实验:实现ineternet dns架构

前期准备:我使用的是192.168.141.xx网段,centos6做localdns,centos7做www.magedu.com,需要7台机器,分别是:
client,ldns,rootdns,comdns,magedumasterdns,mageduslavedns,webserver(www.magedu.com)

A、搭建centos7的网站并编辑各部分的IP地址:
[root@centos7 ~]# yum install httpd
[root@centos7 ~]# vim /var/www/html/index.html
<H1>welcome to magedu.com</h1>
[root@centos7 ~]# systemctl restart httpd
[root@centos7 ~]#

[root@master ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:89:2c:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.27/24 brd 192.168.141.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe89:2c05/64 scope link
valid_lft forever preferred_lft forever
[root@slave ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e2:dd:28 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.37/24 brd 192.168.141.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:dd28/64 scope link
valid_lft forever preferred_lft forever
[root@comdns ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:40:40:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.17/24 brd 192.168.141.255 scope global eth0
inet6 fe80::20c:29ff:fe40:4073/64 scope link
valid_lft forever preferred_lft forever
[root@rootdns ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:43:c8:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.7/24 brd 192.168.141.255 scope global eth0
inet6 fe80::20c:29ff:fe43:c8a8/64 scope link
valid_lft forever preferred_lft forever
[root@LocalDNS ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:83:dd:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.141.6/24 brd 192.168.141.255 scope global eth0
inet6 fe80::20c:29ff:fe83:dd6c/64 scope link
valid_lft forever preferred_lft forever
B、配置相关的配置文件:
[root@master ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer {192.168.141.37;};
将此两项注释掉。并加入 “ allow-transfer {192.168.141.37;}; ”表示只允许从服务器来抓取记录。
[root@master ~]# rndc reload
server reload successful 此处要重启一下服务。
[root@master ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
zone "magedu.com" {
type master;
file "magedu.com.zone";
}; 把“ zone ..}; ”添入。
[root@master ~]# vim /var/named/magedu.com.zone

$TTL 1D
@ IN SOA master admin.magedu.com ( 1 1D 1H 1W 3H )
NS master
NS slave
master A 192.168.141.27
slave A 192.168.141.37
www A 192.168.141.254
此步骤是编辑该文件,把网站的域名写入。
更改权限及所属组:
[root@master ~]# chmod 640 /var/named/magedu.com.zone
[root@master ~]# chgrp named /var/named/magedu.com.zone
[root@master ~]# systemctl start named
[root@master ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /us
r/lib/systemd/system/named.service.
因为我恢复了快照,数据没有了,我就重新编辑了数据库,在此处补上内容如下:
[root@master ~]# vim magedu.com.zone
$TTL 1D
@ IN SOA master admin.magedu.com ( 1 1D 1H 1W 3H )
NS master
NS slave
master A 192.168.141.27
slave A 192.168.141.37
www A 192.168.141.254
我们现在重启一下服务,如下所示,没有报错提示,说明已经成功。
[root@master ~]# systemctl restart named
[root@master ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-02-14 14:22:29 CST; 21s ago
Process: 21030 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 21045 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 21042 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 21047 (named)
Tasks: 7
CGroup: /system.slice/named.service
└─21047 /usr/sbin/named -u named -c /etc/named.conf

Feb 14 14:22:29 master named[21047]: command channel listening on ::1#953
Feb 14 14:22:29 master named[21047]: managed-keys-zone: journal file is out of date: removing journal file
Feb 14 14:22:29 master named[21047]: managed-keys-zone: loaded serial 2
Feb 14 14:22:29 master named[21047]: zone localhost/IN: loaded serial 0
Feb 14 14:22:29 master named[21047]: zone magedu.com/IN: loaded serial 1
Feb 14 14:22:29 master named[21047]: zone localhost.localdomain/IN: loaded serial 0
Feb 14 14:22:29 master named[21047]: all zones loaded
Feb 14 14:22:29 master named[21047]: running
Feb 14 14:22:29 master named[21047]: zone magedu.com/IN: sending notifies (serial 1)
Feb 14 14:22:29 master systemd[1]: Started Berkeley Internet Name Domain (DNS).
我们现在去localdns上dig一下网络,显示如下:
[root@LocalDNS ~]# dig www.magedu.com @192.168.141.27

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.magedu.com. IN A

;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.141.254

;; AUTHORITY SECTION:
magedu.com. 86400 IN NS slave.magedu.com.
magedu.com. 86400 IN NS master.magedu.com.

