test

2024-01-18 19:44:28

实现互联网架构DNS服务

test

DNS架构.png

注意:

  • 从后往前搭建,好测试
  • 测试时注意rndc flush,因为有缓存时优先使用缓存

  1. 配置www主机:

    • yum install -y httpd

    • vim /var/www/html/index.html

      Welcome to magedu!

    • systemctl start httpd

  2. 配置主DNS:

    • vim /etc/named.conf

      1.   listen-on port 53 { localhost; };
      2.   allow-query { any; };
      3.   allow-transfer { 192.168.39.75; };
      4.   dnssec-enable no;
      5.   dnssec-validation no;

    • vim /etc/named.rfc1912.zones

      1.   zone "magedu.com" IN {
      2.   type master;
      3.   file "magedu.com.zone";
      4.   };

    • named-checkconf

    • vim /var/named/magedu.com.zone

      1.   $TTL 1D
      2.   @ IN SOA dns1 admin (
      3.   2018072401
      4.   1D
      5.   2H
      6.   3D
      7.   1D )
      8.   NS dns1
      9.   NS dns2
      10.   dns1 A 192.168.39.74
      11.   dns2 A 192.168.31.75
      12.   www A 192.168.31.76

    • chmod 640 magedu.com.zone

    • chown :named magedu.com.zone

    • named-checkzone magedu.com. magedu.com.zone

    • systemctl start named

  3. 配置从DNS:

    • vim /etc/named.conf

      1.   listen-on port 53 { localhost; };
      2.   allow-query { any; };
      3.   allow-transfer { 192.168.39.75; };
      4.   dnssec-enable no;
      5.   dnssec-validation no;

    • vim /etc/named.rfc1912.zones

      1.   zone "magedu.com" IN {
      2.   type slave;
      3.   masters { 192.168.39.74; };
      4.   file "slaves/magedu.com.slave.zone";
      5.   };

    • named-checkconf

    • systemctl start named

  4. 配置comDNS:

    • vim /etc/named.conf

      1.   listen-on port 53 { localhost; };
      2.   allow-query { any; };
      3.   dnssec-enable no;
      4.   dnssec-validation no;

    • vim /etc/named.rfc1912.zones

      1.   zone "com" IN {
      2.   type master;
      3.   file "com.zone";
      4.   };

    • named-checkconf

    • vim /var/named/com.zone

      1.   $TTL 1D
      2.   @ IN SOA dns1 admin (
      3.   2018072401
      4.   1D
      5.   2H
      6.   3D
      7.   1D )
      8.   NS dns1
      9.   magedu NS dns2
      10.   magedu NS dns3
      11.   dns1 A 192.168.39.73
      12.   dns2 A 192.168.39.74
      13.   dns3 A 192.168.39.75

    • chmod 640 com.zone

    • chown :named com.zone

    • named-checkzone com. com.zone

    • systemctl start named

  5. 配置根DNS:

    • vim /etc/named.conf

      1.   listen-on port 53 { localhost; };
      2.   allow-query { any; };
      3.   dnssec-enable no;
      4.   dnssec-validation no;
      5.    
      6.   zone "." IN {
      7.   type master;
      8.   file "root.zone";
      9.   };

    • named-checkconf

    • vim /var/named/root.zone

      1.   $TTL 1D
      2.   @ IN SOA dns1 admin (
      3.   2018072401
      4.   1D
      5.   2H
      6.   3D
      7.   1D )
      8.   NS dns1
      9.   com NS dns2
      10.   dns1 A 192.168.39.72
      11.   dns2 A 192.168.39.73

    • chmod 640 root.zone

    • chown :named root.zone

    • named-checkzone . root.zone

    • systemctl start named

  6. 配置局域网DNS:

    • vim /etc/named.conf

      1.   listen-on port 53 { localhost; };
      2.   allow-query { any; };
      3.   dnssec-enable no;
      4.   dnssec-validation no;

    • vim /var/named/named.ca

      1.   . 86400 IN NS dns1
      2.   dns1 86400 A 192.168.39.72

    • systemctl start named

  7. 配置client:

    • vim /etc/resolv.conf

      nameserver 192.168.39.71

编译安装BIND

  1. 下载bind

    • isc.org

  2. 编译安装bind

    • tar xvf bind-9.11.0a3.tar.gz
    • cd bind-9.11.0a3/
    • groupadd -r -g 53 named
    • useradd -r -u 53 -g 53 named
    • ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --without-openssl --disable-ipv6 --disable-chroot --enable-threads
    • make
    • make install

  3. 环境变量

    • vim /etc/profile.d/named.sh

      1.   export PATH=/usr/local/bind9/bin:
      2.   /usr/local/bind9/sbin/:$PATH

  4. 库和头文件

    • vim /etc/ld.so.conf.d/named.conf

      /usr/local/bind9/lib

    • ldconfig –v

    • ls -sv /usr/local/bind9/include /usr/include/named

  5. man帮助

    • vim /etc/man.config | /etc/man_db.conf

      MANPATH /usr/local/bind9/share/man

    • man named.conf

  6. 主配置文件

    • vim /etc/named/named.conf

      1.   options {
      2.   directory "/var/named/"
      3.   };
      4.   zone "." IN {
      5.   type hint;
      6.   file "named.ca";
      7.   };
      8.   zone "localhost" IN {
      9.   type master;
      10.   file “named.localhost";
      11.   allow-update {none;};
      12.   };
      13.   zone “1.0.0.127.in-addr.arpa" IN {
      14.   type master;
      15.   file "named.loopback";
      16.   allow-update {none;};
      17.   };

  7. 区域数据库

    • mkdir /var/named

    • named-checkconf

    • dig +norec @a.root-servers.net > /var/named/named.ca

    • vim /var/named/named.localhost

      1.   $TTL 1d
      2.   @ IN SOA localhost. admin.localhost. (
      3.   2016061801
      4.   1h
      5.   5m
      6.   7d
      7.   1d)
      8.   IN NS localhost.
      9.   localhost. IN A 127.0.0.1

    • vim /var/named/named.loopback

      1.   $TTL 1d
      2.   @ IN SOA localhost. admin.localhost. (
      3.   2016061801
      4.   1h
      5.   5m
      6.   7d
      7.   1d)
      8.   NS @
      9.   A 127.0.0.1
      10.   PTR localhost.

  8. 设置权限

    • chmod 640 /var/named/*
    • chmod 640 /etc/named/named.conf
    • chgrp -R named /var/named/
    • chgrp named /etc/named/named.conf

  9. 启动服务和测试

    • man named
    • named -u named -f -g -d 3 前端级别3方式运行
    • named -u named 后台运行
    • killall named
    • ss -tuln
    • tail /var/log/message
    • named -u named
上一篇:企业dns服务器搭建


下一篇:nginx_IP限制