實(shí)現(xiàn) Internet DNS 架構(gòu)

架構(gòu)圖

實(shí)驗(yàn)環(huán)境

關(guān)閉SELinux、Firewalld。時(shí)間保持一致

主機(jī)名	IP	角色
client	192.168.28.146	DNS客戶端，DNS地址為192.168.28.145
localdns	192.168.28.145	本地DNS服務(wù)器（只緩存）
forward	192.168.28.144	轉(zhuǎn)發(fā)目標(biāo)DNS服務(wù)器
rootdns	192.168.28.141	根DNS服務(wù)器
comdns	192.168.28.143	com域DNS服務(wù)器
master	192.168.28.158	wenzi.com域的主DNS服務(wù)器
slave	192.168.28.156	wenzi.com域的從DNS服務(wù)器
web	192.168.28.159	www.wenzi.com的web服務(wù)器

一、配置設(shè)備網(wǎng)絡(luò)

將DNS客戶端的dns指向本地DNS服務(wù)器（只緩存）

[root@client ~]# nmcli con mod "System ens33" ipv4.address 192.168.28.146/24 ipv4.method manual ipv4.gateway 192.168.28.2 ipv4.dns 192.168.28.145
[root@client ~]# nmcli con reload
[root@client ~]# nmcli con up "System ens33"
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@client ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.28.145

二、實(shí)現(xiàn)web服務(wù)

[root@web ~]# yum -y install httpd && systemctl enable --now httpd && echo 'This is www.wenzi.com' > /var/www/html/index.html

三、實(shí)現(xiàn)wenzi.com域的主DNS服務(wù)器

修改配置文件

[root@master ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1; localhost; };    監(jiān)聽端口范圍
...allow-query     { localhost; 192.168.28.0/24; };    允許查詢范圍allow-transfer  { 192.168.28.156; };    允許區(qū)域傳輸范圍，即從DNS
...

定義 wenzi.com 區(qū)域

[root@master ~]# vim /etc/named.rfc1912.zones
zone "wenzi.com" IN {type master;file "wenzi.com.zone";
};
...

編譯wenzi.com.zone文件

[root@master ~]# cd /var/named/
[root@master named]# ll
total 16
drwxrwx--- 2 named named   23 Oct 17 21:43 data
drwxrwx--- 2 named named   60 Oct 17 21:52 dynamic
-rw-r----- 1 root  named 2253 Aug 25  2021 named.ca
-rw-r----- 1 root  named  152 Aug 25  2021 named.empty
-rw-r----- 1 root  named  152 Aug 25  2021 named.localhost
-rw-r----- 1 root  named  168 Aug 25  2021 named.loopback
drwxrwx--- 2 named named    6 Aug 25  2021 slaves
[root@master named]# cp -a named.localhost wenzi.com.zone
[root@master named]# vim wenzi.com.zone
$TTL 1D
@       IN SOA  master admin.wenzi.com. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimum@       IN NS   master.wenzi.com.
@       IN NS   slave.wenzi.com.master  IN A    192.168.28.158
slave   IN A    192.168.28.156
www     IN A    192.168.28.159

檢查語法，重啟服務(wù)

[root@master named]# named-checkconf
[root@master named]# named-checkzone wenzi.com  wenzi.com.zone
zone wenzi.com/IN: loaded serial 0
OK
[root@master named]# rndc reload
server reload successful

四、實(shí)現(xiàn)wenzi.com域的從DNS服務(wù)器

修改配置

[root@slave ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1; localhost; };
...allow-query     { localhost; 192.168.28.0/24; };allow-transfer  { none; };    禁止其它設(shè)備進(jìn)行區(qū)域傳輸
...

定義區(qū)域

[root@slave ~]# vim /etc/named.rfc1912.zones
zone "wenzi.com" {type slave;masters { 192.168.28.158; };file "slaves/wenzi.com.zone.slave";
};
...

校驗(yàn)語法，并重啟服務(wù)，發(fā)現(xiàn)區(qū)域文件已同步

[root@slave ~]# named-checkconf
[root@slave ~]# rndc reload
server reload successful
[root@slave ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 310 Oct 17 22:31 wenzi.com.zone.slave

五、實(shí)現(xiàn)com域的主DNS服務(wù)器

修改配置

[root@comdns ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1;localhost; };
...allow-query     { localhost; 192.168.28.0/24; };
...

