22.第16章 域名系统DNS服务
<h1 id="一dns工作原理">一.DNS工作原理</h1><h3 id="dns简介">DNS简介</h3>
<p>DNS:称之为域名系统,工作在应用层协议,是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。简单的来说就是当我们在浏览器输入一个网址时,电脑主机通过DNS将网址解析成网络设备能够识别的IP地址,以便电脑主机和远在地球另一端的服务器进行通讯最终在浏览器显示我们最终想要的内容。DNS是基于C/S架构的,客户端是地球上数以亿万的接入互联网的网络设备,服务器是13台根服务器、互联网通用各顶级域服务器、国家和地区顶级域名服务器以及各个网络运营商、互联网公司提供的DNS解析服务</p>
<h3 id="dns域名结构">DNS域名结构</h3>
<p><img src="https://img2020.cnblogs.com/blog/2229477/202101/2229477-20210107180209763-2129983914.png"><br>
<em>组织结构上,示例如下:</em><br>
<em>根域</em><br>
<em>一级域名:有三类:组织域(tld com edu)、国家域(.cn, .ca, .hk, .tw)、反向域、</em><br>
<em>二级域名:magedu.com</em><br>
<em>三级域名:study.magedu.com</em><br>
<em>最多可达到127级域名</em></p>
<h3 id="dns服务由客户端到服务器的工作原理">DNS服务由客户端到服务器的工作原理</h3>
<p><img src="https://img2020.cnblogs.com/blog/2229477/202101/2229477-20210107180306120-107610075.png"></p>
<pre><code class="language-http">1.客户端输入域名,查询本地缓存
2.本地DNS服务器查询,本地DNS服务器内部缓存
3.本地DNS向根域名服务器查询,根域服务器返回一级域地址
4.本地DNS向根域返回的一级域服务器查询,一级域的本地缓存
5.查询到终结果,返回给本地DNS服务器
6.本地DNS服务器,将解析的结果返回客户端
7.客户端根据返回结果的Ip浏览互联网
扩展
1)查询过程中DNS代理服务器向其他服务器请求的过程称之为迭代查询
2) 本地客户端向DNS代理服务器的查询称之为递归查询
</code></pre>
<h1 id="二递归和迭代查询的区别">二.递归和迭代查询的区别</h1>
<pre><code class="language-http">递归查询:客户端向本地DNS服务器的查询,返回的是最终结果,负责到底。
迭代查询:本地的DNS服务器向其它DNS服务器的查询,返回的不是最终结果,而是最好结果,不负责到底。
</code></pre>
<h1 id="三cdn工作原理">三.CDN工作原理</h1>
<h1 id="_"></h1>
<pre><code class="language-http">CDN(Content Delivery Network)即内容分发网络,CDN的作用是使用户可就近取得所需内容,解决 Internet网络拥挤的状况,提高用户访问网站的响应速度。本文介绍CDN的工作过程及工作原理。
CDN的作用
使用CDN会极大地简化网站的系统维护工作量,网站维护人员只需将网站内容注入CDN的系统,通过CDN部署在各个物理位置的服务器进行全网分发,就可以实现跨运营商、跨地域的用户覆盖。CDN将内容推送到网络边缘,大量的用户访问被分散在网络边缘,不再构成网站出口、互联互通点的资源挤占,也不再需要跨越长距离IP路由,即减少了源服务器的资源占用,企业大大提升了用户访问的响应时间,提高用户体验。
没有CDN网站的工作原理
1.用户在自己的浏览器中输入要访问的网站域名。
2.浏览器向本地DNS服务器请求对该域名的解析。
3.本地DNS服务器中如果缓存有这个域名的解析结果,则直接响应用户的解析请求。
4.本地DNS服务器中如果没有关于这个域名的解析结果的缓存,则以递归或迭代方式向整个DNS系统请求解析,获得应答后将结果反馈给浏览器。
5.浏览器得到域名解析结果,就是该域名相应的服务设备的IP地址。
6.浏览器向服务器请求内容。
7.服务器将用户请求内容传送给浏览器。
网站接入CDN后工作流程及工作原理
网站接入CDN后,构建了CDN网络,这个CDN网络一般是由一个DNS服务器和几台缓存服务器运行起来的。
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/2229477/202101/2229477-20210107175353400-518057529.jpg"></p>
<pre><code class="language-http">CDN工作原理
1.当用户点击网站页面上的内容URL,经过本地DNS系统解析,DNS系统会最终将域名的解析权交给CNAME指向的CDN专用DNS服务器。
2.CDN的DNS服务器将CDN的全局负载均衡设备IP地址返回用户。
3.用户向CDN的全局负载均衡设备发起内容URL访问请求。
4.CDN全局负载均衡设备根据用户IP地址,以及用户请求的内容URL,选择一台用户所属区域的区域负载均衡设备,告诉用户向这台设备发起请求。
5.区域负载均衡设备会为用户选择一台合适的缓存服务器提供服务,选择的依据包括:根据用户IP地址,判断哪一台服务器距用户最近;根据用户所请求的URL中携带的内容名称,判断哪一台服务器上有用户所需内容;查询各个服务器当前的负载情况,判断哪一台服务器尚有服务能力。基于以上这些条件的综合分析之后,区域负载均衡设备会向全局负载均衡设备返回一台缓存服务器的IP地址。
6.全局负载均衡设备把服务器的IP地址返回给用户。
7.用户向缓存服务器发起请求,缓存服务器响应用户请求,将用户所需内容传送到用户终端。如果这台缓存服务器上并没有用户想要的内容,而区域均衡设备依然将它分配给了用户,那么这台服务器就要向它的上一级缓存服务器请求内容,直至追溯到网站的源服务器将内容拉到本地。
DNS服务器根据用户IP地址,将域名解析成相应节点的缓存服务器IP地址,实现用户就近访问。使用CDN服务的网站,只需将其域名解析权交给CDN的GSLB设备,将需要分发的内容注入CDN,就可以实现网站内容加速。
</code></pre>
<h1 id="四dns什么时候使用tcp-53端口和udp-53端口">四.DNS什么时候使用tcp 53端口和UDP 53端口</h1>
<pre><code class="language-http">tcp 53端口在DNS的主从同步使用
udp 53端口在DNS查询使用,但也影响主从同步
</code></pre>
<h1 id="五实现dns正向主服务器">五.实现DNS正向主服务器</h1>
<h1 id="1实验目的">1.实验目的</h1>
<pre><code class="language-http">搭建DNS正向主服务器,实现web服务器基于FQDN的访问
</code></pre>
<h1 id="2环境要求">2.环境要求</h1>
<pre><code class="language-http">需要三台主机
DNS服务器:10.0.0.8
web服务器:10.0.0.7
DNS客户端:10.0.0.6
</code></pre>
<h1 id="3前提准备">3.前提准备</h1>
<pre><code class="language-http">关闭SELinux
关闭防火墙
时间同步
</code></pre>
<pre><code class="language-sh">#10.0.0.8作为时间服务器
# dnf -y install chrony
# vim /etc/chrony.conf
server ntp.aliyun.com iburst
server time1.cloud.tencent.com iburst
server slb.time.edu.cn iburst
