构建一个完整的DNS系统
人心不同 各如其面 如之奈何 如之奈何
——引子
我们的目标很明了——构建一个具有根的、私有的DNS(Domain Name System)。
这里不会陈述太多关于DNS与BIND的基础知识,如果您需要查看一些基础性的文章,文章末尾附录之中有传送门。
上图摘自《DNS与BIND》中文第四版。
上图便是我们整个DNS系统的鸟瞰,您需要特别注意,由于我们整个过程需要启动6个相互关联的、位于GNU/Linux操作系统上的DNS服务器,一个小小的失误,极可能导致最终的失败,所以,在接下来的“游戏”里,您应该时刻知道我们目前处于系统的哪个位置。
此次实验共有6台服务器参与,他们皆位于VMnet2:192.168.31.0/24网络中,当然,如果加上Host主机,就是7台。
Host主机的IP地址默认为192.168.31.1,我们将Clone 1的IP设置为192.168.31.98,他将担负根DNS服务器的职责。Clone 2至Clone 6便直接对应设置为192.168.31.2依次至192.168.31.6。
下面,我们便开始此次游历。
Step root:
目前位置——服务器Clone 1,192.168.31.98,职能为根DNS服务器。
各配置文件如下。
# /etc/named.conf
1 acl listen_acl 2 { 3 any; 4 }; 5 acl allow_query_acl 6 { 7 any; 8 }; 9 acl allow_recursion_acl 10 { 11 none; # allow_recursion none 12 }; 13 acl allow_transfer_acl 14 { 15 none; 16 }; 17 acl allow_update_acl 18 { 19 none; 20 }; 21 options 22 { 23 listen-on port 53 { listen_acl; }; 24 directory "/var/named"; 25 dump-file "/var/named/data/cache_dump.db"; 26 statistics-file "/var/named/data/named_stats.txt"; 27 memstatistics-file "/var/named/data/named_mem_stats.txt"; 28 allow-query { allow_query_acl; }; 29 allow-recursion { allow_recursion_acl; }; 30 allow-transfer { allow_transfer_acl; }; 31 allow-update { allow_update_acl; }; 32 }; 33 34 zone "." IN { 35 type master; #master 36 file "root.zone"; 37 };
# /var/named/root.zone
1 . 86286 IN SOA dns-0.dns.mil. dns.mail.dns.mil. 2014031100 1800 900 604800 86400 2 3 . 518400 IN NS dns-0.dns.mil. 4 dns-0.dns.mil. 3600000 IN A 192.168.31.98 5 . 518400 IN NS dns-1.dns.mil. 6 dns-1.dns.mil. 3600000 IN A 192.168.31.98 7 8 cc. 600 IN NS dns-cc-0.dns.cc. 9 dns-cc-0.dns.cc. 600 IN A 192.168.31.3 10 org. 600 IN NS dns-org-0.dns.org. 11 dns-org-0.dns.org. 600 IN A 192.168.31.3 12 13 ;根域划分 子域授权
确认、启动根DNS服务。
Step cc & Step org:
目前位置——顶级域DNS服务器Clone 3,192.168.31.3,我们将cc与org域的DNS服务皆放在Clone 3服务器上,其将担负顶级域DNS服务器的职能。
各配置文件如下。
# /etc/named.conf
1 acl listen_acl 2 { 3 any; 4 }; 5 acl allow_query_acl 6 { 7 any; 8 }; 9 acl allow_recursion_acl 10 { 11 none; 12 }; 13 acl allow_transfer_acl 14 { 15 none; 16 }; 17 acl allow_update_acl 18 { 19 none; 20 }; 21 options 22 { 23 listen-on port 53 { listen_acl; }; 24 directory "/var/named"; 25 dump-file "/var/named/data/cache_dump.db"; 26 statistics-file "/var/named/data/named_stats.txt"; 27 memstatistics-file "/var/named/data/named_mem_stats.txt"; 28 allow-query { allow_query_acl; }; 29 allow-recursion { allow_recursion_acl; }; 30 allow-transfer { allow_transfer_acl; }; 31 allow-update { allow_update_acl; }; 32 }; 33 zone "." IN { 34 type hint; #hint 35 file "root.cache"; #指定root DNS服务器的IP地址与FQDN 36 }; 37 zone "cc" IN { 38 type master; 39 file "cc.zone"; 40 }; 41 zone "org" IN { 42 type master; 43 file "org.zone"; 44 };
