搭建高速缓存的DNS服务器
公司为了加快员工上网时域名解析速度,打算搭建一台DNS服务器,以为本公司网段192.168.1.0/24 192.168.2.0/24 192.168.3.0/24客户端服务。
首先针对服务器做以下的配置:
-
yum install bind bind-chroot.x86_64 bind-utils.x86_64 -y #安装工具
-
rpm -ql bind #查询安装软件包时,安装的文件 找到: /usr/share/doc/bind-9.11.4/sample/etc/* 所有文件 /usr/share/doc/bind-9.11.4/sample/var/* 所有文件
-
[root@server /]# cp -rv /usr/share/doc/bind-9.11.4/sample/etc/* /var/named/chroot/etc/ [root@server /]# cp -rv /usr/share/doc/bind-9.11.4/sample/var/* /var/named/chroot/var/ #刚才找到的复制到这个专属于DNS的根目录中
-
[root@server /]# vim /var/named/chroot/etc/named.conf options { // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // "Working" directory dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt"; recursing-file "data/named.recursing"; secroots-file "data/named.secroots"; listen-on port 53 { 127.0.0.1;192.168.136.100; }; #定义了侦听的主机ip,也就是自己 listen-on-v6 port 53 { ::1; }; allow-query { 192.168.1.0/24;192.168.2.0/24;192.168.3.0/24;192.168.136.0/24; }; #添加上允许访问的主机(为了美观,我把默认的localhost去掉了) allow-query-cache { 192.168.1.0/24;192.168.2.0/24;192.168.3.0/24;192.168.136.0/24; }; #添加允许访问完成解析后,会把解析结果缓存起来,下次有相同的时候直接返回结果。cache在这里面即为缓存 recursion yes; }; zone "." IN { #根域在{}里面 type hint; #类型是根类型的区域文件 file "/var/named/named.ca"; #写入根在哪里(相对于dns的根的路径) }; include "/etc/named.rfc1912.zones"; #把这个文件包含进来,作为主配置文件的一部分 :wq #保存退出
-
[root@server /]# named-checkconf /var/named/chroot/etc/named.conf #这是作为检查DNS配置是否有错文件的语句 [root@server /]# systemctl restart named-chroot.service #重启了这个服务,经验之谈是一定要把刚才的配置文件里的一些验证什么的,去掉,目前用不到,却是组织服务重启的重要原因之一。
-
[root@server /]# netstat -aunp |grep "named" #探测之后服务器已经开始侦听了53端口了 udp 0 0 192.168.136.100:53 0.0.0.0:* 8930/named udp 0 0 127.0.0.1:53 0.0.0.0:* 8930/named udp6 0 0 ::1:53 :::* 8930/named
-
[root@server /]# firewall-cmd --add-service=dns --permanent success ##防火墙放行dns服务。
针对客户机的操作:
yum install bind-utils-9.11.4-9.P2.el7.x86_64 -y #安装解析工具 vim /etc/resolv.conf #进入DNS的配置文件,更改为服务器的ip地址 [root@kehuduan ~]# nslookup > server 192.168.136.100 Default server: 192.168.136.100 #设置默认的dns为服务器的ip Address: 192.168.136.100#53 > www.baidu.com #尝试解析百度,成功了 Server: 192.168.136.100 Address: 192.168.136.100#53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 220.181.38.150 Name: www.a.shifen.com Address: 220.181.38.149
2.搭建主、从域名服务器
实验背景:
1.公司注册了一个DNS域名: shengzhe.com
2.要求使用两台CentOS服务器构建域名系统,分别作为主、从域名服务器
3.主域名服务器地址: ns1.shengzhe.com(173.16.16.5);从域名服务器地址: ns2.shengzhe.com(173.16.16.6)
4.可以解析公司以下服务器地址:
服务器域名
IP地址
www.shengzhe.com 173.16.16.7
mail.shengzhe.com 173.16.16.8
ftp.shengzhe.com 173.16.16.9
file.shengzhe.com 173.16.16.10
web.shengzhe.com 173.16.16.7
nfs.shengzhe.com 173.16.16.10
针对主服务器:
-
将两个dns服务器的地址映射直接写到/etc/hosts文件中,并且指定两个dns服务器的地址为首选和备选dns: [root@ns1 /]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.136.100 ns1.shengzhe.com ns1 192.168.136.101 ns1.shengzhe.com ns2 [root@ns1 /]# cat /etc/resolv.conf # Generated by NetworkManager search shengzhe.com ##search的作用就是补全要访问的短域名 nameserver 192.168.136.100 nameserver 191.168.136.101
