
1、验证此时的子域委派,如果orgdns服务器可以向下查询,说明此时子域委派正常。
[root@client ~]# dig www.magedu.org @192.168.7.103 # 测试子域委派的orgdns服务器 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.103 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52563 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86036 IN A 192.168.7.100 # 此时可以看到http服务器还是可以解析 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS ns3.org. magedu.org. 86400 IN NS ns2.org. ;; ADDITIONAL SECTION: ns2.org. 86400 IN A 192.168.7.101 ns3.org. 86400 IN A 192.168.7.102 ;; Query time: 1 msec ;; SERVER: 192.168.7.103#53(192.168.7.103) ;; WHEN: Tue Jul 14 22:50:31 CST 2020 ;; MSG SIZE rcvd: 127
11、在rootdns服务器上安装并配置
1、修改rootdns服务器的主配置文件
[root@rootdns ~]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; # 注释 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; # 注释 zone "." IN { type master; # 在最下面定义根域名为master file "root.zone"; # 自定义一个文件 };
2、在主DNS服务器上将magedu.org.zone复制到rootdns服务器上,修改关键部分即可
[root@dns-masternamed]#scp -p magedu.org.zone 192.168.7.104:/var/named/root.zone # 将主DNS服务器的配置文件复制到rootdns服务器上,并起名为root.zone [root@rootdns named]# vim /var/named/root.zone # 修改rootdns配置文件 $TTL 1D @ IN SOA ns1 admin ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1 org NS ns2 # 将根域委派给org的顶级域 ns1 A 192.168.7.104 # 将根域,也就是本机的主机IP进行解析 ns2 A 192.168.7.103 # 将orgdns服务器的IP地址和域名进行解析
3、启动rootdns根域的DNS服务器
[root@rootdns named]# systemctl start named
12、在客户端测试根域委派效果
[root@client ~]# dig www.magedu.org @192.168.7.104 # @后面的IP地址就是根服务器 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.104 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5853 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86400 IN A 192.168.7.100 # 此时查看到还是可以解析http服务器的域名 ;; AUTHORITY SECTION: magedu.org. 86400 IN NS ns3.org. magedu.org. 86400 IN NS ns2.org. ;; ADDITIONAL SECTION: ns3.org. 86400 IN A 192.168.7.102 ns2.org. 86400 IN A 192.168.7.101 ;; Query time: 6 msec ;; SERVER: 192.168.7.104#53(192.168.7.104) ;; WHEN: Tue Jul 14 23:29:51 CST 2020 ;; MSG SIZE rcvd: 127
13、实现DNS转发功能
1、安装DNS服务器,并修改主配置文件
[root@forward~]#vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; dnssec-enable no; # 将yes改为no dnssec-validation no; #将yes改为no
2、修改/var/named/named.ca配置文件,实现转发到根域功能
[root@forward~]#vim /var/named/named.ca . 518400 IN NS a.root-servers.net. # 多余的全部删除 a.root名称要与下面一行的a.root一致 a.root-servers.net. 518400 IN A 192.168.7.104 # 指向根域服务器的地址
14、在客户端进行测试转发服务器效果
[root@client ~]# dig www.magedu.org @192.168.7.105 # 测试转发服务器效果 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.105 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56960 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86280 IN A 192.168.7.100 # 可以看到此时服务器抓发成功,http服务器域名还是可以解析 ;; AUTHORITY SECTION: magedu.org. 86280 IN NS ns3.org. magedu.org. 86280 IN NS ns2.org. ;; ADDITIONAL SECTION: ns3.org. 86280 IN A 192.168.7.102 ns2.org. 86280 IN A 192.168.7.101 ;; Query time: 3 msec ;; SERVER: 192.168.7.105#53(192.168.7.105) ;; WHEN: Tue Jul 14 23:32:01 CST 2020 ;; MSG SIZE rcvd: 127
15、安装并配置本地DNS服务器
1、安装DNS服务器,并修改主配置文件
[root@localdns ~]# yum install bind -y [root@localdns ~]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; // allow-query { localhost; }; forward only ; # 转发功能打开,选择only模式 forwarders {192.168.7.105;}; # 转发的IP地址指向上一级的转发DNS服务器上 dnssec-enable no; # 将此行yes改为no dnssec-validation no; # 将此行yes改为no
2、启动DNS服务器:systemctl start named
16、开始在客户端最终的测试效果
1、测试本地的DNS解析效果
[root@client ~]# dig www.magedu.org @192.168.7.106 # 直接访问本地的DNS服务器可以解析 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.106 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56578 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 85844 IN A 192.168.7.100 # 访问本地的DNS服务器可以解析 ;; AUTHORITY SECTION: magedu.org. 85844 IN NS ns3.org. magedu.org. 85844 IN NS ns2.org. ;; ADDITIONAL SECTION: ns2.org. 85844 IN A 192.168.7.101 ns3.org. 85844 IN A 192.168.7.102 ;; Query time: 6 msec ;; SERVER: 192.168.7.106#53(192.168.7.106) ;; WHEN: Tue Jul 14 23:39:17 CST 2020 ;; MSG SIZE rcvd: 127
2、通过域名访问http服务,此时通过域名也可以访问到网页,所有的实验到此结束。
[root@client ~]# curl www.magedu.org welcome to shanghai