DNS之六----一条龙DNS服务搭建

DNS一条龙服务搭建过程

1、DNS架构图:

搭建架构分析:首先,我们需要在192.168.7.100web服务的访问域名,方便我们可以通过客户端进行测试验证是否存在问题,在搭建的过程中,搭建一步,验证一步,否则搭建完排错比较困难。

2、环境准备:

3、在HTTP服务器上安装服务并启动

[root@web ~]# yum install httpd -y
[root@web ~]# systemctl start httpd
[root@web ~]# echo welcome to shanghai > /var/www/html/index.html

 4、配置客户端DNS地址

1、在客户端配置DNS地址,指向LDNS的IP地址

[root@client network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@client network-scripts]# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.7.107
PREFIX=24
GATEWAY=192.168.7.2
DNS1=192.168.7.106  # 写上LDNS服务器的IP地址
ONBOOT=yes

[root@client network-scripts]# systemctl restart network

2、由于此时HTTP服务器还未域名解析,只能在客户端访问IP地址。

[root@client ~]# curl 192.168.7.100
welcome to shanghai

5、安装主DNS服务器并配置

1、安装DNS服务器并修改主配置文件

[root@dns-master~]#yum install bind -y
options {
//      listen-on port 53 { 127.0.0.1; };  # 注释掉此行
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };   # 注释掉此行
        allow-transfer  { 192.168.7.102; };  # 允许DNS从服务器复制

2、创建一级域名

[root@dns-master~]#vim /etc/named.rfc1912.zones 
zone "magedu.org" IN {  # 创建一个magedu.org域名
        type master;
        file "magedu.org.zone";   # 指定magedu.org域名文件                                                                                                         
};

3、修改主DNS的域名解析配置文件

[root@dns-masternamed]#cd /var/named
[root@dns-masternamed]#cp -p  named.localhost magedu.org.zone  # 复制后修改的文件名要与上面/etc/named.rfc1912.zone里边的file文件名称一致


[root@dns-masternamed]#vim magedu.org.zone 
$TTL 1D
@       IN SOA  ns1  admin  (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      ns1
        NS      ns2
ns1     A       192.168.7.101  # 指定本机,即主DNS主机的域名解析
ns2     A       192.168.7.102  # 指定从DNS域名解析
www     A       192.168.7.100  # 指定http服务器的域名解析

4、重启主DNS服务器

[root@dns-masternamed]#systemctl restart named

6、在客户端进行验证此时的域名解析效果

[root@client network-scripts]# yum install bind-utils  -y # 安装dig命令
[root@client network-scripts]# dig www.magedu.org @192.168.7.101   # 测试主DNS域名解析效果

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.org.			IN	A

;; ANSWER SECTION:
www.magedu.org.		86400	IN	A	192.168.7.100  # 此时已经返回了http地址和域名的效果

;; AUTHORITY SECTION:
magedu.org.		86400	IN	NS	ns2.magedu.org.
magedu.org.		86400	IN	NS	ns1.magedu.org.

;; ADDITIONAL SECTION:
ns1.magedu.org.		86400	IN	A	192.168.7.101  # 主DNS的域名解析
ns2.magedu.org.		86400	IN	A	192.168.7.102  # 从DNS的域名解析

;; Query time: 2 msec
;; SERVER: 192.168.7.101#53(192.168.7.101)
;; WHEN: Tue Jul 14 22:07:22 CST 2020
;; MSG SIZE  rcvd: 127

7、安装并配置从DNS服务器,实现主从复制

1、安装从DNS服务,并配置。

[root@dns-slave~]#yum install bind -y
[root@dns-slave~]#vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };   # 注释掉此行
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };  # 注释掉此行
        allow-transfer  { none;};   # 不允许其他主机访问

2、配置从DNS服务器,与主DNS服务器关联,实现主从复制

[root@dns-slave~]#vim /etc/named.rfc1912.zones 
zone "magedu.org" IN {  # 与主DNS域名一致
        type slave;
        masters { 192.168.7.101; };  # 指定主DNS的IP地址
        file "slaves/magedu.org.zone";  # 指定一个文件名,默认会在/var/named/slaves目录下创建出来,如果有,说明主从复制成功
};

3、查看此时从DNS服务器上已经存在文件,说明主从复制没问题。

[root@dns-slave~]#ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 306 Jul 14 22:13 magedu.org.zone

8、在客户端验证主从复制效果

1、在客户端测试验证主从DNS服务器效果

[root@client ~]# dig www.magedu.org @192.168.7.101  # 客户端上验证主DNS,可以看出DNS能解析http服务器的域名

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65287
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.org.			IN	A

;; ANSWER SECTION:
www.magedu.org.		86400	IN	A	192.168.7.100  # 能解析http服务器域名

;; AUTHORITY SECTION:
magedu.org.		86400	IN	NS	ns1.magedu.org.
magedu.org.		86400	IN	NS	ns2.magedu.org.

