51工具盒子实验目的
搭建DNS实现internet dns 架构
前期装备工作
关闭SElinux
vim /etc/sysconfig/selinux
SELINUX=disabled
关闭防火墙
systemctl stop firewalld 临时关闭
systemctl disable firewalld 禁止开机启动
使用/misc/cd,本机是centos7对应/misc/cd。
yum install autofs -y
systemctl start autofs
systemctl enable autofs
安装epel源
yum -y install epel-release
或者自建yum源
mkdir /etc/yum.repos.d/yum/
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/yum/
vim /etc/yum.repos.d/base.repo
[base]
name=base
baseurl=file:///misc/cd
gpgcheck=0
[epel]
name=EPEL
#baseurl=http://mirrors.sohu.com/fedora-epel/7/x86_64/
baseurl=https://mirrors.aliyun.com/epel/7/x86_64/
gpgcheck=0
enabled=1
`yum repolist 确认epel源可用
`
实验环境
centos7 www 192.168.37.108 网站
centos7 slave 192.168.37.118 从服务器
centos7 master 192.168.37.128 主服务器
centos7 comdns 192.168.37.138 com服务器
centos7 rootdns 192.168.37.148 根服务器
centos7 ldns 192.168.37.158 电信DNS
centos7 client 192.168.37.168 客户端
`7台主机在同⼀⽹段,图形界⾯内存不⾜,默认改为多⽤户模式,重启时⽣效。
`
[1] centos7 192.168.37.108 网站
yum install httpd -y
systemctl start httpd
echo "<h1>welcome to www.magedu.com</h1>" > /var/www/html/index.html
[2] centos7 192.168.37.168 客户端
vim /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
NAME=eth0
IPADDR=192.168.37.168
NETMASK=255.255.255.0
DEVICE=eth0
DNS1=114.114.114.114
ONBOOT=yes
重启
===
`systemctl restart network
`
[3] centos7 master 192.168.23.128 主服务器
#服务端安装bind
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
#修改bind 配置文件
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { 192.168.37.118; };
vim /etc/named.rfc1912.zones 加上这段
zone "magedu.com" {
type master;
file "cuiran.com.zone";
};
vim /var/named/cuiran.com.zone
$TTL 1D
@ IN SOA ns1 adm.cuiran.com. ( 1 1H 10M 1D 3H )
NS ns1
NS ns2
ns1 A 192.168.37.128
ns2 A 192.168.37.118
www A 192.168.37.108
chgrp named /var/named/magedu.com.zone 安全加固
chmod 640 /var/named/magedu.com.zone
`systemctl start named 第一次启动
rndc reload 不是第一次启动
`
[4] 在客户端上验证结果,centos7 client 192.168.37.168
dig www.cuiran.com @192.168.37.128
; \<\<\>\> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 \<\<\>\> www.cuiran.com @192.168.37.128
;; global options: +cmd
;; Got answer:
;; -\>\>HEADER\<\<- opcode: QUERY, status: NOERROR, id: 56154
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cuiran.com. IN A
;; ANSWER SECTION:
www.cuiran.com. 86400 IN A 192.168.37.108
;; AUTHORITY SECTION:
cuiran.com. 86400 IN NS ns1.cuiran.com.
cuiran.com. 86400 IN NS ns2.cuiran.com.
;; ADDITIONAL SECTION:
ns1.cuiran.com. 86400 IN A 192.168.37.128
ns2.cuiran.com. 86400 IN A 192.168.37.118
`;; Query time: 1 msec
;; SERVER: 192.168.37.128#53(192.168.37.128)
;; WHEN: Tue Jul 02 15:11:58 CST 2019
;; MSG SIZE rcvd: 127
`
[5] centos7 slave 192.168.23.118 从服务器
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { none; };
vim /etc/named.rfc1912.zones 加上这段
zone "cuiran.com" {
type slave;
masters { 192.168.37.128; };
file "slaves/cuiran.com.zone.slave";
};
`systemctl start named 第一次启动
rndc reload 不是第一次启动
`
[6] 测试,主服务器上复制过来了
ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 304 May 10 15:39 cuiran.com.zone
[7]在客户端上验证结果,centos7 client 192.168.37.168
dig www.cuiran.com @192.168.37.118
; \<\<\>\> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 \<\<\>\> www.cuiran.com @192.168.37.118
;; global options: +cmd
;; Got answer:
;; -\>\>HEADER\<\<- opcode: QUERY, status: NOERROR, id: 7427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cuiran.com. IN A
;; ANSWER SECTION:
www.cuiran.com. 86400 IN A 192.168.37.108
;; AUTHORITY SECTION:
cuiran.com. 86400 IN NS ns1.cuiran.com.
cuiran.com. 86400 IN NS ns2.cuiran.com.
