课题组网站怎么做,微信企业号,wordpress 图文投票,网站开发违约解除合同通知函实现 Internet DNS 架构
架构图 实验环境
关闭SELinux、Firewalld。时间保持一致
主机名IP角色client192.168.28.146DNS客户端#xff0c;DNS地址为192.168.28.145localdns192.168.28.145本地DNS服务器#xff08;只缓存#xff09;forward192.168.28.144转发目标DNS服务…实现 Internet DNS 架构
架构图 实验环境
关闭SELinux、Firewalld。时间保持一致
主机名IP角色client192.168.28.146DNS客户端DNS地址为192.168.28.145localdns192.168.28.145本地DNS服务器只缓存forward192.168.28.144转发目标DNS服务器rootdns192.168.28.141根DNS服务器comdns192.168.28.143com域DNS服务器master192.168.28.158wenzi.com域的主DNS服务器slave192.168.28.156wenzi.com域的从DNS服务器web192.168.28.159www.wenzi.com的web服务器
一、配置设备网络
将DNS客户端的dns指向本地DNS服务器只缓存
[rootclient ~]# nmcli con mod System ens33 ipv4.address 192.168.28.146/24 ipv4.method manual ipv4.gateway 192.168.28.2 ipv4.dns 192.168.28.145
[rootclient ~]# nmcli con reload
[rootclient ~]# nmcli con up System ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[rootclient ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.28.145
二、实现web服务
[rootweb ~]# yum -y install httpd systemctl enable --now httpd echo This is www.wenzi.com /var/www/html/index.html
三、实现wenzi.com域的主DNS服务器
修改配置文件
[rootmaster ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1; localhost; }; 监听端口范围
...allow-query { localhost; 192.168.28.0/24; }; 允许查询范围allow-transfer { 192.168.28.156; }; 允许区域传输范围即从DNS
...定义 wenzi.com 区域
[rootmaster ~]# vim /etc/named.rfc1912.zones
zone wenzi.com IN {type master;file wenzi.com.zone;
};
...
编译wenzi.com.zone文件
[rootmaster ~]# cd /var/named/
[rootmaster named]# ll
total 16
drwxrwx--- 2 named named 23 Oct 17 21:43 data
drwxrwx--- 2 named named 60 Oct 17 21:52 dynamic
-rw-r----- 1 root named 2253 Aug 25 2021 named.ca
-rw-r----- 1 root named 152 Aug 25 2021 named.empty
-rw-r----- 1 root named 152 Aug 25 2021 named.localhost
-rw-r----- 1 root named 168 Aug 25 2021 named.loopback
drwxrwx--- 2 named named 6 Aug 25 2021 slaves
[rootmaster named]# cp -a named.localhost wenzi.com.zone
[rootmaster named]# vim wenzi.com.zone
$TTL 1DIN SOA master admin.wenzi.com. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum IN NS master.wenzi.com.IN NS slave.wenzi.com.master IN A 192.168.28.158
slave IN A 192.168.28.156
www IN A 192.168.28.159
检查语法重启服务
[rootmaster named]# named-checkconf
[rootmaster named]# named-checkzone wenzi.com wenzi.com.zone
zone wenzi.com/IN: loaded serial 0
OK
[rootmaster named]# rndc reload
server reload successful四、实现wenzi.com域的从DNS服务器
修改配置
[rootslave ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1; localhost; };
...allow-query { localhost; 192.168.28.0/24; };allow-transfer { none; }; 禁止其它设备进行区域传输
...定义区域
[rootslave ~]# vim /etc/named.rfc1912.zones
zone wenzi.com {type slave;masters { 192.168.28.158; };file slaves/wenzi.com.zone.slave;
};
...
校验语法并重启服务发现区域文件已同步
[rootslave ~]# named-checkconf
[rootslave ~]# rndc reload
server reload successful
[rootslave ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 310 Oct 17 22:31 wenzi.com.zone.slave
五、实现com域的主DNS服务器
修改配置
[rootcomdns ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1;localhost; };
...allow-query { localhost; 192.168.28.0/24; };
...