定義 com 區(qū)域

[root@comdns ~]# vim /etc/named.rfc1912.zones
zone "com" {type master;file "com.zone";
};

編寫 com.zone 文件

[root@comdns ~]# cd /var/named/
[root@comdns named]# cp -a named.localhost  com.zone
$TTL 1D
@       IN SOA  master admin.wenzi.com.. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimum@       IN NS   master
wenzi   IN NS   dnservermaster    wenzi.com.的主DNS服務(wù)器
wenzi   IN NS   dnserverslave     wenzi.com.的從DNS服務(wù)器master  IN A    192.168.28.143
dnservermaster  IN A    192.168.28.158    主DNS服務(wù)器映射地址
dnserverslave   IN A    192.168.28.156    從DNS服務(wù)器映射地址

?校驗(yàn)語法，并重啟服務(wù)

[root@comdns named]# named-checkconf
[root@comdns named]# named-checkzone com com.zone
zone com/IN: loaded serial 0
OK
[root@comdns named]# rndc reload
server reload successful

六、實(shí)現(xiàn)根域的主DNS服務(wù)器

修改配置

[root@rootdns ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1; localhost;  };
...allow-query     { localhost; 192.168.28.0/24; };
...

定義區(qū)域

[root@rootdns ~]# vim /etc/named.rfc1912.zones
zone "." IN {type master;file "root.zone";
};

編寫區(qū)域文件

[root@rootdns named]# cp -a named.localhost root.zone
[root@rootdns named]# vim root.zone
$TTL 1D
@       IN SOA  master admin.wenzi.com. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumIN NS   master
com     IN NS   comdnsmaster  IN A    192.168.28.141
comdns  IN A    192.168.28.143

校驗(yàn)語法，重啟服務(wù)

[root@rootdns named]# named-checkconf
[root@rootdns named]# named-checkzone . root.zone
zone ./IN: loaded serial 0
OK
[root@rootdns named]# rndc reload
server reload successful

七、實(shí)現(xiàn)轉(zhuǎn)發(fā)目標(biāo)的DNS服務(wù)器

修改配置

[root@forward ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1; localhost; };
...allow-query     { localhost; 192.168.28.0/24; };
...

修改bind軟件自帶的根DNS服務(wù)器，實(shí)現(xiàn)將請求轉(zhuǎn)發(fā)給自建DNS根服務(wù)器，而不是直接去互聯(lián)網(wǎng)查找

[root@forward ~]# vim /var/named/named.ca
...
;; QUESTION SECTION:
;.                              IN      NS;; ANSWER SECTION:
.                       518400  IN      NS      a.root-servers.net.;; ADDITIONAL SECTION:
a.root-servers.net.     518400  IN      A       192.168.28.141
...

校驗(yàn)語法，重啟服務(wù)

[root@forward ~]# named-checkconf
[root@forward ~]# rndc reload
server reload successful

八、實(shí)現(xiàn)本地只緩存DNS服務(wù)器

修改配置

options {listen-on port 53 { 127.0.0.1; localhost; };
...allow-query     { localhost; 192.168.28.0/24; };forward only;forwarders  { 192.168.28.144; };
...recursion yes;    啟動(dòng)dns遞歸查詢dnssec-enable no;    不啟用DNS安全拓展，通常關(guān)閉dnssec-validation no;    不驗(yàn)證dnssec數(shù)據(jù)有效性，通常關(guān)閉
...

?檢查語法，重啟服務(wù)

[root@localdns ~]# named-checkconf
[root@localdns ~]# rndc reload
server reload successful

九、客戶端測試

[root@client ~]# host www.wenzi.com
www.wenzi.com has address 192.168.28.159[root@client ~]# dig www.wenzi.com; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.14 <<>> www.wenzi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15173
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wenzi.com.                 IN      A;; ANSWER SECTION:
www.wenzi.com.          85706   IN      A       192.168.28.159;; AUTHORITY SECTION:
wenzi.com.              85706   IN      NS      dnservermaster.com.
wenzi.com.              85706   IN      NS      dnserverslave.com.;; ADDITIONAL SECTION:
dnserverslave.com.      85706   IN      A       192.168.28.156
dnservermaster.com.     85706   IN      A       192.168.28.158;; Query time: 0 msec
;; SERVER: 192.168.28.145#53(192.168.28.145)
;; WHEN: Tue Oct 17 23:48:33 CST 2023
;; MSG SIZE  rcvd: 147[root@client ~]# curl www.wenzi.com
This is www.wenzi.com