1、模拟互联网的搭建DNS服务
搭建流程:方便排错验证,优先搭建web服务器方便下个服务器的模拟验证
- 服务器搭建顺序
WEB服务 ---> 百度DNS主服务 ---> 百度DNS从服务 ---> 顶级域名DNS服务.com ---> 根DNS服务 ---> 企业转发DNS服务 ---> 企业DNS服务 ---> 企业客户机
- web服务安装httpd服务实现web服务
- DNS服务安装bind、bind-utils:实现DNS解析服务提供和调试功能
- 全局配置文件/etc/named.conf、/etc/named.rfc1912.zones的修改
- 解析数据库文件的编辑
- 配置文件的语法检查、服务配置文件重载、服务重启
- wen服务解析测试
- 服务器的规划导图如下
2、DNS服务器搭建实操
#WEB服务器10.0.0.10 centos6系统
[[email protected] ~]# yum install -y httpd chrony
[[email protected] ~]# service chronyd start
[[email protected] ~]# service iptables stop
[[email protected] ~]# getenforce 0
[[email protected] ~]# service httpd start
[[email protected] ~]# echo "this test web 10.0.0.10" > /var/www/http/index.html
#baidu主DNS服务器10.0.0.11 centos8系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl enable --now chronyd
[[email protected] ~]# systemctl enable --now named.service
[[email protected] ~]# vim /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
allow-transfer {none}
***
[[email protected] ~]# vim /etc/named.rfc1912.zones
***
//
zone "yun.com" {
type master;
file "yun.com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[[email protected] ~]# vim /var/named/yun.com.zone
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1W 1D )
NS ns1
NS ns2
ns1 A 10.0.0.11
ns2 A 10.0.0.12
www A 10.0.0.10
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named
#baidu从DNS服务器 centos6
service iptables stop
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# service chronyd start
[[email protected] ~]# service named start
[[email protected] ~]# service iptables stop
[[email protected] ~]# getenforce 0
[[email protected] ~]# vim /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-transfer {none}
recursion yes;
***
[[email protected] ~]# vi /etc/named.rfc1912.zones
***
//
zone "yun.com" {
type slave;
masters {10.0.0.11;};
file "slaves/yun.com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[[email protected] ~]#ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 347 Feb 13 21:14 yun.com.zone
[[email protected] ~]# rndc reload
[[email protected] ~]# service named restart
#互联网顶级域名comDNS服务器 centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer {none}
***
[[email protected] ~]# vi /etc/named.rfc1912.zones
***
//
zone "com"{
type master;
file "com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[[email protected] ~]# vi /var/named/com.zone
***
$TTL 1D
@ IN SOA ns1 yun ( 2 1D 1H 1W 1D )
NS ns1
yun NS ns2
ns1 A 10.0.0.13
ns2 A 10.0.0.11
ns2 A 10.0.0.12
***
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named
#互联网根DNS服务器 centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer {none}
***
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type master;
file "root.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[[email protected] ~]# vi /var/named/root.zone
***
$TTL 1D
@ IN SOA ns1 yun ( 2 1D 1H 1W 1D )
NS ns1
com NS ns2
ns1 A 10.0.0.14
ns2 A 10.0.0.13
***
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named
#企业内部转发DNS服务器 ubuntu系统
[email protected]:~# apt install -y bind9 chrony
[email protected]:~# systemctl disable --now ufw.service
[email protected]:~# systemctl enable --now named chronyd
[email protected]:~# vim /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replac
// the all-0's placeholder.
forward only;
forwarders {
10.0.0.14;
};
dnssec-validation no; #
***
[email protected]:~# systemctl restart named
#企业内部转发DNS centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
allow-transfer {none}
***
dnssec-enable no;
dnssec-validation no;
***
[[email protected] ~]# vi /var/named/named.ca
; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 518400 IN A 10.0.0.14
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named
3、安装过程中遇到坑
- 服务器安装之前一定一定一定要确认时间同步!!!selinux关闭!!!防火墙关闭!!!
- 安装过程中遇到路由不通的现象导致外网不能访问,很奇怪!服务都能正常安装了就是启动了named服务之后,路由不通。经过排查查看服务启动过程的信息提示和系统日志提示发现外网不同,导致named服务启动过程中一直访问根服务器超时。现象如下:
日志提示信息
服务启动状态提示信息
处理过程:
重新弄配置的网络信息、路由表
防火墙和selinux再次确认关闭 - bind软件的配置文件必须格式无错,否则服务报错不能正常启动。
bind再带rndc命令可以检查配置文件的书写失误
命令:named-checkconf
原文地址:https://www.cnblogs.com/-one/p/12305764.html
时间: 2024-10-16 18:12:48