一、实验目的

搭建DNS实现internet dns架构

二、环境

8台主机分别为：

• ypdeu.org域主DNS服务器：10.0.0.8
• ypdeu.org域从DNS服务器：10.0.0.18
• www.ypedu.org的web服务器：10.0.0.28
• org域DNS服务器：10.0.0.38
• root根DNS服务器：10.0.0.48
• forward转发DNS服务器：10.0.0.58
• local本地DNS缓存服务器：10.0.0.68
• 客户端：10.0.0.78

三、提前准备

关闭防火墙
关闭SELinux
时间同步

四、实验步骤

4.1配置各主机网络

将各服务器网络配置完毕，将客户端dns改为主DNS

[09:11:53 root@yp ~] vi /etc/sysconfig/network-scripts/ifcfg-eth0
NAME=eth0
DEVICE=eth0
IPADDR=10.0.0.78
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.8

[09:11:53 root@yp ~] nmcli c reload
[09:11:53 root@yp ~] nmcli c up eth0

4.2实现web服务

在web服务器10.0.0.28上配置：

[09:11:53 root@yp ~]yum install httpd
[09:11:53 root@yp ~]systemctl start httpd

4.3 实现ypedu.org域主DNS配置

在域主DNS10.0.0.8上配置：

[09:11:53 root@yp ~]yum -y install bind
[09:11:53 root@yp ~]  vi /etc/named.conf
#注释下面两行
//  listen-on port 53 {
    
     127.0.0.1; };
//  allow-query     {
    
     localhost; };
#在下面添加：只允许从服务器进行区域传输
allow-transfer {
    
     10.0.0.18; };

[09:11:53 root@yp ~] vi /etc/named.rfc1912.zones
#加上这段
zone "ypedu.org" {
    
    
    type master;#宣布主域
    file "ypedu.org.zone";
};

#创建域数据解析库
[09:11:53 root@yp ~] vi /var/named/ypedu.org.zone
$TTL 1D
@  IN  SOA  master  xxxx(邮箱) ( 1  1D  1H  1w  3H )

        NS  master
        NS  slave
master  A   10.0.0.8
slave   A   10.0.0.18
www     A   10.0.0.28


[09:11:53 root@yp ~] chgrp named /var/named/ypedu.org.zone
[09:11:53 root@yp ~] systemctl start named #启动服务

4.4 实现ypedu.org域从DNS配置

在域从DNS10.0.0.18上配置：

[09:11:43 root@slave ~] yum  -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
//      listen-on port 53 {
    
     127.0.0.1; };
//      allow-query     {
    
     localhost; };
#不允许其他主机进行区域传输
allow-transfer {
    
     none; };



[09:51:44 root@slave ~] vi /etc/named.rfc1912.zones
zone "ypedu.org"{
    
    
        type salve;
        master {
    
     10.0.0.8; };
        file "slaves/ypedu.org.slave";
};


[10:04:38 root@slave ~] systemctl start named

#查看区域文件是否生成
[10:16:36 root@slave ~]#ls /var/named/slaves/ypedu.org.slave
/var/named/slaves/ypedu.org.slave

4.5 实现org域的主DNS服务器

在10.0.0.38上配置：

[09:11:43 root@slave ~] yum  -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
//      listen-on port 53 {
    
     127.0.0.1; };
//      allow-query     {
    
     localhost; };


[09:51:44 root@slave ~] vi /etc/named.rfc1912.zones
zone "org" {
    
    
        type master;
        file "org.zone";
};


#建立解析库文件
[10:24:09 root@org ~] vi /var/named/org.zone

$TTL 1D
@  IN  SOA   master  xxxxx.xx   ( 1  1D  1H  1w  3D  )
             NS    master
ypedu        NS    ypedudns1
ypedu        NS    ypedudns2
master       A     10.0.0.38
ypedudns1    A     10.0.0.8
ypedudns2    A     10.0.0.18

[10:30:01 root@org ~] chgrp named /var/named/org.zone

# 启动服务
[10:30:39 root@org ~] systemctl start named
[10:31:28 root@org ~] systemctl status named

4.6实现根域的主DNS服务器

在10.0.0.48上配置：

[09:11:43 root@slave ~] yum  -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
//      listen-on port 53 {
    
     127.0.0.1; };
//      allow-query     {
    
     localhost; };

[10:34:25 root@root ~] vi /etc/named.rfc1912.zones
#下面加上
zone "." IN {
    
    
        type master;
        file "root.zone";
}

#配置解析库文件
[10:40:20 root@root ~]  vi /var/named/root.zone

$TTL 1D
@  IN  SOA  master  xxxx.xxx    ( 1  1D 1H  1W 3D )
                NS  master
org             NS  orgns
master          A   10.0.0.48
orgns           A   10.0.0.38

#安全加固
[10:42:20 root@root ~] chgrp named /var/named/root.zone
[10:44:24 root@root ~] chmod 640 /var/named/root.zone


#启动服务
[10:45:14 root@root ~] systemctl start named

4.7实现转发DNS服务

配置10.0.0.58：

[09:11:43 root@slave ~] yum  -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
//      listen-on port 53 {
    
     127.0.0.1; };
//      allow-query     {
    
     localhost; };

#将下面选项改为no
        dnssec-enable no;
        dnssec-validation no;

[11:26:22 root@forward ~]  vi /var/named/named.ca  #文件修改

.                       518400  IN      NS      a.root-servers.net.

a.root-servers.net.     518400  IN      A       10.0.0.28

[11:30:15 root@forward ~] systemctl start named

4.7实现本地缓存服务器

配置10.0.0.68服务器：

扫描二维码关注公众号，回复： 12006483 查看本文章

[09:11:43 root@slave ~] yum  -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
//      listen-on port 53 {
    
     127.0.0.1; };
//      allow-query     {
    
     localhost; };

#将下面选项改为no
        dnssec-enable no;
        dnssec-validation no;
#添加缓存IP
        forward only;
        forwarders {
    
     10.0.0.58;};

[11:30:15 root@forward ~] systemctl start named

4.8客户端测试

[11:44:39 root@yp ~] cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.68

[11:44:13 root@yp ~] yum -y install bind-utils
[11:44:13 root@yp ~] dig www.ypedu.org

; <<>> DiG 9.11.13-RedHat-9.11.13-5.el8_2 <<>> www.ypedu.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21678
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a5911820ece56fe78bd65ad25f6038a28b3a0825e94da78e (good)
;; QUESTION SECTION:
;www.ypedu.org.			IN	A

;; ANSWER SECTION:
www.ypedu.org.		86375	IN	A	10.0.0.28

;; Query time: 0 msec
;; SERVER: 10.0.0.68#53(10.0.0.68)
;; WHEN: Tue Sep 15 11:44:34 CST 2020
;; MSG SIZE  rcvd: 86