演示实验:假如有一个网址为www.immortal.com.;小区里有个客户端主机想访问此网址,且是小区里第一个访问此网址的,则先到小区DNS服务器(只缓存服务器),没找到此网址,则此服务器(递归,负责到底)再去找根服务器;;
根服务器查看此网址的顶级域名为.com,则把.com顶级域DNS服务器的IP给小区的DNS服务器;;
小区DNS服务器器拿到IP直接访问顶级域.com的DNS服务器查询www.immortal.com,把.immortal二级域的IP给小区DNS服务器;;
小区DNS服务器拿到.immortal的二级域ip去查找此ip的dns服务器,给出www.immortal.com.此网址服务器的ip地址,最终,用户访问网站www.immortal.com.对应的ip主机;;
小区dns缓存此域名和ip对应关系,客户端电脑缓存此域名和ip对应关系;;
如图
一共需要6个虚拟机,
客户端 192.168.31.6
小区 DNS 192.168.31.7
根. DNS 192.168.31.17
.com DNS 192.168.31.27
.immortal DNS 192.168.31.37
.immortal DNS 192.168.31.47 从DNS
www DNS 192.168.31.57 www.imortal.com. 服务器
先搭建immortal.com DNS服务器,再搭建immortal.com DNS主从服务器,再搭建com DNS和子域委派,再搭建根服务器,再搭建小区电信dns服务器
上面7个机器安装bind :yum -y install bind
所有都清空防火墙:iptables -F
查看防火墙 : iptables -vnL
关闭selinux: getenforce ; setenforce 0 ; vim /etc/selinux/config ,改为disabled
=============================================
目的主机
192.168.31.57,即www.immortal.com服务器上面安装httpd服务,
[root@www57:~ ]# yum -y install httpd
[root@www57:~ ]# echo -e "welcome to www.immortal.com 192.168.31.57" > /var/www/html/index.html
[root@www57:~ ]# ss -ntl #80端口未开
[root@www57:~ ]# systemctl start httpd
[root@www57:~ ]# iptables -F
[root@www57:~ ]# getenforce
Disabled
[root@client6 ~ ]#curl 192.168.31.57
welcome to www.immortal.com 192.168.31.57
或者用links浏览器命令=============================================
www主服务器37
[root@immortal-master37:~ ]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; }; #此行注释掉
// allow-query { localhost; }; #此行注释掉
allow-transfer {192.168.31.47;}; #添加此行,允许从服务器47拉取数据
[root@immortal-slave47:~ ]# vim /etc/named.rfc1912.zones
zone "immortal.com"{
type master;
file "immortal.com.zone";
};
[root@immortal-master37:~ ]# vim /var/named/immortal.com.zone
$TTL 1D
@ IN SOA dns1 admin (1 1D 1H 1W 3H)
NS dns1
NS dns2
dns1 A 192.168.31.37
dns2 A 192.168.31.47
www CNAME websrv
websrv A 192.168.31.57
[root@immortal-master37:~ ]# ll /var/named/
total 20
drwxrwx--- 2 named named 6 Aug 4 2017 data
drwxrwx--- 2 named named 6 Aug 4 2017 dynamic
-rw-r--r-- 1 root root 146 Jul 24 21:57 immortal.com.zone
[root@immortal-master37:~ ]# chgrp named /var/named/immortal.com.zone
[root@immortal-master37:~ ]# chmod 640 /var/named/immortal.com.zone
#检查配置文件/etc/named.conf和/etc/named.rfc1912.zones
[root@immortal-master37:~ ]# named-checkconf
#检查区域文件/var/named/immortal.com.zone
[root@immortal-master37:~ ]# named-checkzone immortal.com.zone /var/named/immortal.com.zone
zone immortal.com.zone/IN: loaded serial 1
OK
#重启服务
[root@immortal-master37:~ ]# systemctl start named
-------------
从服务器47
[root@immortal-slave47:~ ]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; #此行注释掉
// allow-query { localhost; }; #此行注释掉
allow-transfer { none; }; #添加此行,从服务器无需传输dns数据给别人
zone "immortal.com" {
type slave;
masters { 192.168.31.37; };
file "immortal.com.slave.zone";
};
[root@immortal-slave47:~ ]# named-checkconf
[root@immortal-slave47:~ ]# systemctl restart named
重启服务systemctl restart named 自动拉取文件
[root@immortal-slave47:/var/named/slaves ]# ls
immortal.com.slave.zone
---------------------------------
测试主从服务器
[root@client6 ~ ]#dig www.immortal.com @192.168.31.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.immortal.com @192.168.31.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28952
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 #aa权威服务器
;; QUESTION SECTION:
;www.immortal.com. IN A
;; ANSWER SECTION:
www.immortal.com. 86400 IN CNAME websrv.immortal.com.