#server作为时钟服务器,iburst选项当服务器可达时,发送一个八个数据包而不是通常的一个数据包。包间隔通常为2秒,可加快初始同步速度
allow 10.0.0.0/24 #允许10.0.0.0网段访问本服务器
local stratum 10 #server指令中的时间服务器不可用,也允许将本地时间作为标准时间授时给其它客户端
:wq
# systemctl restart chronyd
# ss -ntul
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:* #123是chrony的服务端端口
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* #323是chrony的客户端端口
udp UNCONN 0 0 [::1]:323 [::]:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
# chronyc sources -nv
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 37 4 -598us[-11ms] +/- 35ms ##* 星号表示和这台服务器已经同步时间
^- 139.199.215.251 2 6 67 3 +11ms[+11ms] +/- 50ms
#其它作为客户端
#在10.0.0.7上实现
# yum -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 6 +24us[+26us] +/- 32ms
# ss -ntul
NetidState Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 [::1]:323 [::]:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 128 [::]:22 [::]:*
#在10.0.0.6上实现
# yum -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# service chronyd restart
Stopping chronyd:
Starting chronyd:
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 18 +15ns[ -880us] +/- 79ms
</code></pre>
<h1 id="4实现步骤">4.实现步骤</h1>
<h2 id="41-在dns服务端安装bind">4.1 在DNS服务端安装bind</h2>
<pre><code class="language-sh">##在10.0.0.8上实现
# dnf -y install bind
</code></pre>
<h2 id="42-修改bind配置文件">4.2 修改bind配置文件</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# vim /etc/named.conf
#注释掉下面两行
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
:wq
# vim /etc/named.rfc1912.zones
#加入下面内容
zone "neteagles.vip" IN {
type master;
file "neteagles.vip.zone";
};
:wq
</code></pre>
<h2 id="43-dns区域数据库文件">4.3 DNS区域数据库文件</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# cp -p /var/named/named.localhost /var/named/neteagles.vip.zone
#如果没有加-p,选项,需要修改/var/named/neteagles.vip.zone权限为640,所属组为named,chmod 640 /var/named/neteagles.vip.zone,chown .named /var/named/neteagles.vip.zone
# ll /var/named
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 rootnamed 2253 Aug 25 01:31 named.ca
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.empty
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.localhost
-rw-r----- 1 rootnamed168 Aug 25 01:31 named.loopback
-rw-r----- 1 rootnamed152 Aug 25 01:31 neteagles.vip.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
# vim /var/named/neteagles.vip.zone
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
0 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NSmaster
master A 10.0.0.8
www A 10.0.0.7
:wq
</code></pre>
<h2 id="44-检查配置文件和数据库文件格式并启动服务">4.4 检查配置文件和数据库文件格式,并启动服务</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# named-checkconf #检查配置文件格式
# named-checkzone neteagles.vip /var/named/neteagles.vip.zone #检查数据库文件格式
-bash: named-checkzone: command not found #centos8 上已经没有这个命令
# systemctl enable --now named #第一次启动服务
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
#如果不是第一次启动服务,用rndc reload,重新加载服务
</code></pre>
<h2 id="45-实现web服务">4.5 实现WEB服务</h2>
<pre><code class="language-sh">#在10.0.0.7上实现
# yum -y install httpd;echo www.neteagles.vip > /var/www/html/index.html;systemctl enable --now httpd
# curl 10.0.0.7
www.neteagles.vip
</code></pre>
<h2 id="_-1"></h2>
<h2 id="46-在客户端实现测试">4.6 在客户端实现测试</h2>
<pre><code class="language-sh">#在10.0.0.6上实现
# alias vie0
alias vie0='vim /etc/sysconfig/network-scripts/ifcfg-eth0'
#vie0 是设置网卡配置的别名
# vie0
DNS1=10.0.0.8
:wq
# service network restart
Shutting down interface eth0:
Shutting down loopback interface:
Bringing up loopback interface:
Bringing up interface eth0:Determining if ip address 10.0.0.6 is already in use for device eth0...
