Internet全球DNS简单模拟实现

1、模拟互联网的搭建DNS服务

搭建流程:方便排错验证,优先搭建web服务器方便下个服务器的模拟验证

  1. 服务器搭建顺序

    WEB服务 ---> 百度DNS主服务 ---> 百度DNS从服务 ---> 顶级域名DNS服务.com ---> 根DNS服务 ---> 企业转发DNS服务 ---> 企业DNS服务 ---> 企业客户机

  2. web服务安装httpd服务实现web服务
  3. DNS服务安装bind、bind-utils:实现DNS解析服务提供和调试功能
  4. 全局配置文件/etc/named.conf、/etc/named.rfc1912.zones的修改
  5. 解析数据库文件的编辑
  6. 配置文件的语法检查、服务配置文件重载、服务重启
  7. wen服务解析测试
  8. 服务器的规划导图如下

2、DNS服务器搭建实操

#WEB服务器10.0.0.10    centos6系统
[[email protected] ~]# yum install -y httpd chrony
[[email protected] ~]# service chronyd start
[[email protected] ~]# service iptables stop
[[email protected] ~]# getenforce 0
[[email protected] ~]# service httpd start
[[email protected] ~]# echo "this test web 10.0.0.10" > /var/www/http/index.html

#baidu主DNS服务器10.0.0.11      centos8系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl enable --now chronyd
[[email protected] ~]# systemctl enable --now named.service
[[email protected] ~]# vim /etc/named.conf
***
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
//      allow-query     { localhost; };
        allow-transfer  {none}
***
[[email protected] ~]# vim /etc/named.rfc1912.zones
***
//
zone "yun.com" {
        type master;
        file "yun.com.zone";
};

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
***
[[email protected] ~]# vim /var/named/yun.com.zone
$TTL 1D
@       IN      SOA     ns1     admin ( 1 1H 1H 1W 1D )
                NS      ns1
                NS      ns2
ns1             A       10.0.0.11
ns2             A       10.0.0.12
www             A       10.0.0.10

[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart  named

#baidu从DNS服务器       centos6
service iptables stop
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# service chronyd start
[[email protected] ~]# service named start
[[email protected] ~]# service iptables stop
[[email protected] ~]# getenforce 0
[[email protected] ~]# vim /etc/named.conf
***
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };
        allow-transfer  {none}
        recursion yes;
***
[[email protected] ~]# vi /etc/named.rfc1912.zones
***
//

zone "yun.com" {
        type slave;
        masters {10.0.0.11;};
        file "slaves/yun.com.zone";
};

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

***
[[email protected] ~]#ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 347 Feb 13 21:14 yun.com.zone
[[email protected] ~]# rndc reload
[[email protected] ~]# service named restart

#互联网顶级域名comDNS服务器       centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now  firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now  named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };
        allow-transfer  {none}

***
[[email protected] ~]# vi /etc/named.rfc1912.zones
***
//
zone "com"{
        type master;
        file "com.zone";
};

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

***
[[email protected] ~]# vi /var/named/com.zone
***
$TTL 1D
@       IN      SOA     ns1     yun ( 2 1D 1H 1W 1D )
                NS      ns1
yun             NS      ns2
ns1             A       10.0.0.13
ns2             A       10.0.0.11
ns2             A       10.0.0.12

***
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named

#互联网根DNS服务器     centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now  firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now  named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };
        allow-transfer  {none}

***
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type master;
        file "root.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[[email protected] ~]# vi /var/named/root.zone
***
$TTL 1D
@       IN      SOA     ns1     yun ( 2 1D 1H 1W 1D )
                NS      ns1
com             NS      ns2
ns1             A       10.0.0.14
ns2             A       10.0.0.13
***
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named

#企业内部转发DNS服务器       ubuntu系统
[email protected]:~# apt install -y bind9 chrony
[email protected]:~# systemctl disable --now ufw.service
[email protected]:~# systemctl enable  --now named chronyd
[email protected]:~# vim /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replac
        // the all-0's placeholder.
        forward only;
        forwarders {
                10.0.0.14;
        };
        dnssec-validation no;           #
***
[email protected]:~# systemctl restart named

#企业内部转发DNS      centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now  firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now  named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };
        allow-transfer  {none}

***
        dnssec-enable no;
        dnssec-validation no;
***
[[email protected] ~]# vi /var/named/named.ca
; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      a.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net.     518400  IN      A       10.0.0.14

