client,ldns,rootdns,comdns,magedumasterdns,mageduslavedns,webserver(www.magedu.com)
A、搭建centos7的网站并编辑各部分的IP地址:
[root@centos7 ~]# yum install httpd
[root@centos7 ~]# vim /var/www/html/index.html
<H1>welcome to magedu.com</h1> ?
[root@centos7 ~]# systemctl restart httpd
[root@centos7 ~]#
[root@master ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:89:2c:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.27/24 brd 192.168.141.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe89:2c05/64 scope link
valid_lft forever preferred_lft forever
[root@slave ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e2:dd:28 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.37/24 brd 192.168.141.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:dd28/64 scope link
valid_lft forever preferred_lft forever
[root@comdns ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:40:40:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.17/24 brd 192.168.141.255 scope global eth0
inet6 fe80::20c:29ff:fe40:4073/64 scope link
valid_lft forever preferred_lft forever
[root@rootdns ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:43:c8:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.7/24 brd 192.168.141.255 scope global eth0
inet6 fe80::20c:29ff:fe43:c8a8/64 scope link
valid_lft forever preferred_lft forever
[root@LocalDNS ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:83:dd:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.141.6/24 brd 192.168.141.255 scope global eth0
inet6 fe80::20c:29ff:fe83:dd6c/64 scope link
valid_lft forever preferred_lft forever
B、配置相关的配置文件:
[root@master ~]# vim /etc/named.conf
options {
// ?????listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory ??????"/var/named";
dump-file ??????"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file ?"/var/named/data/named.recursing";
secroots-file ??"/var/named/data/named.secroots";
// ?????allow-query ????{ localhost; };
allow-transfer ?{192.168.141.37;}; ??
将此两项注释掉。并加入 “ ?allow-transfer ?{192.168.141.37;}; ??”表示只允许从服务器来抓取记录。
[root@master ~]# rndc reload
server reload successful ????此处要重启一下服务。
[root@master ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
zone "magedu.com" {
type master;
file "magedu.com.zone";
}; ????????把“ zone ..}; ”添入。
[root@master ~]# vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA master admin.magedu.com ( 1 1D 1H 1W 3H )
NS master
NS slave
master A 192.168.141.27
slave ?A 192.168.141.37
www ??A 192.168.141.254 ??
此步骤是编辑该文件,把网站的域名写入。
更改权限及所属组:
[root@master ~]# chmod 640 /var/named/magedu.com.zone
[root@master ~]# chgrp named /var/named/magedu.com.zone
[root@master ~]# systemctl start named
[root@master ~]# systemctl enable ?named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /us
r/lib/systemd/system/named.service.
因为我恢复了快照,数据没有了,我就重新编辑了数据库,在此处补上内容如下:
[root@master ~]# vim magedu.com.zone
$TTL ?1D
@ ?IN ?SOA ?master ?admin.magedu.com ( 1 1D 1H 1W 3H )
NS ??master
NS ??slave
master ?A ??192.168.141.27
slave ??A ??192.168.141.37
www ????A ??192.168.141.254 ?
我们现在重启一下服务,如下所示,没有报错提示,说明已经成功。
[root@master ~]# systemctl restart named
[root@master ~]# systemctl status ?named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-02-14 14:22:29 CST; 21s ago
Process: 21030 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 21045 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 21042 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 21047 (named)
Tasks: 7
CGroup: /system.slice/named.service
└─21047 /usr/sbin/named -u named -c /etc/named.conf
Feb 14 14:22:29 master named[21047]: command channel listening on ::1#953
Feb 14 14:22:29 master named[21047]: managed-keys-zone: journal file is out of date: removing journal file
Feb 14 14:22:29 master named[21047]: managed-keys-zone: loaded serial 2
Feb 14 14:22:29 master named[21047]: zone localhost/IN: loaded serial 0
Feb 14 14:22:29 master named[21047]: zone magedu.com/IN: loaded serial 1
Feb 14 14:22:29 master named[21047]: zone localhost.localdomain/IN: loaded serial 0
Feb 14 14:22:29 master named[21047]: all zones loaded
Feb 14 14:22:29 master named[21047]: running
Feb 14 14:22:29 master named[21047]: zone magedu.com/IN: sending notifies (serial 1)
Feb 14 14:22:29 master systemd[1]: Started Berkeley Internet Name Domain (DNS).
