N46期第九周作业

实验环境:

  • VMware NAT 网络: 10.0.0.0/24, GW: 10.0.0.2
  • CentOS 8.2.2004 - DNS主服务器&DNS反域名解析主服务器&父域主服务器 - 10.0.0.81
  • CentOS 8.2.2004 - DNS从服务器 - 10.0.0.82
  • CentOS 6.0 - DNS客户端 - 10.0.0.61
  • CentOS 7.2003 - DNS子域 - 10.0.0.71
  • CentOS 7.2003 - www.magedu.org - 10.0.0.72
  • 服务器软件: Bind DNS
  • 客户端程序: bind-utils

1、配置 bind 服务,实现 www.magedu.org 域名解析

服务器下载bind dns程序

dnf -y install bind

客户端下载bind-utilis

yum -y install bind-utils

编辑网卡文件修改客户端DNS服务器地址

DNS1=10.0.0.81

服务端开启DNS服务并设置开启自启

systemctl enable --now named

修改DNS服务端监听地址,使其工作在服务端所有网卡上

vim /etc/named.conf
options {
        listen-on port 53 { localhost; };

修改DNS服务器查询权限

allow-query { localhost;10.0.0.0/24; } 允许本机和10网段主机查询DNS

检查DNS配置文件语法格式

named-checkconf

重新加载服务器DNS配置文件

rndc reload

为magedu.org创建区域数据库文件

cd /var/named

vim magedu.org.zone
$TTL 86400
@               IN      SOA     master admin ( 20200723 1D 1H 3D 1H )
                        NS      master
master                  A       10.0.0.81
www                     A       10.0.0.72

修改数据库文件权限

chgrp named magedu.org.zone 
chmod o-r magedu.org.zone

关联区域数据库文件与DNS服务器

vim /etc/named.rfc1912.zones 
zone "magedu.org" IN {
        type master;
        file "magedu.org.zone";
}

检查区域数据库文件语法格式

named-checkzone magedu.org /var/named/magedu.org.zone

重新加载DNS服务

rndc reload

验证客户端可以通过10.0.0.81DNS主服务器对www.magedu.org实现域名解析

[13:07:29 root@centos6-1 ~]#dig www.magedu.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> www.magedu.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34909
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.magedu.org.      IN  A

;; ANSWER SECTION:
www.magedu.org.   86400   IN  A   10.0.0.72

;; AUTHORITY SECTION:
magedu.org.   86400   IN  NS  master.magedu.org.

;; ADDITIONAL SECTION:
master.magedu.org. 86400  IN  A   10.0.0.81

;; Query time: 2 msec
;; SERVER: 10.0.0.81#53(10.0.0.81)
;; WHEN: Mon Jul 27 13:16:20 2020
;; MSG SIZE  rcvd: 91

2、配置 bind 服务,实现域名反向解析

主服务器DNS配置文件和上一步一致, ip=10.0.0.81

反向域名为:"0.0.10.in-addr.arpa"

关联反向区域数据库文件与反向DNS主服务器

vim /etc/named.rfc1912.zones 
zone "0.0.10.in-addr.arpa" IN {
        type master;
        file "10.0.0.zone";
};

编辑反向解析库文件

cd /var/named
cp -p named.loopback 10.0.0.zone
vim 10.0.0.zone 
$TTL 1D
@       IN SOA  ns1 admin.magedu.org. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      ns1.magedu.org.
100     PTR     www.magedu.org.
200     PTR     app.wange.org.

检查反向解析库语法格式

named-checkzone 10.0.0.100 10.0.0.zone

验证结果,从Centos 6客户端

 

[23:49:44 root@centos6-1 ~]#dig -t ptr 100.0.0.10.in-addr.arpa. @10.0.0.81

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> -t ptr 100.0.0.10.in-addr.arpa. @10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10962
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;100.0.0.10.in-addr.arpa.   IN  PTR

;; ANSWER SECTION:
100.0.0.10.in-addr.arpa. 86400  IN  PTR www.magedu.org.

;; AUTHORITY SECTION:
0.0.10.in-addr.arpa.    86400   IN  NS  ns1.magedu.org.

;; Query time: 2 msec
;; SERVER: 10.0.0.81#53(10.0.0.81)
;; WHEN: Mon Jul 27 23:50:08 2020
;; MSG SIZE  rcvd: 87

 

3、配置 bind 服务,实现主从 DNS 服务配置:

从节点服务器安装软件, 服务设置开机启动

dny -y install bind;systemctl enable --now named

修改从节点DNS配置文件/etc/named.conf

//      listen-on port 53 { 127.0.0.1; }; # 直接注释掉
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
//      allow-query     { localhost; }; # 直接注释掉

关联从节点区域数据库文件,配置/etc/named.rfc1912.zones

vim /etc/named.rfc1912.zones 
zone "magedu.org" {  
        type slave;                   
        masters { 10.0.0.81; }; 
        file "slaves/magedu.org.zone.slave";

检查DNS配置文件格式语法, 重新加载DNS配置文件

named-checkconf
rndc reload

验证主服务器区域数据库已经同步到从服务器

[17:07:17 root@centos-8-2-2004-2 ~]#ll /var/named/slaves/
magedu.org.zone.slave

验证从节点和主节点冗余成功

在客户端Centos 6, 10.0.0.61配置两个DNS地址,一个指向主节点,一个指向从节点

[16:37:23 root@centos6-1 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0 
DNS1=10.0.0.81
DNS2=10.0.0.82