;; ADDITIONAL SECTION:
ns1.magedu.org.		86400	IN	A	192.168.7.101
ns2.magedu.org.		86400	IN	A	192.168.7.102

;; Query time: 1 msec
;; SERVER: 192.168.7.101#53(192.168.7.101)
;; WHEN: Tue Jul 14 22:24:34 CST 2020
;; MSG SIZE  rcvd: 127

[root@client ~]# dig www.magedu.org @192.168.7.102  # 在从DNS服务器上验证也能解析http服务域名

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10275
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.org.			IN	A

;; ANSWER SECTION:
www.magedu.org.		86400	IN	A	192.168.7.100  # 解析http域名效果

;; AUTHORITY SECTION:
magedu.org.		86400	IN	NS	ns2.magedu.org.
magedu.org.		86400	IN	NS	ns1.magedu.org.

;; ADDITIONAL SECTION:
ns1.magedu.org.		86400	IN	A	192.168.7.101
ns2.magedu.org.		86400	IN	A	192.168.7.102

;; Query time: 1 msec
;; SERVER: 192.168.7.102#53(192.168.7.102)
;; WHEN: Tue Jul 14 22:24:37 CST 2020
;; MSG SIZE  rcvd: 127

9、实现子域委派效果

1、安装DNS服务器,并修改主配置文件

[root@orgdnsnamed]#yum install bind -y
[root@orgdnsnamed]#vim /etc/named.conf 
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };

2、创建顶级域

[root@orgdnsnamed]#vim /etc/named.rfc1912.zones 
zone "org" IN {
        type master;
        file "org.zone";
};

3、在/var/named目录下创建一个org.zone的配置文件,这里直接将主DNS服务器的配置文件复制过来,不再手动写了

[root@dns-masternamed]#scp -p magedu.org.zone  192.168.7.103:/var/named/org.zone   # 一定要注意org.zone的属组权限,否则就会问题

[root@orgdnsnamed]#ll
total 20
drwxrwx--- 2 named named   23 Jul 14 22:40 data
drwxrwx--- 2 named named   60 Jul 14 22:44 dynamic
-rw-r----- 1 root  named 2253 Apr  5  2018 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
-rw-r----- 1 root  named  221 Jul 14 22:31 org.zone   # 属组权限一定要是named
drwxrwx--- 2 named named    6 Jun  1 23:26 slaves


[root@orgdnsnamed]#vim org.zone  # 创建一个org.zone文件
$TTL 1D
@       IN SOA  ns1  admin  (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
              NS      ns1   # 指向第一个ns1域名,也是本主机
magedu  NS      ns2        # 定义主DNS服务器的二级域,因为前面已经定义了magedu.org,因此magedu不能随意变化
magedu  NS      ns3        #  同理,定义了从DNS服务器
ns1     A       192.168.7.103   #  定义本主机为顶级域,并解析为IP地址
ns2     A       192.168.7.101   #   定义主DNS服务器为二级域,进行委派
ns3     A       192.168.7.102    #   定义从DNS服务器为二级域,进行委派

4、启动二级域的DNS服务器:systemctl start named 

10、在客户端进行测试验证子域委派效果

1、验证此时的子域委派,如果orgdns服务器可以向下查询,说明此时子域委派正常。

[root@client ~]# dig www.magedu.org @192.168.7.103  # 测试子域委派的orgdns服务器

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52563
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.org.			IN	A

;; ANSWER SECTION:
www.magedu.org.		86036	IN	A	192.168.7.100   # 此时可以看到http服务器还是可以解析

;; AUTHORITY SECTION:
magedu.org.		86400	IN	NS	ns3.org.
magedu.org.		86400	IN	NS	ns2.org.

;; ADDITIONAL SECTION:
ns2.org.		86400	IN	A	192.168.7.101
ns3.org.		86400	IN	A	192.168.7.102

;; Query time: 1 msec
;; SERVER: 192.168.7.103#53(192.168.7.103)
;; WHEN: Tue Jul 14 22:50:31 CST 2020
;; MSG SIZE  rcvd: 127

11、在rootdns服务器上安装并配置

1、修改rootdns服务器的主配置文件  

[root@rootdns ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };  # 注释
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };  # 注释



zone "." IN {
        type master;  # 在最下面定义根域名为master
        file "root.zone";  # 自定义一个文件
};

