N46期-第九周作业
1、配置bind服务,实现www.magedu.org域名解析
答:配置三台虚拟机,10.0.0.201(DNS服务器),10.0.0.202(web服务器),10.0.0.203(内网客户端)
10.0.0.202配制:
# 安装httpd服务
yum install -y httpd
echo "www.magedu.org" >> /var/www/html/index.html
systemctl enable --now httpd
#修改dns指向为内网10.0.0.201
vim /etc/resolv.conf
nameserver 10.0.0.201
systemctl restart network
10.0.0.201:
# 安装bind、bind-utils服务:
yum install -y bind bind-utils
#修改named.conf文件,允许为内网提供dns服务
vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#开启服务
systemctl enable --now named
#修改dns指定为本机。
vim /etc/resolv.conf
nameserver 127.0.0.1
#添加magedu.org.zonoe的区域设置,配置好SOA记录,www记录和master记录。
cp -p /var/named/named.localhost /var/named/magedu.org.zone
$TTL 1D
@ IN SOA master admin.magedu.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.201
www A 10.0.0.202
#将区域文件与配制文件相连接,让dns可以实别出区域文件
vim /etc/named.rfc1912.zones
zone "magedu.org" IN {
type master;
file "magedu.org.zone";
};
#检查区域文件及配制文件的正确性
named-checkconf
named-checkzone magedu.org /var/named/magedu.org.zone
zone magedu.org/IN: loaded serial 0
OK
#重新加载配置文件
rndc reload
server reload successful
10.0.0.203(内网客户端):
#修改dns指向为内网10.0.0.201
vim /etc/resolv.conf
nameserver 10.0.0.201
service network restart
#安装bind-utils服务
yum install -y bind-utils
#测试是否可以正确解析www.magedu.org
# dig www.magedu.org
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> www.magedu.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9706
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.magedu.org. IN A
;; ANSWER SECTION:
www.magedu.org. 86400 IN A 10.0.0.202
;; AUTHORITY SECTION:
magedu.org. 86400 IN NS master.magedu.org.
;; ADDITIONAL SECTION:
master.magedu.org. 86400 IN A 10.0.0.201
;; Query time: 5 msec
;; SERVER: 10.0.0.201#53(10.0.0.201)
;; WHEN: Sun Jul 26 21:37:09 2020
;; MSG SIZE rcvd: 85
2、配置bind服务,实现域名反向解析
答:
# 添加反向解释区域
vim /etc/named.rfc1912.zones
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.zone";
};
named-checkconf
# 复制模版文件,将修改为10.0.0.zone区域的反向解释数据库。
cp -p /var/named/named.loopback /var/named/10.0.0.zone
vim /var/named/10.0.0.zone
$TTL 1D
@ IN SOA ns1 admin.magedu.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.magedu.org.
202 PTR www.magedu.org.
#检查区域文件及配制文件的正确性
named-checkconf
named-checkzone 0.0.10.in-addr.arpa 10.0.0.zone
zone 0.0.10.in-addr.arpa/IN: loaded serial 0
OK
#重新加载配置文件
rndc reload
server reload successful
10.0.0.203(客户端):
# 检查反向解析是否正常
dig -t ptr 202.0.0.10.in-addr.arpa. @10.0.0.201
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> -t ptr 202.0.0.10.in-addr.arpa. @10.0.0.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30912
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;202.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
202.0.0.10.in-addr.arpa. 86400 IN PTR www.magedu.org.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 86400 IN NS ns1.magedu.org.
