目录
三、基本实验-DNS缓存服务器:基于主从DNS的实验环境来继续做
参考:https://www.bilibili.com/video/BV1V4411J76i?p=35
不经提示,所有机器均在VMware上使用CentOS 7完成。
一,基本实验:DNS服务搭建
环境准备:
DNS server(192.168.137.133):
/etc/named.conf 主配置文件
/etc/named.rfc1912.zones 区域配置文件
/var/named/*.localhost 数据文件
/var/named/*.loopback 数据文件
Web server:httpd(192.168.137.134):
/var/www/html/index.html
Client(192.168.137.131):在网卡上填写DNS地址
实验过程
先关闭服务器和客户机上的防火墙和SELinux,然后执行步骤如下。
1)安装apache
Web server:(192.168.137.134):
yum install httpd -y
我之前已经安装:
[root@c7node4 ~]$rpm -q httpd
httpd-2.4.6-93.el7.centos.x86_64
DNS server(192.168.137.133):
yum install bind -y
2)apache页面编辑 & 启动
Web server:(192.168.137.134):
vim /var/www/html/index.html
<h1>welcome to wt.wang's web!</h1>
systemctl start httpd
测试apache页面启动成功否如下:
Client(192.168.137.131):
elinks 192.168.137.134 # 成功访问
curl 192.168.137.134 # 成功读到index.html内容
3)配置文件
DNS server(192.168.137.133):
主配置文件修改如下:
vim /etc/named.conf
listen-on port 53 { any; }; # 监听本机的哪一个网卡,修改成any,监听本机的所有网卡,实>
际上一般设置只监听内网的;
listen-on-v6 port 53 { any; }; # 监听本机的哪一个网卡,修改成any。
allow-query { any; }; # 监听来自哪里的客户端,修改成any。
区域配置文件(正反向解析标签)内容如下:
vim /etc/named.rfc1912.zones # 区域配置文件:包含正向和反向的解析标签记录
zone "wt-centos7.com" IN {
type master;
file "wt-centos7.localhost";
allow-update { none; };
};
zone "137.168.192.in-addr.arpa" IN {
type master;
file "wt-centos7.loopback";
allow-update { none; };
};
数据文件编辑如下:
cd /var/named/
cp -a named.localhost named.localhost.bak
cp -a named.loopback named.loopback.bak
mv named.localhost wt-centos7.localhost
mv named.loopback wt-centos7.loopback
vim wt-centos7.localhost
$TTL 1D
@ IN SOA wt-centos7.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.wt-centos7.com.
dns A 192.168.137.133
www A 192.168.137.134
vim wt-centos7.loopback
$TTL 1D
@ IN SOA wt-centos7.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.wt-centos7.com.
133 PTR dns.wt-centos7.com.
134 PTR www.wt-centos7.com.
启动DNS服务
systemctl start named # [53端口开启]
netstat -tlun | grep 53
tcp 0 0 192.168.111.13:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.137.133:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
udp 0 0 192.168.111.13:53 0.0.0.0:*
udp 0 0 192.168.137.133:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp6 0 0 :::53 :::*
4)客户端测试
Client(192.168.137.131)
[root@c7node1 ~]vim /etc/sysconfig/network-scripts/ifcfg-ens33
# 添加内容
DNS1=192.168.137.133
DNS2=192.168.137.134
[root@c7node1 ~]vim /etc/sysconfig/network-scripts/ifcfg-ens37 # 同ifcfg-ens33修改
[root@c7node1 ~]systemctl restart network
[root@c7node1 ~]$elinks www.wt-centos7.com # 正确访问
[root@c7node1 ~]$nslookup www.wt-centos7.com
Server: 192.168.137.133
Address: 192.168.137.133#53
Name: www.wt-centos7.com
Address: 192.168.137.134
[root@c7node1 ~]$curl www.wt-centos7.com
<h1>welcome to wt.wang's web!</h1>
[root@c7node1 ~]$nslookup 192.168.137.134
134.137.168.192.in-addr.arpa name = www.wt-centos7.com.
[root@c7node1 ~]$nslookup 192.168.137.133
133.137.168.192.in-addr.arpa name = dns.wt-centos7.com.
