从根开始的DNS服务器架构,让整个互联网掌控于你的手中

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了从根开始的DNS服务器架构,让整个互联网掌控于你的手中相关的知识,希望对你有一定的参考价值。

    做为想完全掌握DNS服务的同学来说,就很有必要去理解一下,到底我们做为客户机在上网时把DNS地址指向电信提供的DNS服务器后,我们在浏览器上输入一个域名的同时,这些DNS服务器是如何帮我们解析出对应的IP地址的。那么今天就给大家揭密一下,如何从根开始搭建一个完整的互联网体系下的DNS服务器架构,从此,让整体互联网从你开始,让整个互联网掌控于你的手中。


环境需求:

    1、5台DNS服务器

    2、操作系统版本:Centos7.2

    3、DNS解析器(bind)版本:9.9.4


架构部署如图所示

技术分享

.服务器:

Name:dns.root.

IP:10.1.42.71


com服务器:

Name:dns.com.

IP:10.1.42.72


bidu.com服务器:

Name:dns.baidu.com.

IP:10.1.42.73


www.baidu.com服务器:

Name:www.baidu.com.

IP:10.1.42.74


运营商DNS服务器:

Name:dns.dx.

IP:10.1.42.75


客户机:

IP:10.1.42.76

DNS:10.1.42.75



.服务器的配置

1,修改主机名(由于需要机器较多,便于自己识别)

[[email protected] ~]# hostnamectl set-hostname dns.root.

[[email protected] ~]# hostname

dns.root

[[email protected] ~]# 


2,配置网络接口

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 


DEVICE=eno16777736

ONBOOT=yes

BOOTPROTO=none

IPADDR=10.1.42.71

PREFIX=16


3,关闭防火墙(由于机器较多,直接关闭比较方便)

[[email protected] ~]# systemctl stop firewalld

[[email protected] ~]# 


4,安装bind

[[email protected] ~]# yum install -y bind

......过程省略

Installed:

  bind.x86_64 32:9.9.4-29.el7


Dependency Installed:

  bind-libs.x86_64 32:9.9.4-29.el7


Complete!

[[email protected] ~]# 


5,编辑DNS主配文件

[[email protected] ~]# vim /etc/named.conf 

 //      listen-on port 53 { 127.0.0.1; };

//      allow-query     { localhost; };

注释掉上述两行


dnssec-enable no;

dnssec-validation no;

上述两项的yes改为no,这两项yes是使用加密及签名来保证DNS服务器通信安全的,由于我们没有使用,所以必须改为no,否则下级DNS是无法与上级DNS进行通信的


zone "." IN {

type master;

file "named.ca";

};

修改根的类型:hint-->master


6,重写根的解析文件/var/named/named.ca

[[email protected] ~]# cd /var/named/

[[email protected] named]# echo >named.ca

[[email protected] named]# vim named.ca

$TTL 1D

. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )

. IN NS dns.root.

dns.root. IN A 10.1.42.71

com IN NS dns.com.

dns.com. IN A 10.1.42.72

[[email protected] named]# 


7,检查配置文件语法有无错误

[[email protected] named]# named-checkconf 

[[email protected] named]# named-checkzone . named.ca

zone ./IN: loaded serial 1

OK

[[email protected] named]# 


8,启动.服务器,检查日志确认启动成功

[[email protected] named]# systemctl start named

[[email protected] named]# cat /var/log/messages 

Sep 28 15:25:44 centos730g named[3712]: zone localhost/IN: loaded serial 0

Sep 28 15:25:44 centos730g named[3712]: zone localhost.localdomain/IN: loaded serial 0

Sep 28 15:25:44 centos730g named[3712]: all zones loaded

Sep 28 15:25:44 centos730g named[3712]: running

Sep 28 15:25:44 centos730g named[3712]: managed-keys-zone: Unable to fetch DNSKEY set ‘.‘: ncache nxrrset

Sep 28 15:25:44 centos730g systemd: Started Berkeley Internet Name Domain (DNS).

