模擬互聯(lián)網(wǎng)DNS
目標(biāo)
- 模擬互聯(lián)網(wǎng)DNS從根域到具體主機(jī)
- 通過模擬的互聯(lián)網(wǎng)DNS來解析www.gx.com主機(jī)
- 本地DNS服務(wù)器若無相應(yīng)的FQDN則從模擬的根去遞歸查詢
- 只實(shí)驗(yàn)正向解析
主機(jī)規(guī)劃
| hostname | zone | ip | 說明 | 系統(tǒng)版本 |
|---|---|---|---|---|
| rootdns | . | 192.168.32.71 | 根域服務(wù)器 | CenOS 7 |
| comdns | com | 192.168.32.72 | com域服務(wù)器 | CenOS 7 |
| gxdns1 | gx.com | 192.168.32.73 | gx.com域主服務(wù)器 | CenOS 7 |
| gxdns2 | gx.com | 192.168.32.61 | gx.com域從服務(wù)器 | CenOS 6 |
| websrv | www.gx.com主機(jī) | 192.168.32.199 | gx.com下的www服務(wù)器 | CenOS 6 |
| localdns | localdns | 192.168.32.63 | 本地DNS服務(wù)器 | CenOS 6 |
| 7op | 192.168.32.109 | 普通主機(jī) | CenOS 7 |
1. web服務(wù)器
- 啟用http
[root@websrv ~]#ss -nlt |grep :80
LISTEN 0 128 :::80 :::*
- 測試web
[root@websrv ~]#curl 192.168.32.199
<h1> www.gx.com </h1>
2. gx.com.DNS服務(wù)器搭建
2.1 gx.com主服務(wù)器
- 主配置文件
/etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-transfer { 192.168.32.61; }; // 新增,只允許從服務(wù)器做區(qū)域傳送
masterfile-format text ; // 同步至從服務(wù)器的區(qū)域解析文件格式為text
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
- 配置文件
/etc/named.rfc1912.zones定義gx.com區(qū)域
zone "gx.com" IN {
type master;
file "gx.com.zone";
};
- 配置gx.com區(qū)域解析文件
/var/named/gx.com.zone
[root@gxdns1 ~]#cat /var/named/gx.com.zone
$TTL 1D
$ORIGIN gx.com.
@ IN SOA gxdns1 admin (
0
1H
5M
7D
1D
)
IN NS gxdns1
IN NS gxdns2
gxdns1 IN A 192.168.32.73
gxdns2 IN A 192.168.32.61
www IN A 192.168.32.199
- 啟動(dòng)服務(wù)喊衫,測試gx.com主DNS服務(wù)器解析www主機(jī)
[root@gxdns1 ~]#systemctl start named
[root@gxdns1 ~]#dig www.gx.com @192.168.32.73 +short
192.168.32.199
[root@gxdns1 ~]#dig www.gx.com @192.168.32.73
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.gx.com @192.168.32.73
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42954
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gx.com. IN A
;; ANSWER SECTION:
www.gx.com. 86400 IN A 192.168.32.199
;; AUTHORITY SECTION:
gx.com. 86400 IN NS gxdns1.gx.com.
gx.com. 86400 IN NS gxdns2.gx.com.
;; ADDITIONAL SECTION:
gxdns1.gx.com. 86400 IN A 192.168.32.73
gxdns2.gx.com. 86400 IN A 192.168.32.61
;; Query time: 0 msec
;; SERVER: 192.168.32.73#53(192.168.32.73)
;; WHEN: Tue Sep 25 19:44:09 CST 2018
;; MSG SIZE rcvd: 129
2.2 gx.com從服務(wù)器
- 主配置文件
/etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-transfer { none; }; //禁止向其他主機(jī)區(qū)域傳遞解析庫文件
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
- 配置
/etc/named.rfc1912.zones定義gx.com區(qū)域殖卑,定義從服務(wù)器
zone "gx.com" IN {
type slave;
masters { 192.168.32.73; }; //指定gx.com主服務(wù)器
file "slaves/gx.com.zone"; //區(qū)域傳遞的解析庫文件存放位置
};
- 啟動(dòng)服務(wù),查看從主服務(wù)器區(qū)域傳遞的解析庫文件
/var/named/slaves/gx.com.zone
[root@gxdns2 ~]#service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@gxdns2 ~]#cat /var/named/slaves/gx.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
gx.com IN SOA gxdns1.gx.com. admin.gx.com. (
0 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS gxdns1.gx.com.