重启网络服务,验证DNS地址修改成功

[17:25:42 root@centos6-1 ~]#cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain linux
nameserver 10.0.0.81
nameserver 10.0.0.82

将主节点10.0.0.81停止DNS服务,验证客户端Centos6 10.0.0.61依然能从从节点解析域名

 

[13:50:37 root@centos-8-2-2004-1 ~]#rndc stop
[17:28:23 root@centos-8-2-2004-1 ~]#ss -ntl
State      Recv-Q      Send-Q           Local Address:Port           Peer Address:Port     
LISTEN     0           128                    0.0.0.0:22                  0.0.0.0:*        
LISTEN     0           128                       [::]:22                     [::]:* 

[17:26:31 root@centos6-1 ~]#host magedu.org
www.magedu.org has address 10.0.0.72
[17:29:33 root@centos6-1 ~]#nslookup www.magedu.org
Server:     10.0.0.82
Address:    10.0.0.82#53

Name:   magedu.org
Address: 10.0.0.72

[17:29:40 root@centos6-1 ~]#dig www.magedu.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> www.magedu.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63158
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.magedu.org.      IN  A

;; ANSWER SECTION:
www.magedu.org.   86400   IN  A   10.0.0.72

;; AUTHORITY SECTION:
magedu.org.   86400   IN  NS  master.magedu.org.

;; ADDITIONAL SECTION:
master.magedu.org. 86400  IN  A   10.0.0.81

;; Query time: 6 msec
;; SERVER: 10.0.0.82#53(10.0.0.82)
;; WHEN: Mon Jul 27 17:30:10 2020
;; MSG SIZE  rcvd: 91

到此,已经完成DNS冗余的实现,当主节点DNS服务宕机,客户端依旧可通过从节点进行DNS解析

接下来要实现主从数据保持同步

先将上一步关闭的DNS服务启动, Centos 8 10.0.0.81

systemctl start named

在主服务器区域数据库文件:添加新的DNS记录,添加从节点记录,修改主节点区域数据库版本号, 只要比从节点大就行

[17:40:28 root@centos-8-2-2004-1 ~]#vim /var/named/magedu.org.zone 
$TTL 86400
@               IN      SOA     master admin ( 20200727 1D 1H 3D 1H )
                        NS      master
master                  A       10.0.0.81
www                     A       10.0.0.72
db                      A       10.0.0.62
k8s                     A       10.0.0.1  #新增局域网服务器信息
slave1                  A       10.0.0.82  #添加从服务器信息

加载主DNS服务器配置文件

rndc reload

在从服务器验证信息是否同步

[18:08:44 root@centos-8-2-2004-2 ~]#ll /var/named/slaves/magedu.org.zone.slave 
-rw-r--r-- 1 named named 344 Jul 27 17:06 /var/named/slaves/magedu.org.zone.slave
[18:08:46 root@centos-8-2-2004-2 ~]#ll /var/named/slaves/magedu.org.zone.slave 
-rw-r--r-- 1 named named 470 Jul 27 18:09 /var/named/slaves/magedu.org.zone.slave
#可以看出从服务器区域数据库文件大小发生变化
#验证客户端可以从slave服务器获取新增的k8s.magedu.org.域名地址
[18:41:50 root@centos6-1 ~]#dig dig k8s.magedu.org @10.0.0.82

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> dig k8s.magedu.org @10.0.0.82
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27294
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;dig.               IN  A

;; AUTHORITY SECTION:
.           10800   IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2020072700 1800 900 604800 86400

;; Query time: 552 msec
;; SERVER: 10.0.0.81#53(10.0.0.81)
;; WHEN: Mon Jul 27 19:09:24 2020
;; MSG SIZE  rcvd: 96

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14013
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;k8s.magedu.org.      IN  A

;; ANSWER SECTION:
k8s.magedu.org.   86400   IN  A   10.0.0.1

;; AUTHORITY SECTION:
magedu.org.   86400   IN  NS  master.magedu.org.
magedu.org.   86400   IN  NS  slave1.magedu.org.

;; ADDITIONAL SECTION:
master.magedu.org. 86400  IN  A   10.0.0.81
slave1.magedu.org. 86400  IN  A   10.0.0.82

;; Query time: 7 msec
;; SERVER: 10.0.0.82#53(10.0.0.82)
;; WHEN: Mon Jul 27 19:09:24 2020
;; MSG SIZE  rcvd: 128
#由结果可见, 客户端已经从slave服务器拿到了k8s.magedu.org.的域名ip地址

4、 配置 bind 服务,实现子域服务器:

10.0.0.71搭建子域DNS服务器

yum -y install bind 

修改DNS配置文件

// listen-on port 53 { 127.0.0.1; };

// allow-query         { localhost; };

关联区域数据库文件

vim /etc/named/rfc.1912.zones

zone "sydney.magedu.org" {

  type master;

  file "sydney.magedu.org.zone";

};

创建区域数据库文件

cp -p /var/named/named.localhost /var/named/sydney.magedu.org.zone

vim /var/named/sydney.magedu.org.zone

$TTL 1D

@        IN     SOA  master  admin.magedu.org. (

                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                   NS master
master     A   10.0.0.71
websrv     A   10.0.0.72 
www      CNAME  websrv

开启DNS服务

systemctl start named

客户端测试web服务器

dig www.sydney.magedu.org

posted @ 2020-07-30 13:36  大卫不是很能吃  阅读(352)  评论(0编辑  收藏  举报