DNS服务器
水昊阳
目标:
- 搭建DNS服务器,接收所有DNS请求(ipv4)
- 针对指定域名
mynginx.com,解析到192.168.0.113
环境:
| HostName | Host | System | Service |
|---|---|---|---|
| learn-4 | 192.168.0.112 | CentOS 7.6 | DNS-Server-Master |
| learn-5 | 192.168.0.113 | CentOS 7.6 | DNS-Client 、Nginx |
| learn-6 | 192.168.0.116 | CentOS 7.6 | DNS-Server-Slave |
搭建DNS服务器
DNS服务使用的是UDP协议
协议端口:53
DNS服务器端
安装bind
[root@learn-4 ~]# yum -y install bind bind-chroot bind-utils
# 安装完成后,可以看到以下两个目录生成了对应的文件
/etc/named.conf # BIND服务的配置文件
/var/named/ # DNS解析需要的zone文件列表
修改配置文件
[root@learn-4 ~]# vim /etc/named.conf
options {
# 监听来自于所有打到53端口的请求
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
# 允许来自任意host的DNS查询
allow-query { any; };
启动服务
[root@learn-4 ~]# systemctl start named
[root@learn-4 ~]# systemctl enable named
Client端
修改域名服务器为DNS服务器的IP地址
[root@learn-5 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.112
主域名服务器搭建
服务器端
创建一个域名解析记录的数据文件,自己添加 A 记录,CNAME记录等
[root@learn-4 ~]# vim /var/named/mynginx.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.0.113
www A 192.168.0.113
git A 192.168.0.113
test CNAME git
修改数据文件的拥有者和组权限
[root@learn-4 ~]# chown -R root:named /var/named/mynginx.com.zone
修改配置文件/etc/named.conf或者/etc/named.rfc1912.zones均可
[root@learn-4 ~]# vim /etc/named.rfc1912.zones
zone "mynginx.com" IN {
type master;
file "mynginx.com.zone";
allow-update { none; };
};
检查配置
# 检查配置文件
[root@learn-4 ~]# named-checkconf
# 检查数据文件
[root@learn-4 ~]# named-checkzone mynginx.com /var/named/mynginx.com.zone
# 刷新服务(如果刷新失败,可通过 /var/log/messages 里的日志文件进行排错)
[root@learn-4 ~]# systemctl restart named
Client端
- 192.168.0.113 安装nginx服务
[root@learn-5 ~]# rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[root@learn-5 ~]# yum install nginx -y
[root@learn-5 ~]# systemctl start nginx
测试域名解析过程
# yum -y install bind-utils
[root@learn-5 ~]# nslookup www.mynginx.com
Server: 192.168.0.112
Address: 192.168.0.112#53
Name: www.mynginx.com
Address: 192.168.0.113
[root@learn-5 ~]# nslookup test.mynginx.com
Server: 192.168.0.112
Address: 192.168.0.112#53
test.mynginx.com canonical name = git.mynginx.com.
Name: git.mynginx.com
Address: 192.168.0.113
ping测试
[root@learn-5 ~]# ping www.mynginx.com
PING www.mynginx.com (192.168.0.113) 56(84) bytes of data.
64 bytes from learn-5 (192.168.0.113): icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from learn-5 (192.168.0.113): icmp_seq=2 ttl=64 time=0.079 ms
64 bytes from learn-5 (192.168.0.113): icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from learn-5 (192.168.0.113): icmp_seq=4 ttl=64 time=0.041 ms
64 bytes from learn-5 (192.168.0.113): icmp_seq=5 ttl=64 time=0.030 ms
日志
相关日志记录在 /var/named/data/named.run 文件中
DNS从服务器
有时DNS服务器需要使用多副本的方式,BIND也提供了主-从服务器的机制方便多个服务器之间进行同步。
- 192.168.0.116 DNS-server-slave
部署BIND
[root@learn-6 ~]# yum -y install bind bind-chroot bind-utils
编辑配置
[root@learn-6 ~]# vim /etc/named.conf
options {
# 监听来自于所有打到53端口的请求
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
# 允许来自任意host的DNS查询
allow-query { any; };
[root@learn-6 ~]# vim /etc/named.rfc1912.zones
# 新增配置
zone "mynginx.com" IN {
type slave;
masters { 192.168.0.112; };
file "slaves/mynginx.com.zone";
};
- 192.168.0.112 DNS-server-master
将数据文件拷贝至 /var/named/slaves/ 目录下
[root@learn-4 ~]# cp /var/named/mynginx.com.zone /var/named/slaves/
- 192.168.0.116 DNS-server-slave
启动named服务
[root@learn-6 ~]# systemctl start named
[root@learn-6 ~]# systemctl enable named
此时slave节点会自动同步master节点上的数据文件(slaves/mynginx.com.zone)至对应目录
- 192.168.0.113 DNS-Client
修改域名服务器为DNS从服务器的IP地址
[root@learn-5 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.116
解析验证
[root@learn-6 ~]# vim /etc/resolv.conf
nameserver 192.168.0.116
[root@learn-6 ~]# nslookup www.mynginx.com
Server: 192.168.0.116
Address: 192.168.0.116#53
Name: www.mynginx.com
Address: 192.168.0.113
[root@learn-6 ~]# nslookup test.mynginx.com
Server: 192.168.0.116
Address: 192.168.0.116#53
test.mynginx.com canonical name = git.mynginx.com.
Name: git.mynginx.com
Address: 192.168.0.113
[root@learn-6 ~]# nslookup git.mynginx.com
Server: 192.168.0.116
Address: 192.168.0.116#53
Name: git.mynginx.com
Address: 192.168.0.113
ping验证
[root@learn-6 ~]# ping www.mynginx.com
PING www.mynginx.com (192.168.0.113) 56(84) bytes of data.
64 bytes from learn-5 (192.168.0.113): icmp_seq=1 ttl=64 time=0.015 ms
64 bytes from learn-5 (192.168.0.113): icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from learn-5 (192.168.0.113): icmp_seq=3 ttl=64 time=0.028 ms
类似资料: