DNS服务和BIND实战案例
实战案例:实现Internet的DNS服务架构
1 实验目的
搭建DNS实现internet dns架构
2 环境要求
需要8台主机
DNS客户端:10.0.0.106
本地DNS服务器(只缓存):10.0.0.116
转发目标DNS服务器:10.0.0.104
根DNS服务器:10.0.0.103
club域DNS服务器:10.0.0.107
swyer.club域主DNS服务器:10.0.0.111
swyer.club域从DNS服务器:10.0.0.105
www.swyer.club的web服务器:10.0.0.110
3 前提准备
关闭SElinux
关闭防火墙
时间同步
4 实现步骤
实现思路:先从web服务器–>swyer.club MasterDNS–>swyer.club SlaveDNS–>club DNS–>RootDNS–>Forward-DNS–>LocalDNS的步骤搭建,因为这样的话,搭建成一个可以进行测试,有问题及时解决!
11.4.1 客户端配置DNS服务器
4.1 客户端配置DNS服务器
#在10.0.0.106上配置
[root@client ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@client ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.106
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.116 #本地缓存服务器
ONBOOT=yes
[root@client ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 10.0.0.106 is already in use for device eth0...
[ OK ]
[root@client ~]#
4.2 实现web服务
#在10.0.0.110上配置
[root@web-server ~]# echo www.swyer.club >/var/www/html/index.html
[root@web-server ~]# systemctl start httpd
[root@web-server ~]#
4.3 实现swyer.club域的主DNS服务器
#在10.0.0.111上配置
[root@master-dns ~]# yum install bind -y
[root@master-dns ~]# vim /etc/named.conf
#注释一下两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#只允许从服务器进行区域传输
allow-transfer{10.0.0.105;};
[root@master-dns ~]# vim /etc/named.rfc1912.zones
#加上如下zone
zone "swyer.club" {
type master;
file "swyer.club.zone";
};
[root@master-dns ~]# vim /var/named/swyer.club.zone
$TTL 1D
@ IN SOA master admin.sweyr.club. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.111
slave A 10.0.0.105 #从DNS服务器地址
www A 10.0.0.110 #web服务器地址
#安全访问权限
[root@master-dns ~]# chown root:named /var/named/swyer.club.zone
[root@master-dns ~]# ll /var/named/swyer.club.zone
-rw-r----- 1 root named 211 Feb 14 22:49 /var/named/swyer.club.zone
[root@master-dns ~]# systemctl start named #非第一次启动可用rdnc reload
#这时可以在客户端client10.0.0.106上测试,看是否成功
dig www.swyer.club @10.0.0.111
4.4 实现swyer.club域的从DNS服务器配置
#在10.0.0.105上配置
[root@slave-dns ~]# yum install bind -y
[root@slave-dns ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#不允许其它主机进行区域传输
allow-transfer { none;};
[root@slave-dns ~]# vim /etc/named.rfc1912.zones
zone "swyer.club" {
type slave;
masters {10.0.0.111;}; #主DNS服务器地址
file "slaves/swyer.club.slave";
};
[root@slave-dns ~]#systemctl start named
#查看区域数据库文件是否自动生成
[root@slave-dns ~]# ll /var/named/slaves/swyer.club.slave
-rw-r--r-- 1 named named 319 Feb 14 22:55 /var/named/slaves/swyer.club.slave
[root@slave-dns ~]#
#这时可以在客户端client10.0.0.106上测试,看是否成功
dig www.swyer.club @10.0.0.105
4.5 实现club域的主DNS服务器配置
#在10.0.0.107上配置
[root@club-dns ~]# yum install bind -y
[root@club-dns ~]# vim /etc/named.conf
#注释掉两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
[root@club-dns ~]# vim /etc/named.rfc1912.zones
#加上这段
zone "club" {
type master;
file "club.zone";
};
[root@club-dns ~]# cp -p /var/named/named.localhost /var/named/club.zone
[root@club-dns ~]# vim /var/named/club.zone
[root@club-dns ~]# cat /var/named/club.zone
$TTL 1D
@ IN SOA ns1 admin (
2 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1
swyer NS swyerns1
swyer NS swyerns2
ns1 A 10.0.0.107
swyerns1 A 10.0.0.111 #主DNS服务器
swyerns2 A 10.0.0.105 #从DNS服务器
[root@club-dns ~]# systemctl start named
#这时可以在客户端client10.0.0.106上测试,看是否成功
dig www.swyer.club @10.0.0.107
4.6 实现根域的主DNS服务器
#在10.0.0.103上配置
[root@root-dns ~]#yum install bind -y
[root@root-dns ~]#vim /etc/named.conf
#注释掉这两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
zone "." IN {
type master;
file "root.zone";
};
[root@root-dns ~]#vim /var/named/root.zone
[root@root-dns ~]#cat /var/named/root.zone
$TTL 1D
@ IN SOA master admin (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
club NS clubns
master A 10.0.0.103
clubns A 10.0.0.107 #club DNS
[root@root-dns ~]#
[root@root-dns ~]# chgrp named /var/named/root.zone
[root@root-dns ~]# chmod 640 /var/named/root.zone
[root@root-dns ~]# systemctl start named
#这时可以在客户端client10.0.0.106上测试,看是否成功
dig www.swyer.club @10.0.0.103
4.7 实现转发目标的DNS服务器
#在10.0.0.104上配置
[root@forward-dns ~]# dnf install bind -y
[root@forward-dns ~]# vim /etc/named.conf
#注释掉两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
[root@forward-dns ~]# vim /var/named/named.ca
[root@forward-dns ~]# cat /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 518400 IN A 10.0.0.103 #根服务器地址
[root@forward-dns ~]# systemctl start named
#这时可以在客户端client10.0.0.106上测试,看是否成功
dig www.swyer.club @10.0.0.104
4.8 实现本地只缓存DNS服务器
#在10.0.0.116上配置
[root@onlycache-dns ~]# yum install bind -y
[root@onlycache-dns ~]# vim /etc/named.conf
#注释掉两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#转发功能开启,启动only模式,转发的是10.0.0.104这个服务器
forward only;
forwarders { 10.0.0.104;};
#关闭下面两项
dnssec-enable no;
dnssec-validation no
[root@onlycache-dns ~]# systemctl start named
4.9 客户端测试
[root@client ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain
nameserver 10.0.0.116 #指向本地缓存服务器
[root@client ~]# curl www.swyer.club
www.swyer.club
[root@client ~]# dig www.swyer.club
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.swyer.club
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59528
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.swyer.club. IN A
;; ANSWER SECTION:
www.swyer.club. 83611 IN A 10.0.0.110
;; AUTHORITY SECTION:
club. 83611 IN NS clubns.
;; ADDITIONAL SECTION:
clubns. 83611 IN A 10.0.0.111
;; Query time: 1 msec
;; SERVER: 10.0.0.116#53(10.0.0.116)
;; WHEN: Fri Feb 14 12:28:41 2020
;; MSG SIZE rcvd: 84
[root@client ~]#
Is's OK!!!