一、实验目的
搭建DNS实现internet dns架构
二、环境
8台主机分别为:
- ypdeu.org域主DNS服务器:10.0.0.8
- ypdeu.org域从DNS服务器:10.0.0.18
- www.ypedu.org的web服务器:10.0.0.28
- org域DNS服务器:10.0.0.38
- root根DNS服务器:10.0.0.48
- forward转发DNS服务器:10.0.0.58
- local本地DNS缓存服务器:10.0.0.68
- 客户端:10.0.0.78
三、提前准备
关闭防火墙
关闭SELinux
时间同步
四、实验步骤
4.1配置各主机网络
将各服务器网络配置完毕,将客户端dns改为主DNS
[09:11:53 root@yp ~] vi /etc/sysconfig/network-scripts/ifcfg-eth0
NAME=eth0
DEVICE=eth0
IPADDR=10.0.0.78
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.8
[09:11:53 root@yp ~] nmcli c reload
[09:11:53 root@yp ~] nmcli c up eth0
4.2实现web服务
在web服务器10.0.0.28上配置:
[09:11:53 root@yp ~]yum install httpd
[09:11:53 root@yp ~]systemctl start httpd
4.3 实现ypedu.org域主DNS配置
在域主DNS10.0.0.8上配置:
[09:11:53 root@yp ~]yum -y install bind
[09:11:53 root@yp ~] vi /etc/named.conf
#注释下面两行
// listen-on port 53 {
127.0.0.1; };
// allow-query {
localhost; };
#在下面添加:只允许从服务器进行区域传输
allow-transfer {
10.0.0.18; };
[09:11:53 root@yp ~] vi /etc/named.rfc1912.zones
#加上这段
zone "ypedu.org" {
type master;#宣布主域
file "ypedu.org.zone";
};
#创建域数据解析库
[09:11:53 root@yp ~] vi /var/named/ypedu.org.zone
$TTL 1D
@ IN SOA master xxxx(邮箱) ( 1 1D 1H 1w 3H )
NS master
NS slave
master A 10.0.0.8
slave A 10.0.0.18
www A 10.0.0.28
[09:11:53 root@yp ~] chgrp named /var/named/ypedu.org.zone
[09:11:53 root@yp ~] systemctl start named #启动服务
4.4 实现ypedu.org域从DNS配置
在域从DNS10.0.0.18上配置:
[09:11:43 root@slave ~] yum -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
// listen-on port 53 {
127.0.0.1; };
// allow-query {
localhost; };
#不允许其他主机进行区域传输
allow-transfer {
none; };
[09:51:44 root@slave ~] vi /etc/named.rfc1912.zones
zone "ypedu.org"{
type salve;
master {
10.0.0.8; };
file "slaves/ypedu.org.slave";
};
[10:04:38 root@slave ~] systemctl start named
#查看区域文件是否生成
[10:16:36 root@slave ~]#ls /var/named/slaves/ypedu.org.slave
/var/named/slaves/ypedu.org.slave
4.5 实现org域的主DNS服务器
在10.0.0.38上配置:
[09:11:43 root@slave ~] yum -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
// listen-on port 53 {
127.0.0.1; };
// allow-query {
localhost; };
[09:51:44 root@slave ~] vi /etc/named.rfc1912.zones
zone "org" {
type master;
file "org.zone";
};
#建立解析库文件
[10:24:09 root@org ~] vi /var/named/org.zone
$TTL 1D
@ IN SOA master xxxxx.xx ( 1 1D 1H 1w 3D )
NS master
ypedu NS ypedudns1
ypedu NS ypedudns2
master A 10.0.0.38
ypedudns1 A 10.0.0.8
ypedudns2 A 10.0.0.18
[10:30:01 root@org ~] chgrp named /var/named/org.zone
# 启动服务
[10:30:39 root@org ~] systemctl start named
[10:31:28 root@org ~] systemctl status named
4.6实现根域的主DNS服务器
在10.0.0.48上配置:
[09:11:43 root@slave ~] yum -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
// listen-on port 53 {
127.0.0.1; };
// allow-query {
localhost; };
[10:34:25 root@root ~] vi /etc/named.rfc1912.zones
#下面加上
zone "." IN {
type master;
file "root.zone";
}
#配置解析库文件
[10:40:20 root@root ~] vi /var/named/root.zone
$TTL 1D
@ IN SOA master xxxx.xxx ( 1 1D 1H 1W 3D )
NS master
org NS orgns
master A 10.0.0.48
orgns A 10.0.0.38
#安全加固
[10:42:20 root@root ~] chgrp named /var/named/root.zone
[10:44:24 root@root ~] chmod 640 /var/named/root.zone
#启动服务
[10:45:14 root@root ~] systemctl start named
4.7实现转发DNS服务
配置10.0.0.58:
[09:11:43 root@slave ~] yum -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
// listen-on port 53 {
127.0.0.1; };
// allow-query {
localhost; };
#将下面选项改为no
dnssec-enable no;
dnssec-validation no;
[11:26:22 root@forward ~] vi /var/named/named.ca #文件修改
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 518400 IN A 10.0.0.28
[11:30:15 root@forward ~] systemctl start named
4.7实现本地缓存服务器
配置10.0.0.68服务器:
扫描二维码关注公众号,回复:
12006483 查看本文章
[09:11:43 root@slave ~] yum -y install bind
[09:47:35 root@slave ~] vi /etc/named.conf
#注释两行
// listen-on port 53 {
127.0.0.1; };
// allow-query {
localhost; };
#将下面选项改为no
dnssec-enable no;
dnssec-validation no;
#添加缓存IP
forward only;
forwarders {
10.0.0.58;};
[11:30:15 root@forward ~] systemctl start named
4.8客户端测试
[11:44:39 root@yp ~] cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.68
[11:44:13 root@yp ~] yum -y install bind-utils
[11:44:13 root@yp ~] dig www.ypedu.org
; <<>> DiG 9.11.13-RedHat-9.11.13-5.el8_2 <<>> www.ypedu.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21678
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a5911820ece56fe78bd65ad25f6038a28b3a0825e94da78e (good)
;; QUESTION SECTION:
;www.ypedu.org. IN A
;; ANSWER SECTION:
www.ypedu.org. 86375 IN A 10.0.0.28
;; Query time: 0 msec
;; SERVER: 10.0.0.68#53(10.0.0.68)
;; WHEN: Tue Sep 15 11:44:34 CST 2020
;; MSG SIZE rcvd: 86