NS gxdns2.gx.com.
$ORIGIN gx.com.
gxdns1 A 192.168.32.73
gxdns2 A 192.168.32.61
www A 192.168.32.199
[root@gxdns2 ~]#
- 測試gx.com從DNS服務(wù)器解析www主機(jī)
[root@gxdns2 ~]#dig www.gx.com @192.168.32.61 +short
192.168.32.199
[root@gxdns2 ~]#dig www.gx.com @192.168.32.61
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.gx.com @192.168.32.61
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39398
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.gx.com. IN A
;; ANSWER SECTION:
www.gx.com. 86400 IN A 192.168.32.199
;; AUTHORITY SECTION:
gx.com. 86400 IN NS gxdns1.gx.com.
gx.com. 86400 IN NS gxdns2.gx.com.
;; ADDITIONAL SECTION:
gxdns1.gx.com. 86400 IN A 192.168.32.73
gxdns2.gx.com. 86400 IN A 192.168.32.61
;; Query time: 0 msec
;; SERVER: 192.168.32.61#53(192.168.32.61)
;; WHEN: Sat Sep 1 02:14:04 2018
;; MSG SIZE rcvd: 118
3. com.區(qū)域服務(wù)器搭建
- 主配置文件
/etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-transfer { none; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
- 配置文件
/etc/named.rfc1912.zones新增區(qū)域com
zone "com" IN {
type master;
file "com.zone";
};
- com.區(qū)域解析文件
[root@comsrv ~]#cat /var/named/com.zone
$TTL 86400
$ORIGIN com.
com. IN SOA comdns admin (
0
1H
5M
7D
1D
)
IN NS comdns
gx IN NS gxdns1.gx ;定義子域gx, 其dns為gxdns1.gx
gx IN NS gxdns2.gx ;定義子域gx, 其dns為gxdns2.gx
comdns IN A 192.168.32.72
gxdns1.gx IN A 192.168.32.73
gxdns2.gx IN A 192.168.32.61
- 啟動(dòng)服務(wù),測試com-DNS服務(wù)器解析www主機(jī)
[root@comsrv ~]#systemctl start named
[root@comsrv ~]#dig www.gx.com @192.168.32.72 +short
192.168.32.199
[root@comsrv ~]#dig www.gx.com @192.168.32.72
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.gx.com @192.168.32.72
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7402
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gx.com. IN A
;; ANSWER SECTION:
www.gx.com. 85984 IN A 192.168.32.199
;; AUTHORITY SECTION:
gx.com. 86400 IN NS gxdns1.gx.com.
gx.com. 86400 IN NS gxdns2.gx.com.
;; Query time: 0 msec
;; SERVER: 192.168.32.72#53(192.168.32.72)
;; WHEN: Tue Sep 25 20:19:24 CST 2018
;; MSG SIZE rcvd: 97
4. 根區(qū)域服務(wù)器搭建
- 主配置文件
/etc/named.conf,修改zone"."
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-transfer { none; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
// 根的解析文件和類型都做了修改
zone "." IN {
type master; // hint --> master
file "root.zone"; // named.ca --> root.zone
};
};
- 根解析區(qū)域庫文件
/var/named/root.zone
[root@rootsrv named]#cat /var/named/root.zone
$TTL 1D
$ORIGIN .
