实验:搭建根域转发DNS服务器:/ 纯缓存DNS
master ---------------》主服务器
slave-------------------》从服务器
forworads------------》转发服务器
先画好架构图,准备好扮演服务器和客户端的机器:
步骤如下:
前提:在服务器和客户端分别装好需要的安装包;
[root@server-124 ~]#yum install bind
[root@server-124 ~]#yum install bind-utils
[root@server-124 ~]#yum install bind-libs
服务器必须能联网,能和根域进行沟通:联网类型设置为NAT类型,可以先用#ip a 命令看一下网卡的名称
[root@server-124 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
HWADDR=00:0c:29:f8:63:ed
IPADDR=192.168.10.11
NETMASK=255.255.255.0
GATEWAY=192.168.10.2
保存退出
[root@server-124 ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=128 time=9.45 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=2 ttl=128 time=9.20 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=3 ttl=128 time=10.6 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=4 ttl=128 time=9.30 ms
C64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=5 ttl=128 time=9.89 ms
^H^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4013ms
rtt min/avg/max/mdev = 9.207/9.712/10.697/0.556 ms
证明可以拼通外网,编辑主配置文件如下:注意监听端口的IP地址,还有允许解析的网IP网段,any表示全部 。开启递归
[root@server-124 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
保存退出
[root@server-124 ~]# cd /var/named/
[root@server-124 named]# ll
总用量 16
drwxrwx--- 2 named named 23 3月 17 10:20 data
drwxrwx--- 2 named named 6 8月 4 2017 dynamic
-rw-r----- 1 root named 2281 5月 22 2017 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 8月 4 2017 slaves
[root@server-124 named]# systemctl start named
查看53号端口是否开启
[root@server-124 named]# netstat -nul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 192.168.10.11:53 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:53 :::*
udp6 0 0 ::1:323 :::*
[root@server-124 named]# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.10.11:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
客户端不需要上外网,将DNS指向7-7服务器 [root@server-125 ~]# vim /etc/resolv.conf nameserver 192.168.10.11 保存退出 [root@server-125 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
HWADDR=00:0c:29:e6:e2:3e
IPADDR=192.168.10.12
NETMASK=255.255.255.0
#GATEWAY=192.168.10.2
#DNS=192.168.6.2 保存退出 验证: [root@server-125 ~]# nslookup www.baidu.com Server: 192.168.10.11 Address: 192.168.10.11#53
Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 14.215.177.38 Name: www.a.shifen.com Address: 14.215.177.39 [root@server-125 ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12563 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.baidu.com. IN A
;; ANSWER SECTION: www.baidu.com. 975 IN CNAME www.a.shifen.com. www.a.shifen.com. 75 IN A 14.215.177.38 www.a.shifen.com. 75 IN A 14.215.177.39
;; AUTHORITY SECTION: a.shifen.com. 975 IN NS ns4.a.shifen.com. a.shifen.com. 975 IN NS ns1.a.shifen.com. a.shifen.com. 975 IN NS ns5.a.shifen.com. a.shifen.com. 975 IN NS ns2.a.shifen.com. a.shifen.com. 975 IN NS ns3.a.shifen.com.
;; ADDITIONAL SECTION: ns2.a.shifen.com. 975 IN A 180.149.133.241 ns3.a.shifen.com. 975 IN A 61.135.162.215 ns4.a.shifen.com. 975 IN A 115.239.210.176 ns5.a.shifen.com. 975 IN A 119.75.222.17 ns1.a.shifen.com. 975 IN A 61.135.165.224
;; Query time: 0 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: 六 3月 17 18:46:18 CST 2018
;; MSG SIZE rcvd: 271
如果客户端不能上外网,dig +trace则不能解析,需要上外网才可以完整dig +trace,不知道原因为何?
[root@server-125 ~]# dig +trace www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> +trace www.baidu.com
;; global options: +cmd
. 488977 IN NS e.root-servers.net.
. 488977 IN NS j.root-servers.net.
. 488977 IN NS a.root-servers.net.
. 488977 IN NS b.root-servers.net.
. 488977 IN NS k.root-servers.net.
. 488977 IN NS m.root-servers.net.
. 488977 IN NS c.root-servers.net.
. 488977 IN NS i.root-servers.net.
. 488977 IN NS d.root-servers.net.
. 488977 IN NS g.root-servers.net.
. 488977 IN NS f.root-servers.net.
. 488977 IN NS l.root-servers.net.
. 488977 IN NS h.root-servers.net.
. 489007 IN RRSIG NS 8 0 518400 20180329170000 20180316160000 41824 . SzOQxRNumIySwzKTxsJJA90AYuUNqDonQA+inleP2VxwWtTsT7MEWkAq POR4pWIWVfVWp6gil3CMXSTKXByWx6qdj8oo8GI3tV3A7DWSz/cNoxfH Q8z6Wdsfq/SeeB8xn6It4ELnac5CNXNyvfwEXeqvT6wo3plu9uqwOVai 3gbfSSlM2ghUZ4Q5wUWu3dkOYublChR31yf323cHFN/bYBBj9KCMsNQL zPekEJx0eJUcz4TxD80nNjTXARIE+7YhznFr0ljElFEkkgtYQyzkTUnt 9oBNINyB0aJRTNsT7dv9+EpuDInFi+kAqT4yVeBVAZamGDvdr8On1LRt 4ASLjA==
;; Received 1097 bytes from 192.168.10.11#53(192.168.10.11) in 14 ms
总结:在服务器的/etc/named.conf主配置文件中将监听端口的ip 地址指向本机,允许查询的网段根据需要指定或是用any表示所有也可以。开启递归recursion yes。然后将客端的DNS指向服务器的IP地址,用nslooku 或dig 验证.
