ineternet dns架构的实现

ineternet dns架构的实现

互联网中dns的架构为下图所示

主机 OS IP
www centos6 192.168.73.2
client centos6 192.168.73.3
mylinuxopsdns1 centos7 192.168.73.10
mylinuxopsdns2 centos7 192.168.73.20
comdns centos7 192.168.73.30
rootdns centos7 192.168.73.40
ldns centos7 192.168.73.50

一、在www主机上部署httpd服务

1.启动httpd服务

[[email protected] ~]# service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for www
httpd: Could not reliably determine the server‘s fully qualified domain name, using 127.0.0.1 for ServerName
                                                           [  OK  ]

2.为http主机创建一个zhuye

[[email protected] ~]# echo "<h1>welcome to mylinuxops.com</h1>" > /var/www/html/index.html

3.测试

[[email protected] ~]# curl 192.168.73.2
<h1>welcome to mylinuxops.com</h1>

二、配置mylinuxopsdns1

1.安装bind服务

[[email protected] ~]# yum install bind -y

2.启动服务应设置为开机启动

[[email protected] ~]# systemctl start named
[[email protected] ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

3.修改dns主配置文件

将监听地址和允许访问的主机注释

options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };

4.修改区域配置文件,添加区域记录

[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "mylinuxops.com" IN {
        type master;
        file "mylinuxops.com.zone";
};

5.创建区域数据库文件

[[email protected] ~]# cp -p /var/named/{named.localhost,mylinuxops.com.zone}
[[email protected] ~]# vim /var/named/mylinuxops.com.zone
$TTL 1D
@       IN SOA  master admin.mylinuxops.com (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      master
        NS      slave
master  A       192.168.73.10
slave   A       192.168.73.20
www     A       192.168.73.2

6.检查语法错误

[[email protected] ~]# named-checkconf
[[email protected] ~]# named-checkzone mylinuxops.com /var/named/mylinuxops.com.zone
zone mylinuxops.com/IN: loaded serial 0
OK

7.重读配置文件

[[email protected] ~]# rndc reload

8.在client主机上测试

[[email protected] ~]# dig www.mylinuxops.com @192.168.73.10

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.mylinuxops.com @192.168.73.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24888
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.mylinuxops.com.        IN  A

;; ANSWER SECTION:
www.mylinuxops.com. 86400   IN  A   192.168.73.2

;; AUTHORITY SECTION:
mylinuxops.com.     86400   IN  NS  master.mylinuxops.com.

;; ADDITIONAL SECTION:
master.mylinuxops.com.  86400   IN  A   192.168.73.10

;; Query time: 1 msec
;; SERVER: 192.168.73.10#53(192.168.73.10)
;; WHEN: Fri Apr 19 04:23:08 2019
;; MSG SIZE  rcvd: 89

三、配置dns从服务器mylinuxopsdns2

1.安装bind服务

[[email protected] ~]# yum install bind -y

2.启动dns服务设置为开机自动启动

[[email protected] ~]# systemctl start named
[[email protected] ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

3.修改主配置文件

将端口行和允许访问的主机注释

[[email protected] ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };

4.修改区域配置文件

[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "mylinuxops.com" IN {
        type slave;
        masters {192.168.73.10;};
        file "slaves/mylinuxops.zone";
};

5.检查语法错误

[[email protected] ~]# named-checkconf

6.重读配置文件

[[email protected] ~]# rndc reload

7.查看区域数据库文件是否已经被拉取到本地

[[email protected] ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 298 Apr 23 04:40 mylinuxops.zone

8.安全加固

由于主从dns服务器都没有对能拉取区域数据库的主机加以限制,这样是非常不安全的,所以需要对主机的安全行进行加固
8.1对从服务器主配置文件修改,添加allow-transfer

[[email protected] ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-transfer  {none;};
//      allow-query     { localhost; };

[[email protected] ~]# rndc reload
server reload successful

8.2对主服务器主配置文件修改,添加allow-transfer只允许从服务来拉取数据

[[email protected] ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-transfer  {192.168.73.20;};
//      allow-query     { localhost; };

[[email protected] ~]# rndc reload
server reload successful

四、搭建com域dns服务器

1.安装dns服务

[[email protected] ~]# yum install bind -y

2.修改dns主配置文件

将监听的ip和允许访问的主机行注释

[[email protected] ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };

3.修改区域文件添加com域

[[email protected] ~]# vim /etc/named.rfc1912.zones
zone "com" IN {
        type master;
        file "com.zone";
};

4.创建区域数据库文件

[[email protected] ~]# cp -p /var/named/{named.localhost,com.zone}
[[email protected] ~]# vim /var/named/com.zone
$TTL 1D
@       IN SOA  master admin.mylinuxops.com.  (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                NS      master
mylinuxops      NS      ns1
mylinuxops      NS      ns2
master          A       192.168.73.30
ns1             A       192.168.73.10
ns2             A       192.168.73.20