websrv.immortal.com. 86400 IN A 192.168.31.57
;; AUTHORITY SECTION:
immortal.com. 86400 IN NS dns2.immortal.com.
immortal.com. 86400 IN NS dns1.immortal.com.
;; ADDITIONAL SECTION:
dns1.immortal.com. 86400 IN A 192.168.31.37
dns2.immortal.com. 86400 IN A 192.168.31.47
;; Query time: 0 msec
;; SERVER: 192.168.31.37#53(192.168.31.37)
;; WHEN: Tue Jul 24 23:22:33 2018
;; MSG SIZE rcvd: 141
[root@client6 ~ ]#dig www.immortal.com @192.168.31.47
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.immortal.com @192.168.31.47
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39537
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 #权威服务器
;; QUESTION SECTION:
;www.immortal.com. IN A
;; ANSWER SECTION:
www.immortal.com. 86400 IN CNAME websrv.immortal.com.
websrv.immortal.com. 86400 IN A 192.168.31.57
;; AUTHORITY SECTION:
immortal.com. 86400 IN NS dns1.immortal.com.
immortal.com. 86400 IN NS dns2.immortal.com.
;; ADDITIONAL SECTION:
dns1.immortal.com. 86400 IN A 192.168.31.37
dns2.immortal.com. 86400 IN A 192.168.31.47
;; Query time: 0 msec
;; SERVER: 192.168.31.47#53(192.168.31.47)
;; WHEN: Tue Jul 24 23:25:08 2018
;; MSG SIZE rcvd: 141
=============================================
com服务器
comdns 27
委派子域
[root@comdns:~ ]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
[root@comdns:~ ]# scp 192.168.31.37:/var/named/immortal.com.zone /var/named/com.zone
[root@comdns:~ ]# vim /etc/named.rfc1912.zones
zone "com" {
type master;
file "com.zone";
};
vim com.zone 直接复制 37
[root@comdns:~ ]# vim /var/named/com.zone
$TTL 1D
@ IN SOA dns1 admin (1 1D 1H 1W 3H)
NS dns1
immortal NS dns2
immortal NS dns3
dns1 A 192.168.31.27 #.com域ip地址
dns2 A 192.168.31.37 #子域服务器中的主服务器
dsn3 A 192.168.31.47 #子域服务器中的从服务器
[root@comdns:~ ]# ll /var/named/
total 20
-rw-r----- 1 root root 173 Jul 25 09:54 com.zone
drwxrwx--- 2 named named 6 Aug 4 2017 data
[root@comdns:~ ]# chgrp named /var/named/com.zone
[root@comdns:~ ]# named-checkconf
[root@comdns:~ ]# named-checkzone com.zone /var/named/com.zone
zone com.zone/IN: loaded serial 1
OK
[root@comdns:~ ]# systemctl start named
#测试客户端dig www.immortal.com. @192.168.31.27
[root@client6 ~ ]#dig www.immortal.com @192.168.31.27
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.immortal.com @192.168.31.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38190
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 #非权威服务器,问37问出来的
;; QUESTION SECTION:
;www.immortal.com. IN A
;; ANSWER SECTION:
www.immortal.com. 86400 IN CNAME websrv.immortal.com.
websrv.immortal.com. 86400 IN A 192.168.31.57
;; AUTHORITY SECTION:
immortal.com. 86400 IN NS dns3.com.
immortal.com. 86400 IN NS dns2.com.