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 10.0.0.8 #显示DNS已经被改为10.0.0.8
#测试网页,能显示就是成功
# curl www.neteagles.vip
www.neteagles.vip
# dig www.neteagles.vip
-bash: dig: command not found
# yum -y install bind-utils
# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31449
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS master.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8) #这里也显示是通过10.0.0.8解析的
;; WHEN: Wed Jan6 19:44:44 2021
;; MSG SIZErcvd: 88
</code></pre>
<h1 id="六反向解析">六.反向解析</h1>
<pre><code class="language-sh">#在10.0.0.8上实现
# cat /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
# vim /etc/named.rfc1912.zones
#添加下面内容
zone "0.0.10.in-addr.arpa" {
type master;
file "10.0.0.zone";
};
:wq
# cp -p /var/named/named.loopback /var/named/10.0.0.zone
# ll /var/named
total 24
-rw-r----- 1 rootnamed168 Aug 25 01:31 10.0.0.zone
drwxrwx--- 2 named named 23 Jan6 19:38 data
drwxrwx--- 2 named named 60 Jan6 19:39 dynamic
-rw-r----- 1 rootnamed 2253 Aug 25 01:31 named.ca
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.empty
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.localhost
-rw-r----- 1 rootnamed168 Aug 25 01:31 named.loopback
-rw-r----- 1 rootnamed200 Jan6 19:36 neteagles.vip.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
# vim /var/named/10.0.0.zone
$TTL 1D
@ IN SOAns1 admin.neteagles.vip. (
0 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NSns1.neteagles.vip.
100 PTR www.neteagles.vip.
200 PTR app.zhang.vip.
:wq
# rndc reload
server reload successful
# dig -t ptr 100.0.0.10.in-addr.arpa @10.0.0.8
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> -t ptr 100.0.0.10.in-addr.arpa @10.0.0.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58766
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;100.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.0.0.10.in-addr.arpa. 86400 IN PTR www.neteagles.vip.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 86400 IN NS ns1.neteagles.vip.
;; Query time: 1 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan6 19:56:38 2021
;; MSG SIZErcvd: 102
# dig -x 10.0.0.100 @10.0.0.8
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> -x 10.0.0.100 @10.0.0.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35405
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;100.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.0.0.10.in-addr.arpa. 86400 IN PTR www.neteagles.vip.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 86400 IN NS ns1.neteagles.vip.
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan6 19:57:12 2021
;; MSG SIZErcvd: 102
# host 10.0.0.100
100.0.0.10.in-addr.arpa domain name pointer www.neteagles.vip.
# nslookup 10.0.0.200
Server: 10.0.0.8
Address: 10.0.0.8#53
200.0.0.10.in-addr.arpa name = app.zhang.vip.
# nslookup
> 10.0.0.100
Server: 10.0.0.8
Address: 10.0.0.8#53
100.0.0.10.in-addr.arpa name = www.neteagles.vip.
