DNS 服务架构之综合实战

Posted 丶旋律

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了DNS 服务架构之综合实战相关的知识,希望对你有一定的参考价值。

环境要求

需要8台主机
DNS客户端:172.31.0.10/16
本地DNS服务器(只缓存):172.31.0.48/16
转发目标DNS服务器:172.31.0.38/16
根DNS服务器:172.31.0.18/16
org域DNS服务器:172.31.0.27/16
主DNS服务器:172.31.0.7/16
从DNS服务器:172.31.0.17/16
WEB服务器:171.31.0.37/16

前提准备

关闭SElinux
[root@localhost ~]# sed -ri 's/^(SELINUX=).*/\\1disabled/' /etc/selinux/config
关闭防火墙
[root@localhost ~]# systemctl disable --now firewalld
时间同步

web服务器安装软件并配置和启动

# 172.31.0.37/16
[root@CentOS-7 ~]# yum install httpd -y
[root@CentOS-7 ~]# echo www.longxuan.vip > /var/www/html/index.html
[root@CentOS-7 ~]# systemctl start httpd
[root@CentOS-7 ~]# curl 172.31.0.37
www.longxuan.vip

主DNS安装软件

# 172.31.0.7/16
[root@localhost ~]# yum install -y bind bind-utils

主改配置文件

[root@centos8 ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
//      allow-query     { localhost; };
        allow-transfer {172.31.0.17;};

主改配置文件

[root@localhost named]# vim /etc/named.rfc1912.zones
zone "longxuan.vip"{
    type master;
    file "longxuan.vip.zone";
};

主改配置文件

[root@localhost named]# vim longxuan.top.zone
$TTL 1D
@       IN SOA  master admin.longxuan.vip. (
                                2021050104      ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
             NS      master
             NS      slave1
master       A       172.31.0.7
slave1       A       172.31.0.17
www          A       172.31.0.37

重启服务

[root@localhost named]# systemctl start named #第一次启动服务,之后启动建议使用下面的命令
[root@localhost named]# rndc reload

从DNS服务器安装软件

# 172.31.0.17/16
[root@centos8 ~]# yum install -y bind bind-utils

从改配置文件

[root@centos8 ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
//      allow-query     { localhost; };
        allow-transfer {none;};

从服务器配置

[root@centos8 ~]# vim /etc/named.rfc1912.zones
zone "longxuan.vip" {
    type slave;
    masters {172.31.0.7;};
    file "slaves/longxuan.vip.slave";
};

从服务器重启服务

[root@centos8 ~]# rndc reload
server reload successful

检查从服务器看到同步成功

[root@centos8 ~]# ll /var/named/slaves/

org域服务器安装软件

# 172.31.0.27/16
[root@localhost ~]# yum install -y bind bind-utils

org域改配置文件

[root@localhost ~]# vim /etc/named.conf 
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };

org域改配置文件

[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "org" {
    type master;
    file "org.zone";
};

org域改配置文件

[root@localhost ~]# vim /var/named/org.zone
$TTL 1D
@     IN  SOA  master  admin.longxuan.vip. (
                         2021050100
                         1D 
                         1H  
                         1W 
                         3D )
            NS    master
longxuan    NS    longxuanns1
longxuan    NS    longxuanns2
master      A     172.31.0.27
longxuanns1 A     172.31.0.7
longxuanns2 A     172.31.0.17

授权

[root@localhost ~]# chgrp named /var/named/org.zone 

启动

[root@localhost ~]# systemctl start named

根DNS服务器安装软件

# 172.31.0.18/16
[root@localhost ~]# yum install bind -y bind-utils

根DNS服务器改配置

[root@localhost ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
//      allow-query     { localhost; };

/*zone "." IN {
        type hint;
        file "named.ca";
};*/
zone "." IN {
    type master;
    file "root.zone";
};

根DNS服务器改配置

[root@localhost ~]# vim /var/named/root.zone
$TTL 1D
@      IN  SOA   master admin.longxuan.vip. (
                            2021050100
                            1D
                            1H
                            1W
                            3D )
       NS      master
org    NS      orgns
master A       172.31.0.18
orgns  A       172.31.0.27

改所属组和授权640

[root@localhost ~]# chgrp named /var/named/root.zone 
[root@localhost ~]# chmod 640 /var/named/root.zone

启动

[root@localhost ~]# systemctl start named #第一次启动,之后启动建议使用下面的命令
[root@localhost ~]# rndc reload 

实现转发目标的DNS服务器

安装软件

# 172.31.0.38/16
[root@localhost ~]# yum install bind bind-utils -y

转发

[root@localhost ~]# vim /etc/named.conf
options {
//  listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
//  allow-query     { localhost; };

    dnssec-enable no;
    dnssec-validation no;

转发改配置

[root@localhost ~]# vim /var/named/named.ca
.           518400  IN  NS  a.root-servers.net.

a.root-servers.net. 3600000 IN  A   172.31.0.18 

启动

[root@localhost ~]# systemctl start named #第一次启动,之后启动建议使用下面的命令
[root@localhost ~]# rndc reload 

本地缓存安装软件

# 172.31.0.48/16
[root@localhost ~]# yum install bind bind-utils -y

本地缓存改配置

[root@localhost ~]# vim /etc/named.conf 
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };
        forward  only;
        forwarders {172.31.0.38;};

        dnssec-enable no;
        dnssec-validation no;

启动

[root@localhost ~]# systemctl start named #第一次启动,之后启动建议使用下面的命令
[root@localhost ~]# rndc reload 

客户端测试

# 172.31.0.10/16
[root@centos6 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.31.0.7
[root@centos6 ~]# dig www.longxuan.vip

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.longxuan.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13350
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.longxuan.vip.		IN	A

;; ANSWER SECTION:
www.longxuan.vip.	86400	IN	A	172.31.0.37

;; AUTHORITY SECTION:
longxuan.vip.		86400	IN	NS	master.longxuan.vip.
longxuan.vip.		86400	IN	NS	slave.longxuan.vip.

;; ADDITIONAL SECTION:
master.longxuan.vip.	86400	IN	A	172.31.0.7
slave.longxuan.vip.	86400	IN	A	172.31.0.17

;; Query time: 4 msec
;; SERVER: 172.31.0.7#53(172.31.0.7)
;; WHEN: Mon May  1 13:41:57 2021
;; MSG SIZE  rcvd: 123

[root@centos6 ~]# curl www.longxuan.vip
www.longxuan.vip

安装bind-utils报错

解决方法:

[root@localhost ~]# rpm -qa | grep bind
bind-export-libs-9.11.4-26.P2.el7_9.5.x86_64
bind-license-9.11.4-26.P2.el7_9.5.noarch
bind-libs-9.11.4-26.P2.el7_9.5.x86_64
bind-9.11.4-26.P2.el7_9.5.x86_64
bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64
[root@localhost ~]# yum remove bind-license-9.11.4 bind-libs-lite

# 重新安装即可
[root@localhost ~]# yum install bind-utils  -y

以上是关于DNS 服务架构之综合实战的主要内容,如果未能解决你的问题,请参考以下文章

DHCP + DNS + WEB综合架构的搭建

架构DHCP+DNS+WEB综合服务

企业级DNS服务集群架构设计及BIND部署配置实战

DNS服务器综合实验(包含view下主从+子域授权+转发域)

linux系统管理综合实验之翻江倒海(http,dhcp,dns)崩溃

Linux运维实战之DNS(bind)服务器的安装与配置