一.DNS正主服务器
二.DNS正从服务器
三.DNS转发缓存服务器
四.智能DNS
五.实现Internet架构的dns解析
bind
-
yum install bind -y
-
systemctl start named
-
服务脚本和名称:/etc/rc.d/init.d/named /usr/lib/systemd/system/named.service
-
主配置文件:/etc/named.conf, /etc/named.rfc1912.zones, /etc/rndc.key
-
解析库文件:/var/named/ ZONE_NAME.ZONE
-
主配置文件语法检查:named-checkconf:
检查所有的配置文件是否错误.只检查配置文件 -
解析库文件语法检查:named-checkzone: 检查刚才的数据库文件是否配置正确
named-checkzone “magedu.com” /var/named/magedu.com.zone -
配置生效:rndc reload 或 service named reload
-
清除缓存 rndc flush
–基础配置模板
vim /var/named/magedu.com.zone
$TTL 1D --时间一天,现有存在缓存时长
@ IN SOA master master.magedu.com. admin.magedu.com( --@表示mage域 SOA类型 注意最后面有个.不然系统会自动加。admin.magedu.com 为admin@magedu.com
2019042210 ; serial --数字越大表示越新版本号,同步用
1D ; refresh -- 1天拉取一次
1H ; retry --拉取失败后一小时后重试
1W ; expire --有效时长一周,要是不能同步将导致从服务器数据失效
3H ) ; minimum --缓存不存在返回结果不存在记录缓存时长
NS master --名称服务器NS继承magedu.com
master A 192.168.36.7 --注意:本机地址 此处解析为admin.magedu.com的地址
@ MX 10 mailsrv --邮件服务器 dig -t mx magedu.com @114.114.114.114 可以找到邮件网址
mailsrv A 192.168.37.123 --邮件发送到这个ip
dbserver1 A 1.1.1.1
dbserver2 A 2.2.2.2
websrv1 A 192.168.36.6
websrv2 A 192.168.36.7
vim /etc/named.frc1912.zones
zone "magedu.com" {
type master;
file "magedu.com.zone"
};
一.DNS正主服务器
1.主备两台服务器一台服务器,一台测试
服务端安装bind
yum install -y bind
图1 注释两行安全相关信息。
2.加入这一行。
vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
- 改完后记得更改named权限
vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA master.magedu.com. admin.magedu.com (
2019042210 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.41.101
@ MX 10 mailsrv
mailsrv A 192.168.41.101
dbserver1 A 1.1.1.1
dbserver2 A 2.2.2.2
www CNAME websrv
websrv1 A 192.168.41.101
websrv2 A 192.168.41.103
4 进行检查
named-checkconf
named-checkzone magedu.com /var/named/magedu.com.zone
systemctl start named 第一次启动服务
rndc reload 不是第一次启动服务
5 客户端DNS1加主机的ip,之后service network restart
图2
6 dig dbserver1.magedu.com @192.168.41.101
dig websrv2.magedu.com @192.168.41.101
图3
7 主机 yum install -y httpd
echo welcome to magedu > /var/www/html/index.html
客户 yum install -y httpd
都需要 service network restart
图4
二.DNS正从服务器
101主 102从 103客户
1.主服务器配置
vim /etc/named.conf
图5
vim /etc/named.rfc1912.zones
图6
vim /var/named/magedu.com.zone
图7
赋予权限
图8
systemctl start named 第一次启动服务
rndc reload 不是第一次启动服务
2.从服务器配置
#先注释掉安全的那两项
vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { none;};
vim /etc/named.rfc1912.zones
zone "magedu.com" {
type slave;
masters { 192.168.41.101;}; #主服务器IP
file "slaves/magedu.com.slave";
};
systemctl start named 第一次启动服务
rndc reload 不是第一次启动服务
chown :named named.rfc1912.zones 或者 chgrp named named.rfc1912.zones
3.客户端配置
图9
dig www.magedu.com @192.168.41.101 返回结果
三.DNS转发缓存服务器
1.102服务器
vim /etc/named.conf
allow-transfer { 192.168.41.101; };
forward first;
forwarders { 192.168.41.101; };
vim /etc/named.rfc1912.zones
zone "magedu.com" {
type master;
file "magedu.com.zone";
};
vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA master admin.magedu.com. (
2019042214 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
chengdu NS chengdudns
master A 192.168.41.102
chengdudns A 192.168.41.101
slave A 192.168.41.101
websrv A 192.168.41.102
www CNAME websrv
www.shanghai A 1.1.1.1
systemctl start named 第一次启动服务
rndc reload
101服务器
vim /etc/named.conf
allow-transfer { none; };
vim /etc/named.rfc1912.zones
zone "wang.com" {
type master;
file "wang.com.zone";
};
vim /var/named/wang.com.zone
$TTL 1D
@ IN SOA master admin.wang.com. (
2019042214 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.41.101
websrv A 5.5.5.5
www CNAME websrv
赋予权限 chgrp named /var/named/wang.com.zone
systemctl start named 第一次启动服务
rndc reload 加载
103客户机
成功
图10
四.智能DNS
101 删除一些字段防止重复
vim /etc/named.conf
acl beijingnet {
192.168.41.110;
};
acl shanghainet {
192.168.41.104;
};
acl othernet {
192.168.41.105;
};
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view view_beijing {
match-clients { beijingnet; };
include "/etc/named.rfc1912.zones.bj";
};
view view_shanghai {
match-clients { shanghainet; };
include "/etc/named.rfc1912.zones.sh";
};
view view_other {
match-clients { othernet; };
include "/etc/named.rfc1912.zones";
};
include "/etc/named.root.key";
- chgrp named /var/named/magedu.com.zone.*
[root@Centos7 named]#cat /var/named/magedu.com.zone.bj
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H)
NS ns1
ns1 A 192.168.41.101
www A 194.4.3.3
[root@Centos7 named]#cat /var/named/magedu.com.zone.sh
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H)
NS ns1
ns1 A 192.168.41.101
www A 192.168.13.100
[root@Centos7 named]#cat /var/named/magedu.com.zone.other
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H)
NS ns1
ns1 A 192.168.41.101
www A 8.8.8.8
- vim /etc/named.rfc1912.zones 加入
zone "." IN {
type hint;
file "named.ca";
};
zone "magedu.com" {
type master;
file "magedu.com.zone.other";
};
rndc reload
4.
