实现 Internet DNS 架构
架构图
实验环境
关闭SELinux、Firewalld。时间保持一致
| 主机名 | IP | 角色 |
| client | 192.168.28.146 | DNS客户端,DNS地址为192.168.28.145 |
| localdns | 192.168.28.145 | 本地DNS服务器(只缓存) |
| forward | 192.168.28.144 | 转发目标DNS服务器 |
| rootdns | 192.168.28.141 | 根DNS服务器 |
| comdns | 192.168.28.143 | com域DNS服务器 |
| master | 192.168.28.158 | wenzi.com域的主DNS服务器 |
| slave | 192.168.28.156 | wenzi.com域的从DNS服务器 |
| web | 192.168.28.159 | www.wenzi.com的web服务器 |
一、配置设备网络
将DNS客户端的dns指向本地DNS服务器(只缓存)
[root@client ~]# nmcli con mod "System ens33" ipv4.address 192.168.28.146/24 ipv4.method manual ipv4.gateway 192.168.28.2 ipv4.dns 192.168.28.145
[root@client ~]# nmcli con reload
[root@client ~]# nmcli con up "System ens33"
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@client ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.28.145二、实现web服务
[root@web ~]# yum -y install httpd && systemctl enable --now httpd && echo 'This is www.wenzi.com' > /var/www/html/index.html三、实现wenzi.com域的主DNS服务器
修改配置文件
[root@master ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; 监听端口范围
...
allow-query { localhost; 192.168.28.0/24; }; 允许查询范围
allow-transfer { 192.168.28.156; }; 允许区域传输范围,即从DNS
...
定义 wenzi.com 区域
[root@master ~]# vim /etc/named.rfc1912.zones
zone "wenzi.com" IN {
type master;
file "wenzi.com.zone";
};
...编译wenzi.com.zone文件
[root@master ~]# cd /var/named/
[root@master named]# ll
total 16
drwxrwx--- 2 named named 23 Oct 17 21:43 data
drwxrwx--- 2 named named 60 Oct 17 21:52 dynamic
-rw-r----- 1 root named 2253 Aug 25 2021 named.ca
-rw-r----- 1 root named 152 Aug 25 2021 named.empty
-rw-r----- 1 root named 152 Aug 25 2021 named.localhost
-rw-r----- 1 root named 168 Aug 25 2021 named.loopback
drwxrwx--- 2 named named 6 Aug 25 2021 slaves
[root@master named]# cp -a named.localhost wenzi.com.zone
[root@master named]# vim wenzi.com.zone
$TTL 1D
@ IN SOA master admin.wenzi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.wenzi.com.
@ IN NS slave.wenzi.com.
master IN A 192.168.28.158
slave IN A 192.168.28.156
www IN A 192.168.28.159检查语法,重启服务
[root@master named]# named-checkconf
[root@master named]# named-checkzone wenzi.com wenzi.com.zone
zone wenzi.com/IN: loaded serial 0
OK
[root@master named]# rndc reload
server reload successful
四、实现wenzi.com域的从DNS服务器
修改配置
[root@slave ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
...
allow-query { localhost; 192.168.28.0/24; };
allow-transfer { none; }; 禁止其它设备进行区域传输
...
定义区域
[root@slave ~]# vim /etc/named.rfc1912.zones
zone "wenzi.com" {
type slave;
masters { 192.168.28.158; };
file "slaves/wenzi.com.zone.slave";
};
...校验语法,并重启服务,发现区域文件已同步
[root@slave ~]# named-checkconf
[root@slave ~]# rndc reload
server reload successful
[root@slave ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 310 Oct 17 22:31 wenzi.com.zone.slave五、实现com域的主DNS服务器
修改配置
[root@comdns ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
...
allow-query { localhost; 192.168.28.0/24; };
...定义 com 区域
[root@comdns ~]# vim /etc/named.rfc1912.zones
zone "com" {
type master;
file "com.zone";
};
编写 com.zone 文件
[root@comdns ~]# cd /var/named/
[root@comdns named]# cp -a named.localhost com.zone
$TTL 1D
@ IN SOA master admin.wenzi.com.. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master
wenzi IN NS dnservermaster wenzi.com.的主DNS服务器
wenzi IN NS dnserverslave wenzi.com.的从DNS服务器
master IN A 192.168.28.143
dnservermaster IN A 192.168.28.158 主DNS服务器映射地址
dnserverslave IN A 192.168.28.156 从DNS服务器映射地址
校验语法,并重启服务
[root@comdns named]# named-checkconf
[root@comdns named]# named-checkzone com com.zone
zone com/IN: loaded serial 0
OK
[root@comdns named]# rndc reload
server reload successful六、实现根域的主DNS服务器
修改配置
[root@rootdns ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
...
allow-query { localhost; 192.168.28.0/24; };
...定义区域
[root@rootdns ~]# vim /etc/named.rfc1912.zones
zone "." IN {
type master;
file "root.zone";
};
编写区域文件
[root@rootdns named]# cp -a named.localhost root.zone
[root@rootdns named]# vim root.zone
$TTL 1D
@ IN SOA master admin.wenzi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master
com IN NS comdns
master IN A 192.168.28.141
comdns IN A 192.168.28.143校验语法,重启服务
[root@rootdns named]# named-checkconf
[root@rootdns named]# named-checkzone . root.zone
zone ./IN: loaded serial 0
OK
[root@rootdns named]# rndc reload
server reload successful七、实现转发目标的DNS服务器
修改配置
[root@forward ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
...
allow-query { localhost; 192.168.28.0/24; };
...
修改bind软件自带的根DNS服务器,实现将请求转发给自建DNS根服务器,而不是直接去互联网查找
[root@forward ~]# vim /var/named/named.ca
...
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 518400 IN A 192.168.28.141
...校验语法,重启服务
[root@forward ~]# named-checkconf
[root@forward ~]# rndc reload
server reload successful八、实现本地只缓存DNS服务器
修改配置
options {
listen-on port 53 { any; };
...
allow-query { localhost; 192.168.28.0/24; };
forward only;
forwarders { 192.168.28.144; };
...
recursion yes; 启动dns递归查询
dnssec-enable no; 不启用DNS安全拓展,通常关闭
dnssec-validation no; 不验证dnssec数据有效性,通常关闭
...
检查语法,重启服务
[root@localdns ~]# named-checkconf
[root@localdns ~]# rndc reload
server reload successful九、客户端测试
[root@client ~]# host www.wenzi.com
www.wenzi.com has address 192.168.28.159
[root@client ~]# dig www.wenzi.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.14 <<>> www.wenzi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15173
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wenzi.com. IN A
;; ANSWER SECTION:
www.wenzi.com. 85706 IN A 192.168.28.159
;; AUTHORITY SECTION:
wenzi.com. 85706 IN NS dnservermaster.com.
wenzi.com. 85706 IN NS dnserverslave.com.
;; ADDITIONAL SECTION:
dnserverslave.com. 85706 IN A 192.168.28.156
dnservermaster.com. 85706 IN A 192.168.28.158
;; Query time: 0 msec
;; SERVER: 192.168.28.145#53(192.168.28.145)
;; WHEN: Tue Oct 17 23:48:33 CST 2023
;; MSG SIZE rcvd: 147
[root@client ~]# curl www.wenzi.com
This is www.wenzi.com
591
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
