Linux——DNS域名解析服务的部署及优化方案

最新推荐文章于 2024-08-28 09:29:32 发布

梦中北山

最新推荐文章于 2024-08-28 09:29:32 发布

阅读量997

点赞数 16

分类专栏： linux 运维文章标签： linux 服务器网络

本文链接：https://blog.csdn.net/aihua002/article/details/138623926

版权

linux 运维专栏收录该内容

8 篇文章 0 订阅

订阅专栏

1.
(问答题)
1.配置2台服务器要求如下：
a）服务器1：
主机名：dns-master.timinglee.org

[root@server100 ~]# hostnamectl hostname dns-master.timinglee.org
[root@server100 ~]# hostname
dns-master.timinglee.org

ip地址： 172.25.254.100

[root@server100 ~]# nmcli connection modify eth0 ipv4.addresses 172.25.254.100/24 autoconnect yes
[root@server100 ~]# nmcli connection up eth0
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4）
[root@server100 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::e768:955e:3485:4e1e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:59:df:9d txqueuelen 1000 (Ethernet)
RX packets 4805 bytes 6657834 (6.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2283 bytes 139800 (136.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 34 bytes 3496 (3.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 3496 (3.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
配置好软件仓库
b）服务器2：
主机名：dns-slave.timinglee.org

[root@server200 ~]# hostnamectl hostname dns-slave.timinglee.org
[root@server200 ~]# hostname
dns-slave.timinglee.org

ip地址：172.25.254.200

[root@server200 ~]# nmcli connection modify eth0 ipv4.addresses 172.25.254.200/24 autoconnect yes
[root@server200 ~]# nmcli connection up eth0
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4）
[root@server200 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::e1bf:6c40:f9c2:8d98 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:64:0e:06 txqueuelen 1000 (Ethernet)
RX packets 7000 bytes 9964465 (9.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2781 bytes 167378 (163.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 50 bytes 4856 (4.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50 bytes 4856 (4.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

配置好软件仓库

[root@dns-master ~]# vim /etc/yum.repos.d/rhel9.repo

[AppStream]
name=AppStream
baseurl=file:///rhel9/AppStream
gpgcheck=0

[BaseOS]
name=BaseOS
baseurl=file:///rhel9/BaseOS
gpgcheck=0

2.dns-master是一台权威dns，次dns要具备一下功能
a）可以解析timinglee.org域中的主机，此域中的主机列表为
172.25.254.100 bbs.timinglee.org
172.25.254.200 login.timinglee.org

[root@dns-master ~]# vim /etc/named.conf

10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 secroots-file "/var/named/data/named.secroots";
18 recursing-file "/var/named/data/named.recursing";
19 allow-query { any; };
dnssec-validation no;

[root@dns-master ~]# vim /etc/named.rfc1912.zones

zone "timinglee.org" IN {
type master;
file "timinglee.org.zone";
allow-update { none; };
};

[root@dns-master ~]# cp -p /var/named/named.localhost /var/named/timinglee.org.zone

[root@dns-master ~]# vim /var/named/timinglee.org.zone

$TTL 1D
@ IN SOA dns.timinglee.org. admin.timinglee.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.timinglee.org.
dns A 172.25.254.100
www CNAME timinglee.org.
bbs A 172.25.254.100
login A 172.25.254.200
[root@dns-master named]# systemctl restart named

测试：
[root@dns-slave ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search timinglee.org
nameserver 172.25.254.100

[root@dns-slave ~]# dig -t A bbs.timinglee.org

; <<>> DiG 9.16.23-RH <<>> -t A bbs.timinglee.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3774
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c8c505ddc7501e7801000000663a3a039d688edd2419b6bd (good)
;; QUESTION SECTION:
;bbs.timinglee.org. IN A

;; ANSWER SECTION:
bbs.timinglee.org. 86400 IN A 172.25.254.100

;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue May 07 22:26:11 CST 2024
;; MSG SIZE rcvd: 90

[root@dns-slave ~]# dig -t A login.timinglee.org

; <<>> DiG 9.16.23-RH <<>> -t A login.timinglee.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28761
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: b1eb387db0f9862401000000663a3a3b189a76020ff406c4 (good)
;; QUESTION SECTION:
;login.timinglee.org. IN A

;; ANSWER SECTION:
login.timinglee.org. 86400 IN A 172.25.254.200

;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue May 07 22:27:07 CST 2024
;; MSG SIZE rcvd: 92

b）可以为timinglee.org这个域提供邮件解析记录，邮件服务器的地址为172.25.254.10

[root@dns-master named]# vim /var/named/timinglee.org.zone
$TTL 1D
@ IN SOA dns.timinglee.org. admin.timinglee.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.timinglee.org.
dns         A 172.25.254.100
bbs        A 172.25.254.100
login        A 172.25.254.200
timinglee.org.    MX 3 172.25.254.10.