> exit
</code></pre>
<h1 id="七-实现dns从服务器">七. 实现DNS从服务器</h1>
<h1 id="1实验目的-1">1.实验目的</h1>
<pre><code class="language-http">搭建DNS主从服务器架构,实现DNS服务冗余
</code></pre>
<h1 id="2-环境要求">2. 环境要求</h1>
<pre><code class="language-http">需要四台主机
DNS主服务器:10.0.0.8
DNS从服务器:10.0.0.18
web服务器:10.0.0.7
DNS客户端:10.0.0.6
</code></pre>
<h1 id="3-前提准备">3. 前提准备</h1>
<pre><code class="language-http">关闭SELinux
关闭防火墙
时间同步
</code></pre>
<pre><code class="language-sh">#在10.0.0.18上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 7 +630ns[+9549ns] +/- 34ms
</code></pre>
<h1 id="4-实现步骤">4. 实现步骤</h1>
<h2 id="41-主dns服务器配置参考dns正向主服务器">4.1 主DNS服务器配置(参考DNS正向主服务器)</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# vim /etc/named.conf
#只允许从服务器进行区域传输
allow-transfer {10.0.0.18;};
:wq
# vim /var/named/neteagles.vip.zone
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
0 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NSmaster
NSslave
master A 10.0.0.8
slave A 10.0.0.18
www A 10.0.0.7
:wq
# rndc reload
server reload successful
</code></pre>
<h2 id="42-从服务器配置">4.2 从服务器配置</h2>
<pre><code class="language-sh">#在10.0.0.18上实现
# dnf -y install bind
# vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
//allow-query { localhost; };
#不允许其它主机进行区域传输
allow-transfer {none;};
:wq
# vim /etc/named.rfc1912.zones
#添加下面内容
zone "neteagles.vip" IN {
type slave;
masters {10.0.0.8;};
file "slaves/neteagles.vip.slave";
};
:wq
# named-checkconf
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
# ll /var/named/slaves/neteagles.vip.slave
-rw-r--r-- 1 named named 346 Jan6 20:24 /var/named/slaves/neteagles.vip.slave
</code></pre>
<h2 id="43-客户端测试主从dns服务架构">4.3 客户端测试主从DNS服务架构</h2>
<pre><code class="language-sh">#在10.0.0.6上实现
# vie0
DNS1=10.0.0.8
DNS2=10.0.0.18
:wq
# service network restart
Shutting down interface eth0:
Shutting down loopback interface:
Bringing up loopback interface:
Bringing up interface eth0:Determining if ip address 10.0.0.6 is already in use for device eth0...
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 10.0.0.8
nameserver 10.0.0.18
# curl www.neteagles.vip
www.neteagles.vip
# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40752
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS master.neteagles.vip.
neteagles.vip. 86400 IN NS slave.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8) #可以看到是通过DNS10.0.0.8解析的
;; WHEN: Wed Jan6 20:27:28 2021
;; MSG SIZErcvd: 124
server reload successful
# systemctl stop named
# curl www.neteagles.vip
www.neteagles.vip
# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22171
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS master.neteagles.vip.
neteagles.vip. 86400 IN NS slave.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.18#53(10.0.0.18) #可以看到是通过DNS10.0.0.18解析的
;; WHEN: Wed Jan6 20:29:05 2021
;; MSG SIZErcvd: 124
</code></pre>
<h1 id="八实现dns父域和子域服务">八.实现DNS父域和子域服务</h1>
<p>1.实验目的<br>
<img src="https://img2020.cnblogs.com/blog/2229477/202109/2229477-20210913210350362-794100516.jpg"></p>
<pre><code class="language-http">搭建DNS父域和子域服务器
</code></pre>
<h1 id="2环境要求-1">2.环境要求</h1>
<pre><code class="language-http">需要五台主机
DNS父域服务器:10.0.0.8
DNS子域服务器:10.0.0.28
父域的web服务器:10.0.0.7www.neteagles.vip
子域的web服务器:10.0.0.17 www.shanghai.neteagles.vip
DNS客户端:10.0.0.6
</code></pre>
<h1 id="3前提准备-1">3.前提准备</h1>
<pre><code class="language-sh">关闭SELinux
关闭防火墙
时间同步
</code></pre>
<pre><code class="language-sh">#在10.0.0.28上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 9 +4ns[+3318ns] +/- 35ms
#在10.0.0.17上实现
# yum -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 5 -578ns[-30us] +/- 34ms
</code></pre>
<h1 id="4实现步骤-1">4.实现步骤</h1>
<h2 id="41-在父域dns服务器上实现主neteaglesvip域的主dns服务">4.1 在父域DNS服务器上实现主neteagles.vip域的主DNS服务</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# vim /etc/named.conf
#关闭加密验证
dnssec-enable no;
dnssec-validation no;
:wq
# vim /var/named/neteagles.vip.zone
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
0 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NSmaster
NSslave
shanghai NSshanghais #添加这行
master A 10.0.0.8
slave A 10.0.0.18
shanghais A 10.0.0.28 #添加这行
www A 10.0.0.7
:wq
# rndc reload
rndc: connect failed: 127.0.0.1#953: connection refused
# systemctl restart named
# rndc reload
server reload successful
</code></pre>
<h2 id="42-实现子域的dns服务器">4.2 实现子域的DNS服务器</h2>
<pre><code class="language-sh">#在10.0.0.28上实现
# dnf -y install bind
# vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
allow-transfer {none;};
:wq
# vim /etc/named.rfc1912.zones
zone "shanghai.neteagles.vip" {
type master;
file "shanghai.neteagles.vip.zone";
};
:wq
# cp -p /var/named/named.localhost /var/named/shanghai.neteagles.vip.zone
# ll /var/named/
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 rootnamed 2253 Aug 25 01:31 named.ca
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.empty
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.localhost
-rw-r----- 1 rootnamed168 Aug 25 01:31 named.loopback
-rw-r----- 1 rootnamed152 Aug 25 01:31 shanghai.neteagles.vip.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
# vim /var/named/shanghai.neteagles.vip.zone
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
3 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NS master
master A 10.0.0.28
websrv A 10.0.0.17
www CNAME websrv
:wq
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
</code></pre>
<h2 id="43-在父域和子域的web服务器上安装httpd服务">4.3 在父域和子域的web服务器上安装httpd服务</h2>
<pre><code class="language-sh">#在10.0.0.17上实现
# yum -y install httpd;echo www.shanghai.neteagles.vip > /var/www/html/index.html;systemctl enable --now httpd
# curl 10.0.0.17
www.shanghai.neteagles.vip
</code></pre>
<h2 id="44-客户端测试">4.4 客户端测试</h2>
<pre><code class="language-sh">#在10.0.0.6上实现
# curl www.neteagles.vip
www.neteagles.vip
# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42852
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7 #父域web在10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS slave.neteagles.vip.