@ IN SOA rootdns admin ( 0 1H 5M 7D 1D )
IN NS rootdns
com IN NS comdns.com
rootdns IN A 192.168.32.71
comdns.com IN A 192.168.32.72
- 啟動(dòng)服務(wù)泛鸟,測試root-DNS服務(wù)器解析www主機(jī)
[root@rootsrv named]#systemctl start named
[root@rootsrv named]#dig www.gx.com @192.168.32.71 +short
192.168.32.199
[root@rootsrv named]#dig www.gx.com @192.168.32.71
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.gx.com @192.168.32.71
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27214
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gx.com. IN A
;; ANSWER SECTION:
www.gx.com. 86105 IN A 192.168.32.199
;; AUTHORITY SECTION:
gx.com. 86105 IN NS gxdns1.gx.com.
gx.com. 86105 IN NS gxdns2.gx.com.
;; ADDITIONAL SECTION:
gxdns2.gx.com. 86105 IN A 192.168.32.61
gxdns1.gx.com. 86105 IN A 192.168.32.73
;; Query time: 0 msec
;; SERVER: 192.168.32.71#53(192.168.32.71)
;; WHEN: Tue Sep 25 20:43:24 CST 2018
;; MSG SIZE rcvd: 129
[root@rootsrv named]#
5. 本地DNS區(qū)域服務(wù)器搭建
本地DNS區(qū)域DNS只做轉(zhuǎn)發(fā)记某,解析庫文件沒有www.gx.com的解析,模擬無記錄的情況去找模擬根來解析
- 主配置文件
/etc/named.conf
dnssec功能必須no,注釋會(huì)無法解析
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no; //不能注釋,一定要寫no,否認(rèn)這解析失敗
dnssec-validation no; //不能注釋帚湘,一定要寫no,否認(rèn)這解析失敗
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
- 修改
/var/named/named.ca文件羹与,只保留一個(gè)根域猪贪,并指向自定義根域
[root@localnds ~]#cat /var/named/named.ca
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 192.168.32.71
- 啟動(dòng)服務(wù)哮伟,測試localdns服務(wù)器解析www主機(jī)
[root@localnds ~]#dig www.gx.com @192.168.32.63
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.gx.com @192.168.32.63
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15088
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.gx.com. IN A
;; ANSWER SECTION:
www.gx.com. 86097 IN A 192.168.32.199
;; AUTHORITY SECTION:
gx.com. 86097 IN NS gxdns2.gx.com.
gx.com. 86097 IN NS gxdns1.gx.com.
;; ADDITIONAL SECTION:
gxdns2.gx.com. 86097 IN A 192.168.32.61
gxdns1.gx.com. 86097 IN A 192.168.32.73
;; Query time: 0 msec
;; SERVER: 192.168.32.63#53(192.168.32.63)
;; WHEN: Sat Sep 1 18:08:17 2018
;; MSG SIZE rcvd: 118
[root@localnds ~]#dig www.gx.com @192.168.32.63 +short
192.168.32.199
6. 與localnds同一網(wǎng)段的主機(jī)測試
- 修改主機(jī)的dns指向localdns
[root@7op ~]#cat /etc/resolv.conf
# Generated by NetworkManager
search guangxi.com
nameserver 192.168.32.63
- 同一網(wǎng)段主機(jī)測試通過localdns服務(wù)器解析www主機(jī)
[root@7op ~]#dig www.gx.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.gx.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54662
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gx.com. IN A
;; ANSWER SECTION:
www.gx.com. 85939 IN A 192.168.32.199
;; AUTHORITY SECTION:
gx.com. 85939 IN NS gxdns1.gx.com.
gx.com. 85939 IN NS gxdns2.gx.com.
;; ADDITIONAL SECTION:
gxdns2.gx.com. 85939 IN A 192.168.32.61
gxdns1.gx.com. 85939 IN A 192.168.32.73
;; Query time: 0 msec
;; SERVER: 192.168.32.63#53(192.168.32.63)
;; WHEN: Tue Sep 25 21:06:18 CST 2018
;; MSG SIZE rcvd: 129
[root@7op ~]#dig www.gx.com +short
192.168.32.199