;; ADDITIONAL SECTION:
ns1.cuiran.com. 86400 IN A 192.168.37.128
ns2.cuiran.com. 86400 IN A 192.168.37.118
;; Query time: 3 msec
;; SERVER: 192.168.37.118#53(192.168.37.118)
;; WHEN: Tue Jul 02 15:10:55 CST 2019
;; MSG SIZE rcvd: 127
[8] centos7 comdns 192.168.37.138 com服务器
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
#修改bind配置文件
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#修改域配置文件
vim /etc/named.rfc1912.zones 加上这段
zone "com" {
type master;
file "com.zone";
};
vim /var/named/com.zone
$TTL 1D
@ IN SOA ns1 admin.cuiran.com. ( 1 1D 1H 1W 3D )
NS ns1
cuiran NS ns2
cuiran NS ns3
ns1 A 192.168.37.138
ns2 A 192.168.37.128
ns3 A 192.168.37.118
`systemctl start named 第一次启动
rndc reload 不是第一次启动
`
[9] 在客户端上验证结果,centos7 client 192.168.37.168
dig www.cuiran.com @192.168.37.138
; \<\<\>\> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 \<\<\>\> www.cuiran.com @192.168.37.138
;; global options: +cmd
;; Got answer:
;; -\>\>HEADER\<\<- opcode: QUERY, status: NOERROR, id: 36975
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cuiran.com. IN A
;; ANSWER SECTION:
www.cuiran.com. 11352 IN A 192.168.37.108
;; AUTHORITY SECTION:
cuiran.com. 86400 IN NS ns2.com.
cuiran.com. 86400 IN NS ns3.com.
;; ADDITIONAL SECTION:
ns2.com. 86400 IN A 192.168.37.128
ns3.com. 86400 IN A 192.168.37.118
`;; Query time: 0 msec
;; SERVER: 192.168.37.138#53(192.168.37.138)
;; WHEN: Wed Jul 03 12:16:06 CST 2019
;; MSG SIZE rcvd: 135
`
[10] centos7 rootdns 192.168.37.148 根服务器
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
改为:
zone "." IN {
type master;
file "root.zone";
};
vim /var/named/root.zone
$TTL 1D
@ IN SOA ns1 admin.cuiran.com. (1 1D 1H 1W 3D)
NS ns1
com NS comns
ns1 A 192.168.37.148
comns A 192.168.37.138
`chgrp named /var/named/magedu.com.zone 安全加固
chmod 640 /var/named/magedu.com.zone
systemctl start named 第一次启动
rndc reload 不是第一次启动
`
[11] centos7 ldns 192.168.23.158 电信DNS
yum install bind -y
Installed:
bind.x86_64 32:9.9.4-61.el7
Complete!
vim /etc/named.conf 注释掉两行,第13行和第21行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no
vim /var/named/name.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 518400 IN A 192.168.37.148
`systemctl start named 第一次启动
rndc reload 不是第一次启动
`
[12] 在192.168.37.168测试
#查看本地DNS
cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.37.158
dig www.cuiran.com
; \<\<\>\> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 \<\<\>\> www.cuiran.com
;; global options: +cmd
;; Got answer:
;; -\>\>HEADER\<\<- opcode: QUERY, status: NOERROR, id: 17416
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.cuiran.com. IN A
;; ANSWER SECTION:
www.cuiran.com. 86400 IN A 192.168.37.108
;; AUTHORITY SECTION:
cuiran.com. 65215 IN NS ns1.cuiran.com.
cuiran.com. 65215 IN NS ns2.cuiran.com.
;; ADDITIONAL SECTION:
ns2.cuiran.com. 65215 IN A 192.168.37.118
ns1.cuiran.com. 65215 IN A 192.168.37.128
`;; Query time: 17 msec
;; SERVER: 192.168.37.158#53(192.168.37.158)
;; WHEN: Wed Jul 03 19:24:59 CST 2019
;; MSG SIZE rcvd: 127`
