智能DNS服务器搭建

                             智能DNS域名解析搭建理论框架
DNS(端口:53)为了用户可以更加直观看出来,不用记住IP,着就需要DNS的参与
DNS简单来说就是在网络中维护着一个地址数据库,中记录了主机域名:于IP地址对应关系,以便客户程序提供正向或反向解析。
正向文件:根据域名查IP
反向文件:根据IP在查域名
这里每一个域都会有一个特定的区域:zone区域

DNS服务器常见分类;
  (1)缓存域名服务器
  (2)主域名服务器
  (3)从域名服务器

DNS服务器查询方式
(1)递归:DNS服务按照逐步解析
(2)迭代:当DNS加载过程,如果没有找到,此刻DNS会逐步向外界服务端发送请求

++++++++++++++++++++++++++++++配置+++++++++++++++++++++++++++++
#systemctl stop firewalld
#systemctl disable firewalld
#iptables -F
#setenforce 0

系统安装bind包(有三个,bind,bind-utils,bind-libs)


案例一:
        单机构建DNS缓存服务器,并代理客户机的DNS请求
实现以上功能有两种配置方法
        一种直接指向当地dns服务器
        一种是根域解析

(1):指向北京网通dns
缓存服务器DNS修改:
#vim  /etc/named.conf
  listen-on port 53 { 192.168.30.210; };
  allow-query     { any; };
  forwarders      { 202.106.0.20; };
  dnssec-enable no;
  dnssec-validation no;
修改完后:检查并重启
#named-checkconf /etc/named.conf
#systemctl restart named

客户机DNS服务器配置设置为缓存服务器IP
#vim /etc/resolv.conf
  nameserver 192.168.30.210

客户机测试
#nslookup www.baidu.com
  Server:        192.168.30.210
  Address:    192.168.30.210#53
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
(2)根域解析:
#vim /etc/namd.conf
         listen-on port 53 { any; };
//      listen-on-v6 port 53 { ::1; };
         allow-query     { any; };
         recursion yes;
//      dnssec-enable no;
//     dnssec-validation no;
//      dnssec-lookaside auto
zone "." IN {
        type hint;
        file "named.ca";
};
// include "/etc/named.rfc1912.zones";
// include "/etc/named.root.key";
修改完后:检查并重启
#named-checkconf /etc/named.conf
#systemctl restart named

客户机修改配置
#vim /etc/resolv.conf
search amber.com
nameserver 192.168.30.210

客户机测试
[root@dns7 ~]# nslookup www.sia.com
Server:        192.168.30.210
Address:                    192.168.30.210#53


以上都是基本应用,说几个生产用的到的
          构建主域名服务器解析服务器
主域名解析服务器通常架设在internet环境中,提供某一个域或几个域的主机名与IP地址查询工作,为了分担域名查询压力,有时候也会做高可用(加一台从服务器)
实验环境:
    主域名服务器要负责的DNS区域是“amber.com”
                主服务器IP地址:192.168.30.210  主机名为 :  dns8
                从服务器IP地址:192.168.30.137  主机名为 :  dns7   
                在“amber.com”区域中,除NS记录外,提供以下解析记录
                网站服务器:www.amber.com     IP地址为192.168.30.10/24
                论坛服务器:bbs.amber.com       IP地址为192.168.30.12/24
                客户机将首选主从的dns服务器
操作:
(1)确认主的服务器的IP与网段
#ip a
(2)添加HOST(先添加主,做从再加入从)
#vim /etc/hosts
192.168.30.210  dns8
192.168.30.137  dns7
(3)vim  /etc/resolv.conf    (先添加主,做从再加入从)
search amber.com
nameserver 192.168.30.210
nameserver 192.168.30.137
(4)修改/etc/named.conf
options {
        listen-on port 53 { 192.168.30.210; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
//      dump-file       "/var/named/data/cache_dump.db";
//      statistics-file "/var/named/data/named_stats.txt";
//      memstatistics-file "/var/named/data/named_mem_stats.txt";
//      recursing-file  "/var/named/data/named.recursing";
//      secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        recursion yes;
//      dnssec-enable no;
//      dnssec-validation no;
//      dnssec-lookaside auto
//      bindkeys-file "/etc/named.iscdlv.key";

//      managed-keys-directory "/var/named/dynamic";

//      pid-file "/run/named/named.pid";
//      session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "amber.com" IN {
        type master;
        file "amber.com.zone";
        allow-transfer { 192.168.30.137; };
};
zone "30.168.192.in-addr.20arpa" IN {
        type master;
        file "192.168.30.arpa";
        allow-transfer { 192.168.30.137; };
};

(5)检查
#named-checkconf /etc/named.conf
(6)手动建立正向与反向文件
#cd /var/named/   
#cp -p named.empty amber.com.zone
#vim amber.com.zone
$TTL 3H
@       IN SOA  amber.com. root.dns8.amber.com. (
                                        20201117        ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns8.amber.com.
        NS      dns7.amber.com.
        MX  10  www.amber.com.
dns8    A       192.168.30.210
dns7    A       192.168.30.137
www     A       192.168.30.10
bbs     A       192.168.30.12
~                                   
正向做完后,做反向
#cp -p amber.com.zone  192.168.30.arpa
#vim 192.169.30.arpa
$TTL 1D
@       IN SOA  amber.com. root.dns8.amber.com. (
                                        20201117        ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns8.amber.com.
        NS      dns7.amber.com.
210     PTR     dns8.amber.com.
137     PTR     dns7.amber.com.
10      PTR     www.amber.com.
12      PTR     bbs.amber.com.

(7)测试配置文件语法并重启服务
#named-checkzone amber.com amber.com.zone
zone amber.com/IN: loaded serial 20201117
OK
#named-checkzone 30.168.192.in-addr.arpa 192.168.30.arpa
zone 30.168.192.in-addr.arpa/IN: loaded serial 20201117
OK
#systemctl restart named

(8)客户机测试
#vim /etc/resolv.conf
nameserver 192.168.30.137
nameserver 192.168.30.210
#nslookup www.amber.com                  (正)
Server:        192.168.30.210
Address:                    192.168.30.210#53
#nslookup 192.168.30.12                        (反)
Server:        192.168.30.210
Address:                    192.168.30.210#53
12.30.168.192.in-addr.arpa    name = bbs.amber.com.

posted @ 2019-08-22 17:19  Supernova-L李  阅读(1503)  评论(0编辑  收藏  举报