[root@dns-master named]# systemctl restart named

测试：
[root@dns-master named]# dig -t MX timinglee.org

; <<>> DiG 9.16.23-RH <<>> -t MX timinglee.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52149
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1e8575ff14e5518401000000663a406f900d7e0718862394 (good)
;; QUESTION SECTION:
;timinglee.org. IN MX

;; ANSWER SECTION:
timinglee.org. 86400 IN MX 3 172.25.254.10.

;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue May 07 22:53:35 CST 2024
;; MSG SIZE rcvd: 99

c）可以为172.25.254.0/24网段提供反向解析记录，反向解析记录为：
172.25.254.100 bbs.timinglee.org
172.25.254.200 login.timinglee.org

[root@dns-master named]# vim /etc/named.rfc1912.zones
zone "254.25.172.in-addr.arpa" IN {
type master;
file "172.25.254.ptr";
allow-update { none; };
};

[root@dns-master named]# cp -p /var/named/named.loopback /var/named/172.25.254.ptr
[root@dns-master named]# vim /var/named/172.25.254.ptr
$TTL 1D
@ IN SOA dns.timinglee.org. admin.timinglee.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.timinglee.org.
dns A 172.25.254.100
100 PTR bbs.timinglee.org
200 PTR login.timinglee.org
~
[root@dns-master named]# systemctl restart named
测试：
[root@dns-master named]# dig -x 172.25.254.100

; <<>> DiG 9.16.23-RH <<>> -x 172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22166
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 5752f4dc917e8a5701000000663a43c34a836ea81e41cb3f (good)
;; QUESTION SECTION:
;100.254.25.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
100.254.25.172.in-addr.arpa. 86400 IN PTR bbs.timinglee.org.254.25.172.in-addr.arpa.

;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue May 07 23:07:47 CST 2024
;; MSG SIZE rcvd: 139

[root@dns-master named]# dig -x 172.25.254.200

; <<>> DiG 9.16.23-RH <<>> -x 172.25.254.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26757
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 16255a8c7bf30d9801000000663a43ec30088a4230aa7069 (good)
;; QUESTION SECTION:
;200.254.25.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
200.254.25.172.in-addr.arpa. 86400 IN PTR login.timinglee.org.254.25.172.in-addr.arpa.

;; Query time: 0 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue May 07 23:08:28 CST 2024
;; MSG SIZE rcvd: 141

3.dns-slave主机是dns-master主机的辅助dns，当master主机中的数据发生变化后其内容自动发生改变

[root@dns-slave ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };

dnssec-validation no;

[root@dns-slave ~]# vim /etc/named.rfc1912.zones
zone "timinglee.org" IN {
type slave;
master {172.25.254.100;};
file "slaves/timinglee.org.zone";
};

[root@dns-master named]# vim /etc/named.rfc1912.zones

zone "timinglee.org" IN {
type master;
file "timinglee.org.zone";
allow-update { none; };
also-notify {172.25.254.200;};
};
[root@dns-master named]# vim /var/named/timinglee.org.zone
$TTL 1D
@ IN SOA dns.timinglee.org. admin.timinglee.org. (
2024050701 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.timinglee.org.
dns A 172.25.254.100
bbs A 172.25.254.100
login A 172.25.254.200
timinglee.org. MX 3 172.25.254.10.
[root@dns-master named]# systemctl restart named

测试：
[root@dns-slave ~]# dig -t A bbs.timinglee.org

; <<>> DiG 9.16.23-RH <<>> -t A bbs.timinglee.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11560
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 42d15da3e399989401000000663a46a3a509131f709d68f5 (good)
;; QUESTION SECTION:
;bbs.timinglee.org. IN A

;; ANSWER SECTION:
bbs.timinglee.org. 86400 IN A 172.25.254.100

;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue May 07 23:20:03 CST 2024
;; MSG SIZE rcvd: 90

[root@dns-slave ~]#
修改：
[root@dns-master named]# vim /var/named/timinglee.org.zone
$TTL 1D
@ IN SOA dns.timinglee.org. admin.timinglee.org. (
2024050702 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.timinglee.org.
dns A 172.25.254.100
bbs A 172.25.254.101
login A 172.25.254.200
timinglee.org. MX 3 172.25.254.10.
~
[root@dns-slave ~]# dig -t A bbs.timinglee.org

; <<>> DiG 9.16.23-RH <<>> -t A bbs.timinglee.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28685
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1de91e6e5123751001000000663a47567467b28208dc8006 (good)
;; QUESTION SECTION:
;bbs.timinglee.org. IN A

;; ANSWER SECTION:
bbs.timinglee.org. 86400 IN A 172.25.254.101

;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue May 07 23:23:02 CST 2024
;; MSG SIZE rcvd: 90

梦中北山

关注

16
点赞
踩
10

收藏

觉得还不错? 一键收藏
0
评论
Linux——DNS域名解析服务的部署及优化方案

连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4）连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4）3.dns-slave主机是dns-master主机的辅助dns，当master主机中的数据发生变化后其内容自动发生改变。b）可以为timinglee.org这个域提供邮件解析记录，邮件服务器的地址为172.25.254.10。
复制链接

扫一扫

专栏目录