1. 程式人生 > >DNS服務子域委派,授權解析,負載均衡等功能原理解析實驗(歡迎各位朋友蒞臨指教、討論)

DNS服務子域委派,授權解析,負載均衡等功能原理解析實驗(歡迎各位朋友蒞臨指教、討論)

子域委派授權負載均衡


一、DNS服務器簡易架構圖

技術分享圖片


二、實驗操作步驟


~~~~~~~~~~~~~~~~1、設置客戶端域名解析,使之指向緩存服務器~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


[root@DNS131 ~]# cat /etc/resolv.conf

; generated by /usr/sbin/dhclient-script
search localdomain

nameserver 172.168.3.133


~~~~~~~~~~~~~~~~2、修改緩存服務器主配置文件的內容,使之實現轉發功能~~~~~~~~~~~~~~~~~~~~~~~~~~~~


[root@DNS133 ~]# cat /etc/named.conf

options
{
directory "/var/named"; //"Working" directory
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
listen-on port 53 { 172.168.3.133; };
allow-query { any; };

recursion yes;
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
forward only;
forwarders { 172.168.3.134; };

};

logging
{
channel default_debug {
file "data/named.run";

severity dynamic;
};
};



~~~~~~~~~~~~~~~~3、修改根域服務器主配置文件,並授權com/net子域~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


(1)、修改主配置文件,創建區域配置文件

[root@DNS134 named]# cat /etc/named.conf

options
{
directory "/var/named"; //"Working" directory
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
listen-on port 53 { 172.168.3.134; };
allow-query { any; };

recursion yes;
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
};

logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};


zone "." IN {
type master;
file "root.zone";
};


(2)創建區域配置文件,並授權com/net域


[root@DNS134 named]# cat root.zone

$TTL 300
@ IN SOA root.zone.com treey.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum


@ IN NS root.gz.com.
root.gz.com IN A 172.168.3.134

com. IN NS DNS129.gz.com. ###授權子域過程
DNS129.gz.com. IN A 172.168.3.129

net. IN NS DNS129.gz.com.
DNS129.gz.com. IN A 172.168.3.129


~~~~~~~~~~~~~~~~4、修改com/net域服務器主配置文件,並授權企業DNS服務器子域~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


(1)、修改主配置文件,創建區域配置文件

[root@DNS129 named]# cat /etc/named.conf

options
{
directory "/var/named"; //"Working" directory
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
listen-on port 53 { 172.168.3.129; };
allow-query { any; };

recursion yes;
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
};

logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};


zone "com." IN {
type master;
file "com.zone";
};

zone "net." IN {
type master;
file "net.zone";


(2)創建區域配置文件,並授權子域


$TTL 1D

@ IN SOA jh jh.qq.com (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum


@ IN NS DNS129.gz.com.
DNS129.gz.com. IN A 172.168.3.129

myclass.com. IN NS DNS128.gz.com. ###授權子域
DNS128.gz.com. IN A 172.168.3.128

game.com. IN NS DNS128.gz.com.
DNS128.gz.com IN A 172.168.3.128


~~~~~~~~~~~~~~~~5、修改企業DNS服務器主配置文件,並在區域配置文件中解析子域IP~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


(1)、添加本服務器需解析的域名段

[root@DNS128 named]# cat /etc/named.conf

options
{
directory "/var/named"; //"Working" directory
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
listen-on port 53 { 172.168.3.128; };
allow-query { any; };

recursion no;
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
};

logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};


zone "myclass.com" IN {
type master;
file "myclass.com.zone";
};

zone "game.com" IN {
type master;
file "game.com.zone";
};
zone "myclass.net" IN {
type master;
file "myclass.net.zone";
};

zone "game.net" IN {
type master;
file "game.net.zone";


(2)、解析com域中的game.com域

[root@DNS128 named]# cat game.com.zone

$TTL 1D
@ IN SOA DNS128.gz.com. class.gz.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum


@ IN NS DNS128.gz.com.
DNS128 IN A 172.168.3.128
www IN A 192.168.30.10 ###域名解析至端,並且實現負載均衡
www IN A 192.168.30.9
www IN A 192.168.30.8


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


以上內容若有瑕疵或者錯誤,望各位朋友不吝指教,大家互相學習,討論!謝謝~~~~~~!


















DNS服務子域委派,授權解析,負載均衡等功能原理解析實驗(歡迎各位朋友蒞臨指教、討論)