neteagles.vip. 86400 IN NS master.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan6 21:17:08 2021
;; MSG SIZErcvd: 124
# curl www.shanghai.neteagles.vip
www.shanghai.neteagles.vip
# dig www.shanghai.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.shanghai.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47531
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.shanghai.neteagles.vip. IN A
;; ANSWER SECTION:
www.shanghai.neteagles.vip. 86400 IN CNAME websrv.shanghai.neteagles.vip. #子域别名
websrv.shanghai.neteagles.vip. 86400 IN A 10.0.0.17 #子域web在10.0.0.17
;; AUTHORITY SECTION:
shanghai.neteagles.vip. 86400 IN NS master.shanghai.neteagles.vip.
;; ADDITIONAL SECTION:
master.shanghai.neteagles.vip. 86400 IN A 10.0.0.28
;; Query time: 4 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan6 21:16:15 2021
;; MSG SIZErcvd: 118
</code></pre>
<h1 id="九实现dns-forward只缓存服务器">九.实现DNS forward(只缓存)服务器</h1>
<h1 id="1实验目的-2">1.实验目的</h1>
<pre><code class="language-http">搭建DNS转发(只缓存)服务器
</code></pre>
<h1 id="2环境要求-2">2.环境要求</h1>
<pre><code class="language-http">需要四台主机
DNS缓存服务器:10.0.0.38
DNS主服务器:10.0.0.8
web服务器:10.0.0.7
DNS客户端:10.0.0.6
</code></pre>
<h1 id="3前提准备-2">3.前提准备</h1>
<pre><code class="language-http">关闭SELinux
关闭防火墙
时间同步
</code></pre>
<pre><code class="language-sh">#在10.0.0.38上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 5 -527ns[-28us] +/- 33ms
</code></pre>
<h1 id="4实现步骤-2">4.实现步骤</h1>
<h2 id="41-实现转发只缓存dns服务器">4.1 实现转发(只缓存)DNS服务器</h2>
<pre><code class="language-sh">#在10.0.0.38上实现
# dnf -y install bind
# vim /etc/named.conf
#注释掉下面两行
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
forward first;
forwarders {10.0.0.8;};
#关闭dnssec功能
dnssec-enable no;
dnssec-validation no;
:wq
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
</code></pre>
<h2 id="42-实现主dns服务器参看前面案例">4.2 实现主DNS服务器(参看前面案例)</h2>
<h2 id="43-web服务器配置参看前面案例">4.3 web服务器配置(参看前面案例)</h2>
<h2 id="44-客户端测试-1">4.4 客户端测试</h2>
<pre><code class="language-sh">#在10.0.0.6上实现
# curl www.neteagles.vip
www.neteagles.vip
# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62918
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS master.neteagles.vip.
neteagles.vip. 86400 IN NS slave.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan6 21:37:51 2021
;; MSG SIZErcvd: 124
# dig www.neteagles.vip @10.0.0.38
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip @10.0.0.38
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58089
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS slave.neteagles.vip.