;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.141.27
slave.magedu.com. 86400 IN A 192.168.141.37

;; Query time: 8 msec
;; SERVER: 192.168.141.27#53(192.168.141.27)
;; WHEN: Fri Feb 8 13:18:01 2019
;; MSG SIZE rcvd: 121
到此,我们的主dns服务器已经建好。
C、我们现在去建从服务器:
[root@slave ~]# vim /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer {none;}; 照例将此两项注释掉,我们为了安全起见,加入 “ allow-transter {none;}; ”作为从服务器是不允许任何人从我这里抓取记录的。
[root@slave ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
zone "magedu.com" {
type sla[root@slave ~]# vim /etc/named.rfc1912.zones

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "magedu.com" {
type slave;
masters {192.168.141.27;};
file "slaves/magedu.com.zone"; };
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
我们将
zone "magedu.com" {
type slave;
master {192.168.141.27;};
file "slaves/magedu.com.zone"; }填入。
[root@slave ~]# systemctl start named
[root@slave ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 330 Feb 14 14:51 magedu.com.zone
以上内容可以看到,数据库内容已被成功复制过来了。说明主从已经实现复制了。
现在,我们去在localdns上dig一下网络:
[root@LocalDNS ~]# dig www.magedu.com @192.168.141.37

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7460
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.magedu.com. IN A

;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.141.254

;; AUTHORITY SECTION:
magedu.com. 86400 IN NS slave.magedu.com.
magedu.com. 86400 IN NS master.magedu.com.

;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.141.27
slave.magedu.com. 86400 IN A 192.168.141.37

;; Query time: 4 msec
;; SERVER: 192.168.141.37#53(192.168.141.37)
;; WHEN: Fri Feb 8 14:02:32 2019
;; MSG SIZE rcvd: 121 说明已经成功。
此时如果我们想要主从同步,就要在配置文件中加入如下内容:
将“ blog A 192.168.141.154 ”加入。注意:现在的版本号就应该是“ 2 ”了。
[root@master ~]# vim magedu.com.zone
$TTL 1D
@ IN SOA master admin.magedu.com ( 2 1D 1H 1W 3H )
NS master
NS slave
master A 192.168.141.27
slave A 192.168.141.37
www A 192.168.141.254
blog A 192.168.141.154
[root@LocalDNS ~]# dig blog.magedu.com @192.168.141.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> blog.magedu.com @192.168.141.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56467
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;blog.magedu.com. IN A

;; AUTHORITY SECTION:
magedu.com. 10800 IN SOA master.magedu.com. admin.magedu.com.magedu.com. 1 86400 3600 604800 10800

;; Query time: 1 msec
;; SERVER: 192.168.141.37#53(192.168.141.37)
;; WHEN: Fri Feb 8 14:06:13 2019
;; MSG SIZE rcvd: 93
此时就算是dig blog也能同步出现查询结果。
D、我们去建comdns。
[root@comdns ~]# vim /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; }; 照例注释掉该两项。
[root@comdns ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "com" {
type master;
file "com.zone";
}; 将该内容填入。
[root@comdns named]# vim com.zone

$TTL 1D
@ IN SOA master admin.magedu.com ( 2 1D 1H 1W 3H ) NS master
master NS dns1 (子域委派给了27和37来管理)
master NS dns2

master A 192.168.141.17
dns1 A 192.168.141.27
dns2 A 192.168.141.37
comdns是把magedu.com委派给141.37和141.27的,
[root@comdns named]# service named start
Starting named: [ OK ]
此时,我们去localdns上dig一下网络,192.168.141.17上没有blog,它被委派给了27和37,若能dig出结果,说明成功了,如下:
[root@LocalDNS ~]# dig blog.magedu.com @192.168.141.17

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> blog.magedu.com @192.168.141.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54859
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;blog.magedu.com. IN A

