Linux服务管理——DNS互联网架构模型实现
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux服务管理——DNS互联网架构模型实现相关的知识,希望对你有一定的参考价值。
前提:
准备8台Linux服务器;
【1】一台主机作为用户客户端:
与电信DNS服务器是一个局域网; ip地址:192.168.27.6 DNS地址指向: [[email protected] ~]$cat /etc/resolv.conf # Generated by NetworkManager search magedu.com nameserver 192.168.27.5
【2】电信DNS服务器配置:
电信DNS服务器: ip地址:192.168.27.5 根服务器的地址指向: [[email protected] named]$cat named.ca . 518400 IN NS a.root-servers.net. a.root-servers.net. 3600000 IN A 192.168.27.166 服务器主配置文件配置: [[email protected] named]$cat /etc/named.conf // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable no; dnssec-validation no; 在语法检查无误后,启动named服务; [[email protected] named]$systemctl start named 客户端的DNS需要指向这个DNS服务器;这里是为了实验,临时指向; [[email protected] ~]$cat /etc/resolv.conf # Generated by NetworkManager search magedu.com nameserver 192.168.27.5
【3】双web服务器配置:
web1.magedu.com 192.168.27.3 web2.magedu.com 192.168.27.4 服务器安装完成后,制作页面; [[email protected] ~]# echo '[email protected]' >> /var/www/html/index.html [[email protected] ~]# echo '[email protected]' >> /var/www/html/index.html 清空规则; iptables -vnL; iptables -F
【4】主从DNS服务器配置;
dns1.magedu.com 192.168.27.17 dns2.magedu.com 192.168.27.18 [4.1]dns1.magedu.com 192.168.27.17的配置: 主DNS服务器主配置文件配置: [[email protected] ~]$vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; [[email protected] ~]$vim /etc/named.rfc1912.zones zone "magedu.com" IN { type master; file "magedu.com.zone"; }; 区域库配置: [[email protected] named]$vim magedu.com.zone $TTL 1D @ IN SOA dns1 admin ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ NS dns1 @ NS dns2 dns1 A 192.168.27.17 dns2 A 192.168.27.18 web A 192.168.27.3 web A 192.168.27.4 www CNAME web * A 192.168.27.3 @ A 192.168.27.3 注意:文件的权限; [[email protected] named]$ll magedu.com.zone -rw-r-----. 1 root named 265 Jan 20 09:05 magedu.com.zone
[4.2]dns2.magedu.com 192.168.27.18的配置: 从DNS服务器的配置文件: [[email protected] named]$vim /etc/named.rfc1912.zones zone "magedu.com" IN { type slave; masters {192.168.27.17;}; file "slaves/magedu.com.slave.zone"; }; 注意目录的权限,否则无法拉取过区域文件; [[email protected] named]$ll -d /var/named/ drwxrwx---. 8 root named 177 Jan 20 06:59 /var/named/ 重启服务可以将区域文件同步过来; [[email protected] named]$systemctl restart named [[email protected] named]$ll -d /var/named/slaves/magedu.com.slave.zone -rw-r--r--. 1 named named 449 Jan 20 21:22 /var/named/slaves/magedu.com.slave.zone
【5】.com DNS服务器配置
.comDNS服务器: ip地址:192.168.27.177 DNS配置文件: [[email protected] ~]$vim /etc/named.rfc1912.zone zone "com" IN { type master; file "com.zone"; }; 区域库文件配置: [[email protected] named]$cat /var/named/com.zone $TTL 1D @ IN SOA dns1 admin ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ NS dns1 magedu NS dns2 magedu NS dns3 dns1 A 192.168.27.177 dns2 A 192.168.27.17 dns3 A 192.168.27.18 服务启动; [[email protected] named]$systemctl start named [[email protected] named]$ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 10 192.168.27.177:53 *:* LISTEN 0 10 127.0.0.1:53 *:* [[email protected] ~]$dig -t NS com @192.168.27.177 [[email protected] ~]$dig -t NS magedu.com @192.168.27.177 [[email protected] ~]$dig www.magedu.com @192.168.27.177
【6】根服务器的配置:
rootDNS服务器ip:192.168.27.166; named配置文件: [[email protected] ~]$vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no; #zone "." IN { # type hint; # file "named.ca"; #}; # zone "." IN { type master; file "root.zone"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; 区域配置文件: [[email protected] named]$cat root.zone $TTL 1D @ IN SOA dns1 admin ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ NS dns1 com NS dns2 dns1 A 192.168.27.166 dns2 A 192.168.27.177 语法检查: [[email protected] named]$named-checkzone root root.zone zone root/IN: loaded serial 0 OK 权限修改: [[email protected] named]$chmod 640 root.zone [[email protected] named]$ll root.zone -rw-r----- 1 root named 184 Jan 21 11:19 root.zone
【7】测试;
[[email protected] ~]$dig www.magedu.com @192.168.27.166 ;; QUESTION SECTION: ;www.magedu.com. IN A ;; ANSWER SECTION: www.magedu.com. 86289 IN CNAME web.magedu.com. web.magedu.com. 86289 IN A 192.168.27.3 web.magedu.com. 86289 IN A 192.168.27.4 ;; AUTHORITY SECTION: magedu.com. 86289 IN NS dns2.magedu.com. magedu.com. 86289 IN NS dns1.magedu.com. ;; ADDITIONAL SECTION: dns1.magedu.com. 86289 IN A 192.168.27.17 dns2.magedu.com. 86289 IN A 192.168.27.18 ;; Query time: 2 msec ;; SERVER: 192.168.27.166#53(192.168.27.166) ;; WHEN: Sun Jan 21 06:24:51 EST 2018 ;; MSG SIZE rcvd: 163
以上是关于Linux服务管理——DNS互联网架构模型实现的主要内容,如果未能解决你的问题,请参考以下文章