5.检查配置文件语法

[[email protected] ~]# named-checkconf
[[email protected] ~]# named-checkzone com /var/named/com.zone
zone com/IN: loaded serial 0
OK

6.启动服务

[[email protected] ~]# systemctl restart named

7.测试

在client端进行测试

[[email protected] ~]# dig www.mylinuxops.com @192.168.73.30

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.mylinuxops.com @192.168.73.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47115
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.mylinuxops.com.        IN  A

;; ANSWER SECTION:
www.mylinuxops.com. 86400   IN  A   192.168.73.2

;; AUTHORITY SECTION:
mylinuxops.com.     86400   IN  NS  ns2.com.
mylinuxops.com.     86400   IN  NS  ns1.com.

;; ADDITIONAL SECTION:
ns1.com.        86400   IN  A   192.168.73.10
ns2.com.        86400   IN  A   192.168.73.20

;; Query time: 6 msec
;; SERVER: 192.168.73.30#53(192.168.73.30)
;; WHEN: Tue Apr 23 17:25:07 CST 2019
;; MSG SIZE  rcvd: 131

五、搭建root域上的dns服务

1.安装dns服务

[[email protected] ~]# yum install bind -y

2.修改主配置文件

将监听地址和允许访问的主机行注释,修改最底下的根域

[[email protected] ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };
....
zone "." IN {
        type master;
        file "root.zone";
};

3.创建根域数据库

[[email protected] ~]# cp -p /var/named/{named.localhost,root.zone}
[[email protected] ~]# vim /var/named/root.zone
$TTL 1D
@       IN SOA  ns1 admin.mylinuxops.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      ns1
com     NS      master
ns1     A       192.168.73.40
master  A       192.168.73.30

4.检查语法错误

[[email protected] ~]# named-checkconf
[[email protected] ~]# named-checkzone . /var/named/root.zone
zone ./IN: loaded serial 0
OK

5.启动dns服务

[[email protected] ~]# systemctl start named
[[email protected] ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

6.测试

[[email protected] ~]# dig www.mylinuxops.com @192.168.73.40

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.mylinuxops.com @192.168.73.40
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38921
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.mylinuxops.com.        IN  A

;; ANSWER SECTION:
www.mylinuxops.com. 86400   IN  A   192.168.73.2

;; AUTHORITY SECTION:
mylinuxops.com.     85104   IN  NS  ns1.com.
mylinuxops.com.     85104   IN  NS  ns2.com.

;; ADDITIONAL SECTION:
ns1.com.        85104   IN  A   192.168.73.10
ns2.com.        85104   IN  A   192.168.73.20

;; Query time: 2 msec
;; SERVER: 192.168.73.40#53(192.168.73.40)
;; WHEN: Tue Apr 23 17:59:09 CST 2019
;; MSG SIZE  rcvd: 131

六、配置本地DNS

1.安装dns服务

[[email protected] ~]# yum install bind -y

2.修改本地DNS的主配置文件

将监听地址和允许访问的主机注释,将dnssec相关的两项关闭

[[email protected] ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };
....
        dnssec-enable no;
        dnssec-validation no;

3.修改本地的根数据文件

将根数据库文件指向rootdns所在的地址,其余的全部删除

[[email protected] ~]# vim /var/named/named.ca
.                       518400  IN      NS      a.root-servers.net.
a.root-servers.net.     3600000 IN      A       192.168.73.40

七、在client进行测试

1.配置client端的网卡将其dns指向本地的dns服务器

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=on
IPADDR=192.168.73.3
PREFIX=24
DNS1=192.168.73.50

2.重启服务

[[email protected] ~]# systemctl restart network
[[email protected] ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.73.50

3.测试访问www.mylinuxops.com

[[email protected] ~]# curl www.mylinuxops.com
<h1>welcome to mylinuxops.com</h1>

原文地址:https://blog.51cto.com/11886307/2385725

时间: 2024-10-11 22:42:18

ineternet dns架构的实现的相关文章

实验:实现ineternet dns架构

前期准备:我使用的是192.168.141.xx网段,centos6做localdns,centos7做www.magedu.com,需要7台机器,分别是:client,ldns,rootdns,comdns,magedumasterdns,mageduslavedns,webserver(www.magedu.com)A.搭建centos7的网站并编辑各部分的IP地址:[root@centos7 ~]# yum install httpd[root@centos7 ~]# vim /var/w