;; AUTHORITY SECTION:
magedu.com. 10800 IN SOA master.magedu.com. admin.magedu.com.magedu.com. 1 86400 3600 604800 10800

;; Query time: 8 msec
;; SERVER: 192.168.141.17#53(192.168.141.17)
;; WHEN: Fri Feb 8 15:34:11 2019
;; MSG SIZE rcvd: 93

[root@LocalDNS ~]# dig www.magedu.com @192.168.141.17

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33362
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.magedu.com. IN A

;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.141.254

;; AUTHORITY SECTION:
magedu.com. 86400 IN NS dns2.com.
magedu.com. 86400 IN NS dns1.com.

;; ADDITIONAL SECTION:
dns1.com. 86400 IN A 192.168.141.27
dns2.com. 86400 IN A 192.168.141.37

;; Query time: 7 msec
;; SERVER: 192.168.141.17#53(192.168.141.17)
;; WHEN: Fri Feb 8 15:37:07 2019
;; MSG SIZE rcvd: 118
blog和www都没问题。

主从复制号称有容错性,我们把192.168.141.27的主服务down了,去dig27是无反应的,但是37是正常的,然而dig17同样可以查询出结果。所以,此处体现出容错性。

E、我们现在该建rootdns了。
[root@rootdns yum.repos.d]# vim /etc/named.conf
// named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes; 注释掉两项。
现在我们去localdns上dig一下网络:
[root@LocalDNS ~]# dig www.magedu.com @192.168.141.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8006
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A

;; ANSWER SECTION:
www.magedu.com. 86020 IN A 192.168.141.254

;; AUTHORITY SECTION:
magedu.com. 86020 IN NS dns1.com.
magedu.com. 86020 IN NS dns2.com.

;; ADDITIONAL SECTION:
dns2.com. 86020 IN A 192.168.141.37
dns1.com. 86020 IN A 192.168.141.27

;; Query time: 5 msec
;; SERVER: 192.168.141.7#53(192.168.141.7)
;; WHEN: Fri Feb 8 17:33:28 2019
;; MSG SIZE rcvd: 118
目前,我们的7,17,27,37,都可以dig成功。
F、我们要搭建本地dns:
[root@LocalDNS yum.repos.d]# vim /etc/named.conf
[root@LocalDNS yum.repos.d]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes; 此两处照例注释掉。

    dnssec-enable no;
    dnssec-validation no;此处的dns解密的两个功能都给关闭为“ no ”,
   /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

[root@LocalDNS yum.repos.d]# vim /var/named/named.ca

. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 192.168.141.254
上述内容解释:因为我们自己搭建了一个根,所以要修改 /var/named/named.ca ,把IP改为自己搭建的IP。
[root@LocalDNS yum.repos.d]# service named restart
Stopping named: [ OK ]
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
到此,我们的dns配置就完成了。我们拿windows来测一下:

上图可看出,Windows可以ping通192.168.141.254的网站。
我们修改一下windows的ip就可以用www.magedu.com的名字来访问网站了。

到此,本实验正式结束。

原文地址:http://blog.51cto.com/14128387/2350331

时间: 2024-11-08 23:45:03

实验:实现ineternet dns架构的相关文章

ineternet dns架构的实现

ineternet dns架构的实现 互联网中dns的架构为下图所示 主机 OS IP www centos6 192.168.73.2 client centos6 192.168.73.3 mylinuxopsdns1 centos7 192.168.73.10 mylinuxopsdns2 centos7 192.168.73.20 comdns centos7 192.168.73.30 rootdns centos7 192.168.73.40 ldns centos7 192.168

搭建DNS主从服务器实现反向解析,子域,转发,智能DNS及排错和互联网DNS架构实验

1基本知识点 DNS服务 DNS:Domain Name System 应用层协议C/S,53/udp, 53/tcpBIND:Bekerley Internat Name DomainISC (www.isc.org)本地名称解析配置文件:hosts DNS域名 根域一级域名:Top Level Domain: tldcom, edu, mil, gov, net, org, int,arpa三类:组织域.国家域(.cn, .ca, .hk, .tw).反向域二级域名三级域名最多127级域名I