neteagles.vip. 86400 IN NS master.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 2 msec
;; SERVER: 10.0.0.38#53(10.0.0.38) #可以看到通过10.0.0.38转发
;; WHEN: Wed Jan6 21:38:34 2021
;; MSG SIZErcvd: 124
</code></pre>
<h1 id="十利用view实现智能dns">十.利用view实现智能DNS</h1>
<h1 id="1实验目的-3">1.实验目的</h1>
<pre><code class="language-http">搭建DNS主从服务器架构,实现DNS服务冗余
</code></pre>
<h1 id="2环境要求-3">2.环境要求</h1>
<pre><code class="language-http">需要五台主机
DNS主服务器和web服务器1:10.0.0.8/24192.168.1.8/24
web服务器2:10.0.0.7/24
web服务器3:192.168.1.7/24
DNS客户端1:10.0.0.6/24
DNS客户端2:192.168.1.6/24
</code></pre>
<h1 id="3前提准备-3">3.前提准备</h1>
<pre><code class="language-http">关闭SELinux
关闭防火墙
时间同步
</code></pre>
<pre><code class="language-sh">#10.0.0.8和192.168.1.8做为时间服务器
# dnf -y install chrony
# vim /etc/chrony.conf
server ntp.aliyun.com iburst
server time1.cloud.tencent.com iburst
server slb.time.edu.cn iburst
allow 10.0.0.0/24
allow 192.168.1.0/24
local stratum 10
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 7-4864us[-1361us] +/- 32ms
^+ 139.199.215.251 2 6 17 7+9283us[+13ms] +/- 60ms
#其它做为客户端
#在10.0.0.7上实现
# yum -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 1 +14us[+15us] +/- 40ms
#在192.168.1.7上实现
# yum -y install chrony
# vim /etc/chrony.conf
server 192.168.1.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.1.8 3 6 7 2 +454us[ -723ms] +/- 33ms
#在10.0.0.6上实现
# yum -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# service chronyd restart
Stopping chronyd:
Starting chronyd:
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 4 -46ns[ -436us] +/- 31ms
#在192.168.1.6上实现
# yum -y install chrony
# vim /etc/chrony.conf
server 192.168.1.8 iburst
:wq
# service chronyd restart
Stopping chronyd:
Starting chronyd:
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.1.8 3 6 17 2 +53ns[-1042us] +/- 32ms
</code></pre>
<h1 id="4实验步骤">4.实验步骤</h1>
<h2 id="41-dns服务器的网卡配置">4.1 DNS服务器的网卡配置</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:3f:19:17 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe3f:1917/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:3f:19:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.8/24 brd 192.168.1.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe3f:1921/64 scope link
valid_lft forever preferred_lft forever
</code></pre>
<h2 id="42-主dns服务端配置文件实现view">4.2 主DNS服务端配置文件实现view</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# dnf -y install bind
# vim /etc/named.conf
#在文件最前面加下面行
acl beijingnet {
10.0.0.0/24;
};
acl shanghainet {
192.168.1.0/24;
};
acl othernet {
any;
};
#注释掉下面两行
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
#创建view
view beijingview {
match-clients {beijingnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients {shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients {othernet;};
include "/etc/named.rfc1912.zones.other";
};
:wq
</code></pre>
<h2 id="43-实现区域配置文件">4.3 实现区域配置文件</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# vim /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "neteagles.vip" {
type master;
file "neteagles.vip.zone.bj";
};
:wq
# vim/etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "neteagles.vip" {
type master;
file "neteagles.vip.zone.sh";
};
:wq
# vim /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "neteagles.vip" {
type master;
file "neteagles.vip.zone.other";
};
:wq
# ll /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj/etc/named.rfc1912.zones.sh /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 1029 Aug 25 01:31 /etc/named.rfc1912.zones
-rw-r--r-- 1 root root 132 Jan7 14:33 /etc/named.rfc1912.zones.bj
-rw-r--r-- 1 root root 135 Jan7 14:36 /etc/named.rfc1912.zones.other
-rw-r--r-- 1 root root 132 Jan7 14:35 /etc/named.rfc1912.zones.sh
# chmod 640 /etc/named.rfc1912.zones.bj;chgrp named /etc/named.rfc1912.zones.bj
# chmod 640 /etc/named.rfc1912.zones.sh;chgrp named /etc/named.rfc1912.zones.sh
# chmod 640 /etc/named.rfc1912.zones.other;chgrp named /etc/named.rfc1912.zones.other
# ll /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj/etc/named.rfc1912.zones.sh /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 1029 Aug 25 01:31 /etc/named.rfc1912.zones
-rw-r----- 1 root named132 Jan7 14:33 /etc/named.rfc1912.zones.bj
-rw-r----- 1 root named135 Jan7 14:36 /etc/named.rfc1912.zones.other
-rw-r----- 1 root named132 Jan7 14:35 /etc/named.rfc1912.zones.sh
</code></pre>
<h2 id="44-创建区域数据库文件">4.4 创建区域数据库文件</h2>
<pre><code class="language-sh">#在10.0.0.8上实现
# cp -p /var/named/named.localhost /var/named/neteagles.vip.zone.bj
# vim /var/named/neteagles.vip.zone.bj
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
1 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NS master
master A 10.0.0.8
websrv A 10.0.0.7
www CNAME websrv
:wq
# cp -p /var/named/neteagles.vip.zone.bj /var/named/neteagles.vip.zone.sh
# vim /var/named/neteagles.vip.zone.sh
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
1 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NS master