2、在主DNS服务器上将magedu.org.zone复制到rootdns服务器上,修改关键部分即可

[root@dns-masternamed]#scp -p magedu.org.zone  192.168.7.104:/var/named/root.zone  # 将主DNS服务器的配置文件复制到rootdns服务器上,并起名为root.zone

[root@rootdns named]# vim /var/named/root.zone   # 修改rootdns配置文件
$TTL 1D
@       IN SOA  ns1  admin  (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      ns1
org     NS      ns2                # 将根域委派给org的顶级域
ns1     A       192.168.7.104  # 将根域,也就是本机的主机IP进行解析
ns2     A       192.168.7.103   # 将orgdns服务器的IP地址和域名进行解析

3、启动rootdns根域的DNS服务器

[root@rootdns named]# systemctl start named

12、在客户端测试根域委派效果

[root@client ~]# dig www.magedu.org @192.168.7.104  # @后面的IP地址就是根服务器

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5853
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.org.			IN	A

;; ANSWER SECTION:
www.magedu.org.		86400	IN	A	192.168.7.100  # 此时查看到还是可以解析http服务器的域名

;; AUTHORITY SECTION:
magedu.org.		86400	IN	NS	ns3.org.
magedu.org.		86400	IN	NS	ns2.org.

;; ADDITIONAL SECTION:
ns3.org.		86400	IN	A	192.168.7.102
ns2.org.		86400	IN	A	192.168.7.101

;; Query time: 6 msec
;; SERVER: 192.168.7.104#53(192.168.7.104)
;; WHEN: Tue Jul 14 23:29:51 CST 2020
;; MSG SIZE  rcvd: 127

13、实现DNS转发功能

1、安装DNS服务器,并修改主配置文件

[root@forward~]#vim /etc/named.conf 
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };


        dnssec-enable no;  # 将yes改为no
        dnssec-validation no;  #将yes改为no

2、修改/var/named/named.ca配置文件,实现转发到根域功能

[root@forward~]#vim /var/named/named.ca 
.                       518400  IN      NS      a.root-servers.net.  # 多余的全部删除 a.root名称要与下面一行的a.root一致
a.root-servers.net.     518400  IN      A       192.168.7.104  # 指向根域服务器的地址

14、在客户端进行测试转发服务器效果

[root@client ~]# dig www.magedu.org @192.168.7.105   # 测试转发服务器效果

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56960
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.org.			IN	A

;; ANSWER SECTION:
www.magedu.org.		86280	IN	A	192.168.7.100  # 可以看到此时服务器抓发成功,http服务器域名还是可以解析

;; AUTHORITY SECTION:
magedu.org.		86280	IN	NS	ns3.org.
magedu.org.		86280	IN	NS	ns2.org.

;; ADDITIONAL SECTION:
ns3.org.		86280	IN	A	192.168.7.102
ns2.org.		86280	IN	A	192.168.7.101

;; Query time: 3 msec
;; SERVER: 192.168.7.105#53(192.168.7.105)
;; WHEN: Tue Jul 14 23:32:01 CST 2020
;; MSG SIZE  rcvd: 127

15、安装并配置本地DNS服务器 

1、安装DNS服务器,并修改主配置文件

[root@localdns ~]# yum install bind -y

[root@localdns ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };
        forward only ;   # 转发功能打开,选择only模式
        forwarders      {192.168.7.105;};   # 转发的IP地址指向上一级的转发DNS服务器上


        dnssec-enable no;   # 将此行yes改为no
        dnssec-validation no;  # 将此行yes改为no

2、启动DNS服务器:systemctl start named 

 

16、开始在客户端最终的测试效果

1、测试本地的DNS解析效果

[root@client ~]# dig www.magedu.org @192.168.7.106  # 直接访问本地的DNS服务器可以解析

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.org @192.168.7.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56578
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.org.			IN	A

;; ANSWER SECTION:
www.magedu.org.		85844	IN	A	192.168.7.100   # 访问本地的DNS服务器可以解析

;; AUTHORITY SECTION:
magedu.org.		85844	IN	NS	ns3.org.
magedu.org.		85844	IN	NS	ns2.org.

;; ADDITIONAL SECTION:
ns2.org.		85844	IN	A	192.168.7.101
ns3.org.		85844	IN	A	192.168.7.102

;; Query time: 6 msec
;; SERVER: 192.168.7.106#53(192.168.7.106)
;; WHEN: Tue Jul 14 23:39:17 CST 2020
;; MSG SIZE  rcvd: 127

2、通过域名访问http服务,此时通过域名也可以访问到网页,所有的实验到此结束。

[root@client ~]# curl www.magedu.org
welcome to shanghai

  

 

  

  

 

 

  

 

 

  

  

 

posted @ 2020-07-14 23:48  一叶知秋~~  阅读(862)  评论(0编辑  收藏  举报