104ip去与运行命令
dig www.magedu.com @192.168.41.101
返回
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.13.100
五.实现Internet架构的dns解析
用户mysql:192.168.41.157
HTTP服务器:192.168.41.102
主DNS服务器(二级):192.168.41.103
从DNS服务器(二级):192.168.41.104
.COM顶级域服务器:192.168.41.105
根域服务器:192.168.41.106
DNS本地服务器:192.168.41.107
DNS转发服务器:192.168.41.108
准备8台服务器
1.配置httpd
------102------
[root@Centos7 ~]#yum install httpd -y
[root@Centos7 ~]#echo "welcome to magedu.com " > /var/www/html/index.html
[root@Centos7 ~]#systemctl start httpd
[root@Centos7 ~]#ss -tnl |grep 80
LISTEN 0 128 *:80 *:*
157
[root@Centos7 ~]# curl 192.168.41.102
welcome to magedu.com
2.配置主从服务器
------103------
[root@Centos7 ~]#yum -y install bind
[root@Centos7 ~]#vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { 192.168.41.104; };
[root@Centos7 ~]#vim /etc/named.rfc1912.zones
--加入下面这一行
zone "magedu.com" {
type master;
file "magedu.com.zone";
};
[root@Centos7 ~]#vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA ns1 admin (1 1H 10M 1D 1D)
NS ns1
NS ns2
ns1 A 192.168.41.103 --主DNS服务器
ns2 A 192.168.41.104 --从DNS服务器
www A 192.168.41.102 --http
[root@Centos7 ~]#chgrp named /var/named/magedu.com.zone
[root@Centos7 ~]#chmod 640 /var/named/magedu.com.zone
[root@Centos7 ~]#systemctl start named
[root@Centos7 ~]#systemctl restart named
[root@Centos7 ~]#rndc reload
server reload successful
------104------
[root@Centos7 ~]#yum install -y bind
[root@Centos7 ~]#vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { none; };
[root@Centos7 ~]#vim /etc/named.rfc1912.zones
--加入下面这一行
zone "magedu.com" {
type slave;
masters { 192.168.41.103; };
file "slaves/magedu.com.zone.slave";
};
[root@Centos7 ~]#systemctl start named
--自动生成下面文件
[root@Centos7 ~]#ll /var/named/slaves/magedu.com.zone.slave
[root@Centos7 ~]#rndc reload
server reload successful
测试157
vim ens33
DNS1=192.168.41.103
DNS2=192.168.41.104
[root@Centos7 network-scripts]# curl www.magedu.com
welcome to magedu.com
3.配置顶级域
------105------
[root@Centos7 ~]#yum install -y bind
[root@Centos7 ~]#vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
[root@Centos7 ~]#vim /etc/named.rfc1912.zones
zone "com" {
type master;
file "com.zone";
};
[root@Centos7 ~]#vim /etc/named/com.zone
$TTL 1D
@ IN SOA ns1 admin (1 1H 10M 1D 1D)
NS ns1
magedu NS ns2
magedu NS ns3
ns1 A 192.168.41.105 --本机
ns2 A 192.168.41.104 --从DNS服务器
ns3 A 192.168.41.103 --主DNS服务器
[root@Centos7 named]#systemctl restart named
[root@Centos7 named]#rndc reload
测试157
[root@Centos7 network-scripts]# dig www.magedu.com @192.168.41.105
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.41.102
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns3.com.
magedu.com. 86400 IN NS ns2.com.
;; ADDITIONAL SECTION:
ns2.com. 86400 IN A 192.168.41.104
ns3.com. 86400 IN A 192.168.41.103
4.配置根
------106------
[root@Centos7 ~]#yum install -y bind
[root@Centos7 ~]#vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
zone "." IN {
type master; --把hint改为master
file "root.zone"; --把named.ca改为root.zone
};
[root@Centos7 ~]#vim /etc/named/root.zone
$TTL 1D
@ IN SOA ns1 admin (1 1H 10M 1D 1D)
NS ns1
com NS ns2
ns1 A 192.168.41.106 --本机ip
ns2 A 192.168.41.105 --com域
[root@Centos7 ~]#chgrp named /var/named/root.zone
[root@Centos7 ~]#systemctl restart named
测试157
[root@Centos7 network-scripts]# dig www.magedu.com @192.168.41.106
5.配置cache
------107------
[root@Centos7 ~]#yum install -y bind
[root@Centos7 ~]#vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
[root@Centos7 ~]#vim /var/named/named.ca --只剩下下面那两行其余删除
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 192.168.41.106
[root@Centos7 ~]#systemctl restart named
测试157
[root@Centos7 network-scripts]# dig www.magedu.com @192.168.41.107
6配置转发
[root@Centos7 ~]#yum install -y bind
[root@Centos7 ~]#vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
forward only; #收到DNS查询请求都会转发到本地DNS去查询
forwarders { 192.168.41.108;};
[root@localhost ~]# systemctl restart named
[root@localhost ~]# rndc reload
测试157
[root@Centos7 network-scripts]# dig www.magedu.com @192.168.41.108
THE END!!!