;; ADDITIONAL SECTION:
ns1.magedu.org. 86400 IN A 10.0.0.202
;; Query time: 1 msec
;; SERVER: 10.0.0.201#53(10.0.0.201)
;; WHEN: Mon Jul 27 00:01:43 2020
;; MSG SIZE rcvd: 103
3、配置bind服务,实现主从DNS服务配置
答:添加备节点虚拟机,10.0.0.204:
# 安装bind服务器包并启动
yum install -y bind;systemctl enable --now named
# 修改named.conf文件,并设置对不其它区域进行传输
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { none; };
# 在named.rfc1912.zones添加区域记录,并指向主节点ip和指定从节点的保存文件位置
vim /etc/named.rfc1912.zones
zone "magedu.org" IN {
type slave;
masters { 10.0.0.201; };
file "slaves/magedu.org.zone";
};
# 检查配置是否正确,并重新加载服务。
named-checkconf
rndc reload
server reload successful
# 通过file命令得之,从节点同步过来的文件不是文本文件,而是二进制数据。
file /var/named/slaves/magedu.org.zone
/var/named/slaves/magedu.org.zone: data
ll /var/named/slaves/magedu.org.zone
-rw-r--r-- 1 named named 255 Jul 26 22:30 /var/named/slaves/magedu.org.zone
10.0.0.201:
# 主节点的数据库文件中,添加从节点的dns记录,并增加修订号的数值。
vim /var/named/magedu.org.zone
$TTL 1D
@ IN SOA master admin.magedu.org. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave1
master A 10.0.0.201
slave1 A 10.0.0.204
www A 10.0.0.202
rndc reload
server reload successful
10.0.0.204(从节点):
# 从节点查看区域文件时间,如果时间有变化,证明有写入操作,进行了同步。
ll /var/named/slaves/magedu.org.zone
-rw-r--r-- 1 named named 321 Jul 26 22:55 /var/named/slaves/magedu.org.zone
10.0.0.203(客户端):
# 在dns上添加从节点地址
vim /etc/resolv.conf
nameserver 10.0.0.201
nameserver 10.0.0.204
#测试从节点是否正常。
dig slave1.magedu.org @10.0.0.204
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> slave1.magedu.org @10.0.0.204
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52962
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;slave1.magedu.org. IN A
;; ANSWER SECTION:
slave1.magedu.org. 86400 IN A 10.0.0.204
;; AUTHORITY SECTION:
magedu.org. 86400 IN NS master.magedu.org.
magedu.org. 86400 IN NS slave1.magedu.org.
;; ADDITIONAL SECTION:
master.magedu.org. 86400 IN A 10.0.0.201
;; Query time: 1 msec
;; SERVER: 10.0.0.204#53(10.0.0.204)
;; WHEN: Sun Jul 26 23:03:56 2020
;; MSG SIZE rcvd: 102
4、 配置bind服务,实现子域服务器
答:新添加10.0.0.205,子域DNS服务器,及10.0.0.206,子域的web服务器。
10.0.0.201(主节点):
# 修改区域配制文件,添加子域DNS记录
vim /var/named/magedu.org.zone
$TTL 1D
@ IN SOA master admin.magedu.org. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave1
k8s NS k8sns
master A 10.0.0.201
slave1 A 10.0.0.204
k8sns A 10.0.0.205
www A 10.0.0.202
* A 10.0.0.202
@ A 10.0.0.202
# 重新加载配制文件。
rndc reload
server reload successful
10.0.0.205(子域dns):
# 安装bind服务
yum install -y bind bind-utils;systemctl enable --now named
# 修改named.conf配制文件
vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer { none; };
#配制区域文件
vim /etc/named.rfc1912.zones
zone "k8s.magedu.org" IN {
type master;
file "k8s.magedu.org.zone";
};
#添加配置文件
cp -p /var/named/named.localhost /var/named/k8s.magedu.org.zone
vim /var/named/k8s.magedu.org.zone
$TTL 1D
@ IN SOA k8sns1 admin.magedu.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS k8sns1
k8sns1 A 10.0.0.205
www A 10.0.0.206
# 检查配置
named-checkconf
named-checkzone k8s.magedu.org /var/named/k8s.magedu.org.zone
zone k8s.magedu.org/IN: loaded serial 0
OK
# 重新加载配置文件
rndc reload
server reload successful
10.0.0.203(客户端):
# 检查子域的dns是否能正常解析:
dig k8sns1.k8s.magedu.org @10.0.0.205
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> k8sns1.k8s.magedu.org @10.0.0.205
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10914
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;k8sns1.k8s.magedu.org. IN A
;; ANSWER SECTION:
k8sns1.k8s.magedu.org. 86400 IN A 10.0.0.205
;; AUTHORITY SECTION:
k8s.magedu.org. 86400 IN NS k8sns1.k8s.magedu.org.
;; Query time: 1 msec
;; SERVER: 10.0.0.205#53(10.0.0.205)
;; WHEN: Mon Jul 27 01:12:38 2020
;; MSG SIZE rcvd: 69
# 从父域dns服务器,检查子域www.k8s.magedu.org的IP地址,可以检查出来。
dig www.k8s.magedu.org @10.0.0.201
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> www.k8s.magedu.org @10.0.0.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16710
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.k8s.magedu.org. IN A
;; ANSWER SECTION:
www.k8s.magedu.org. 86400 IN A 10.0.0.206
;; AUTHORITY SECTION:
k8s.magedu.org. 86400 IN NS k8sns.magedu.org.
;; ADDITIONAL SECTION:
k8sns.magedu.org. 86400 IN A 10.0.0.205
;; Query time: 319 msec
;; SERVER: 10.0.0.201#53(10.0.0.201)
;; WHEN: Mon Jul 27 01:15:36 2020
;; MSG SIZE rcvd: 88
浙公网安备 33010602011771号