实现类Internet架构的DNS服务

image.png

本配置需要8台机器11~18，包括dns转发，dns委派，主从复制

• 11 客户机
• 12 本地转发nds请求至13
• 13 本地只缓存服务器，其根指向14
• 14 internet根服务器委托com给15
• 15 com服务器，委托coding.com给16
• 16 coding.com的主服务器
• 17 coding.com的从服务器
• 18 http服务器，对应的www.coding.com

准备http服务器（on 192.168.80.18）

yum install httpd -y
systemctl start httpd
echo 'welcome www.coding.com' > /var/www/html/index.html

在客户机上准备dns测试工具（on 192.168.80.11)

yum install bind-utils -y
[root@80_11 ~]# curl 192.168.80.18
welcome www.coding.com

搭建"coding" DNS 主服务器（on 192.168.80.16）

1. 安装dns 
[root@80_16 ~]#  yum install bind -y
2. 配置dns
[root@80_16 ~]# vim /etc/named.conf

options {
//       listen-on port 53 { 127.0.0.1; };
//       allow-query     { localhost; };
        allow-transfer  { 192.168.80.17; };
3.  添加区域数据库记录   
[root@80_16 ~]# vim /etc/named.rfc1912.zones
zone "coding.com" {
        type master;
        file "coding.com.zone";
};
4. 创建zone文件
[root@80_16 named]# vim /var/named/coding.com.zone

$TTL 1D
@       IN      SOA     ns1 admin       ( 1 1D 1H 1W 3H )
        NS ns1
ns1     A       192.168.80.16
www     CNAME websrv
websrv  A       192.168.80.18
5. 检查配置文件和zone
[root@80_16 named]# named-checkconf 
[root@80_16 named]# named-checkzone coding.com /var/named/coding.com.zone 
zone coding.com/IN: loaded serial 1
OK

6. 启动dns 
[root@80_16 ~]# systemctl start named

7. 在客户机上测试（on 192.168.80.11）
[root@80_11 ~]# dig www.coding.com @192.168.80.16

搭建"coding" dns从服务器（on 192.168.80.17）

1. 安装bind
[root@80_17 ~]# yum install bind -y
2. 修改配置文件
[root@80_17 ~]# vim /etc/named.conf 
options {
//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };
//      allow-query     { localhost; };
        allow-transfer  {none;};

3. 添加zone数据库记录
[root@80_17 ~]# vim /etc/named.rfc1912.zones 
zone "coding.com" {
        type slave;
        masters { 192.168.80.16; };
        file "slaves/coding.com.zone.slave";
};
4. 修改主“coding” dns记录 (on 192.168.80.16)

[root@80_16 named]# vim /var/named/coding.com.zone 

$TTL 1D
@       IN      SOA     ns1 admin       ( 2 1D 1H 1W 3H )
        NS ns1
        NS ns2
ns1     A       192.168.80.16
ns2     A       192.168.80.17
www     CNAME websrv
websrv  A       192.168.80.18
[root@80_16 named]# systemctl restart named
5. 检查同步 （on 80.17）
[root@80_17 ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 366 Sep 12 21:36 coding.com.zone.slave

6. 测试从dns（on 192.168.80.11）
[root@80_11 ~]# dig www.coding.com @192.168.80.17

搭建local dns（on 192.168.80.12）将dns请求转发给192.168.80.13

1. 安装bind
[root@80_12 ~]# yum install bind
2. vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };
//      allow-query     { localhost; };
        forward only;
        forwarders {192.168.80.13};
3. systemctl restart named

搭建本地转发DNS（on 192.168.80.13），修改root dns为192.168.80.14

1. 安装bind
[root@80_13 ~]# yum install bind -y
2. 修改bind配置文件
options {
//      listen-on port 53 { 127.0.0.1; };
//      allow-query     { localhost; };
3. 改变根服务器指向192.168.80.14
[root@80_13 ~]# vim /var/named/named.ca
;; ANSWER SECTION:
.                       518400  IN      NS      a.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     518400  IN      A       192.168.80.14

4. 测试（on 192.168.80.11）
   dig www.coding.com @192.168.80.13

# 配置dns根服务器（on 192.168.80.14)，将com委派给192.168.80.15
```shell
1. 
[root@80_14 ~]# yum install bind
2.
[root@80_14 ~]# vim /etc/named.conf 
options {
//      listen-on port 53 { 127.0.0.1; };
//      allow-query     { localhost; };
3.
[root@80_14 ~]# vim /etc/named.rfc1912.zones
zone "." {
        type master;
        file "root.zone";
};
4.
[root@80_14 ~]# vim /var/named/root.zone

$TTL 1D
@ IN SOA root admin ( 1 1D 1H 1W 3H )
        NS root
com     NS ns1
root    A 192.168.80.14
ns1     A 192.168.80.15

5. systemctl start named

配置com DNS服务器(192.168.80.15)，将coding.com委派给192.168.80.16

1. 
yum install bind -y
2.
vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
//      allow-query     { localhost; };
3. 
vim /etc/named.rfc1912.zones
zone "com" IN {
        type master;
        file "com.zone";
};

4. 
vim /var/named/com.zone
$TTL 1D
@ IN SOA ns admin ( 1 1D 1H 1W 3H )
        NS ns
coding  NS ns1
ns      A       192.168.80.15
ns1     A       192.168.80.16

5. systemctl start named

测试配置

[root@80_11 ~]# dig www.coding.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> www.coding.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34180
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.coding.com.            IN  A

;; ANSWER SECTION:
www.coding.com.     86368   IN  CNAME   websrv.coding.com.
websrv.coding.com.  86379   IN  A   192.168.80.18

;; AUTHORITY SECTION:
coding.com.     86368   IN  NS  ns1.coding.com.
coding.com.     86368   IN  NS  ns2.coding.com.

;; ADDITIONAL SECTION:
ns1.coding.com.     86379   IN  A   192.168.80.16
ns2.coding.com.     86379   IN  A   192.168.80.17

;; Query time: 4 msec
;; SERVER: 192.168.80.12#53(192.168.80.12)
;; WHEN: Sun Sep 13 02:59:14 EDT 2020
;; MSG SIZE  rcvd: 148