DNS访问的顺序
Image 2.jpg
| VM | IP | 简称 |
|---|---|---|
| C | 172.18.51.12 | 12 |
| S | 172.18.51.13 | 13 |
| 根 | 172.18.51.14 | 14 |
| com | 172.18.51.15 | 15 |
| 主 | 172.18.51.16 | 16 |
| 从 | 172.18.51.17 | 17 |
实现DNS转发模拟实验,需要6台虚拟机
| VM | IP | 简称 |
|---|---|---|
| C | 172.18.51.12 | 12 |
| S | 172.18.51.13 | 13 |
| 根 | 172.18.51.14 | 14 |
| com | 172.18.51.15 | 15 |
| 主 | 172.18.51.16 | 16 |
| 从 | 172.18.51.17 | 17 |
配置顺序:
主>从>com>根>S>C
配置前为了放置中间出现意外首先确定
关闭selinux,清空iptables,安装bind
14中配置
vim /etc/named.conf
注释掉
# listen-on port 53 { 127.0.0.1; };
# allow-query { localhost; };
让域内所有服务器知道自己是根服务器
vim /var/named/named.ca
修改
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 172.18.51.14
下面多余部分删掉就可以不放心可以注释掉
分发/var/named/named.ca给所有主机13、15、16、17
scp /var/named/named.ca 172.18.51.17:/var/named
Are you sure you want to continue connecting (yes/no)? yes
[email protected]'s password:
named.ca 100% 478 0.5KB/s 00:00
在/etc/named.rfc1912.zones中配置根
vim /etc/named.rfc1912.zones
#添加
zone "." IN {
type master;
file "root.zone";
};
在/etc/named.conf文件中有个根的指向需要删除
vim /etc/named.conf
#删除或注释掉下面内容
# zone "." IN {
# type hint;
# file "named.ca";
# };
然后对com进行委派
vim /var/named/root.zone
$TTL 86400 ; 1 day
@ IN SOA dns1 admin.nigaha.com. (
1002 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns1 #dns1是本机
com NS dns2 #com指向dns2
dns1 A 172.18.51.14 #本机地址
dns2 A 172.18.51.15 #dns2指向com的ip
重启服务,7版本和6版本不一样
15中配置
先修改配置,先建立com
vim /etc/named.rfc1912.zones
#添加
zone "com" {
type master;
file "com.zone";
};
创建com的域
vim /var/named/com.zone
$TTL 86400 ; 1 day
@ IN SOA dns1.nigaha.com. admin.nigaha.com. (
1002 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns1
nigaha NS dns2
nigaha NS dns3
dns1 A 172.18.51.15
dns2 A 172.18.51.16
dns3 A 172.18.51.16
websrv A 172.18.51.111
www CNAME websrv
如果com拥有从服务器的话dns1中ip必须为本机ip,不然不影响实验效果
(另外需要再加条NS记录指向从服务器也就是dns3,如果不加不影响效果,但是你要的从服务器就没卵用了)
注意!!!重启服务
套路有点不对,现在配主从服务器
16中配置
在“options”的段里
vim /etc/named.conf
注释掉
# listen-on port 53 { 127.0.0.1; };
# allow-query { localhost; };
配置域
#添加
vim /etc/named.rfc1912.zones
zone "nigaha.com" {
type master;
file "nigaha.com.zone";
// allow-transfer { any;}; #这个可以忽略
};
创建区域数据文件
vim /var/named/nigaha.com.zone
$TTL 86400 ; 1 day
@ IN SOA dns1.nigaha.com. admin.nigaha.com. (
1002 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns1.nigaha.com.
NS dns2.nigaha.com.
dns1 A 172.18.51.14
dns2 A 172.18.51.17
websrv A 172.18.51.14
www CNAME websrv
17中配置
在“options”的段里
vim /etc/named.conf
注释掉
# listen-on port 53 { 127.0.0.1; };
# allow-query { localhost; };
配置域
#添加
zone "nigaha.com" {
type slave;
masters {172.18.51.16; };
file "slaves/nigaha.com.slaves.zone";
};
看看有木有域数据文件呀
cd /var/named/slaves;ls
nigaha.com.slaves.zone
13中配置
先确定下根在不在
vim /var/named/named.ca
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 172.18.51.14 #对的就是他!
查看配置文件/ect/named.conf
vim /etc/named.conf
注释掉
# listen-on port 53 { 127.0.0.1; };
# allow-query { localhost; };
开打(重启服务)!开打(重启服务)!开打(重启服务)!
12号验证
dig www.nigaha.com @172.18.51.13
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.nigaha.com @172.18.51.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59258
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.nigaha.com. IN A
;; ANSWER SECTION:
www.nigaha.com. 86400 IN CNAME websrv.nigaha.com.
websrv.nigaha.com. 86400 IN A 172.18.51.14
;; AUTHORITY SECTION:
nigaha.com. 86400 IN NS dns1.nigaha.com.
nigaha.com. 86400 IN NS dns2.nigaha.com.
;; ADDITIONAL SECTION:
dns2.nigaha.com. 86400 IN A 172.18.51.17
dns1.nigaha.com. 86400 IN A 172.18.51.14
;; Query time: 11 msec
;; SERVER: 172.18.51.13#53(172.18.51.13)
;; WHEN: Mon Sep 25 10:52:43 2017
;; MSG SIZE rcvd: 139
成功!