搭建并实现智能DNS
Posted 江神神神神
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了搭建并实现智能DNS相关的知识,希望对你有一定的参考价值。
1、环境准备
DNS主服务器和web服务器1:10.0.0.146/24,172.16.0.8/16
web服务器2:10.0.0.147/24
web服务器3:172.16.0.7/16
DNS客户端1:10.0.0.149/24
DNS客户端2:172.16.0.6/162、DNS服务器网卡配置
#配置两个IP地址
#eth0:10.0.0.146/24
#eth1: 172.16.0.8/16
[root@DNS ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:95:87:a5 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.146/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
valid_lft 1310sec preferred_lft 1310sec
inet6 fe80::7dd4:5200:f267:e9cd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:95:87:af brd ff:ff:ff:ff:ff:ff
inet 172.16.0.8/16 brd 172.16.255.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe95:87af/64 scope link
valid_lft forever preferred_lft forever3、DNS服务端配置文件实现 view
[root@DNS ~]#yum install bind -y
[root@DNS ~]#vim /etc/named.conf
#在文件最前面加下面行
acl beijingnet {
10.0.0.0/24;
};
acl shanghainet {
172.16.0.0/16;
};
acl othernet {
any;
};
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#创建view
view beijingview {
match-clients { beijingnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients { shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients { othernet;};
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";4、实现区域配置文件
[root@DNS ~]#vim /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "jiangfeng.org" {
type master;
file "jiangfeng.org.zone.bj";
};
[root@DNS ~]#vim /etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "jiangfeng.org" {
type master;
file "jiangfeng.org.zone.shang";
};
[root@DNS ~]#vim /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "jiangfeng.org" {
type master;
file "jiangfeng.org.zone.other";
};
chgrp named /etc/named.rfc1912.zones.bj
chgrp named /etc/named.rfc1912.zones.shang
chgrp named /etc/named.rfc1912.zones.other5、创建区域数据库文件
[root@DNS ~]#vim /var/named/jiangfeng.org.zone.bj
$TTL 1D
@ IN SOA master admin.jiangfeng.org. (
2019042214 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.146
websrv A 10.0.0.147
www CNAME websrv
[root@DNS ~]#vim /var/named/jiangfeng.org.zone.shang
$TTL 1D
@ IN SOA master admin.jiangfeng.org. (
2019042214 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.146
websrv A 172.16.0.147
www CNAME websrv
[root@DNS named]#vim /var/named/jiangfeng.org.zone.other
$TTL 1D
@ IN SOA master admin.magedu.org. (
2019042214 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.146
websrv A 127.0.0.1
www CNAME websrv
chgrp named /var/named/jiangfeng.org.zone.bj
chgrp named /var/named/jiangfeng.org.zone.shang
chgrp named /var/named/jiangfeng.org.zone.other
[root@DNS named]#systemctl start named #第一次启动服务
rndc reload #不是第一次启动服务 6、实现位于不同区域的三个WEB服务器
#分别在三台主机上安装http服务
#在web服务器1:10.0.0.146/24实现
[root@DNS named]#echo www.jiangfeng.org in Other > /var/www/html/index.html
[root@DNS named]#systemctl start httpd
#在web服务器2:10.0.0.147/24
[root@web2 ~]#echo www.jiangfeng.org in Beijing > /var/www/html/index.html
[root@web2 ~]#systemctl start httpd
#在web服务器3:172.16.0.7/16
[root@web2 ~]#echo www.jiangfeng.org in shanghai > /var/www/html/index.html
[root@web2 ~]#systemctl start httpd7、客户端测试
#分别在三台主机上访问
#DNS客户端1:10.0.0.149/24 实现,确保DNS指向10.0.0.146
[root@client network-scripts]#curl www.jiangfeng.org
www.jiangfeng.org in Beijing
#DNS客户端2:172.16.0.6/16 实现,确保DNS指向172.16.0.8
[root@web3 ~]#curl www.jiangfeng.org
www.jiangfeng.org in Shanghai
#DNS客户端3:10.0.0.146 实现,,确保DNS指向127.0.0.1
[root@DNS ~]#curl www.jiangfeng.org
www.jiangfeng.org in other以上是关于搭建并实现智能DNS的主要内容,如果未能解决你的问题,请参考以下文章
DNS原理及主从架构实现搭建智能DNSiptable仅开放主机指定端口NAT原理iptables实现SNAT和DNAT并持久保存规则
搭建DNS主从服务器实现反向解析,子域,转发,智能DNS及排错和互联网DNS架构实验