本文已参与「新人创作礼」活动, 一起开启掘金创作之路。
1.实战案例:实现Internet 的DNS 服务架构
1.1 实验目的
搭建DNS实现internet dns架构
1.2 环境要求
需要8台主机
DNS客户端:172.31.0.7/21
本地DNS服务器(只缓存):172.31.1.8/21
转发目标DNS服务器:172.31.1.18/21
根DNS服务器:172.31.1.28/21
org域DNS服务器:172.31.1.38/21
raymonds.cc域主DNS服务器:172.31.1.48/21
raymonds.cc域从DNS服务器:172.31.1.58/21
www.raymonds.cc的WEB服务器:172.31.1.68/21
1.3 前提准备
关闭SElinux
关闭防火墙
时间同步
1.4 实现步骤
1.4.1 各种主机的网络配置(参看上面的环境要求)
#在客户端配置DNS服务器地址
[root@centos7 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=172.31.0.7
PREFIX=21
GATEWAY=172.31.0.2
DNS1=172.31.1.8
[root@centos7 ~]# nmcli conn reload
[root@centos7 ~]# nmcli conn up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
1.4.2 实现WEB服务
#在web服务器172.31.1.68/21上实现
[root@rocky8-7 ~]# dnf -y install httpd;echo www.raymonds.cc > /var/www/html/index.html;systemctl enable --now httpd
[root@rocky8-7 ~]# curl 172.31.1.68
www.raymonds.cc
1.4.3 实现raymonds.cc域的主DNS服务器
#在raymonds.cc域主DNS服务器172.31.1.48/21上实现
[root@rocky8-5 ~]# dnf -y install bind
[root@rocky8-5 ~]# vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#只允许从服务器进行区域传输
allow-transfer {172.31.1.58;};
#关闭加密验证
dnssec-enable no;
dnssec-validation no;
[root@rocky8-5 ~]# vim /etc/named.rfc1912.zones
#加上这段
zone "raymonds.cc" {
type master;
file "raymonds.cc.zone";
};
[root@rocky8-5 ~]# cp -p /var/named/named.localhost /var/named/raymonds.cc.zone
[root@rocky8-5 ~]# vim /var/named/raymonds.cc.zone
$TTL 1D
@ IN SOA master admin.raymons.cc. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 172.31.1.48
slave A 172.31.1.58
www A 172.31.1.68
* A 172.31.1.68
@ A 172.31.1.68
[root@rocky8-5 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
1.4.4 实现raymonds.cc域的从DNS服务器配置
#在raymonds.cc域从DNS服务器172.31.1.58/21上实现
[root@rocky8-6 ~]# dnf -y install bind
[root@rocky8-6 ~]# vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#不允许其它主机进行区域传输
allow-transfer {none;};
#关闭加密验证
dnssec-enable no;
dnssec-validation no;
[root@rocky8-6 ~]# vim /etc/named.rfc1912.zones
zone "raymonds.cc" {
type slave;
masters {172.31.1.48;};
file "slaves/raymonds.cc.zone";
};
[root@rocky8-6 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@rocky8-6 ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 407 Dec 6 15:46 raymonds.cc.zone
#查看区域数据库文件是否生成
1.4.5 实现org域的主DNS服务器
#在cc域的主DNS服务器172.31.1.38/21上实现
[root@rocky8-4 ~]# dnf -y install bind
[root@rocky8-4 ~]# vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#关闭加密验证
dnssec-enable no;
dnssec-validation no;
[root@rocky8-4 ~]# vim /etc/named.rfc1912.zones
#加上这段
zone "cc" {
type master;
file "cc.zone";
};
[root@rocky8-4 ~]# cp -p /var/named/named.localhost /var/named/cc.zone
[root@rocky8-4 ~]# vim /var/named/cc.zone
$TTL 1D
@ IN SOA master admin.raymonds.cc. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
raymonds NS raymondsns1
raymonds NS raymondsns2
master A 172.31.1.38
raymondsns1 A 172.31.1.48
raymondsns2 A 172.31.1.58
[root@rocky8-4 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
1.4.6 实现根域的主DNS服务器
#在根域的主DNS服务器172.31.1.28/21上实现
[root@rocky8-3 ~]# dnf -y install bind
vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#关闭加密验证
dnssec-enable no;
dnssec-validation no;
#将下面行改为:
zone "." IN {
type master;
file "root.zone";
};
[root@rocky8-3 ~]# cp -p /var/named/named.localhost /var/named/root.zone
[root@rocky8-3 ~]# vim /var/named/root.zone
$TTL 1D
@ IN SOA master admin.raymonds.cc. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
cc NS ccns
master A 172.31.1.28
ccns A 172.31.1.38
[root@rocky8-3 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
1.4.7 实现转发目标的DNS服务器
#在转发目标的DNS服务器172.31.1.18/21上实现
[root@rocky8-2 ~]# dnf -y install bind
[root@rocky8-2 ~]# vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#关闭加密验证
dnssec-enable no;
dnssec-validation no;
[root@rocky8-2 ~]# vim /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 172.31.1.28
[root@rocky8-2 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
1.4.8 实现本地只缓存DNS服务器
#在转发目标的DNS服务器172.31.1.8/21上实现
[root@rocky8 ~]# dnf -y install bind
vim /etc/named.conf
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
forward only;
forwarders {172.31.1.18;};
#关闭加密验证
dnssec-enable no;
dnssec-validation no;
[root@rocky8 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
1.4.9 客户端测试
[root@centos7 ~]# yum -y install bind-utils
[root@centos7 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.31.1.8
[root@centos7 ~]# dig www.raymonds.cc
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> www.raymonds.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59786
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.raymonds.cc. IN A
;; ANSWER SECTION:
www.raymonds.cc. 86400 IN A 172.31.1.68
;; AUTHORITY SECTION:
raymonds.cc. 86400 IN NS raymondsns1.cc.
raymonds.cc. 86400 IN NS raymondsns2.cc.
;; ADDITIONAL SECTION:
raymondsns1.cc. 86400 IN A 172.31.1.48
raymondsns2.cc. 86400 IN A 172.31.1.58
;; Query time: 5 msec
;; SERVER: 172.31.1.8#53(172.31.1.8)
;; WHEN: Mon Dec 06 16:17:39 CST 2021
;; MSG SIZE rcvd: 144
[root@centos7 ~]# curl www.raymonds.cc
www.raymonds.cc
[root@centos7 ~]# curl raymonds.cc
www.raymonds.cc
[root@centos7 ~]# curl xxx.raymonds.cc
www.raymonds.cc