# /var/named/root.cache
1 . 518400 IN NS dns-0.dns.mil. 2 dns-0.dns.mil. 3600000 IN A 192.168.31.98 3 . 518400 IN NS dns-1.dns.mil. 4 dns-1.dns.mil. 3600000 IN A 192.168.31.98
# /var/named/cc.zone
1 $TTL 600 2 3 cc. IN SOA dns-cc-0.dns.cc. dns-cc.mail.dns.cc. ( 4 2014031001 5 3H 6 15M 7 3D 8 1D 9 ); 10 11 cc. IN NS dns-cc-0.dns.cc. 12 dns-cc-0.dns.cc. IN A 192.168.31.3 13 14 eecs.cc. IN NS dns.eecs.cc. 15 dns.eecs.cc. IN A 192.168.31.4
# /var/named/org.zone
1 $TTL 600 2 3 org. IN SOA dns-org-0.dns.org. dns-org.mail.dns.org. ( 4 2014031001 5 3H 6 15M 7 3D 8 1D 9 ); 10 11 org. IN NS dns-org-0.dns.org. 12 dns-org-0.dns.org. IN A 192.168.31.3 13 14 free.org. IN A 192.168.31.3 15 16 just.org. IN NS dns.just.org. 17 dns.just.org. IN A 192.168.31.5
确认、启动顶级域DNS服务。
Step eecs.cc:
目前位置——eecs.cc域DNS服务器Clone4,192.168.31.4。
各配置文件如下。
# /etc/named.conf
1 # /etc/named.conf 2 acl listen_acl 3 { 4 any; 5 }; 6 acl allow_query_acl 7 { 8 any; 9 }; 10 acl allow_recursion_acl 11 { 12 none; 13 }; 14 acl allow_transfer_acl 15 { 16 none; 17 }; 18 acl allow_update_acl 19 { 20 none; 21 }; 22 options 23 { 24 listen-on port 53 { listen_acl; }; 25 directory "/var/named"; 26 dump-file "/var/named/data/cache_dump.db"; 27 statistics-file "/var/named/data/named_stats.txt"; 28 memstatistics-file "/var/named/data/named_mem_stats.txt"; 29 allow-query { allow_query_acl; }; 30 allow-recursion { allow_recursion_acl; }; 31 allow-transfer { allow_transfer_acl; }; 32 allow-update { allow_update_acl; }; 33 }; 34 35 zone "." IN { 36 type hint; 37 file "root.cache"; 38 }; 39 zone "eecs.cc" IN { 40 type master; 41 file "eecs.cc.zone"; 42 };
# /var/named/root.cache
1 ; /var/named/root.cache 2 . 518400 IN NS dns-0.dns.mil. 3 dns-0.dns.mil. 3600000 IN A 192.168.31.98 4 . 518400 IN NS dns-1.dns.mil. 5 dns-1.dns.mil. 3600000 IN A 192.168.31.98
# /var/named/eecs.cc.zone
1 ; /var/named/eecs.cc.zone 2 $TTL 600 3 4 eecs.cc. IN SOA dns.eecs.cc. dns.mail.eecs.cc. ( 5 2014031001 6 3H 7 15M 8 3D 9 1D 10 ); 11 12 eecs.cc. IN NS dns.eecs.cc. 13 dns.eecs.cc. IN A 192.168.31.4 14 15 eecs.cc. IN A 192.168.31.4 16 mail.eecs.cc. IN A 192.168.31.4 17 www.eecs.cc. IN A 192.168.31.4 18 ftp.eecs.cc. IN A 192.168.31.4 19 cs.eecs.cc. IN A 192.168.31.4
确认、启动eecs.cc域DNS服务。
Step just.org:
目前位置——just.org域DNS服务器Clone 5,192.168.31.5。
各配置文件如下。
