智能DNS服务器搭建
智能DNS域名解析搭建理论框架
DNS(端口:53)为了用户可以更加直观看出来,不用记住IP,着就需要DNS的参与
DNS简单来说就是在网络中维护着一个地址数据库,中记录了主机域名:于IP地址对应关系,以便客户程序提供正向或反向解析。
正向文件:根据域名查IP
反向文件:根据IP在查域名
这里每一个域都会有一个特定的区域:zone区域
DNS服务器常见分类;
(1)缓存域名服务器
(2)主域名服务器
(3)从域名服务器
DNS服务器查询方式
(1)递归:DNS服务按照逐步解析
(2)迭代:当DNS加载过程,如果没有找到,此刻DNS会逐步向外界服务端发送请求
++++++++++++++++++++++++++++++配置+++++++++++++++++++++++++++++
#systemctl stop firewalld
#systemctl disable firewalld
#iptables -F
#setenforce 0
系统安装bind包(有三个,bind,bind-utils,bind-libs)
案例一:
单机构建DNS缓存服务器,并代理客户机的DNS请求
实现以上功能有两种配置方法
一种直接指向当地dns服务器
一种是根域解析
(1):指向北京网通dns
缓存服务器DNS修改:
#vim /etc/named.conf
listen-on port 53 { 192.168.30.210; };
allow-query { any; };
forwarders { 202.106.0.20; };
dnssec-enable no;
dnssec-validation no;
修改完后:检查并重启
#named-checkconf /etc/named.conf
#systemctl restart named
客户机DNS服务器配置设置为缓存服务器IP
#vim /etc/resolv.conf
nameserver 192.168.30.210
客户机测试
#nslookup www.baidu.com
Server: 192.168.30.210
Address: 192.168.30.210#53
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
(2)根域解析:
#vim /etc/namd.conf
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
allow-query { any; };
recursion yes;
// dnssec-enable no;
// dnssec-validation no;
// dnssec-lookaside auto
zone "." IN {
type hint;
file "named.ca";
};
// include "/etc/named.rfc1912.zones";
// include "/etc/named.root.key";
修改完后:检查并重启
#named-checkconf /etc/named.conf
#systemctl restart named
客户机修改配置
#vim /etc/resolv.conf
search amber.com
nameserver 192.168.30.210
客户机测试
[root@dns7 ~]# nslookup www.sia.com
Server: 192.168.30.210
Address: 192.168.30.210#53
以上都是基本应用,说几个生产用的到的
构建主域名服务器解析服务器
主域名解析服务器通常架设在internet环境中,提供某一个域或几个域的主机名与IP地址查询工作,为了分担域名查询压力,有时候也会做高可用(加一台从服务器)
实验环境:
主域名服务器要负责的DNS区域是“amber.com”
主服务器IP地址:192.168.30.210 主机名为 : dns8
从服务器IP地址:192.168.30.137 主机名为 : dns7
在“amber.com”区域中,除NS记录外,提供以下解析记录
网站服务器:www.amber.com IP地址为192.168.30.10/24
论坛服务器:bbs.amber.com IP地址为192.168.30.12/24
客户机将首选主从的dns服务器
操作:
(1)确认主的服务器的IP与网段
#ip a
(2)添加HOST(先添加主,做从再加入从)
#vim /etc/hosts
192.168.30.210 dns8
192.168.30.137 dns7
(3)vim /etc/resolv.conf (先添加主,做从再加入从)
search amber.com
nameserver 192.168.30.210
nameserver 192.168.30.137
(4)修改/etc/named.conf
options {
listen-on port 53 { 192.168.30.210; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
// dump-file "/var/named/data/cache_dump.db";
// statistics-file "/var/named/data/named_stats.txt";
// memstatistics-file "/var/named/data/named_mem_stats.txt";
// recursing-file "/var/named/data/named.recursing";
// secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
// dnssec-enable no;
// dnssec-validation no;
// dnssec-lookaside auto
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
// pid-file "/run/named/named.pid";
// session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "amber.com" IN {
type master;
file "amber.com.zone";
allow-transfer { 192.168.30.137; };
};
zone "30.168.192.in-addr.20arpa" IN {
type master;
file "192.168.30.arpa";
allow-transfer { 192.168.30.137; };
};
(5)检查
#named-checkconf /etc/named.conf
(6)手动建立正向与反向文件
#cd /var/named/
#cp -p named.empty amber.com.zone
#vim amber.com.zone
$TTL 3H
@ IN SOA amber.com. root.dns8.amber.com. (
20201117 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns8.amber.com.
NS dns7.amber.com.
MX 10 www.amber.com.
dns8 A 192.168.30.210
dns7 A 192.168.30.137
www A 192.168.30.10
bbs A 192.168.30.12
~
正向做完后,做反向
#cp -p amber.com.zone 192.168.30.arpa
#vim 192.169.30.arpa
$TTL 1D
@ IN SOA amber.com. root.dns8.amber.com. (
20201117 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns8.amber.com.
NS dns7.amber.com.
210 PTR dns8.amber.com.
137 PTR dns7.amber.com.
10 PTR www.amber.com.
12 PTR bbs.amber.com.
(7)测试配置文件语法并重启服务
#named-checkzone amber.com amber.com.zone
zone amber.com/IN: loaded serial 20201117
OK
#named-checkzone 30.168.192.in-addr.arpa 192.168.30.arpa
zone 30.168.192.in-addr.arpa/IN: loaded serial 20201117
OK
#systemctl restart named
(8)客户机测试
#vim /etc/resolv.conf
nameserver 192.168.30.137
nameserver 192.168.30.210
#nslookup www.amber.com (正)
Server: 192.168.30.210
Address: 192.168.30.210#53
#nslookup 192.168.30.12 (反)
Server: 192.168.30.210
Address: 192.168.30.210#53
12.30.168.192.in-addr.arpa name = bbs.amber.com.