二、基本实验-主从DNS服务搭建
实验预知
实验目的:减轻主服务器的压力
实验准备:一台主服务器、一台从服务器、一台Web服务器、一台测试机。
Master DNS server(192.168.137.133)
/etc/named.conf 主配置文件
/etc/named.rfc1912.zones 区域配置文件
/var/named/*.localhost 数据文件
/var/named/*.loopback 数据文件
Slave server(192.168.137.132)
/etc/named.conf 主配置文件
/etc/named.rfc1912.zones 区域配置文件
/var/named/*.localhost 数据文件
/var/named/*.loopback 数据文件
Web server:httpd(192.168.137.134):
/var/www/html/index.html
Client(192.168.137.131):在网卡上填写从DNS地址
实验步骤
先关闭服务器和客户机上的防火墙和SELinux
1)软件安装
Web server:httpd(192.168.137.134)
yum install httpd -y # 已安装可略过
[root@c7node4 ~]$rpm -q httpd
httpd-2.4.6-93.el7.centos.x86_64
Master DNS server(192.168.137.133)
yum install bind -y
[root@c7node3 named]$rpm -q bind
bind-9.11.4-16.P2.el7.x86_64
Slave server(192.168.137.132)
yum install bind -y
[root@c7node2 ~]$rpm -q bind
bind-9.11.4-16.P2.el7.x86_64
2)apache页面编辑 & 启动
Web server:(192.168.137.134):
vim /var/www/html/index.html
内容:
master-slave.com
systemctl start httpd
测试apache页面启动成功否如下:
Client(192.168.137.131):
elinks 192.168.137.134 # 成功访问
curl 192.168.137.134 # 成功读到index.html内容
3)主配置文件
Master DNS server(192.168.137.133):
步骤类似"基本实验-DNS服务搭建-实验步骤"的3步骤。
a,安装bind软件
b,主配置文件【/etc/named.conf】的修改
listen-on port 53 { 192.168.137.133; }; # 监听本机的哪一个网卡。
listen-on-v6 port 53 { ::1; }; # 不修改。
....
allow-query { any; }; # 必须是any
c,区域配置文件【/etc/named.rfc1912.zones】的修改
内容如下:
zone "wt-centos7.com" IN {
type master;
file "wt-centos7.localhost";
allow-update { 192.168.137.132; };
};
d,配置数据文件
cd /var/named/
正向数据文件
vim wt-centos7.localhost
内容如下:
$TTL 1D
@ IN SOA wt-centos7.com. rname.invalid. (
20200805 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.wt-centos7.com.
dns A 192.168.137.133
www A 192.168.137.134
反向数据文件(可选做)
e,启动named服务
systemctl start named
注意:主DNS的区域配置文件中的allow-update参数添加从服务器的IP地址【即,两个正反向文件都由none改为192.168.137.132】。
5)从配置文件
Slave server(192.168.137.132)
a,安装bind软件
b,主配置文件/etc/named.conf的修改
修改部分内容如下:
listen-on port 53 { 192.168.137.132; }; # 监听本机的哪一个网卡。
listen-on-v6 port 53 { ::1; }; # 不修改。
....
allow-query { any; }; # 必须是any
c,区域配置文件/etc/named.rfc1912.zones的修改(稍微不同)
内容如下:
zone "wt-centos7.com" IN {
type slave;
masters { 192.168.137.133; }; # 主DNS server地址,大括号两侧留有空格
file "slaves/wt-centos7.localhost";
// allow-update { none; };
};
注意:是因为/etc/named.conf 中directory "/var/named";,所以才可以写slaves/的相对路径,即该路径的全路径是:/var/named/slaves/wt-centos7.localhost,该文件不需要自己创建,会自动生成。
注意:必须注释掉allow-update行,否则会报错:/etc/named.rfc1912.zones:17: option 'allow-update' is not allowed in 'slave' zone 'wt-centos7.com'
d,启动named服务
systemctl start named
e,启动后查看
[root@c7node2 ~]$ls /var/named/slaves
wt-centos7.localhost
注,cat查看发现内容基本不可读。
而按推测应该有如下内容。
@ORIGIN
$TTL 86400 ; 1 day
wt-centos7.com IN SOA wt-centos7.com. rname.invalid. (
20200805 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
NS dns.wt-centos7.com.