master A 10.0.0.8
websrv A 192.168.1.7
www CNAME websrv
:wq
# cp -p /var/named/neteagles.vip.zone.bj /var/named/neteagles.vip.zone.other
# vim /var/named/neteagles.vip.zone.other
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
1 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NS master
master A 10.0.0.8
websrv A 127.0.0.1
www CNAME websrv
:wq
# ll /var/named/neteagles.vip.zone.*
-rw-r----- 1 root named 240 Jan7 14:45 /var/named/neteagles.vip.zone.bj
-rw-r----- 1 root named 241 Jan7 14:48 /var/named/neteagles.vip.zone.other
-rw-r----- 1 root named 244 Jan7 14:47 /var/named/neteagles.vip.zone.sh
# systemctl enable --now named
#启动服务报错
# cat /var/log/messages
Jan7 14:50:21 centos8 bash: /etc/named.conf:73: when using 'view' statements, all zones must be in views #提示/etc/named.conf的73出错
# vim /etc/named.conf
#注释掉下面内容
#zone "." IN {
# type hint;
# file "named.ca";
#};
#注释掉这行
#include "/etc/named.rfc1912.zones";
:wq
# systemctl start named
</code></pre>
<h2 id="45-实现位于不同区域的三个web服务器">4.5 实现位于不同区域的三个WEB服务器</h2>
<pre><code class="language-sh">#分别在三台主机上安装http服务
#在web服务器1:192.168.1.8/24上实现
# dnf -y install httpd;echo www.neteagles.vip in other> /var/www/html/index.html;systemctl enable --now httpd
# curl 192.168.1.8
www.neteagles.vip in other
#在web服务器2:10.0.0.7/24上实现
# yum -y install httpd;echo www.neteagles.vip in beijing> /var/www/html/index.html;systemctl enable --now httpd
# curl 10.0.0.7
www.neteagles.vip in beijing
#在web服务器3:192.168.1.7/24上实现
# yum -y install httpd;echo www.neteagles.vip in shanghai> /var/www/html/index.html;systemctl enable --now httpd
# curl 192.168.1.7
www.neteagles.vip in shanghai
</code></pre>
<h1 id="46-客户端测试">4.6 客户端测试</h1>
<pre><code class="language-sh">#分别在三台主机上访问
#在DNS客户端1:10.0.0.6/24上实现,确保DNS指向10.0.0.8
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 10.0.0.8
# curl www.neteagles.vip
www.neteagles.vip in beijing
#在DNS客户端1:192.168.1.6/24上实现,确保DNS指向192.168.1.8
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 192.168.1.8
# curl www.neteagles.vip
www.neteagles.vip in shanghai
#在DNS客户端3:10.0.0.8/24上实现,确保DNS指向127.0.0.1
# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 127.0.0.1
# curl www.neteagles.vip
www.neteagles.vip in other
</code></pre>
<h1 id="十一综合案例实现internet的dns服务架构">十一.综合案例:实现internet的DNS服务架构</h1>
<h1 id="1实验目的-4">1.实验目的</h1>
<p><img src="https://img2020.cnblogs.com/blog/2229477/202109/2229477-20210913210146484-1635558542.jpg"></p>
<pre><code class="language-http">搭建DNS实现internet DNS架构
</code></pre>
<h1 id="2环境要求-4">2.环境要求</h1>
<pre><code class="language-http">需要8台主机
DNS客户端:10.0.0.6/24
本地DNS服务器(只缓存):10.0.0.8/24
转发目标DNS服务器:10.0.0.18/24
根DNS服务器:10.0.0.28/24
vip域DNS服务器:10.0.0.38/24
neteagles.vip域主DNS服务器:10.0.0.48/24
neteagles.vip域从DNS服务器:10.0.0.58/24
www.neteagles.vip的WEB服务器:10.0.0.68/24
</code></pre>
<h1 id="3前提准备-4">3.前提准备</h1>
<pre><code class="language-http">关闭SELinux
关闭防火墙
时间同步
</code></pre>
<pre><code class="language-sh">#10.0.0.8 做为时间同步服务器
# dnf -y install chrony
# vim /etc/chrony.conf
server ntp.aliyun.com iburst
server time1.cloud.tencent.com iburst
server slb.time.edu.cn iburst
allow 10.0.0.0/24
local stratum 10
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 12-3244us[-5087us] +/- 37ms
^- 139.199.215.251 2 6 27 10+8369us[+8369us] +/- 66ms
#其他做为客户端
#在10.0.0.18上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 16 +448ns[+10us] +/- 39ms
#在10.0.0.28上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 35+1224ns[+80us] +/- 37ms
#在10.0.0.38上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 2 -830ns[-52us] +/- 36ms
#在10.0.0.48上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 2 +113ns[+21us] +/- 33ms
#在10.0.0.58上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 2 +215ns[-14us] +/- 34ms
#在10.0.0.68上实现
# dnf -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# systemctl restart chronyd
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 2 -381ns[-38us] +/- 34ms
#在10.0.0.6上实现
# yum -y install chrony
# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
# service chronyd restart
Stopping chronyd:
Starting chronyd:
# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 4 -2ns[+42us] +/- 84ms
</code></pre>
<h1 id="4实现步骤-3">4.实现步骤</h1>
<h2 id="41-各种主机的网络配置参看上面的环境要求">4.1 各种主机的网络配置(参看上面的环境要求)</h2>
<h2 id="42-实现web服务">4.2 实现WEB服务</h2>
<pre><code class="language-sh">#在web服务器10.0.0.68/24上实现
# dnf -y install httpd ;echo www.neteagles.vip >/var/www/html/index.html;systemctl enable --now httpd
# curl 10.0.0.68
www.neteagles.vip
</code></pre>
<h2 id="43-实现neteaglesvip域的主dns服务器">4.3 实现neteagles..vip域的主DNS服务器</h2>
<pre><code class="language-sh">#在neteagles.vip域的主DNS服务器10.0.0.48/24上实现
# dnf -y install bind
# vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
allow-transfer {10.0.0.58;};
:wq
# vim /etc/named.rfc1912.zones
zone "neteagles.vip" {
type master;
file "neteagles.vip.zone";
};
:wq
# cp -p /var/named/named.localhost /var/named/neteagles.vip.zone
# ll /var/named
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 rootnamed 2253 Aug 25 01:31 named.ca