互联网DNS架构模拟

本文模拟互联网的DNS架构,由1台客户端,1台运营商DNS服务器,1台根域服务器,1台.com域服务器,两台DNS服务器做主从,两台Web服务器,共8台机器构成,实现互联网上的DNS解析模拟. DNS服务的基础知识可参考上一篇博客http://blog.51cto.com/13695854/2132307 在此实验中配置完1台服务器就测试1台,以免故障堆积后不好排查,以下是各台服务器的配置   1.Web服务器1 #192.168.30.8 yum -y install httpd  #安装ht

Cisco PT模拟实验(21) 两层架构网络搭建的综合配置

Cisco PT模拟实验(21) 两层架构网络搭建的综合配置 实验目的: 熟悉网络的二层结构模型及原理 掌握路由交换的基本配置方法 掌握搭建两层架构网络的常用技术 实验背景: 情景:A公司企业网计划接入互联网,向 ISP申请了一条专线并拥有足够的公有IP地址,现要求搭建一个简易两层架构的企业内部网,具体构建需求如下: ①企业内网划分多个vlan ,减少广播域大小,提高网络稳定性 ②将用户网关配置在核心交换机上 ③搭建DHCP服务器,实现终端用户自动获取IP地址 ④在出口路由器上配置NAPT映射

Linux之实现Internet,DNS架构

实现Internet,DNS架构 有7台虚拟机,架构如图所示.所有主机基于根DNS都做了key验证,根服务器可以基于PSSH轻量级运维工具对所有主机进行配置.先说说排坑,这些台linux主机都是基于pxe自动安装的,最小化安装,配置基本类似,所有内置了yum本地源和epel源(sohu epel生效中),然后当我在web服务器上安装httpd时,由于网卡无外网地址,会报错,不走本地源,只好禁用epel.httpd服务安装成功.还有就是rndc reload这个命令,默认是没有rndc.key的,

针对DNS学习后的一个模拟互联网架构实验

互联网DNS架构实验 针对系统学习DNS后的一个实验 架构图 共7台主机,联合实现互联网dns架构 1将客户端dns服务器指向本地dns服务器 2将网站搭建好 root:~ # yum install httpd root:~ # cd /var/www/html/ root:/var/www/html # echo 192.168.64.57,hello >index.html root:/var/www/html # chmod a+r index.html root:/var/www/ht

从根开始的DNS服务器架构,让整个互联网掌控于你的手中

做为想完全掌握DNS服务的同学来说,就很有必要去理解一下,到底我们做为客户机在上网时把DNS地址指向电信提供的DNS服务器后,我们在浏览器上输入一个域名的同时,这些DNS服务器是如何帮我们解析出对应的IP地址的.那么今天就给大家揭密一下,如何从根开始搭建一个完整的互联网体系下的DNS服务器架构,从此,让整体互联网从你开始,让整个互联网掌控于你的手中. 环境需求: 1.5台DNS服务器 2.操作系统版本:Centos7.2 3.DNS解析器(bind)版本:9.9.4 架构部署如图所示 .服务器:

CentOS7 DNS相关实验

实验一:单节点正向解析+逆向解析+递归功能 实验环境如下: 主机IP 描述 192.168.5.181 内网DNS server,与网关为172.16.0.1,网关直连外网并提供DNS功能 192.168.5.182 内网客户端 实验步骤:在192.168.5.181这台机器上面安装bind yum install -y bind 编辑/etc/named.conf如下所示,修改allow-query 为 any 从而让所有主机都有进行DNS查询的权限:添加 forward only 和 for

DNS生产系统架构

主机名控制者: DNS 服务器地址:http://vbird.dic.ksu.edu.tw/linux_server/0350dns_1.php 整个分层查询的流程就是这样,总是得要先经过 . 来向下一层进行查询,最终总是能得到答案的.这样分层的好处是: 主机名修改的仅需自己的 DNS 更动即可,不需通知其他人: 当一个『合法』的 DNS 服务器里面的设定修改了之后,来自世界各地任何一个 DNS 的要求,都会正确无误的显示正确的主机名对应 IP 的信息,因为他们会一层一层的寻找下来.所以,要找你