@ORIGIN wt-centos7.com.
dns A 192.168.137.133
www A 192.168.137.134
6)客户端测试
Client(192.168.137.131)
[root@c7node1 ~]vim /etc/sysconfig/network-scripts/ifcfg-ens33
# 添加
DNS1=192.168.137.132
[root@c7node1 ~]vim /etc/sysconfig/network-scripts/ifcfg-ens37 # 同ifcfg-ens33修改
[root@c7node1 ~]systemctl restart network
[root@c7node1 ~]$curl www.wt-centos7.com
master-slave.com
[root@c7node1 ~]$elinks www.wt-centos7.com # 正确访问
[root@c7node1 network-scripts]$nslookup www.wt-centos7.com
Server: 192.168.137.132
Address: 192.168.137.132#53
Name: www.wt-centos7.com
Address: 192.168.137.134
测试:主服务器停止,客户机是否可以正确访问?==可以。因为相对独立。
Master DNS server(192.168.137.133)
systemctl stop named
Client(192.168.137.131)
[root@c7node1 network-scripts]$curl www.wt-centos7.com
master-slave.com
[root@c7node1 network-scripts]$nslookup www.wt-centos7.com
Server: 192.168.137.132
Address: 192.168.137.132#53
Name: www.wt-centos7.com
Address: 192.168.137.134
三、基本实验-DNS缓存服务器:基于主从DNS的实验环境来继续做
实验预知
实验目的:加快解析速度,提高工作效率
实验软件:dnsmasq
配置文件:
/etc/dnsmasq.conf
domain=域名 # 需要解析的域名
server=ip # 主DNS服务器IP
cache-size=15000 # 声明缓存条数
重启服务:systemctl restart dnsmasq
实验环境:
Master DNS server(192.168.137.133)
DNS cache(192.168.137.132):作为DNS缓存服务器,原先是作为Slave server。
Web server:httpd(192.168.137.134):/var/www/html/index.html
Client(192.168.137.131):在网卡上填写从DNS地址
实验步骤:
先关闭服务器和客户机上的防火墙和SELinux
1)启停DNS
Master DNS server(192.168.137.133)
systemctl start named
DNS cache(192.168.137.132)
systemctl stop named
2)安装软件 & 配置 & 启动服务
DNS cache(192.168.137.132)
yum install dnsmasq -y
[root@c7node2 ~]$rpm -q dnsmasq
dnsmasq-2.76-10.el7_7.1.x86_64
[root@c7node2 ~]$vim /etc/dnsmasq.conf
需要修改的内容:
domain=wt-centos7.com
server=192.168.137.133
cache-size=150
[root@c7node2 ~]$systemctl start dnsmasq
3)客户端测试
Client(192.168.137.131)
[root@c7node1 ~]vim /etc/sysconfig/network-scripts/ifcfg-ens33
# 添加
DNS1=192.168.137.132
[root@c7node1 ~]vim /etc/sysconfig/network-scripts/ifcfg-ens37 # 同ifcfg-ens33修改
[root@c7node1 ~]systemctl restart network
[root@c7node1 network-scripts]$nslookup www.wt-centos7.com # 可以正确解析到
Server: 192.168.137.132
Address: 192.168.137.132#53
Name: www.wt-centos7.com
Address: 192.168.137.134
[root@c7node1 ~]$nslookup dns.wt-centos7.com
Server: 192.168.137.132
Address: 192.168.137.132#53
Name: dns.wt-centos7.com
Address: 192.168.137.133
测试:主服务器停止,客户机是否可以正确解析到?