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.empty
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.localhost
-rw-r----- 1 rootnamed168 Aug 25 01:31 named.loopback
-rw-r----- 1 rootnamed152 Aug 25 01:31 neteagles.vip.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
# vim /var/named/neteagles.vip.zone
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
1 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NSmaster
NSslave
master A 10.0.0.48
slave A 10.0.0.58
www A 10.0.0.68
:wq
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
</code></pre>
<h2 id="44-实现neteaglesvip域的从dns服务器配置">4.4 实现neteagles.vip域的从DNS服务器配置</h2>
<pre><code class="language-sh">#在neteagles.vip域的从DNS服务器10.0.0.58/24上实现
# dnf -y install bind
# vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
allow-transfer {none;};
:wq
# vim /etc/named.rfc1912.zones
zone "neteagles.vip" {
type slave;
masters {10.0.0.48;};
file "slaves/neteagles.slave.zone";
};
:wq
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
# ll /var/named/slaves/neteagles.slave.zone
-rw-r--r-- 1 named named 346 Jan6 23:09 /var/named/slaves/neteagles.slave.zone
</code></pre>
<h2 id="45-实现vip域的主dns服务器">4.5 实现vip域的主DNS服务器</h2>
<pre><code class="language-sh">#在vip域的主DNS服务器10.0.0.38/24上实现
# dnf -y install bind
# vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
:wq
# vim /etc/named.rfc1912.zones
zone "vip" {
type master;
file "vip.zone";
};
:wq
# cp -p /var/named/named.localhost /var/named/vip.zone
# ll /var/named
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 rootnamed 2253 Aug 25 01:31 named.ca
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.empty
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.localhost
-rw-r----- 1 rootnamed168 Aug 25 01:31 named.loopback
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
-rw-r----- 1 rootnamed152 Aug 25 01:31 vip.zone
# vim /var/named/vip.zone
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
0 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NSmaster
neteagles NS neteaglesns1
neteagles NSneteaglesns2
master A 10.0.0.38
neteaglesns1A 10.0.0.48
neteaglesns2A 10.0.0.58
:wq
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
</code></pre>
<h2 id="46-实现根域的主dns服务器">4.6 实现根域的主DNS服务器</h2>
<pre><code class="language-sh">#在根域的主DNS服务器10.0.0.28/24上实现
# dnf -y install bind
# vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
#修改下面内容为:
zone "." IN {
type master;
file "root.zone";
};
:wq
# cp -p /var/named/named.localhost /var/named/root.zone
# ll /var/named/
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 rootnamed 2253 Aug 25 01:31 named.ca
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.empty
-rw-r----- 1 rootnamed152 Aug 25 01:31 named.localhost
-rw-r----- 1 rootnamed168 Aug 25 01:31 named.loopback
-rw-r----- 1 rootnamed152 Aug 25 01:31 root.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
# vim /var/named/root.zone
$TTL 1D
@ IN SOAmaster admin.neteagles.vip. (
1 ; serial
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NSmaster
vip NSvipns
master A 10.0.0.28
vipns A 10.0.0.38
:wq
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
</code></pre>
<h2 id="46-实现转发目标的dns服务器">4.6 实现转发目标的DNS服务器</h2>
<pre><code class="language-sh">#在转发目标的DNS服务器10.0.0.18/24上实现
# dnf -y install bind
# vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
:wq
# vim /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 10.0.0.28
:wq
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
</code></pre>
<h2 id="47-实现本地只缓存dns服务器">4.7 实现本地只缓存DNS服务器</h2>
<pre><code class="language-sh">#在转发目标的DNS服务器10.0.0.8/24上实现
# dnf -y install bind
# vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
forward only;
forwarders {10.0.0.18;};
dnssec-enable no;
dnssec-validation no
:wq
# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
</code></pre>
<h2 id="48-客户端测试">4.8 客户端测试</h2>
<pre><code class="language-sh">#在10.0.0.6上实现
# yum -y install bind-utils
# vie0
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.0.6
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.8
:wq
# service network restart
Shutting down interface eth0:
Shutting down loopback interface:
Bringing up loopback interface:
Bringing up interface eth0:Determining if ip address 10.0.0.6 is already in use for device eth0...
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 10.0.0.8
# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60725
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.68
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS neteaglesns2.vip.
neteagles.vip. 86400 IN NS neteaglesns1.vip.
;; ADDITIONAL SECTION:
neteaglesns1.vip. 86400 IN A 10.0.0.48
neteaglesns2.vip. 86400 IN A 10.0.0.58
;; Query time: 9 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan6 23:50:19 2021
;; MSG SIZErcvd: 137
# curl www.neteagles.vip
www.neteagles.vip
</code></pre><br><br>
来源:https://www.cnblogs.com/neteagles/p/14223361.html
頁:
[1]