前提:
准备8台Linux服务器;
【1】一台主机作为用户客户端:
与电信DNS服务器是一个局域网; ip地址:192.168.27.6 DNS地址指向: [root@IEclient ~]$cat /etc/resolv.conf # Generated by NetworkManager search magedu.com nameserver 192.168.27.5
【2】电信DNS服务器配置:
电信DNS服务器:
ip地址:192.168.27.5
根服务器的地址指向:
[root@teledns named]$cat named.ca
. 518400 IN NS .
. 3600000 IN A 192.168.27.166
服务器主配置文件配置:
[root@teledns named]$cat /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
在语法检查无误后,启动named服务;
[root@teledns named]$systemctl start named
客户端的DNS需要指向这个DNS服务器;这里是为了实验,临时指向;
[root@IEclient ~]$cat /etc/resolv.conf
# Generated by NetworkManager
search magedu.com
nameserver 192.168.27.5【3】双web服务器配置:
192.168.27.3 192.168.27.4 服务器安装完成后,制作页面; [root@mageweb1 ~]# echo 'web1@magedu' >> /var/www/html/index.html [root@mageweb2 ~]# echo 'web2@magedu' >> /var/www/html/index.html 清空规则; iptables -vnL; iptables -F
【4】主从DNS服务器配置;
192.168.27.17
192.168.27.18
[4.1] 192.168.27.17的配置:
主DNS服务器主配置文件配置:
[root@magedns1 ~]$vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
[root@magedns1 ~]$vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
区域库配置:
[root@magedns1 named]$vim magedu.com.zone
$TTL 1D
@ IN SOA dns1 admin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1
@ NS dns2
dns1 A 192.168.27.17
dns2 A 192.168.27.18
web A 192.168.27.3
web A 192.168.27.4
www CNAME web
* A 192.168.27.3
@ A 192.168.27.3
注意:文件的权限;
[root@magedns1 named]$ll magedu.com.zone
-rw-r-----. 1 root named 265 Jan 20 09:05 magedu.com.zone[4.2] 192.168.27.18的配置:
从DNS服务器的配置文件:
[root@magedns2 named]$vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters {192.168.27.17;};
file "slaves/magedu.com.slave.zone";
};
注意目录的权限,否则无法拉取过区域文件;
[root@magedns2 named]$ll -d /var/named/
drwxrwx---. 8 root named 177 Jan 20 06:59 /var/named/
重启服务可以将区域文件同步过来;
[root@magedns2 named]$systemctl restart named
[root@magedns2 named]$ll -d /var/named/slaves/magedu.com.slave.zone
-rw-r--r--. 1 named named 449 Jan 20 21:22 /var/named/slaves/magedu.com.slave.zone【5】.com DNS服务器配置
.comDNS服务器:
ip地址:192.168.27.177
DNS配置文件:
[root@comdns ~]$vim /etc/named.rfc1912.zone
zone "com" IN {
type master;
file "com.zone";
};
区域库文件配置:
[root@comdns named]$cat /var/named/com.zone
$TTL 1D
@ IN SOA dns1 admin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1
magedu NS dns2
magedu NS dns3
dns1 A 192.168.27.177
dns2 A 192.168.27.17
dns3 A 192.168.27.18
服务启动;
[root@comdns named]$systemctl start named
[root@comdns named]$ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 192.168.27.177:53 *:*
LISTEN 0 10 127.0.0.1:53 *:*
[root@IEclient ~]$dig -t NS com @192.168.27.177
[root@IEclient ~]$dig -t NS magedu.com @192.168.27.177
[root@IEclient ~]$dig www.magedu.com @192.168.27.177【6】根服务器的配置:
rootDNS服务器ip:192.168.27.166;
named配置文件:
[root@rootdns ~]$vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
#zone "." IN {
# type hint;
# file "named.ca";
#};
#
zone "." IN {
type master;
file "root.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
区域配置文件:
[root@rootdns named]$cat root.zone
$TTL 1D
@ IN SOA dns1 admin (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1
com NS dns2
dns1 A 192.168.27.166
dns2 A 192.168.27.177
语法检查:
[root@rootdns named]$named-checkzone root root.zone
zone root/IN: loaded serial 0
OK
权限修改:
[root@rootdns named]$chmod 640 root.zone
[root@rootdns named]$ll root.zone
-rw-r----- 1 root named 184 Jan 21 11:19 root.zone【7】测试;
[root@IEclient ~]$dig www.magedu.com @192.168.27.166 ;; QUESTION SECTION: ;www.magedu.com. IN A ;; ANSWER SECTION: www.magedu.com. 86289 IN CNAME . . 86289 IN A 192.168.27.3 . 86289 IN A 192.168.27.4 ;; AUTHORITY SECTION: magedu.com. 86289 IN NS . magedu.com. 86289 IN NS . ;; ADDITIONAL SECTION: . 86289 IN A 192.168.27.17 . 86289 IN A 192.168.27.18 ;; Query time: 2 msec ;; SERVER: 192.168.27.166#53(192.168.27.166) ;; WHEN: Sun Jan 21 06:24:51 EST 2018 ;; MSG SIZE rcvd: 163