# /etc/named.conf
1 # /etc/named.conf 2 acl listen_acl 3 { 4 any; 5 }; 6 acl allow_query_acl 7 { 8 any; 9 }; 10 acl allow_recursion_acl 11 { 12 none; 13 }; 14 acl allow_transfer_acl 15 { 16 none; 17 }; 18 acl allow_update_acl 19 { 20 none; 21 }; 22 options 23 { 24 listen-on port 53 { listen_acl; }; 25 directory "/var/named"; 26 dump-file "/var/named/data/cache_dump.db"; 27 statistics-file "/var/named/data/named_stats.txt"; 28 memstatistics-file "/var/named/data/named_mem_stats.txt"; 29 allow-query { allow_query_acl; }; 30 allow-recursion { allow_recursion_acl; }; 31 allow-transfer { allow_transfer_acl; }; 32 allow-update { allow_update_acl; }; 33 }; 34 35 zone "." IN { 36 type hint; 37 file "root.cache"; 38 }; 39 zone "just.org" IN { 40 type master; 41 file "just.org.zone"; 42 };
# /var/named/root.cache
1 ; /var/named/root.cache 2 . 518400 IN NS dns-0.dns.mil. 3 dns-0.dns.mil. 3600000 IN A 192.168.31.98 4 . 518400 IN NS dns-1.dns.mil. 5 dns-1.dns.mil. 3600000 IN A 192.168.31.98
# /var/named/just.org.zone
1 ; /var/named/just.org.zone 2 $TTL 600 3 4 just.org. IN SOA dns.just.org. dns.mail.just.org. ( 5 2014031001 6 3H 7 15M 8 3D 9 1D 10 ); 11 12 just.org. IN NS dns.just.org. 13 dns.just.org. IN A 192.168.31.5 14 15 www.just.org. IN A 192.168.31.5 16 mail.just.org. IN A 192.168.31.5
确认、启动just.org域DNS服务。
Step DNS Server:
目前位置——递归DNS服务器Clone 6,192.168.31.6,此服务器直接向用户提供DNS服务。
各配置文件如下。
# /etc/named.conf
1 acl listen_acl 2 { 3 any; 4 }; 5 acl allow_query_acl 6 { 7 any; 8 }; 9 acl allow_recursion_acl 10 { 11 any; # allow_recursion any 12 }; 13 acl allow_transfer_acl 14 { 15 none; 16 }; 17 acl allow_update_acl 18 { 19 none; 20 }; 21 options 22 { 23 listen-on port 53 { listen_acl; }; 24 directory "/var/named"; 25 dump-file "/var/named/data/cache_dump.db"; 26 statistics-file "/var/named/data/named_stats.txt"; 27 memstatistics-file "/var/named/data/named_mem_stats.txt"; 28 allow-query { allow_query_acl; }; 29 allow-recursion { allow_recursion_acl; }; 30 allow-transfer { allow_transfer_acl; }; 31 allow-update { allow_update_acl; }; 32 33 }; 34 35 zone "." IN { 36 type hint; 37 file "root.cache"; 38 };
# /var/named/root.cache
1 ; /var/named/root.cache 2 . 518400 IN NS dns-0.dns.mil. 3 dns-0.dns.mil. 3600000 IN A 192.168.31.98 4 . 518400 IN NS dns-1.dns.mil. 5 dns-1.dns.mil. 3600000 IN A 192.168.31.98
确认、启动递归DNS服务。
至此,整个系统构建完成。
我们使用Clone 2主机对我们的DNS系统进行测试。
1.编辑/etc/resolv.conf文件,已达到设置系统默认nameserver的目的;
2.进行测试,结果如下图:
附录:
基础资料传送门:http://www.cnblogs.com/smilenana/p/3414077.html http://www.cnblogs.com/xiaoluo501395377/tag/CentOS/
