DNS、企业内部DNS解析-实现DNS主从服务器、反向解析--待更新企业内部DNS解析-实现DNS主从服务器、反向解析

#完整的查询请求经过的流程
 #客户端优先找hosts文件进行解析，如果没有就查客户端缓存，缓存如果没有去查DHS服务器，如果没有查DNC缓存，如果没有去查DHS根服务器
 Client -->hosts文件 --> Client DNS Service Local Cache --> DNS Server (recursion递 归) --> DNS Server Cache -->DNS iteration(迭代) --> 根--> 顶级域名DNS-->二级域名DNS…
 
#每一台DNS服务器先天知道根服务器是谁
#dig专业测DHS解析
 dig www.baidu.com 
 
#主从同步以配置文件里的序列号为依据。
 #范例：
        $TTL 86400
        @          IN SOA ns1 admin.magedu.org (
         1 ;#序列号
         2H  ;#刷新时间
         10M ;#重试时间
         1W ;#过期时间
         1D ;#否定答案的TTL值
   		)

企业内部DNS解析-实现DNS主从服务器、反向解析

环境要求

#环境要求
#	DNS主服务器 10.0.0.170---centos7
#	DNS从服务器 10.0.0.180---centos8
#	DNS客户端	 10.0.0.160---centos6
#	web服务器   10.0.0.190---ubuntu18.04

前提准备

    #关闭SELINUX
    vi /etc/selinux/config
        SELINUX=disabled		  		
    或者
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    # 关闭防火墙
    systemctl disable --now firewalld
        #centos6
        #临时关闭 servcie iptables stop
        #永久关闭 chkconfig iptables off
        
    #时间同步
    #DNS主服务器作为时间同步服务器（10.0.0.170）
    [root@centos7 ~]# yum -y install chrony
    [root@centos7 ~]# vim /etc/chrony.conf
       #server作为时钟服务器，iburst选项当服务器可达时，发送一个八个数据包而不是通常的一个数据包。包间隔通常为2秒，可加快初始同步速度
       server ntp.aliyun.com iburst
       server time1.cloud.tencent.com iburst
       server slb.time.edu.cn iburst
       #允许10.0.0.0网段访问本服务器
       allow 10.0.0.0/24
       #server指令中的时间服务器不可用，也允许将本地时间作为标准时间授时给其它客户端
       local stratum 10
    :wq
    [root@centos7 ~]# systemctl restart chronyd
    #123  323端口号
    [root@centos7 ~]# ss -ntul
    [root@centos7 ~]# chronyc sources -nv
    210 Number of sources = 2
    MS Name/IP address         Stratum Poll Reach LastRx Last sample               
    ===============================================================================
    ^* 203.107.6.88                  2   6   177    33  -4617us[+1547us] +/-   31ms  ##* 星号表示和这台服务器已经同步时间
    ^+ 139.199.215.251               2   6    17    39  +5274us[  +11ms] +/-   30ms
    
    #其它作为客户端

    #10.0.0.160
    [root@centos6 ~]# yum -y install chrony
    [root@centos6 ~]# vim /etc/chrony.conf 
    server 10.0.0.170 iburst 
    :wq

    [root@centos6 ~]# service chronyd restart
    Stopping chronyd:                                          [FAILED]
    Starting chronyd:                                          [  OK  ]

    [root@centos6 ~]# chronyc sources -nv
    210 Number of sources = 1
    MS Name/IP address         Stratum Poll Reach LastRx Last sample
    ===============================================================================
    ^* 10.0.0.8                      3   6    17    18    +15ns[ -880us] +/-   79ms
    
    #10.0.0.180
    [root@centos8 ~]# yum -y install chrony
    [root@centos8 ~]# vim /etc/chrony.conf
    server 10.0.0.170 iburst 
    :wq
    [root@centos8 ~]# systemctl restart chronyd
    [root@centos8 ~]# chronyc sources -nv
    210 Number of sources = 1
    MS Name/IP address         Stratum Poll Reach LastRx Last sample               
    ===============================================================================
    ^* 10.0.0.170                    3   6    17    12  -2512ns[  -21us] +/-   33ms
    
