DNS互聯網架構的實現
阿新 • • 發佈:2019-04-23
name rfc 主機ip 讓其 listen dns 防火 關閉 war DNS互聯網架構的實現
目標
??客戶端訪問www.magedu.com時,本地DNS服務器向根DNS服務器轉發,com域實現主從域的搭建。
架構圖
| 主機IP | 作用 | 版本 |
|---|---|---|
| 192.168.36.6 | 客戶端 | centos7 |
| 192.168.36.7 | DNS服務器 | centos6 |
| 192.168.36.17 | 根域 | centos6 |
| 192.168.36.27 | com域 | centos6 |
| 192.168.36.37 | 主dns服務器 | centos6 |
| 192.168.36.47 | 備用dns服務器 | centos6 |
| 192.168.36.67 | www服務器 | centos6 |
基本環境搭建
- 每個主機清空防火墻規則、關閉防火墻、關閉selinux
[[email protected] ~]# iptables -F [[email protected] ~]# setenforce 0 # 此為臨時關閉,若想永久關閉還需要更改配置文件/etc/selinux/conf [[email protected] ~]# service iptables stop iptables:將鏈設置為政策 ACCEPT:filter [確定] iptables:清除防火墻規則: [確定] iptables:正在卸載模塊: [確定]
- 客戶端dns指定為DNS服務器的IP
[[email protected] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.36.6 NETMASK=255.255.255.0 DNS1=192.168.36.7 NAME="System eth0" [[email protected] ~]# cat /etc/resolv.conf # Generated by NetworkManager search magedu36.com nameserver 192.168.36.7
服務搭建
www服務器上搭建WEB服務
- 安裝httpd軟件包
[[email protected] ~]#yum install -y httpd- 搭建WEB頁面
[[email protected] ~]#echo "<h1>www.magedu.com</h1>" >> /var/www/html/index.html3.啟動服務並設置開機啟動
[[email protected] ~]#systemctl restart httpd
[[email protected] ~]#systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.- curl測試WEB網頁
[[email protected] ~]#curl 192.168.36.67
<h1>www.magedu.com</h1>DNS主服務器配置
- 安裝bind軟件包
[[email protected] ~]# yum install -y bind- 編輯配置文件
註釋ipv監聽端口、訪問控制列表
[[email protected] ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {192.168.36.47;}; # 僅允許192.168.36.47主機獲取該主機所有域的數據[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN { # 解析magedu.com
type master; # 主
file "magedu.com.zone"; # 自定義的域名到IP的正向解析的配置文件
};[[email protected] ~]# cd /var/named/
[[email protected] named]# cp -p named.localhost magedu.com.zone
[[email protected] named]# vim magedu.com.zon
$TTL 1D
@ IN SOA master admin.magedu.com. (
0 ; serial # 數據庫序列號/版本號
1D ; refresh # 主從服務器時間間隔
1H ; retry # 同步間隔
1W ; expire # 未同步過期時間
3H ) ; minimum # 不存在記錄,默認緩存時間
NS master
NS slave
master A 192.168.36.37 # 域名指定IP
slave A 192.168.36.47
www A 192.168.36.67- 啟動服務並設置開機啟動
[[email protected] named]# service named restart
停止 named: [確定]
Generating /etc/rndc.key: [確定]
啟動 named: [確定]
[[email protected] named]# chkconfig named on
[[email protected] named]# chkconfig named --list
named 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉- dig測試
[[email protected] named]# dig www.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15433
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS slave.magedu.com.
magedu.com. 86400 IN NS master.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.36.37
slave.magedu.com. 86400 IN A 192.168.36.47
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 23 17:47:26 2019
;; MSG SIZE rcvd: 121DNS備用服務器配置
- 安裝bind軟件包
[[email protected] ~]# yum install -y bind- 編輯配置文件
註釋ipv監聽端口、訪問控制列表
[[email protected] ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {none;}; # 不允許任何主機獲取該主機所有域的數據[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters { 192.168.36.37; };
file "slaves/magedu.com.slave";
};- 啟動服務並設置開機啟動
[[email protected] named]# service named restart
停止 named: [確定]
Generating /etc/rndc.key: [確定]
啟動 named: [確定]
[[email protected] named]# chkconfig named on
[[email protected] named]# chkconfig named --list
named 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉- 檢查是否從主服務器上獲取數據庫文件
[[email protected] ~]# ll /var/named/slaves/
總用量 4
-rw-r--r--. 1 named named 387 4月 23 18:56 magedu.com.slave- dig測試
[[email protected] ~]# dig www.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6099
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS master.magedu.com.
magedu.com. 86400 IN NS slave.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.36.37
slave.magedu.com. 86400 IN A 192.168.36.47
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 23 20:02:31 2019
;; MSG SIZE rcvd: 121com域配置
- 安裝bind軟件包
[[email protected] ~]# yum install -y bind- 編輯配置文件
註釋ipv監聽端口、訪問控制列表
[[email protected] ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "com" IN {
type master;
file "come.zone";
};[[email protected] ~]# cd /var/named/
[[email protected] named]# cp -p named.localhost come.zone
[[email protected] named]# vim come.zone
$TTL 1D
@ IN SOA com admin.magedu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS com
magedu NS masterns
magedu NS slavens
com A 192.168.36.27
masterns A 192.168.36.37
slavens A 192.168.36.47- 啟動服務並設置開機啟動
[[email protected] named]# service named restart
停止 named: [確定]
Generating /etc/rndc.key: [確定]
啟動 named: [確定]
[[email protected] named]# chkconfig named on
[[email protected] named]# chkconfig named --list
named 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉- dig測試
[[email protected] named]# dig www.magedu.com @192.168.36.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.36.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64848
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS slave.magedu.com.
