DNS实现Internet dns架构
实验目的
搭建DNS实现internet dns 架构
前期装备工作
关闭SElinux
vim /etc/sysconfig/selinux
SELINUX=disabled
关闭防火墙
systemctl stop firewalld 临时关闭
systemctl disable firewalld 禁止开机启动
使用/misc/cd,本机是centos7对应/misc/cd。
yum install autofs -y
systemctl start autofs
systemctl enable autofs
安装epel源
yum -y install epel-release
或者自建yum源
mkdir /etc/yum.repos.d/yum/
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/yum/
vim /etc/yum.repos.d/base.repo
[base]
name=base
baseurl=file:///misc/cd
gpgcheck=0
[epel]
name=EPEL
#baseurl=http://mirrors.sohu.com/fedora-epel/7/x86_64/
baseurl=https://mirrors.aliyun.com/epel/7/x86_64/
gpgcheck=0
enabled=1
yum repolist 确认epel源可用
实验环境
centos7 www 192.168.37.108 网站
centos7 slave 192.168.37.118 从服务器
centos7 master 192.168.37.128 主服务器
centos7 comdns 192.168.37.138 com服务器
centos7 rootdns 192.168.37.148 根服务器
centos7 ldns 192.168.37.158 电信DNS
centos7 client 192.168.37.168 客户端
7台主机在同⼀⽹段,图形界⾯内存不⾜,默认改为多⽤户模式,重启时⽣效。
[1] centos7 192.168.37.108 网站
yum install httpd -y
systemctl start httpd
echo "<h1>welcome to www.magedu.com</h1>" > /var/www/html/index.html
[2] centos7 192.168.37.168 客户端
vim /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
NAME=eth0
IPADDR=192.168.37.168
NETMASK=255.255.255.0
DEVICE=eth0
DNS1=114.114.114.114
ONBOOT=yes
# 重启
systemctl restart network
[3] centos7 master 192.168.23.128 主服务器
#服务端安装bind
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
#修改bind 配置文件
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { 192.168.37.118; };
vim /etc/named.rfc1912.zones 加上这段
zone "magedu.com" {
type master;
file "cuiran.com.zone";
};
vim /var/named/cuiran.com.zone
$TTL 1D
@ IN SOA ns1 adm.cuiran.com. ( 1 1H 10M 1D 3H )
NS ns1
NS ns2
ns1 A 192.168.37.128
ns2 A 192.168.37.118
www A 192.168.37.108
chgrp named /var/named/magedu.com.zone 安全加固
chmod 640 /var/named/magedu.com.zone
systemctl start named 第一次启动
rndc reload 不是第一次启动
[4] 在客户端上验证结果,centos7 client 192.168.37.168
dig www.cuiran.com @192.168.37.128
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> www.cuiran.com @192.168.37.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56154
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cuiran.com. IN A
;; ANSWER SECTION:
www.cuiran.com. 86400 IN A 192.168.37.108
;; AUTHORITY SECTION:
cuiran.com. 86400 IN NS ns1.cuiran.com.
cuiran.com. 86400 IN NS ns2.cuiran.com.
;; ADDITIONAL SECTION:
ns1.cuiran.com. 86400 IN A 192.168.37.128
ns2.cuiran.com. 86400 IN A 192.168.37.118
;; Query time: 1 msec
;; SERVER: 192.168.37.128#53(192.168.37.128)
;; WHEN: Tue Jul 02 15:11:58 CST 2019
;; MSG SIZE rcvd: 127
[5] centos7 slave 192.168.23.118 从服务器
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { none; };
vim /etc/named.rfc1912.zones 加上这段
zone "cuiran.com" {
type slave;
masters { 192.168.37.128; };
file "slaves/cuiran.com.zone.slave";
};
systemctl start named 第一次启动
rndc reload 不是第一次启动
[6] 测试,主服务器上复制过来了
ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 304 May 10 15:39 cuiran.com.zone
[7]在客户端上验证结果,centos7 client 192.168.37.168
dig www.cuiran.com @192.168.37.118
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> www.cuiran.com @192.168.37.118
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cuiran.com. IN A
;; ANSWER SECTION:
www.cuiran.com. 86400 IN A 192.168.37.108
;; AUTHORITY SECTION:
cuiran.com. 86400 IN NS ns1.cuiran.com.
cuiran.com. 86400 IN NS ns2.cuiran.com.
