DNS 服务架构之综合实战
环境要求
需要8台主机
DNS客户端:172.31.0.10/16
本地DNS服务器(只缓存):172.31.0.48/16
转发目标DNS服务器:172.31.0.38/16
根DNS服务器:172.31.0.18/16
org域DNS服务器:172.31.0.27/16
主DNS服务器:172.31.0.7/16
从DNS服务器:172.31.0.17/16
WEB服务器:171.31.0.37/16
前提准备
关闭SElinux
[root@localhost ~]# sed -ri 's/^(SELINUX=).*/\1disabled/' /etc/selinux/config
关闭防火墙
[root@localhost ~]# systemctl disable --now firewalld
时间同步
web服务器安装软件并配置和启动
# 172.31.0.37/16
[root@CentOS-7 ~]# yum install httpd -y
[root@CentOS-7 ~]# echo www.longxuan.vip > /var/www/html/index.html
[root@CentOS-7 ~]# systemctl start httpd
[root@CentOS-7 ~]# curl 172.31.0.37
www.longxuan.vip
主DNS安装软件
172.31.0.7/16
[root@localhost ~]# yum install -y bind bind-utils
主改配置文件
[root@centos8 ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
allow-transfer {172.31.0.17;};
主改配置文件
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "longxuan.vip"{
type master;
file "longxuan.vip.zone";
};
主改配置文件
[root@localhost named]# vim longxuan.top.zone
$TTL 1D
@ IN SOA master admin.longxuan.vip. (
2021050104 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave1
master A 172.31.0.7
slave1 A 172.31.0.17
www A 172.31.0.37
重启服务
[root@localhost named]# systemctl start named #第一次启动服务,之后启动建议使用下面的命令
[root@localhost named]# rndc reload
从DNS服务器安装软件
# 172.31.0.17/16
[root@centos8 ~]# yum install -y bind bind-utils
从改配置文件
[root@centos8 ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
allow-transfer {none;};
从服务器配置
[root@centos8 ~]# vim /etc/named.rfc1912.zones
zone "longxuan.vip" {
type slave;
masters {172.31.0.7;};
file "slaves/longxuan.vip.slave";
};
从服务器重启服务
[root@centos8 ~]# rndc reload
server reload successful
检查从服务器看到同步成功
[root@centos8 ~]# ll /var/named/slaves/
org域服务器安装软件
# 172.31.0.27/16
[root@localhost ~]# yum install -y bind bind-utils
org域改配置文件
[root@localhost ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
org域改配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "org" {
type master;
file "org.zone";
};
org域改配置文件
[root@localhost ~]# vim /var/named/org.zone
$TTL 1D
@ IN SOA master admin.longxuan.vip. (
2021050100
1D
1H
1W
3D )
NS master
longxuan NS longxuanns1
longxuan NS longxuanns2
master A 172.31.0.27
longxuanns1 A 172.31.0.7
longxuanns2 A 172.31.0.17
授权
[root@localhost ~]# chgrp named /var/named/org.zone
启动
[root@localhost ~]# systemctl start named
根DNS服务器安装软件
# 172.31.0.18/16
[root@localhost ~]# yum install bind -y bind-utils
根DNS服务器改配置
[root@localhost ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
/*zone "." IN {
type hint;
file "named.ca";
};*/
zone "." IN {
type master;
file "root.zone";
};
根DNS服务器改配置
[root@localhost ~]# vim /var/named/root.zone
$TTL 1D
@ IN SOA master admin.longxuan.vip. (
2021050100
1D
1H
1W
3D )
NS master
org NS orgns
master A 172.31.0.18
orgns A 172.31.0.27
改所属组和授权640
[root@localhost ~]# chgrp named /var/named/root.zone
[root@localhost ~]# chmod 640 /var/named/root.zone
启动
[root@localhost ~]# systemctl start named #第一次启动,之后启动建议使用下面的命令
[root@localhost ~]# rndc reload
实现转发目标的DNS服务器
安装软件
# 172.31.0.38/16
[root@localhost ~]# yum install bind bind-utils -y
转发
[root@localhost ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
转发改配置
[root@localhost ~]# vim /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 172.31.0.18
启动
[root@localhost ~]# systemctl start named #第一次启动,之后启动建议使用下面的命令
[root@localhost ~]# rndc reload
本地缓存安装软件
# 172.31.0.48/16
[root@localhost ~]# yum install bind bind-utils -y
本地缓存改配置
[root@localhost ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
forward only;
forwarders {172.31.0.38;};
dnssec-enable no;
dnssec-validation no;
启动
[root@localhost ~]# systemctl start named #第一次启动,之后启动建议使用下面的命令
[root@localhost ~]# rndc reload
客户端测试
# 172.31.0.10/16
[root@centos6 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.31.0.7
[root@centos6 ~]# dig www.longxuan.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.longxuan.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13350
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.longxuan.vip. IN A
;; ANSWER SECTION:
www.longxuan.vip. 86400 IN A 172.31.0.37
;; AUTHORITY SECTION:
longxuan.vip. 86400 IN NS master.longxuan.vip.
longxuan.vip. 86400 IN NS slave.longxuan.vip.
;; ADDITIONAL SECTION:
master.longxuan.vip. 86400 IN A 172.31.0.7
slave.longxuan.vip. 86400 IN A 172.31.0.17
;; Query time: 4 msec
;; SERVER: 172.31.0.7#53(172.31.0.7)
;; WHEN: Mon May 1 13:41:57 2021
;; MSG SIZE rcvd: 123
[root@centos6 ~]# curl www.longxuan.vip
www.longxuan.vip
安装bind-utils报错
解决方法:
[root@localhost ~]# rpm -qa | grep bind
bind-export-libs-9.11.4-26.P2.el7_9.5.x86_64
bind-license-9.11.4-26.P2.el7_9.5.noarch
bind-libs-9.11.4-26.P2.el7_9.5.x86_64
bind-9.11.4-26.P2.el7_9.5.x86_64
bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64
[root@localhost ~]# yum remove bind-license-9.11.4 bind-libs-lite
# 重新安装即可
[root@localhost ~]# yum install bind-utils -y
