關於DNS解析
7臺主機的故事
7臺主機糾纏不休的往事
這是一個男默女淚的催人淚下的真實故事
情節離奇曲折,事件接二連三,到底是怎樣的執着讓衆多運維工程師掩面而泣
2019.4.23
Tuvia_24| 序號 | 實現功能 | 實現功能 | IP |
|---|---|---|---|
| 1 | Clint | 客戶端 | 192.168.36.6 |
| 2 | LDNS | 本地DNS | 192.168.36.7 |
| 3 | RootDNS | 根域 | 192.168.36.17 |
| 4 | com | com | 192.168.36.27 |
| 5 | Master | 主服務器 | 192.168.36.37 |
| 6 | Slaves | 從服務器 | 192.168.36.47 |
| 7 | www | www | 192.168.36.67 |
注意:在實驗前一定要確保7臺機器都可以相互ping通!!CentOS7 :: www :: 192.168.36.67
[root@www ~]# yum install httpd -y
[root@www ~]# echo 'welcome to Tuvia`s home !' > /var/www/html/index.html # 自行編輯一個網頁內容;便於識別
# 最好到Windows瀏覽器打開192.168.36.67查看一下該網頁進行驗證CentOS6 :: Clint :: 192.168.36.6
驗證
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.36.6
NETMASK=255.255.255.0
DNS1=192.168.36.7 ## 指定DNS ##
ONBOOT=yes
:wq
[root@localhost ~]# service network restart
Shutting down interface eth0: Device state: 3 (disconnected)
[ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.36.7
[root@localhost ~]# curl 192.168.36.67
welcome to Tuvia`s home !CentOS7 :: Master :: 192.168.36.37
[root@severus ~]# yum install bind -y
[root@severus ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到這行將這行註釋掉
allow-query { localhost; }; #找到這行將這行註釋掉
// listen-on port 53 { 127.0.0.1; }; #註釋;即無效
// allow-query { localhost; }; #註釋;即無效
allow-transfer {192.168.36.47;}; #並在options中添加這行;意味只允許47同步數據
:wq
[root@severus ~]#rndc reload
[root@severus ~]# vim /etc/named.rfc1912.zones
//
zone "magedu.com" { #在//下添加此內容
type master;
file "magedu.com.zone";
};
:wq
[root@severus ~]# cd /var/named
[root@severus named]# ls
data dynamic magedu.com.zone named.ca named.empty named.localhost named.loopback slaves
[root@severus named]# vim magedu.com.zone
$TTL 1D
@ IN SOA ns1 adm.magedu.com. ( 1 1H 10M 1D 3H )
NS ns1
NS ns2
ns1 A 192.168.36.37
ns2 A 192.168.36.47
www A 192.168.36.67
[root@severus named]# ll
total 20
drwxrwx--- 2 named named 23 Apr 23 00:09 data
drwxrwx--- 2 named named 31 Apr 23 09:34 dynamic
-rw-r--r-- 1 root root 137 Apr 23 11:16 magedu.com.zone
-rw-r----- 1 root named 2281 May 22 2017 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Oct 31 08:29 slaves
[root@severus named]# chgrp named magedu.com.zone
[root@severus named]# chmod 640 magedu.com.zone
[root@severus named]# systemctl start namedCentOS6 :: Clint :: 192.168.36.6
驗證
[root@localhost ~]# dig www.magedu.com @192.168.36.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1068
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67 #
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com. #
magedu.com. 86400 IN NS ns2.magedu.com. #
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.36.37 #
ns2.magedu.com. 86400 IN A 192.168.36.47 #
;; Query time: 1 msec
;; SERVER: 192.168.36.37#53(192.168.36.37)
;; WHEN: Tue Apr 23 04:23:11 2019
;; MSG SIZE rcvd: 116
CentOS7 :: Slaves :: 192.168.36.47
[18:24:54 root@severus ~]#yum install bind -y
[19:25:07 root@severus ~]#vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到這行將這行註釋掉
allow-query { localhost; }; #找到這行將這行註釋掉
// listen-on port 53 { 127.0.0.1; }; #註釋;即無效
// allow-query { localhost; }; #註釋;即無效
allow-transfer {none;}; #並在options中添加這行;意爲不允許任何人同步數據
:wq
[19:27:01 root@severus ~]#vim /etc/named.rfc1912.zones
//
zone "magedu.com" { #在//下添加此內容
type slave;
masters {192.168.36.37;};
file "slaves/magedu.com.zone";
};
:wq
[19:32:13 root@severus ~]#systemctl start named
[19:34:06 root@severus ~]#ll /var/named/slaves/
total 4
-rw-r--r--. 1 named named 304 Apr 23 17:39 magedu.com.zone #同步來的數據庫CentOS7 :: comDNS :: 192.168.36.27
[17:11:37 root@severus ~]#yum install bind -y
[17:12:18 root@severus ~]#vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到這行將這行註釋掉