[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named

3、安装过程中遇到坑

  1. 服务器安装之前一定一定一定要确认时间同步!!!selinux关闭!!!防火墙关闭!!!
  2. 安装过程中遇到路由不通的现象导致外网不能访问,很奇怪!服务都能正常安装了就是启动了named服务之后,路由不通。经过排查查看服务启动过程的信息提示和系统日志提示发现外网不同,导致named服务启动过程中一直访问根服务器超时。现象如下:

    日志提示信息

    服务启动状态提示信息

    处理过程:

    重新弄配置的网络信息、路由表
    防火墙和selinux再次确认关闭

  3. bind软件的配置文件必须格式无错,否则服务报错不能正常启动。
    bind再带rndc命令可以检查配置文件的书写失误
    命令:named-checkconf

原文地址:https://www.cnblogs.com/-one/p/12305764.html

时间: 2024-10-16 18:12:48

Internet全球DNS简单模拟实现的相关文章

HDU-1034-Candy Sharing Game(C++ &amp;&amp; 简单模拟)

Candy Sharing Game Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others) Total Submission(s): 3703    Accepted Submission(s): 2311 Problem Description A number of students sit in a circle facing their teacher in the cent

Jquery源码分析与简单模拟实现

前言 最近学习了一下jQuery源码,顺便总结一下,版本:v2.0.3 主要是通过简单模拟实现jQuery的封装/调用.选择器.类级别扩展等.加深对js/Jquery的理解. 正文 先来说问题: 1.jQuery为什么能使用$的方式调用,$是什么.$()又是什么.链式调用如何实现的 2.jQuery的类级别的扩展内部是怎样实现的,方法级别的扩展有是怎样实现的,$.fn又是什么 3.jQuery选择器是如何执行的,又是如何将结果包装并返回的 带着这些问题,我们进行jquery的模拟实现,文章下方有

Linux 内核 链表 的简单模拟(2)

接上一篇Linux 内核 链表 的简单模拟(1) 第五章:Linux内核链表的遍历 /** * list_for_each - iterate over a list * @pos: the &struct list_head to use as a loop cursor. * @head: the head for your list. */ #define list_for_each(pos, head) for (pos = (head)->next; pos != (head);

HDU 1048 What Is Your Grade? (简单模拟)

 What Is Your Grade? Problem Description "Point, point, life of student!" This is a ballad(歌谣)well known in colleges, and you must care about your score in this exam too. How many points can you get? Now, I told you the rules which are used in

JavaWeb学习总结(四十九)——简单模拟Sping MVC

在Spring MVC中,将一个普通的java类标注上Controller注解之后,再将类中的方法使用RequestMapping注解标注,那么这个普通的java类就够处理Web请求,示例代码如下: 1 /** 2 * 使用Controller注解标注LoginUI类 3 */ 4 @Controller 5 public class LoginUI { 6 7 //使用RequestMapping注解指明forward1方法的访问路径 8 @RequestMapping("LoginUI/Lo

简单模拟Hibernate的主要功能实现

在学习期间接触到Hibernate框架,这是一款非常优秀的O/R映射框架,大大简化了在开发web项目过程中对数据库的操作.这里就简单模拟其底层的实现. /*******代码部分,及其主要注解**********************/1.实体类User:public class User {    private int id;    private String username;    private String password; public int getId() {       

ZOJ 3804 YY&#39;s Minions (简单模拟)

1 /* 2 题意:一个矩阵中有 n*m个宠物,每一个宠物都有一个状态, 1醒着的,0睡着的 3 X离开的!如果这个宠物(醒着的)的周围醒着的个数>3 || <2它就会睡着, 4 如果这个宠物(睡着的)的周围醒着的个数==3就会醒来! 5 每一分钟都会有变换一个状态! 6 其中会有些宠物会在给定的时间内离开! 7 */ 8 #include<iostream> 9 #include<cstring> 10 #include<cstdio> 11 #inclu

Codeforces Round #259 (Div. 2) (简单模拟实现题)

题目链接:http://codeforces.com/problemset/problem/454/A A. Little Pony and Crystal Mine time limit per test 1 second memory limit per test 256 megabytes input standard input output standard output Twilight Sparkle once got a crystal from the Crystal Mine

HDU 4891 简单模拟

The Great Pan Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/65536 K (Java/Others)Total Submission(s): 1035    Accepted Submission(s): 355 Problem Description As a programming contest addict, Waybl is always happy to take part in vario