;; ADDITIONAL SECTION:
dns2.com. 86400 IN A 192.168.31.37
dns3.com. 86400 IN A 192.168.31.47
;; Query time: 5 msec
;; SERVER: 192.168.31.27#53(192.168.31.27)
;; WHEN: Wed Jul 25 10:46:41 2018
;; MSG SIZE rcvd: 141
=============================================
根服务器
根. 17
注释掉
[root@rootdns17:~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; #此行注释掉
// allow-query { localhost; }; #此行注释掉
****省略****
zone "." IN {
type master;
file "root.zone" #修改named.ca为root.zone
};
[root@rootdns17:~]# scp 192.168.31.37:/var/named/immortal.com.zone /var/named/root.zone
[root@rootdns17:~]# chgrp named /var/named/root.zone
[root@rootdns17:~]# vim /var/named/root.zone
$TTL 1D
@ IN SOA dns1 admin (1 1D 1H 1W 3H)
NS dns1
com NS dns2
dns1 A 192.168.31.17
dns2 A 192.168.31.27
[root@rootdns17:~]# systemctl start named
[root@client6 ~ ]#dig www.immortal.com @192.168.31.17
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.immortal.com @192.168.31.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8533
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.immortal.com. IN A
;; ANSWER SECTION:
www.immortal.com. 86400 IN CNAME websrv.immortal.com.
websrv.immortal.com. 86400 IN A 192.168.31.57
;; AUTHORITY SECTION:
immortal.com. 86400 IN NS dns2.com.
immortal.com. 86400 IN NS dns3.com.
;; ADDITIONAL SECTION:
dns3.com. 86400 IN A 192.168.31.47
dns2.com. 86400 IN A 192.168.31.37
;; Query time: 7 msec
;; SERVER: 192.168.31.17#53(192.168.31.17)
;; WHEN: Wed Jul 25 11:07:17 2018
;; MSG SIZE rcvd: 141
=============================================
小区DNS
电信dns 7
[root@housedns7:~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; #注释掉此行
// allow-query { localhost; }; #注释掉此行
dnssec-enable no; #改为no
dnssec-validation no; #改为no
[root@housedns7:~]# vim /var/named/named.ca
. 518400 IN NS a.root-servers.net. #只要此两行
a.root-servers.net. 3600000 IN A 192.168.31.17 #只要此两行
[root@housedns7:~]# systemctl start named
[root@client6 ~ ]#dig www.immortal.com @192.168.31.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.immortal.com @192.168.31.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13983
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.immortal.com. IN A
;; ANSWER SECTION:
www.immortal.com. 86400 IN CNAME websrv.immortal.com.
websrv.immortal.com. 86400 IN A 192.168.31.57
;; AUTHORITY SECTION:
immortal.com. 86400 IN NS dns1.immortal.com.
immortal.com. 86400 IN NS dns2.immortal.com.
;; ADDITIONAL SECTION:
dns1.immortal.com. 86400 IN A 192.168.31.37
dns2.immortal.com. 86400 IN A 192.168.31.47
;; Query time: 7 msec
;; SERVER: 192.168.31.7#53(192.168.31.7)
;; WHEN: Wed Jul 25 11:29:34 2018
;; MSG SIZE rcvd: 141=============================================
客户端访问
[root@client6 ~ ]#vim /etc/resolv.conf
# Generated by NetworkManager
#nameserver 223.5.5.5
#nameserver 223.6.6.6
nameserver 192.168.31.7
[root@housedns7:~]# rndc flush
[root@rootdns17:~]# rndc flush
[root@rootdns27:~ ]# rndc flush
[root@immortal-master37:~ ]# rndc flush
#客户端通过域名访问www.ommortal.com,而不是一开始通过ip地址访问
[root@client6 ~ ]#curl www.immortal.com
welcome to www.immortal.com 192.168.31.57