    #10.0.0.190
    root@ubuntu1804:~# apt install chrony
    root@ubuntu1804:~# vim /etc/chrony/chrony.conf
    pool 10.0.0.170    iburst maxsources 1
    :wq
    root@ubuntu1804:~# systemctl restart chronyd
    root@ubuntu1804:~# chronyc sources -nv
    210 Number of sources = 1
    MS Name/IP address         Stratum Poll Reach LastRx Last sample               
    ===============================================================================
    ^* 10.0.0.170                    3   6   177    21    -21us[  +34us] +/-   29ms

搭建DNS主服务器

#1：搭建DNS主服务器 （10.0.0.170）
        # DNS服务端安装bind（10.0.0.170）
        [root@centos7 ~]# yum -y install bind
        # 修改bind配置文件
        [root@centos8 ~]# vim /etc/named.conf
        # 注释掉下面两行
        //  listen-on port 53 { 127.0.0.1; };
        //  allow-query     { localhost; };  
        :wq
        [root@centos7 ~]# vim /etc/named.rfc1912.zones
        zone "shichong.org" IN {
               type master;
               file "shichong.org.zone";
        };

        # DNS区域数据库文件
        #如果没有加-p，选项，需要修改/var/named/shichong.org.zone权限为640，所属组为named，chmod 640 /var/named/shichong.org.zone，chown .named /var/named/shichong.org.zone
        [root@centos7 named]# cp -p /var/named/named.localhost /var/named/shichong.org.zone
        [root@centos7 named]# ll /var/named/
        total 20
        drwxrwx--- 2 named named    6 Apr 29 22:05 data
        drwxrwx--- 2 named named    6 Apr 29 22:05 dynamic
        -rw-r----- 1 root  named 2253 Apr  5  2018 named.ca
        -rw-r----- 1 root  named  152 Dec 15  2009 named.empty
        -rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
        -rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
        -rw-r----- 1 root  named  152 Jun 21  2007 shichong.org.zone
        drwxrwx--- 2 named named    6 Apr 29 22:05 slaves
        [root@centos7 named]# vim /var/named/shichong.org.zone 
        $TTL 1D
        @       IN SOA  ns1.shichong.org. admin.shichong.org. (
                                                0       ; serial
                                                1D      ; refresh
                                                1H      ; retry
                                                1W      ; expire
                                                3H )    ; minimum
                NS      ns1.shichong.org.
        ns1     A       10.0.0.170
        www     A       10.0.0.190     #web服务器   10.0.0.190---ubuntu18.04
        :wq
        #检查配置文件和数据库文件格式，并启动服务
        #检查配置文件格式
        [root@centos7 ~]# named-checkconf
        #检查数据库文件格式
        [root@centos7 ~]# named-checkzone shichong.org /var/named/shichong.org.zone 
        zone shichong.org/IN: loaded serial 0
        OK
        ## #第一次启动服务systemctl enable --now named   如果不是第一次启动服务，用rndc reload,重新加载服务
        [root@centos7 ~]# systemctl enable --now named
        Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

                #[root@centos8 ~]# named-checkzone neteagles.vip /var/named/neteagles.vip.zone	#检查数据库文件格式
                #-bash: named-checkzone: command not found	#centos8 上已经没有这个命令
                #[root@centos8 ~]# systemctl enable --now named    #第一次启动服务
               #Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.		
               ##如果不是第一次启动服务，用rndc reload,重新加载服务

#2.实现WEB服务 （10.0.0.190）
        root@ubuntu1804:~# apt -y install apache2;echo www.shichong.org > /var/www/html/index.html;systemctl enable --now apache2.service
        root@ubuntu1804:~# curl 10.0.0.190
        www.shichong.org