我们现在去localdns上dig一下网络,显示如下:
[root@LocalDNS ~]# dig www.magedu.com @192.168.141.27
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. ???????????IN ?A
;; ANSWER SECTION:
www.magedu.com. ????86400 ??IN ?A ??192.168.141.254
;; AUTHORITY SECTION:
magedu.com. ????86400 ??IN ?NS ?slave.magedu.com.
magedu.com. ????86400 ??IN ?NS ?master.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. ?86400 ??IN ?A ??192.168.141.27
slave.magedu.com. ??86400 ??IN ?A ??192.168.141.37
;; Query time: 8 msec
;; SERVER: 192.168.141.27#53(192.168.141.27)
;; WHEN: Fri Feb ?8 13:18:01 2019
;; MSG SIZE ?rcvd: 121
到此,我们的主dns服务器已经建好。
C、我们现在去建从服务器:
[root@slave ~]# vim /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// ?????listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory ??????"/var/named";
dump-file ??????"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file ?"/var/named/data/named.recursing";
secroots-file ??"/var/named/data/named.secroots";
// ?????allow-query ????{ localhost; }; ?
allow-transfer ?{none;}; ????照例将此两项注释掉,我们为了安全起见,加入 ?“ allow-transter ?{none;}; ?”作为从服务器是不允许任何人从我这里抓取记录的。
[root@slave ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
zone "magedu.com" {
type sla[root@slave ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "magedu.com" {
type slave;
masters {192.168.141.27;};
file "slaves/magedu.com.zone"; ?????????????????????????????????????????????????};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
我们将
zone "magedu.com" {
type slave;
master {192.168.141.27;};
file "slaves/magedu.com.zone"; ?????????????????????????????????????????????????}填入。
[root@slave ~]# systemctl start named
[root@slave ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 330 Feb 14 14:51 magedu.com.zone
以上内容可以看到,数据库内容已被成功复制过来了。说明主从已经实现复制了。 ???????????
现在,我们去在localdns上dig一下网络:
[root@LocalDNS ~]# dig www.magedu.com @192.168.141.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7460
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. ???????????IN ?A
;; ANSWER SECTION:
www.magedu.com. ????86400 ??IN ?A ??192.168.141.254
;; AUTHORITY SECTION:
magedu.com. ????86400 ??IN ?NS ?slave.magedu.com.
magedu.com. ????86400 ??IN ?NS ?master.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. ?86400 ??IN ?A ??192.168.141.27
slave.magedu.com. ??86400 ??IN ?A ??192.168.141.37
;; Query time: 4 msec
;; SERVER: 192.168.141.37#53(192.168.141.37)
;; WHEN: Fri Feb ?8 14:02:32 2019
;; MSG SIZE ?rcvd: 121 ?????说明已经成功。
此时如果我们想要主从同步,就要在配置文件中加入如下内容:
将“ blog ???A ??192.168.141.154 ”加入。注意:现在的版本号就应该是“ 2 ”了。
[root@master ~]# vim magedu.com.zone
$TTL ?1D
@ ?IN ?SOA ?master ?admin.magedu.com ( 2 1D 1H 1W 3H ) ?????????????????????????????????????????????????????????????????????????
NS ??master
NS ??slave
master ?A ??192.168.141.27
slave ??A ??192.168.141.37
www ????A ??192.168.141.254
blog ???A ??192.168.141.154
[root@LocalDNS ~]# dig blog.magedu.com @192.168.141.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> blog.magedu.com @192.168.141.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56467
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;blog.magedu.com. ??????IN ?A
;; AUTHORITY SECTION:
magedu.com. ????10800 ??IN ?SOA master.magedu.com. admin.magedu.com.magedu.com. 1 86400 3600 604800 10800
;; Query time: 1 msec
;; SERVER: 192.168.141.37#53(192.168.141.37)
;; WHEN: Fri Feb ?8 14:06:13 2019
;; MSG SIZE ?rcvd: 93
此时就算是dig blog也能同步出现查询结果。
D、我们去建comdns。
[root@comdns ~]# vim /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
options {
// ?????listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory ??????"/var/named";
dump-file ??????"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// ?????allow-query ????{ localhost; }; ??照例注释掉该两项。
[root@comdns ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "com" {
type master;
file "com.zone";
}; ?将该内容填入。
[root@comdns named]# vim com.zone
$TTL ?1D
@ ?IN ?SOA ?master ?admin.magedu.com ( 2 1D 1H 1W 3H ) ????????????????????????????????????????????????????????????????????????????????NS ??master
master NS ??dns1 ???(子域委派给了27和37来管理)
master NS ??dns2
master ?A ??192.168.141.17
dns1 ???A ??192.168.141.27
dns2 ???A ??192.168.141.37
comdns是把magedu.com委派给141.37和141.27的,
[root@comdns named]# service named start
Starting named: ???????????????????????????????????????????[ ?OK ?]