定义 com 区域
[rootcomdns ~]# vim /etc/named.rfc1912.zones
zone com {type master;file com.zone;
};编写 com.zone 文件
[rootcomdns ~]# cd /var/named/
[rootcomdns named]# cp -a named.localhost com.zone
$TTL 1DIN SOA master admin.wenzi.com.. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum IN NS master
wenzi IN NS dnservermaster wenzi.com.的主DNS服务器
wenzi IN NS dnserverslave wenzi.com.的从DNS服务器master IN A 192.168.28.143
dnservermaster IN A 192.168.28.158 主DNS服务器映射地址
dnserverslave IN A 192.168.28.156 从DNS服务器映射地址校验语法并重启服务
[rootcomdns named]# named-checkconf
[rootcomdns named]# named-checkzone com com.zone
zone com/IN: loaded serial 0
OK
[rootcomdns named]# rndc reload
server reload successful
六、实现根域的主DNS服务器
修改配置
[rootrootdns ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1; localhost; };
...allow-query { localhost; 192.168.28.0/24; };
...
定义区域
[rootrootdns ~]# vim /etc/named.rfc1912.zones
zone . IN {type master;file root.zone;
};编写区域文件
[rootrootdns named]# cp -a named.localhost root.zone
[rootrootdns named]# vim root.zone
$TTL 1DIN SOA master admin.wenzi.com. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumIN NS master
com IN NS comdnsmaster IN A 192.168.28.141
comdns IN A 192.168.28.143
校验语法重启服务
[rootrootdns named]# named-checkconf
[rootrootdns named]# named-checkzone . root.zone
zone ./IN: loaded serial 0
OK
[rootrootdns named]# rndc reload
server reload successful
七、实现转发目标的DNS服务器
修改配置
[rootforward ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1; localhost; };
...allow-query { localhost; 192.168.28.0/24; };
...修改bind软件自带的根DNS服务器实现将请求转发给自建DNS根服务器而不是直接去互联网查找
[rootforward ~]# vim /var/named/named.ca
...
;; QUESTION SECTION:
;. IN NS;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.;; ADDITIONAL SECTION:
a.root-servers.net. 518400 IN A 192.168.28.141
...
校验语法重启服务
[rootforward ~]# named-checkconf
[rootforward ~]# rndc reload
server reload successful
八、实现本地只缓存DNS服务器
修改配置
options {listen-on port 53 { 127.0.0.1; localhost; };
...allow-query { localhost; 192.168.28.0/24; };forward only;forwarders { 192.168.28.144; };
...recursion yes; 启动dns递归查询dnssec-enable no; 不启用DNS安全拓展通常关闭dnssec-validation no; 不验证dnssec数据有效性通常关闭
...检查语法重启服务
[rootlocaldns ~]# named-checkconf
[rootlocaldns ~]# rndc reload
server reload successful
九、客户端测试
[rootclient ~]# host www.wenzi.com
www.wenzi.com has address 192.168.28.159[rootclient ~]# dig www.wenzi.com; DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.14 www.wenzi.com
;; global options: cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 15173
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wenzi.com. IN A;; ANSWER SECTION:
www.wenzi.com. 85706 IN A 192.168.28.159;; AUTHORITY SECTION:
wenzi.com. 85706 IN NS dnservermaster.com.
wenzi.com. 85706 IN NS dnserverslave.com.;; ADDITIONAL SECTION:
dnserverslave.com. 85706 IN A 192.168.28.156
dnservermaster.com. 85706 IN A 192.168.28.158;; Query time: 0 msec
;; SERVER: 192.168.28.145#53(192.168.28.145)
;; WHEN: Tue Oct 17 23:48:33 CST 2023
;; MSG SIZE rcvd: 147[rootclient ~]# curl www.wenzi.com
This is www.wenzi.com