#3.在客户端实现测试（10.0.0.160）
        #vie0 是设置网卡配置的别名
        [root@centos610 ~]# alias vie0='vim /etc/sysconfig/network-scripts/ifcfg-eth0'
        [root@centos610 ~]# alias vie0
        alias vie0="'"vim /etc/sysconfig/network-scripts/ifcfg-eth0"'"
        [root@centos610 ~]# vie0
        DNS1=10.0.0.170
        :wq
        [root@centos610 ~]# service network restart
        Shutting down interface eth0:                              [  OK  ]
        Shutting down loopback interface:                          [  OK  ]
        Bringing up loopback interface:                            [  OK  ]
        Bringing up interface eth0:  Determining if ip address 10.0.0.160 is already in use for device eth0...
                                                                   [  OK  ]
        [root@centos610 ~]# cat /etc/resolv.conf
        ; generated by /sbin/dhclient-script
        nameserver 10.0.0.170   #显示DNS已经被改为10.0.0.170
        search baidu.com

        #测试网页，能显示就是成功
        [root@centos610 ~]# curl www.shichong.org
        www.shichong.org
        #安装包
        [root@centos610 ~]# dig www.shichong.org
        -bash: dig: command not found
        [root@centos610 ~]# yum -y install bind-utils
        [root@centos610 ~]# dig www.shichong.org

        ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.shichong.org
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER"<<-" opcode: QUERY, status: NOERROR, id: 29107
        ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

        ;; QUESTION SECTION:
        ;www.shichong.org.		IN	A

        ;; ANSWER SECTION:
        www.shichong.org.	86400	IN	A	10.0.0.190

        ;; AUTHORITY SECTION:
        shichong.org.		86400	IN	NS	ns1.shichong.org.

        ;; ADDITIONAL SECTION:
        ns1.shichong.org.	86400	IN	A	10.0.0.170

        ;; Query time: 0 msec
        ;; SERVER: 10.0.0.170#53(10.0.0.170)   #这里也显示是通过10.0.0.170解析的
        ;; WHEN: Sun Aug 29 18:57:29 2021
        ;; MSG SIZE  rcvd: 84

反向解析

#在10.0.0.170上实现	DNS主服务器 10.0.0.170---centos7
        [root@centos7 ~]# cat /etc/named.conf
        //	listen-on port 53 { 127.0.0.1; };
        //	allow-query     { localhost; };

        [root@centos7 ~]# vim /etc/named.rfc1912.zones 
        zone "0.0.10.in-addr.arpa" IN {
              type master;
              file "10.0.0.zone";

        };
        [root@centos7 ~]# cp -p /var/named/named.loopback /var/named/10.0.0.zone
        [root@centos7 ~]# ll /var/named/
        total 24
        -rw-r----- 1 root  named  168 Dec 15  2009 10.0.0.zone
        drwxrwx--- 2 named named   23 Aug 29 18:34 data
        drwxrwx--- 2 named named   60 Aug 29 19:03 dynamic
        -rw-r----- 1 root  named 2253 Apr  5  2018 named.ca
        -rw-r----- 1 root  named  152 Dec 15  2009 named.empty
        -rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
        -rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
        -rw-r----- 1 root  named  194 Aug 29 19:02 shichong.org.zone
        drwxrwx--- 2 named named    6 Apr 29 22:05 slaves
        [root@centos7 ~]# vim /var/named/10.0.0.zone 
        $TTL 1D
        @       IN SOA rev1 admin.shichong.org. (
                                                0       ; serial
                                                1D      ; refresh
                                                1H      ; retry
                                                1W      ; expire
                                                3H )    ; minimum
                NS      rev1.shichong.org.
        190     PTR     www.shichong.org.
        
        #10.0.0.160 客户端测试
        [root@centos610 ~]# dig -t ptr 190.0.0.10.in-addr.arpa @10.0.0.170

        ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -t ptr 190.0.0.10.in-addr.arpa @10.0.0.170
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<"-" opcode: QUERY, status: NOERROR, id: 38273
        ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

        ;; QUESTION SECTION:
        ;190.0.0.10.in-addr.arpa.	IN	PTR

        ;; ANSWER SECTION:
        190.0.0.10.in-addr.arpa. 86400	IN	PTR	www.shichong.org.

        ;; AUTHORITY SECTION:
        0.0.10.in-addr.arpa.	86400	IN	NS	rev1.shichong.org.