互联网DNS架构模拟

本文模拟互联网的DNS架构,由1台客户端,1台运营商DNS服务器,1台根域服务器,1台.com域服务器,两台DNS服务器做主从,两台Web服务器,共8台机器构成,实现互联网上的DNS解析模拟. DNS服务的基础知识可参考上一篇博客http://blog.51cto.com/13695854/2132307 在此实验中配置完1台服务器就测试1台,以免故障堆积后不好排查,以下是各台服务器的配置   1.Web服务器1 #192.168.30.8 yum -y install httpd  #安装ht

搭建DNS主从服务器实现反向解析,子域,转发,智能DNS及排错和互联网DNS架构实验

1基本知识点 DNS服务 DNS:Domain Name System 应用层协议C/S,53/udp, 53/tcpBIND:Bekerley Internat Name DomainISC (www.isc.org)本地名称解析配置文件:hosts DNS域名 根域一级域名:Top Level Domain: tldcom, edu, mil, gov, net, org, int,arpa三类:组织域.国家域(.cn, .ca, .hk, .tw).反向域二级域名三级域名最多127级域名I

Linux之实现Internet,DNS架构

实现Internet,DNS架构 有7台虚拟机,架构如图所示.所有主机基于根DNS都做了key验证,根服务器可以基于PSSH轻量级运维工具对所有主机进行配置.先说说排坑,这些台linux主机都是基于pxe自动安装的,最小化安装,配置基本类似,所有内置了yum本地源和epel源(sohu epel生效中),然后当我在web服务器上安装httpd时,由于网卡无外网地址,会报错,不走本地源,只好禁用epel.httpd服务安装成功.还有就是rndc reload这个命令,默认是没有rndc.key的,

从根开始的DNS服务器架构,让整个互联网掌控于你的手中

做为想完全掌握DNS服务的同学来说,就很有必要去理解一下,到底我们做为客户机在上网时把DNS地址指向电信提供的DNS服务器后,我们在浏览器上输入一个域名的同时,这些DNS服务器是如何帮我们解析出对应的IP地址的.那么今天就给大家揭密一下,如何从根开始搭建一个完整的互联网体系下的DNS服务器架构,从此,让整体互联网从你开始,让整个互联网掌控于你的手中. 环境需求: 1.5台DNS服务器 2.操作系统版本:Centos7.2 3.DNS解析器(bind)版本:9.9.4 架构部署如图所示 .服务器:

DNS生产系统架构

主机名控制者: DNS 服务器地址:http://vbird.dic.ksu.edu.tw/linux_server/0350dns_1.php 整个分层查询的流程就是这样,总是得要先经过 . 来向下一层进行查询,最终总是能得到答案的.这样分层的好处是: 主机名修改的仅需自己的 DNS 更动即可,不需通知其他人: 当一个『合法』的 DNS 服务器里面的设定修改了之后,来自世界各地任何一个 DNS 的要求,都会正确无误的显示正确的主机名对应 IP 的信息,因为他们会一层一层的寻找下来.所以,要找你

针对DNS学习后的一个模拟互联网架构实验

互联网DNS架构实验 针对系统学习DNS后的一个实验 架构图 共7台主机,联合实现互联网dns架构 1将客户端dns服务器指向本地dns服务器 2将网站搭建好 root:~ # yum install httpd root:~ # cd /var/www/html/ root:/var/www/html # echo 192.168.64.57,hello >index.html root:/var/www/html # chmod a+r index.html root:/var/www/ht

【入门】广电行业DNS、DHCP解决方案详解(三)——DNS部署架构及案

DNS系统部署架构 宽带业务DNS架构 互动业务DNS架构 案例介绍 案例一 案例二 本篇我们将先介绍DNS系统部署架构体系,并向大家分享两个案例,深化大家对DNS系统的理解,最后我们也会讨论安全防护问题. DNS系统部署架构 宽带业务DNS架构 宽带业务的DNS架构主要提供宽带网络宽带用户进行互联网访问,DNS系统主要以递归查询为主,它的架构以缓存递归分离的方式和原则进行搭建部署.例如,最小的部署方式为两个缓存.两个递归.一个管理共五台设备.两个缓存通过OSPF的架构实现冗余,当然如果数据量比

DNS相关配置文件

我们晓得主机名对应到 IP 有两种方法,早期的方法是直接写在档案里面来对应, 后来比较新的方法则是透过 DNS 架构!那么这两种方法分别使用什么配置文件?可不可以同时存在? 若同时存在时,那个方法优先?嗯!我们先来谈一谈几个配置文件吧! * /etc/hosts :这个是最早的 hostname 对应 IP 的档案;* /etc/resolv.conf :这个重要!就是 ISP 的 DNS 服务器 IP 记录处;* /etc/nsswitch.conf:这个档案则是在决定先要使用 /etc/ho