-
vim /var/named/chroot/etc/named.conf #建立同样的主配指文件: options { // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // "Working" directory dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt"; recursing-file "data/named.recursing"; secroots-file "data/named.secroots"; listen-on port 53 { 127.0.0.1;192.168.136.100; }; listen-on-v6 port 53 { ::1; }; allow-query { localhost; 192.168.1.0/24;192.168.2.0/24;192.168.136.0/24;10.2.50.0/24; }; allow-query-cache { localhost;192.168.1.0/24;192.168.2.0/24;192.168.136.0/24;10.2.50.0/24; }; recursion yes; }; zone "." IN { type hint; file "/var/named/named.ca"; }; include "/etc/named.rfc1912.zones"; zone "shengzhe.com" IN { type master; file "shengzhe.come.zone"; allow-transfer {192.168.136.101;}; }; zone "136.168.192.com.zone" IN { type master; file "192.168.136.arpa"; allow-transfer {192.168.136.101;}; };
-
建立正向数据文件: [root@ns1 named]# cp -p /var/named/named.localhost /var/named/chroot/var/named/shengzhe.com.zone $TTL 1D @ IN SOA shengzhe.com. admin.shengzhe.com. ( 2019110401 ; serial 1M ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns1.shengzhe.com. IN NS ns2.shengzhe.com. MX 10 mail.shengzhe.com. www IN A 192.168.136.10 mail IN A 192.168.136.20 study IN A 192.168.136.30 ns1 IN A 192.168.136.100 ns2 IN A 192.168.136.101 named-checkzone shengzhe.com /var/named/chroot/var/named/shengzhe.com.zone ok
-
建立反向数据文件: [root@ns1 named]# pwd /var/named/chroot/var/named [root@ns1 named]# cp shengzhe.com.zone 192.168.136.arpa vim 192.168.136.arpa.zone $TTL 1D @ IN SOA shengzhe.com. admin.shengzhe.com. ( 2019110401 ; serial 1M ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns1.shengzhe.com. IN NS ns2.shengzhe.com. MX 10 mail.shengzhe.com. 10 IN PTR www.shengzhe.com. 20 IN PTR mail.shengzhe.com. 30 IN PTR study.shengzhe.com. ns1 IN PTR ns1.shengzhe.com. ns2 IN PTR ns2.shengzhe.com. [root@ns1 named]# named-checkzone 136.168.192.in-addr.arpa 192.168.136.arpa.zone zone 136.168.192.in-addr.arpa/IN: loaded serial 2019110401 OK
-
重启dns服务
-
> 192.168.136.10 服务器: [192.168.136.100] Address: 192.168.136.100 名称: www.shengzhe.com Address: 192.168.136.10
针对从服务器:
-
[root@ns2 ~]# yum install bind bind-chroot bind-utils -y [root@ns2 ~]# systemctl start named-chroot
-
建立主配置文件: options { listen-on port 53 { 127.0.0.1;192.168.136.101; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; }; recursion yes; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "shengzhe.com" IN { type slave; file "slaves/shengzhe.com.zone"; masters { 192.168.136.100; }; }; zone "136.168.192.in-addr.arpa" IN { type slave; file "slaves/192.168.154.arpa.zone"; masters { 192.168.136.100; }; };
-
[root@ns2 chroot]# systemctl restart named-chroot
-
firewall-cmd --add-service=dns --permanent firewall-cmd --reload 放行端口。ok实验完成