magedu.com. 86400 IN NS master.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.36.37
slave.magedu.com. 86400 IN A 192.168.36.47
;; Query time: 0 msec
;; SERVER: 192.168.36.37#53(192.168.36.37)
;; WHEN: Tue Apr 23 20:06:17 2019
;; MSG SIZE rcvd: 121
[[email protected] named]# dig www.magedu.com @192.168.36.47
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.36.47
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6321
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS master.magedu.com.
magedu.com. 86400 IN NS slave.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.36.37
slave.magedu.com. 86400 IN A 192.168.36.47
;; Query time: 1 msec
;; SERVER: 192.168.36.47#53(192.168.36.47)
;; WHEN: Tue Apr 23 20:06:19 2019
;; MSG SIZE rcvd: 121- 因com域與根域配置類似,所以將com域的數據庫文件scp至根域中
[[email protected] named]# scp come.zone 192.168.36.17:/var/named/
The authenticity of host ‘192.168.36.17 (192.168.36.17)‘ can‘t be established.
RSA key fingerprint is 6a:f4:58:5b:fc:8e:64:69:fd:b8:64:04:89:d3:dc:5d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.36.17‘ (RSA) to the list of known hosts.
[email protected]‘s password:
come.zone根域配置
- 安裝bind軟件包
[[email protected] ~]# yum install -y bind- 編輯配置文件
註釋ipv監聽端口、訪問控制列表
[[email protected] ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
....
zone "." IN { # 修改根域,讓其在本地文件查找
type master;
file "root.zone";
};[[email protected] named]# mv come.zone root.zone
[[email protected] named]# vim root.zone
$TTL 1D
@ IN SOA ns admin.magedu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns
com NS comns
ns A 192.168.36.17
comns A 192.168.36.27[[email protected] named]# chgrp named root.zone # 修改組為named
[[email protected] named]# ll root.zone
-rw-r-----. 1 root named 192 4月 23 18:22 root.zone- 啟動服務並設置開機啟動
[[email protected] named]# service named restart
停止 named: [確定]
Generating /etc/rndc.key: [確定]
啟動 named: [確定]
[[email protected] named]# chkconfig named on
[[email protected] named]# chkconfig named --list
named 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉- dig測試
[[email protected] ~]# dig www.magedu.com @192.168.36.27
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.36.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20620
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 71917 IN A 192.168.36.67
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS masterns.com.
magedu.com. 86400 IN NS slavens.com.
;; ADDITIONAL SECTION:
masterns.com. 86400 IN A 192.168.36.37
slavens.com. 86400 IN A 192.168.36.47
;; Query time: 1 msec
;; SERVER: 192.168.36.27#53(192.168.36.27)
;; WHEN: Tue Apr 23 22:16:22 2019
;; MSG SIZE rcvd: 125DNS服務器配置
- 安裝bind軟件包
[[email protected] ~]# yum install -y bind- 編輯配置文件
註釋ipv監聽端口、訪問控制列表
[[email protected] ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-enable no; # 將安全相關的轉發設置改為no
dnssec-validation no;修改本地域指向根域的庫文件
[[email protected] ~]# vim /var/named/named.ca
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 192.168.36.17- 啟動服務並設置開機啟動
[[email protected] named]# service named restart
停止 named: [確定]
Generating /etc/rndc.key: [確定]
啟動 named: [確定]
[[email protected] named]# chkconfig named on
[[email protected] named]# chkconfig named --list
named 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉- dig測試
[[email protected] ~]# dig www.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58392
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 72483 IN A 192.168.36.67
;; AUTHORITY SECTION:
magedu.com. 72493 IN NS master.magedu.com.
magedu.com. 72493 IN NS slave.magedu.com.
;; ADDITIONAL SECTION:
slave.magedu.com. 72493 IN A 192.168.36.47
master.magedu.com. 72493 IN A 192.168.36.37
;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 23 22:23:43 2019
;; MSG SIZE rcvd: 121DNS客戶端測試
最終測試
[[email protected] ~]# dig www.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52502
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 72434 IN A 192.168.36.67
;; AUTHORITY SECTION:
magedu.com. 72444 IN NS slave.magedu.com.
magedu.com. 72444 IN NS master.magedu.com.
;; ADDITIONAL SECTION:
slave.magedu.com. 72444 IN A 192.168.36.47
master.magedu.com. 72444 IN A 192.168.36.37
;; Query time: 0 msec
;; SERVER: 192.168.36.7#53(192.168.36.7)
;; WHEN: Tue Apr 23 14:24:33 2019
;; MSG SIZE rcvd: 121[[email protected] ~]# curl www.magedu.com
<h1>www.magedu.com</h1>至此,已完成DNS互聯網的架構功能。
DNS互聯網架構的實現