实现Internet的DNS服务架构
2021-01-04 本文已影响0人
念念OPS
image-20210104025440342
目的:实现mac设置本地DNS为10.0.0.8 可以访问web服务器www.wangcloud.top。解析为一主一从域DNS服务器10.0.0.48和10.0.0.58
步骤:
所有服务器
[root@local ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by dracut initrd
NAME="eth0"
DEVICE="eth0"
ONBOOT=yes
NETBOOT=yes
UUID="f9098d9f-2ca8-4391-bbcc-35286fde0587"
BOOTPROTO=static
IPADDR=10.0.0.8
PREFIX=24
GATEWAY=10.0.0.2
DNS1=223.5.5.5
#除了IP外都一样
#配置统一的yum源
[root@www ~]# cat /etc/yum.repos.d/base.repo
[centos8base]
name=centos8base
baseurl=https://mirrors.aliyun.com/centos/$releasever/BaseOS/$basearch/os/
gpgcheck=0
enable=1
[centos8extra]
name=centos8extra
baseurl=https://mirrors.aliyun.com/centos/$releasever/extras/$basearch/os/
gpgcheck=0
enable=0
[centos8epel]
name=centos8epel
baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch/
gpgcheck=0
enable=1
[centos8appstream]
name=centos8epel
baseurl=https://mirrors.aliyun.com/centos/$releasever/AppStream/$basearch/os/
gpgcheck=0
enable=1
#都下载bind和工具 开机自启动
yum -y install bind bind-utils
systemctl enable --now named
10.0.0.68 www.wangcloud.top web DNS
hostname www
yum -y install httpd;systemctl enable --now httpd;echo "www.wangcloud.top" > /var/www/html/index.html
[root@www ~]# curl 10.0.0.68
www.wangcloud.top
10.0.0.48 实现wangcloud.top域的主DNS服务器配置
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
allow-transfer {10.0.0.58;};
vim /etc/named.rfc1912.zones
zone "wangcloud.top" IN {
type master;
file "wangcloud.zone";
};
vim /var/named/wangcloud.zone
$TTL 1D
@ 86400 IN SOA master.wangcloud.top. admin. (
20210105 ;serial
1D ;refush
2H ;retry
1W ;expire
1H ;minimum
)
@ IN NS master.wangcloud.top.
@ IN NS slave.wangcloud.top.
master IN A 10.0.0.48
slave IN A 10.0.0.58
www IN A 10.0.0.68
[root@master named]# chown .named wangcloud.zone
[root@master named]# ll wangcloud.zone
-rw-r--r-- 1 root named 251 Jan 4 11:15 wangcloud.zone
[root@master named]# named-checkzone wangcloud.top. wangcloud.zone
zone wangcloud.top/IN: loaded serial 20210105
OK
[root@master named]# named-checkconf
[root@master named]# systemctl restart named
# mac客户端解析测试 以master为dns解析 看看能不能出主机的IP
bogon:~ wangxw$ host www.wangcloud.top 10.0.0.48
Using domain server:
Name: 10.0.0.48
Address: 10.0.0.48#53
Aliases:
www.wangcloud.top has address 10.0.0.68
10.0.0.58 实现wangcloud.top域的从DNS服务器配置
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
allow-transfer {none;};
vim /etc/named.rfc1912.zones
zone "wangcloud.top" IN {
type slave;
masters{10.0.0.48;};
file "slaves/wangcloud.slave";
};
[root@slave named]# rndc reload
[root@slave named]# ll slaves/
total 4
-rw-r--r-- 1 named named 346 Jan 4 11:34 wangcloud.slave
bogon:~ wangxw$ host www.wangcloud.top 10.0.0.58
Using domain server:
Name: 10.0.0.58
Address: 10.0.0.58#53
Aliases:
www.wangcloud.top has address 10.0.0.68
10.0.0.38实现top域的主DNS服务器
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
zone "top." IN {
type master;
file "top.zone";
};
vim /var/named/top.zone
$TTL 1D
@ 86400 IN SOA master. admin. (
20210105 ;serial
1D ;refush
2H ;retry
1W ;expire
1H ;minimum
)
@ 86400 IN NS master
wangcloud IN NS ns1
wangcloud IN NS ns2
master IN A 10.0.0.38
ns1 IN A 10.0.0.48
ns2 IN A 10.0.0.58
[root@top named]# chgrp named top.zone
[root@top named]# ll top.zone
-rw-r--r-- 1 root named 308 Jan 4 11:48 top.zone
[root@top named]# named-checkconf
[root@top named]# named-checkzone top. top.zone
zone top/IN: loaded serial 20210105
OK
systemctl restart named
[root@top named]# rndc reload
server reload successful
bogon:~ wangxw$ host www.wangcloud.top 10.0.0.38
Using domain server:
Name: 10.0.0.38
Address: 10.0.0.38#53
Aliases:
www.wangcloud.top has address 10.0.0.68
10.0.0.28实现根域的主DNS服务器
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
zone "." IN {
# type hint;
type master;
# file "named.ca";
file "root.zone";
};
vim /var/named/root.zone
$TTL 1D
@ 86400 IN SOA master admin. (
20210105 ;serial
1D ;refush
2H ;retry
1W ;expire
1H ;minimum
)
@ IN NS master
top IN NS tops
master IN A 10.0.0.28
tops IN A 10.0.0.38
[root@rootdns ~]# chgrp named /var/named/root.zone
[root@rootdns ~]# chmod 640 /var/named/root.zone
[root@rootdns ~]# ll /var/named/root.zone
-rw-r----- 1 root named 250 Jan 4 12:33 /var/named/root.zone
rndc reload
bogon:~ wangxw$ host www.wangcloud.top 10.0.0.28
Using domain server:
Name: 10.0.0.28
Address: 10.0.0.28#53
Aliases:
www.wangcloud.top has address 10.0.0.68
10.0.0.18实现转发目标的DNS服务器
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
mv /var/named/named.ca /var/named/named.ca.bk
vim /var/named/named.ca
. 518400 IN NS a.root-servers.net
a.root-servers.net. 518400 IN A 10.0.0.28
rndc reload
bogon:~ wangxw$ host www.wangcloud.top 10.0.0.18
Using domain server:
Name: 10.0.0.18
Address: 10.0.0.18#53
Aliases:
www.wangcloud.top has address 10.0.0.68
10.0.0.8实现缓存DNS服务器
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
forward first;
forwarders { 10.0.0.18;};
systemctl restart named
bogon:~ wangxw$ host www.wangcloud.top 10.0.0.8
Using domain server:
Name: 10.0.0.8
Address: 10.0.0.8#53
Aliases:
www.wangcloud.top has address 10.0.0.68
mac客户端测试
#修改客户端dns 在wifi设置里面修改
bogon:~ wangxw$ sed '/^#/d' /etc/resolv.conf
nameserver 10.0.0.8
bogon:~ wangxw$ dig www.wangcloud.top
; <<>> DiG 9.10.6 <<>> www.wangcloud.top
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9749
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wangcloud.top. IN A
;; ANSWER SECTION:
www.wangcloud.top. 85758 IN A 10.0.0.68
;; AUTHORITY SECTION:
wangcloud.top. 85758 IN NS ns2.top.
wangcloud.top. 85758 IN NS ns1.top.
;; ADDITIONAL SECTION:
ns2.top. 86171 IN A 10.0.0.58
ns1.top. 86171 IN A 10.0.0.48
;; Query time: 41 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Mon Jan 04 05:07:51 CST 2021
;; MSG SIZE rcvd: 130
bogon:~ wangxw$ curl www.wangcloud.top
www.wangcloud.top