Sep 28 15:25:44 centos730g systemd: Reached target Host and Network Name Lookups.

Sep 28 15:25:44 centos730g systemd: Starting Host and Network Name Lookups.

[[email protected] named]# 

日志里面有上述信息的出现说明dns.root.服务器启动成功


9,.服务器本机使用dig检测解析效果

[[email protected] named]# dig dns.root.


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26131

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 86400 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 86400 IN NS dns.root.


;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 15:29:08 CST 2016

;; MSG SIZE  rcvd: 66


[[email protected] named]# 

能得出如上解析信息,说明dns.root服务器可以正常提供解析服务了





com服务器的配置

1,前面4步同上,只是主机名与IP地址改为架构图上的对应信息就可以了

5,编辑DNS主配文件

[[email protected] ~]# vim /etc/named.conf 

 //      listen-on port 53 { 127.0.0.1; };

//      allow-query     { localhost; };

注释掉上述两行


dnssec-enable no;

dnssec-validation no;

上述两项的yes改为no


zone "." IN {

type hint;

file "named.ca";

};


zone "com" IN {

type master;

file "com.zone";

};

根区域无需修改;新增com区域


6,复制.服务器上的named.ca文件到com服务器上

[[email protected] ~]# scp 10.1.42.71:/var/named/named.ca /var/named/named.ca 

The authenticity of host ‘10.1.42.71 (10.1.42.71)‘ can‘t be established.

ECDSA key fingerprint is bb:2d:e3:b6:15:8f:b0:8d:66:28:2d:b5:5a:1b:a9:4e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘10.1.42.71‘ (ECDSA) to the list of known hosts.

[email protected]‘s password: 

named.ca 

[[email protected] ~]#                                      100%  101     0.1KB/s   00:00

删除named.ca的最后两行

[[email protected] ~]# cd /var/named/

[[email protected] named]# cat named.ca 

$TTL 1D

. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )

. IN NS dns.root.

dns.root. IN A 10.1.42.71

[[email protected] named]# 


7,新建com域的解析数据库,修改相应权限

[[email protected] named]# vim com.zone


$TTL 1D

com. IN SOA dns.com. admin.com. ( 1 1D 1H 1W 1D )

com. IN NS dns.com.

dns.com. IN A 10.1.42.72

baidu.com. IN NS dns.baidu.com.

dns.baidu.com. IN A 10.1.42.73

[[email protected] named]# chgrp named com.zone

[[email protected] named]# chmod o-r com.zone 

[[email protected] named]# ll 

total 32

-rw-r-----. 1 root  named  167 Sep 28 18:41 com.zone

drwxrwx---. 2 named named 4096 Sep 28 18:47 data

drwxrwx---. 2 named named 4096 Sep 28 18:47 dynamic

-rw-r-----. 1 root  named  101 Sep 28 15:42 named.ca

-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty

-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost

-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback

drwxrwx---. 2 named named 4096 Nov 20  2015 slaves

[[email protected] named]# 


8,检查配置文件语法有无错误

[[email protected] named]# named-checkconf 

[[email protected] named]# named-checkzone com com.zone 

zone com/IN: getaddrinfo(dns.baidu.com) failed: Temporary failure in name resolution

zone com/IN: loaded serial 1

OK

[[email protected] named]#

这里报出了一个获取dns.baidu.com域信息失败的错误,不用担心,正是因为我们的下级域baidu.com还没有搭建出来


9,启动dns.com服务器,检查日志确认启动成功

[[email protected] named]# systemctl start named

[[email protected] named]# cat /var/log/messages 

Sep 28 18:47:21 centos730g named[3728]: zone com/IN: loaded serial 1

Sep 28 18:47:21 centos730g named[3728]: zone localhost.localdomain/IN: loaded serial 0

Sep 28 18:47:21 centos730g named[3728]: zone localhost/IN: loaded serial 0

Sep 28 18:47:21 centos730g named[3728]: all zones loaded

Sep 28 18:47:21 centos730g named[3728]: running

Sep 28 18:47:21 centos730g systemd: Started Berkeley Internet Name Domain (DNS).