此时,我们去localdns上dig一下网络,192.168.141.17上没有blog,它被委派给了27和37,若能dig出结果,说明成功了,如下:
[root@LocalDNS ~]# dig blog.magedu.com @192.168.141.17
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> blog.magedu.com @192.168.141.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54859
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;blog.magedu.com. ??????IN ?A
;; AUTHORITY SECTION:
magedu.com. ????10800 ??IN ?SOA master.magedu.com. admin.magedu.com.magedu.com. 1 86400 3600 604800 10800
;; Query time: 8 msec
;; SERVER: 192.168.141.17#53(192.168.141.17)
;; WHEN: Fri Feb ?8 15:34:11 2019
;; MSG SIZE ?rcvd: 93
[root@LocalDNS ~]# dig www.magedu.com @192.168.141.17
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33362
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. ???????????IN ?A
;; ANSWER SECTION:
www.magedu.com. ????86400 ??IN ?A ??192.168.141.254
;; AUTHORITY SECTION:
magedu.com. ????86400 ??IN ?NS ?dns2.com.
magedu.com. ????86400 ??IN ?NS ?dns1.com.
;; ADDITIONAL SECTION:
dns1.com. ??????86400 ??IN ?A ??192.168.141.27
dns2.com. ??????86400 ??IN ?A ??192.168.141.37
;; Query time: 7 msec
;; SERVER: 192.168.141.17#53(192.168.141.17)
;; WHEN: Fri Feb ?8 15:37:07 2019
;; MSG SIZE ?rcvd: 118
blog和www都没问题。
主从复制号称有容错性,我们把192.168.141.27的主服务down了,去dig27是无反应的,但是37是正常的,然而dig17同样可以查询出结果。所以,此处体现出容错性。
E、我们现在该建rootdns了。
[root@rootdns yum.repos.d]# vim /etc/named.conf
// named.conf
options {
// ?????listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory ??????"/var/named";
dump-file ??????"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// ?????allow-query ????{ localhost; };
recursion yes; ?注释掉两项。
现在我们去localdns上dig一下网络:
[root@LocalDNS ~]# ?dig www.magedu.com @192.168.141.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8006
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. ???????????IN ?A
;; ANSWER SECTION:
www.magedu.com. ????86020 ??IN ?A ??192.168.141.254
;; AUTHORITY SECTION:
magedu.com. ????86020 ??IN ?NS ?dns1.com.
magedu.com. ????86020 ??IN ?NS ?dns2.com.
;; ADDITIONAL SECTION:
dns2.com. ??????86020 ??IN ?A ??192.168.141.37
dns1.com. ??????86020 ??IN ?A ??192.168.141.27
;; Query time: 5 msec
;; SERVER: 192.168.141.7#53(192.168.141.7)
;; WHEN: Fri Feb ?8 17:33:28 2019
;; MSG SIZE ?rcvd: 118
目前,我们的7,17,27,37,都可以dig成功。
F、我们要搭建本地dns:
[root@LocalDNS yum.repos.d]# vim /etc/named.conf
[root@LocalDNS yum.repos.d]# vim /etc/named.conf
// ?????listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory ??????"/var/named";
dump-file ??????"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// ?????allow-query ????{ localhost; };
recursion yes; ??此两处照例注释掉。
???dnssec-enable no; ???dnssec-validation no;此处的dns解密的两个功能都给关闭为“ no ”, ??/* Path to ISC DLV key */ ???bindkeys-file "/etc/named.iscdlv.key";[root@LocalDNS yum.repos.d]# vim /var/named/named.ca
. ??????????????????3600000 ?????NS ???A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. ?????3600000 ?????A ????192.168.141.254
上述内容解释:因为我们自己搭建了一个根,所以要修改 /var/named/named.ca ,把IP改为自己搭建的IP。
[root@LocalDNS yum.repos.d]# service named restart
Stopping named: ???????????????????????????????????????????[ ?OK ?]
Generating /etc/rndc.key: ?????????????????????????????????[ ?OK ?]
Starting named: ???????????????????????????????????????????[ ?OK ?]
到此,我们的dns配置就完成了。我们拿windows来测一下:
上图可看出,Windows可以ping通192.168.141.254的网站。
我们修改一下windows的ip就可以用www.magedu.com的名字来访问网站了。
到此,本实验正式结束。
实验:实现ineternet dns架构
原文地址:http://blog.51cto.com/14128387/2350331