前提:
準備8台Linux伺服器;
【1】一台主機作為使用者用戶端:
與電信DNS伺服器是一個區域網路;
ip位址:192.168.27.6
DNS位址指向:
[root@IEclient ~]$cat /etc/resolv.conf
# Generated by NetworkManager
search magedu.com
nameserver 192.168.27.5
【2】電信DNS伺服器配置:
電信DNS伺服器:
ip位址:192.168.27.5
根伺服器的位址指向:
[root@teledns named]$cat named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 192.168.27.166
伺服器主配置檔案配置:
[root@teledns named]$cat /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
在文法檢查無誤後,啟動named服務;
[root@teledns named]$systemctl start named
用戶端的DNS需要指向這個DNS伺服器;這裡是為了實驗,臨時指向;
[root@IEclient ~]$cat /etc/resolv.conf
# Generated by NetworkManager
search magedu.com
nameserver 192.168.27.5
【3】雙web伺服器配置:
web1.magedu.com 192.168.27.3
web2.magedu.com 192.168.27.4
伺服器安裝完成後,制作頁面;
[root@mageweb1 ~]# echo 'web1@magedu' >> /var/www/html/index.html
[root@mageweb2 ~]# echo 'web2@magedu' >> /var/www/html/index.html
清空規則;
iptables -vnL; iptables -F
【4】主從DNS伺服器配置;
dns1.magedu.com 192.168.27.17
dns2.magedu.com 192.168.27.18
[4.1]dns1.magedu.com 192.168.27.17的配置:
主DNS伺服器主配置檔案配置:
[root@magedns1 ~]$vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
[root@magedns1 ~]$vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
區域庫配置:
[root@magedns1 named]$vim magedu.com.zone
$TTL 1D
@ IN SOA dns1 admin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1
@ NS dns2
dns1 A 192.168.27.17
dns2 A 192.168.27.18
web A 192.168.27.3
web A 192.168.27.4
www CNAME web
* A 192.168.27.3
@ A 192.168.27.3
注意:檔案的權限;
[root@magedns1 named]$ll magedu.com.zone
-rw-r-----. 1 root named 265 Jan 20 09:05 magedu.com.zone
[4.2]dns2.magedu.com 192.168.27.18的配置:
從DNS伺服器的配置檔案:
[root@magedns2 named]$vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters {192.168.27.17;};
file "slaves/magedu.com.slave.zone";
};
注意目錄的權限,否則無法拉取過區域檔案;
[root@magedns2 named]$ll -d /var/named/
drwxrwx---. 8 root named 177 Jan 20 06:59 /var/named/
重新開機服務可以将區域檔案同步過來;
[root@magedns2 named]$systemctl restart named
[root@magedns2 named]$ll -d /var/named/slaves/magedu.com.slave.zone
-rw-r--r--. 1 named named 449 Jan 20 21:22 /var/named/slaves/magedu.com.slave.zone
【5】.com DNS伺服器配置
.comDNS伺服器:
ip位址:192.168.27.177
DNS配置檔案:
[root@comdns ~]$vim /etc/named.rfc1912.zone
zone "com" IN {
type master;
file "com.zone";
};
區域庫檔案配置:
[root@comdns named]$cat /var/named/com.zone
$TTL 1D
@ IN SOA dns1 admin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1
magedu NS dns2
magedu NS dns3
dns1 A 192.168.27.177
dns2 A 192.168.27.17
dns3 A 192.168.27.18
服務啟動;
[root@comdns named]$systemctl start named
[root@comdns named]$ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 192.168.27.177:53 *:*
LISTEN 0 10 127.0.0.1:53 *:*
[root@IEclient ~]$dig -t NS com @192.168.27.177
[root@IEclient ~]$dig -t NS magedu.com @192.168.27.177
[root@IEclient ~]$dig www.magedu.com @192.168.27.177
【6】根伺服器的配置:
rootDNS伺服器ip:192.168.27.166;
named配置檔案:
[root@rootdns ~]$vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
#zone "." IN {
# type hint;
# file "named.ca";
#};
#
zone "." IN {
type master;
file "root.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
區域配置檔案:
[root@rootdns named]$cat root.zone
$TTL 1D
@ IN SOA dns1 admin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1
com NS dns2
dns1 A 192.168.27.166
dns2 A 192.168.27.177
文法檢查:
[root@rootdns named]$named-checkzone root root.zone
zone root/IN: loaded serial 0
OK
權限修改:
[root@rootdns named]$chmod 640 root.zone
[root@rootdns named]$ll root.zone
-rw-r----- 1 root named 184 Jan 21 11:19 root.zone
[root@IEclient ~]$dig www.magedu.com @192.168.27.166
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86289 IN CNAME web.magedu.com.
web.magedu.com. 86289 IN A 192.168.27.3
web.magedu.com. 86289 IN A 192.168.27.4
;; AUTHORITY SECTION:
magedu.com. 86289 IN NS dns2.magedu.com.
magedu.com. 86289 IN NS dns1.magedu.com.
;; ADDITIONAL SECTION:
dns1.magedu.com. 86289 IN A 192.168.27.17
dns2.magedu.com. 86289 IN A 192.168.27.18
;; Query time: 2 msec
;; SERVER: 192.168.27.166#53(192.168.27.166)
;; WHEN: Sun Jan 21 06:24:51 EST 2018
;; MSG SIZE rcvd: 163