[[email protected] ~]# 

日志里面有上述信息的出现说明dns.com服务器启动成功


10,在dns.com服务器上测试解析效果

[[email protected] named]# dig dns.com. 


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.com.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 974

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.com. IN A


;; ANSWER SECTION:

dns.com. 86400 IN A 10.1.42.72


;; AUTHORITY SECTION:

com. 86400 IN NS dns.com.


;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 19:10:03 CST 2016

;; MSG SIZE  rcvd: 66


[[email protected] named]# 

有结果和上述信息一样时说明dns.com服务器解析没问题


[[email protected] named]# dig dns.root.


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33005

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 86400 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 86389 IN NS dns.root.


;; Query time: 4 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 19:51:01 CST 2016

;; MSG SIZE  rcvd: 66


[[email protected] named]# 

有上述结果时说明com服务器是可以查询到根的





bidu.com服务器的配置

1,前4步和.服务器的配置操作相同,只是主机名与IP地址对应架构图就可以了

5,编辑DNS主配文件

[[email protected] ~]# vim /etc/named.conf 

 //      listen-on port 53 { 127.0.0.1; };

//      allow-query     { localhost; };

注释掉上述两行


dnssec-enable no;

dnssec-validation no;

上述两项的yes改为no


zone "." IN {

        type hint;

        file "named.ca";

};


zone "baidu.com" IN {

        type master;

        file "baidu.com.zone";

};

根区域无需修改;新增baidu.com区域


6,复制dns.com服务器上的named.ca文件到dns.baidu.com服务器上

[[email protected] ~]# scp 10.1.42.72:/var/named/named.ca /var/named/named.ca

The authenticity of host ‘10.1.42.72 (10.1.42.72)‘ can‘t be established.

ECDSA key fingerprint is bb:2d:e3:b6:15:8f:b0:8d:66:28:2d:b5:5a:1b:a9:4e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘10.1.42.72‘ (ECDSA) to the list of known hosts.

[email protected]‘s password: 

named.ca                                       100%  101     0.1KB/s   00:00    

[[email protected] ~]# 

[[email protected] ~]cd /var/named

[[email protected] named]# cat named.ca 

$TTL 1D

. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )

. IN NS dns.root.

dns.root. IN A 10.1.42.71

[[email protected] named]# 


7,新建baidu.com域的解析数据库,修改相应权限

[[email protected] named]# vim baidu.com.zone

$TTL 1D

@ IN SOA dns.baidu.com. admin.baidu.com. ( 1 1D 1H 1W 1D )

@ IN NS dns.baidu.com.

dns.baidu.com. IN A 10.1.42.73

www IN A 10.1.42.74

[[email protected] named]# chgrp named baidu.com.zone 

[[email protected] named]# chmod o-r baidu.com.zone

[[email protected] named]# ll

total 32

-rw-r-----. 1 root  named  143 Sep 28 19:31 baidu.com.zone

drwxrwx---. 2 named named 4096 Nov 20  2015 data

drwxrwx---. 2 named named 4096 Nov 20  2015 dynamic

-rw-r-----. 1 root  named  101 Sep 28 19:33 named.ca

-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty

-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost

-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback

drwxrwx---. 2 named named 4096 Nov 20  2015 slaves

[[email protected] named]#


8,检查配置文件语法有无错误

[[email protected] named]# named-checkconf

[[email protected] named]# named-checkzone baidu.com baidu.com.zone

zone baidu.com/IN: loaded serial 1

OK

[[email protected] named]# 


9,启动dns.baidu.com服务器,检查日志确认启动成功

[[email protected] named]# systemctl start named

[[email protected] named]# cat /var/log/messages

Sep 28 20:17:37 centos730g named[3906]: zone baidu.com/IN: loaded serial 1

Sep 28 20:17:37 centos730g named[3906]: all zones loaded

Sep 28 20:17:37 centos730g named[3906]: running

Sep 28 20:17:37 centos730g systemd: Started Berkeley Internet Name Domain (DNS).

[[email protected] named]# 

日志里面有上述信息的出现说明dns.baidu.com服务器启动成功


10,在dns.baidu.com服务器上测试解析效果

[[email protected] named]# dig dns.baidu.com


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23110

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.baidu.com. IN A


;; ANSWER SECTION:

dns.baidu.com. 86400 IN A 10.1.42.73


;; AUTHORITY SECTION:

baidu.com. 86400 IN NS dns.baidu.com.


;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 20:20:17 CST 2016

;; MSG SIZE  rcvd: 72


[[email protected] named]# 

有上述结果时说明dns.badu.com服务器解析没问题


[[email protected] named]# dig dns.root.


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8606

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 86400 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 86366 IN NS dns.root.


;; Query time: 2 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 20:17:25 CST 2016

;; MSG SIZE  rcvd: 66


[[email protected] named]#

有上述结果时说明dns.baidu.com是可以查询到根的


[[email protected]ns named]# dig dns.com


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39687

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.com. IN A


;; ANSWER SECTION:

dns.com. 85539 IN A 10.1.42.72


;; AUTHORITY SECTION:

com. 85539 IN NS dns.com.


;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 20:18:02 CST 2016

;; MSG SIZE  rcvd: 66


[[email protected] named]# 

有上述结果时说明baidu.com是可以解析到上级com的dns服务器的





运营商DNS服务器的配置

1,前4步和.服务器的配置操作相同,只是主机名与IP地址对应架构图就可以了

5,编辑DNS主配文件

[[email protected] ~]# vim /etc/named.conf 

 //      listen-on port 53 { 127.0.0.1; };

//      allow-query     { localhost; };

注释掉上述两行


dnssec-enable no;

dnssec-validation no;

上述两项的yes改为no,zone区域无需修改


6,复制dns.com服务器上的named.ca文件到dns.dx服务器上

[[email protected] ~]# scp 10.1.42.72:/var/named/named.ca /var/named/named.ca

The authenticity of host ‘10.1.42.72 (10.1.42.72)‘ can‘t be established.

ECDSA key fingerprint is bb:2d:e3:b6:15:8f:b0:8d:66:28:2d:b5:5a:1b:a9:4e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘10.1.42.72‘ (ECDSA) to the list of known hosts.

[email protected]‘s password: 

named.ca                                       100%  101     0.1KB/s   00:00    

[[email protected] ~]# 

[[email protected] ~]cd /var/named

[[email protected] named]# cat named.ca 

$TTL 1D

. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )

. IN NS dns.root.

dns.root. IN A 10.1.42.71

[[email protected] named]#


7,检查配置文件语法有无错误,由于没有新增任何区域解析数据库文件,所以无需检查区域解析数据库存文件

[[email protected] named]# named-checkconf 


8,启动dns.dx服务器,检查日志确认启动成功

[[email protected] named]# cat /var/log/messages 

Sep 28 21:20:52 centos730g named[3232]: zone localhost.localdomain/IN: loaded serial 0

Sep 28 21:20:52 centos730g named[3232]: all zones loaded

Sep 28 21:20:52 centos730g named[3232]: running

Sep 28 21:20:52 centos730g named[3232]: managed-keys-zone: Unable to fetch DNSKEY set ‘.‘: ncache nxrrset

Sep 28 21:20:52 centos730g systemd: Started Berkeley Internet Name Domain (DNS).

Sep 28 21:20:52 centos730g systemd: Reached target Host and Network Name Lookups.

Sep 28 21:20:52 centos730g systemd: Starting Host and Network Name Lookups.

[[email protected] named]# 


9,在dns.dx服务器上测试解析效果

[[email protected] named]# dig dns.root. 