Master DNS server(192.168.137.133)
systemctl stop named
Client(192.168.137.131)
[root@c7node1 ~]$nslookup www.wt-centos7.com # 注意不同之处,Non-authoritative answer字样
Server: 192.168.137.132
Address: 192.168.137.132#53
Non-authoritative answer:
Name: www.wt-centos7.com
Address: 192.168.137.134
[root@c7node1 ~]$nslookup dns.wt-centos7.com # 注意不同之处,Non-authoritative answer字样
Server: 192.168.137.132
Address: 192.168.137.132#53
Non-authoritative answer:
Name: dns.wt-centos7.com
Address: 192.168.137.133
四、基本实验-智能DNS(分离解析)
实验预知
实验原理:DNS分离解析即将相同域名解析为不同的IP地址。一些网站为了让用户有更好的体验效果解析速度更快,就把来自不同运营商的用户解析到相应的服务器,这样就大大提升了访问速度。
实验环境:
一台内网测试机(单网卡)lan client:
192.168.137.132--vmnet1仅主机模式
为了和外网通信,网关gateway和DNS1均设置为192.168.137.133
一台外网测试机(单网卡)wlan client:
网卡替换,vmnet1替换成vmnet10。
外网:100.100.100.131--vmnet10仅主机模式
网关gateway和DNS1均设置为100.100.100.133
一台网关+DNS(双网卡)Master DNS server:
内网:(192.168.137.133)---仅主机模式
外网:100.100.100.133--vmnet10仅主机模式
一台web服务器(双网卡)Web server:
内网:192.168.137.134---仅主机模式,ens33不设置DNS和网关。
外网:100.100.100.134--vmnet10仅主机模式,ens37不设置DNS和网关。
实验步骤
先关闭服务器和客户机上的防火墙和SELinux(getenforce查看SELinux,systemctl status firewalld查看防火墙)
1)设置环境(网卡设置、软件安装、网页编辑&测试)
分别修改四台机器的IP地址文件:
内网测试机(192.168.137.132):gateway和DNS1均设置为192.168.137.133
外网测试机(100.100.100.131):gateway和DNS1均设置为100.100.100.133
DNS server 内网:(192.168.137.133):ens33不设置DNS和网关。
DNS server 外网:(100.100.100.133):ens37不设置DNS和网关。
Web server 内网:(192.168.137.134):ens33不设置DNS和网关。
Web server 外网:(100.100.100.134):ens37不设置DNS和网关。
上述改完后都需要重启网卡:systemctl restart network
Web server需要:yum install httpd -y
DNS server需要:yum install bind -y
编辑web网页:
Web server 内网:(192.168.137.134):
cd /var/www/html
[root@c7node4 html]$vim index.html
www.fljx.com
测试:
外网测试机(100.100.100.131)
[root@c7node1 network-scripts]$curl 100.100.100.134
www.fljx.com
内网测试机(192.168.137.132)
[root@c7node2 network-scripts]$curl 192.168.137.134
www.fljx.com
2)内核配置文件:开启路由转发
DNS server 内网:(192.168.137.133)
在 /etc/sysctl.conf 或 /usr/lib/sysctl.d/50-default.conf 添加如下内容(我添加在/etc/sysctl.conf):
net.ipv4.ip_forward=1
[root@c7node3 ~]$sysctl -p // 刷新配置
net.ipv4.ip_forward = 1
3)修改主配置文件、区域配置文件、数据文件、启动服务
DNS server 内网:(192.168.137.133)
主配置文件
vim /etc/named.conf
# 修改部分如下
listen-on port 53 { any; }; # 监听本机的哪一个网卡
listen-on-v6 port 53 { ::1; };
directory "/var/named";
...
allow-query { any; };
...
view lan {
match-clients { 192.168.137.0/24; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/lan.zones";
};
view wan {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/wan.zones";
};
# include "/etc/named.rfc1912.zones"; # 注释该行,用添加的view分别生成两个配置文件
区域配置文件,含内网配置和外网配置:/etc/lan.zones 和 /etc/wan.zones。
cp -a /etc/named.rfc1912.zones /etc/lan.zones
vim /etc/lan.zones
zone "wt-centos7.com" IN {
type master;
file "lan.localhost";
allow-update { none; };
};
cp -a /etc/lan.zones /etc/wan.zones
vim /etc/wan.zones
zone "wt-centos7.com" IN {
type master;
file "wan.localhost";
allow-update { none; };
};
数据文件
cd /var/named
cp -a wt-centos7.localhost lan.localhost
vim lan.localhost
# 内容如下
$TTL 1D
@ IN SOA wt-centos7.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.wt-centos7.com.
dns A 192.168.137.133
www A 192.168.137.134
cp -a lan.localhost wan.localhost
# 内容如下
$TTL 1D
@ IN SOA wt-centos7.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.wt-centos7.com.
dns A 100.100.100.133
www A 100.100.100.134
启动服务成功
systemctl start named
4)测试
内网测试机(192.168.137.132):
[root@c7node2 network-scripts]$curl www.wt-centos7.com
www.fljx.com
[root@c7node2 network-scripts]$nslookup www.wt-centos7.com
Server: 192.168.137.133
Address: 192.168.137.133#53
Name: www.wt-centos7.com
Address: 192.168.137.134
外网测试机(100.100.100.131):
[root@c7node1 network-scripts]$curl www.wt-centos7.com
www.fljx.com
[root@c7node1 network-scripts]$nslookup www.wt-centos7.com
Server: 100.100.100.133
Address: 100.100.100.133#53
Name: www.wt-centos7.com
Address: 100.100.100.134
参考:https://www.bilibili.com/video/BV1V4411J76i?p=35