;; ADDITIONAL SECTION:
ns1.cuiran.com. 86400 IN A 192.168.37.128
ns2.cuiran.com. 86400 IN A 192.168.37.118
;; Query time: 3 msec
;; SERVER: 192.168.37.118#53(192.168.37.118)
;; WHEN: Tue Jul 02 15:10:55 CST 2019
;; MSG SIZE rcvd: 127
[8] centos7 comdns 192.168.37.138 com服务器
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
#修改bind配置文件
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#修改域配置文件
vim /etc/named.rfc1912.zones 加上这段
zone "com" {
type master;
file "com.zone";
};
vim /var/named/com.zone
$TTL 1D
@ IN SOA ns1 admin.cuiran.com. ( 1 1D 1H 1W 3D )
NS ns1
cuiran NS ns2
cuiran NS ns3
ns1 A 192.168.37.138
ns2 A 192.168.37.128
ns3 A 192.168.37.118
systemctl start named 第一次启动
rndc reload 不是第一次启动
[9] 在客户端上验证结果,centos7 client 192.168.37.168
dig www.cuiran.com @192.168.37.138
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> www.cuiran.com @192.168.37.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36975
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cuiran.com. IN A
;; ANSWER SECTION:
www.cuiran.com. 11352 IN A 192.168.37.108
;; AUTHORITY SECTION:
cuiran.com. 86400 IN NS ns2.com.
cuiran.com. 86400 IN NS ns3.com.
;; ADDITIONAL SECTION:
ns2.com. 86400 IN A 192.168.37.128
ns3.com. 86400 IN A 192.168.37.118
;; Query time: 0 msec
;; SERVER: 192.168.37.138#53(192.168.37.138)
;; WHEN: Wed Jul 03 12:16:06 CST 2019
;; MSG SIZE rcvd: 135
[10] centos7 rootdns 192.168.37.148 根服务器
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
改为:
zone "." IN {
type master;
file "root.zone";
};
vim /var/named/root.zone
$TTL 1D
@ IN SOA ns1 admin.cuiran.com. (1 1D 1H 1W 3D)
NS ns1
com NS comns
ns1 A 192.168.37.148
comns A 192.168.37.138
chgrp named /var/named/magedu.com.zone 安全加固
chmod 640 /var/named/magedu.com.zone
systemctl start named 第一次启动
rndc reload 不是第一次启动
[11] centos7 ldns 192.168.23.158 电信DNS
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no
vim /var/named/name.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 518400 IN A 192.168.37.148
systemctl start named 第一次启动
rndc reload 不是第一次启动
[12] 在192.168.37.168测试
#查看本地DNS
cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.37.158
dig www.cuiran.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> www.cuiran.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17416
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cuiran.com. IN A
;; ANSWER SECTION:
www.cuiran.com. 86400 IN A 192.168.37.108
;; AUTHORITY SECTION:
cuiran.com. 65215 IN NS ns1.cuiran.com.
cuiran.com. 65215 IN NS ns2.cuiran.com.
;; ADDITIONAL SECTION:
ns2.cuiran.com. 65215 IN A 192.168.37.118
ns1.cuiran.com. 65215 IN A 192.168.37.128
;; Query time: 17 msec
;; SERVER: 192.168.37.158#53(192.168.37.158)
;; WHEN: Wed Jul 03 19:24:59 CST 2019
;; MSG SIZE rcvd: 127