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32756

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 86400 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 86136 IN NS dns.root.


;; Query time: 2 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 21:25:16 CST 2016

;; MSG SIZE  rcvd: 66


[[email protected] named]# 

能够得到上述结果时,说明运营商的DNS服务器是可以寻找到根DNS的


[[email protected] named]# dig www.baidu.com


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dig www.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26532

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dig. IN A


;; AUTHORITY SECTION:

. 10800 IN SOA dns.root. admin.root. 1 86400 3600 604800 86400


;; Query time: 3 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 23:06:44 CST 2016

;; MSG SIZE  rcvd: 81


;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39968

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.baidu.com. IN A


;; ANSWER SECTION:

www.baidu.com. 85427 IN A 10.1.42.74


;; AUTHORITY SECTION:

baidu.com. 85419 IN NS dns.baidu.com.


;; ADDITIONAL SECTION:

dns.baidu.com. 85419 IN A 10.1.42.73


;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 23:06:44 CST 2016

;; MSG SIZE  rcvd: 92


[[email protected] named]# 

能够得到上述结果时,说明整个运营商的DNS服务器的转发解析是完全没问题的。可以开始为客户机提供DNS服务了





客户机配置运营商DNS服务器IP地址做全网解析测试

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 


DEVICE=eno16777736

ONBOOT=yes

BOOTPROTO=none

IPADDR=10.1.42.76

PREFIX=16

DNS1=10.1.42.75

客户机的DNS地址指向运营商的DNS服务器IP


[[email protected] ~]# dig dns.root.


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31081

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 84609 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 84609 IN NS dns.root.


;; Query time: 1 msec

;; SERVER: 10.1.42.75#53(10.1.42.75)

;; WHEN: Wed Sep 28 23:19:47 CST 2016

;; MSG SIZE  rcvd: 66


[[email protected] ~]# 

能够得到上述结果时,说明客户机是可以通过运营商的DNS服务器寻找到根DNS的


[[email protected] ~]# dig www.baidu.com


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5575

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.baidu.com. IN A


;; ANSWER SECTION:

www.baidu.com. 84500 IN A 10.1.42.74


;; AUTHORITY SECTION:

baidu.com. 84492 IN NS dns.baidu.com.


;; ADDITIONAL SECTION:

dns.baidu.com. 84492 IN A 10.1.42.73


;; Query time: 3 msec

;; SERVER: 10.1.42.75#53(10.1.42.75)

;; WHEN: Wed Sep 28 23:21:55 CST 2016

;; MSG SIZE  rcvd: 92


[[email protected] ~]# 

能够得到上述结果时,说明客户机是可以通过运营商的DNS服务器正常解析各网站的域名,所以客户机也就只需要在配置网络接口时指定一下运营商给我们提供的DNS服务器IP之后,即可漫游整个互联网。而我们在地址栏上输入所有的域名后,后台大量的解析工作由我们全网的DNS服务器体系为我们默默地解析好了。


    整个试验至此,说明整个互联网DNS架构是基本完善了。当然我们这里的DNS安全方面已经忽略掉了,实际互联网环境中是必须建立相应的安全防护的。本文在这里就不做过多的探讨了。


    能够看完此文,并严格按照环境及架构去部署实验的朋友,相信你的实验结果和本文一样,是没有问题的。当你实验成功之时,你便能真正感受到:“从此,让整体互联网从你开始,让整个互联网掌控于你的手中”。

本文出自 “爱情防火墙” 博客,请务必保留此出处http://183530300.blog.51cto.com/894387/1857791

以上是关于从根开始的DNS服务器架构,让整个互联网掌控于你的手中的主要内容,如果未能解决你的问题,请参考以下文章

DNS

DNS互联网架构的实现

互联网DNS架构模拟

Linux DNS详解

针对DNS学习后的一个模拟互联网架构实验

用虚拟机自主搭建互联网架构的DNS