allow-query { localhost; }; #找到這行將這行註釋掉
// listen-on port 53 { 127.0.0.1; }; #註釋;即無效
// allow-query { localhost; }; #註釋;即無效
:wq
[17:12:50 root@severus ~]#vim /etc/named.rfc1912.zones
//
zone "com" {
type master;
file "com.zone";
};
:wq
[17:14:21 root@severus named]#vim com.zone
$TTL 1D
@ IN SOA ns1 admin.magedu.com. (1 1D 1H 1W 3D )
NS ns1
magedu NS mageduns1
magedu NS mageduns2
ns1 A 192.168.36.27
mageduns1 A 192.168.36.37
mageduns2 A 192.168.36.47
:wq
[17:16:58 root@severus named]#systemctl start namedCentOS6 :: Clint ::192.168.36.6
驗證
[root@localhost ~]# dig www.magedu.com @192.168.36.27
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60127
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67 #
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS mageduns1.com. #
magedu.com. 86400 IN NS mageduns2.com. #
;; ADDITIONAL SECTION:
mageduns1.com. 86400 IN A 192.168.36.37 #
mageduns2.com. 86400 IN A 192.168.36.47 #
;; Query time: 3 msec
;; SERVER: 192.168.36.27#53(192.168.36.27)
;; WHEN: Tue Apr 23 04:41:49 2019
;; MSG SIZE rcvd: 128
CentOS :: RootDNS :: 192.168.36.17
[root@severus ~]# yum install bind -y
[root@severus ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到這行將這行註釋掉
allow-query { localhost; }; #找到這行將這行註釋掉
// listen-on port 53 { 127.0.0.1; }; #註釋;即無效
// allow-query { localhost; }; #註釋;即無效
zone "." IN { #找到此內容
type hint;
file "named.ca";
};
zone "." IN { #改爲此內容
type master;
file "root.zone";
:wq
[root@severus ~]# cd /var/named
[root@severus named]# vim root.zone
$TTL 1D
@ IN SOA ns1 admin.magedu.com. (1 1D 1H 1W 3D )
NS ns1
com NS comns
ns1 A 192.168.36.17
comns A 192.168.36.27
:wq
[root@severus named]# systemctl start named
CentOS6 :: Clint ::192.168.36.6
驗證
[root@localhost ~]# dig www.magedu.com @192.168.36.17
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38615
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67 #
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS mageduns1.com. #
magedu.com. 86400 IN NS mageduns2.com. #
;; ADDITIONAL SECTION:
mageduns1.com. 86400 IN A 192.168.36.37 #
mageduns2.com. 86400 IN A 192.168.36.47 #
;; Query time: 3 msec
;; SERVER: 192.168.36.17#53(192.168.36.17)
;; WHEN: Tue Apr 23 04:49:51 2019
;; MSG SIZE rcvd: 128
CentOS7 :: LDNS :: 192.168.36.7
[root@severus ~]# yum install bind -y
[root@severus ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到這行將這行註釋掉
allow-query { localhost; }; #找到這行將這行註釋掉
// listen-on port 53 { 127.0.0.1; }; #註釋;即無效
// allow-query { localhost; }; #註釋;即無效
dnssec-enable yes; #找到這兩行
dnssec-validation yes;
dnssec-enable no; #將yes改爲no
dnssec-validation no;
:wq
[root@severus ~]# vim /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 192.168.36.17
[root@severus ~]# systemctl start named
[root@severus ~]# rndc flush #清除緩存CentOS7 :: LDNS :: 192.168.36.17
[root@severus ~]# rndc flush #清除緩存CentOS7 :: LDNS :: 192.168.36.27
[root@severus ~]# rndc flush #清除緩存CentOS7 :: LDNS :: 192.168.36.37
[root@severus ~]# rndc flush #清除緩存CentOS7 :: LDNS :: 192.168.36.47
[root@severus ~]# rndc flush #清除緩存CentOS6 :: Clint :: 192.168.36.6
驗證
[root@localhost ~]# dig www.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17145
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67 #
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.magedu.com. #
magedu.com. 86400 IN NS ns1.magedu.com. #
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.36.37 #
ns2.magedu.com. 86400 IN A 192.168.36.47 #
;; Query time: 7 msec
;; SERVER: 192.168.36.7#53(192.168.36.7)
;; WHEN: Tue Apr 23 05:00:36 2019
;; MSG SIZE rcvd: 116
總結:
此實驗重點在於理解;步驟繁瑣重複細節較多;切勿急於求成