        ;; Query time: 1 msec
        ;; SERVER: 10.0.0.170#53(10.0.0.170)
        ;; WHEN: Sun Aug 29 20:10:46 2021
        ;; MSG SIZE  rcvd: 90

        [root@centos610 ~]# host 10.0.0.190
        190.0.0.10.in-addr.arpa domain name pointer www.shichong.org.
        [root@centos610 ~]# nslookup 10.0.0.190
        Server:		10.0.0.170
        Address:	10.0.0.170#53

        190.0.0.10.in-addr.arpa	name = www.shichong.org.

DNS从服务器

#搭建DNS主从服务器架构，实现DNS服务冗余
        #DNS从服务器 10.0.0.180---centos8

        #1.修改主服务器配置（10.0.0.170）
        [root@centos7 ~]# vim /etc/named.conf
         #为了安全 只允许从服务器（10.0.0.180）进行区域传输
        allow-transfer  {10.0.0.180;};
        :wq
        [root@centos7 ~]# vim /var/named/shichong.org.zone 
        $TTL 1D
        @       IN SOA  ns1.shichong.org. admin.shichong.org. (
                                                0       ; serial
                                                1D      ; refresh
                                                1H      ; retry
                                                1W      ; expire
                                                3H )    ; minimum
                NS      ns1.shichong.org.
                NS      ns2.shichong.org.
        ns1     A       10.0.0.170
        ns2     A       10.0.0.180
        www     A       10.0.0.190
        :wq
        [root@centos7 ~]# rndc reload
        server reload successful
        #2.从服务器配置
        [root@centos8 ~]# yum -y install bind
        [root@centos8 ~]# vim /etc/named.conf 
        allow-transfer   {none;};
        :wq
        [root@centos8 ~]# named-checkconf
        #第一次启动服务systemctl enable --now named 第二次rndc reload,重新加载服务
        [root@centos8 ~]# systemctl enable --now named
        [root@centos8 ~]# ll /var/named/slaves/shichong.org.zone 
        -rw-r--r-- 1 named named 324 Aug 29 20:29 /var/named/slaves/shichong.org.zone
        #3.客户端测试从服务器
        [root@centos610 ~]# vie0
        DNS1=10.0.0.170
        DNS2=10.0.0.180
        :wq
        [root@centos610 ~]# service network restart
        Shutting down interface eth0:                              [  OK  ]
        Shutting down loopback interface:                          [  OK  ]
        Bringing up loopback interface:                            [  OK  ]
        Bringing up interface eth0:  Determining if ip address 10.0.0.160 is already in use for device eth0...
                                                                   [  OK  ]
        [root@centos610 ~]# cat /etc/resolv.conf
        ; generated by /sbin/dhclient-script
        nameserver 10.0.0.170
        nameserver 10.0.0.180
        search baidu.com 
        #测试
        #关闭DNS主服务器服务（10.0.0.170）
        [root@centos7 ~]# systemctl stop named

        [root@centos610 ~]# curl www.shichong.org
        www.shichong.org
        [root@centos610 ~]# dig www.shichong.org

        ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.shichong.org
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<"-" opcode: QUERY, status: NOERROR, id: 8281
        ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

        ;; QUESTION SECTION:
        ;www.shichong.org.		IN	A

        ;; ANSWER SECTION:
        www.shichong.org.	86400	IN	A	10.0.0.190

        ;; AUTHORITY SECTION:
        shichong.org.		86400	IN	NS	ns2.shichong.org.
        shichong.org.		86400	IN	NS	ns1.shichong.org.

        ;; ADDITIONAL SECTION:
        ns1.shichong.org.	86400	IN	A	10.0.0.170
        ns2.shichong.org.	86400	IN	A	10.0.0.180

        ;; Query time: 1 msec
        ;; SERVER: 10.0.0.180#53(10.0.0.180)  #可以看到是通过DNS10.0.0.180解析的
        ;; WHEN: Sun Aug 29 20:41:26 2021
        ;; MSG SIZE  rcvd: 118