一.DNS工作原理
DNS簡介
DNS[Domain Name System]:稱之為域名系統,工作在應用層協議,是互聯網的一項服務。它作為將域名和IP地址相互映射的一個分布式數據庫,能夠使人更方便地訪問互聯網。簡單的來說就是當我們在瀏覽器輸入一個網址時,電腦主機通過DNS將網址解析成網絡設備能夠識別的IP地址,以便電腦主機和遠在地球另一端的服務器進行通訊最終在瀏覽器顯示我們最終想要的內容。DNS是基於C/S架構的,客戶端是地球上數以億萬的接入互聯網的網絡設備,服務器是13台根服務器、互聯網通用各頂級域服務器、國家和地區頂級域名服務器以及各個網絡運營商、互聯網公司提供的DNS解析服務
DNS域名結構
組織結構上,示例如下:
根域
一級域名:有三類:組織域(tld com edu)、國家域(.cn, .ca, .hk, .tw)、反向域、
二級域名:magedu.com
三級域名:study.magedu.com
最多可達到127級域名
DNS服務由客戶端到服務器的工作原理
1.客戶端輸入域名,查詢本地緩存
2.本地DNS服務器查詢,本地DNS服務器內部緩存
3.本地DNS向根域名服務器查詢,根域服務器返回一級域地址
4.本地DNS向根域返回的一級域服務器查詢,一級域的本地緩存
5.查詢到終結果,返回給本地DNS服務器
6.本地DNS服務器,將解析的結果返回客戶端
7.客戶端根據返回結果的Ip瀏覽互聯網
擴展
1)查詢過程中DNS代理服務器向其他服務器請求的過程稱之為迭代查詢
2) 本地客戶端向DNS代理服務器的查詢稱之為遞歸查詢
二.遞歸和迭代查詢的區別
遞歸查詢:客戶端向本地DNS服務器的查詢,返回的是最終結果,負責到底。
迭代查詢:本地的DNS服務器向其它DNS服務器的查詢,返回的不是最終結果,而是最好結果,不負責到底。
三.CDN工作原理
CDN(Content Delivery Network)即內容分發網絡,CDN的作用是使用戶可就近取得所需內容,解決 Internet網絡擁擠的狀況,提高用戶訪問網站的響應速度。本文介紹CDN的工作過程及工作原理。
CDN的作用
使用CDN會極大地簡化網站的系統維護工作量,網站維護人員只需將網站內容注入CDN的系統,通過CDN部署在各個物理位置的服務器進行全網分發,就可以實現跨運營商、跨地域的用戶覆蓋。CDN將內容推送到網絡邊緣,大量的用戶訪問被分散在網絡邊緣,不再構成網站出口、互聯互通點的資源擠占,也不再需要跨越長距離IP路由,即減少了源服務器的資源占用,企業大大提升了用戶訪問的響應時間,提高用戶體驗。
沒有CDN網站的工作原理
1.用戶在自己的瀏覽器中輸入要訪問的網站域名。
2.瀏覽器向本地DNS服務器請求對該域名的解析。
3.本地DNS服務器中如果緩存有這個域名的解析結果,則直接響應用戶的解析請求。
4.本地DNS服務器中如果沒有關於這個域名的解析結果的緩存,則以遞歸或迭代方式向整個DNS系統請求解析,獲得應答后將結果反饋給瀏覽器。
5.瀏覽器得到域名解析結果,就是該域名相應的服務設備的IP地址。
6.瀏覽器向服務器請求內容。
7.服務器將用戶請求內容傳送給瀏覽器。
網站接入CDN后工作流程及工作原理
網站接入CDN后,構建了CDN網絡,這個CDN網絡一般是由一個DNS服務器和幾台緩存服務器運行起來的。
CDN工作原理
1.當用戶點擊網站頁面上的內容URL,經過本地DNS系統解析,DNS系統會最終將域名的解析權交給CNAME指向的CDN專用DNS服務器。
2.CDN的DNS服務器將CDN的全局負載均衡設備IP地址返回用戶。
3.用戶向CDN的全局負載均衡設備發起內容URL訪問請求。
4.CDN全局負載均衡設備根據用戶IP地址,以及用戶請求的內容URL,選擇一台用戶所屬區域的區域負載均衡設備,告訴用戶向這台設備發起請求。
5.區域負載均衡設備會為用戶選擇一台合適的緩存服務器提供服務,選擇的依據包括:根據用戶IP地址,判斷哪一台服務器距用戶最近;根據用戶所請求的URL中攜帶的內容名稱,判斷哪一台服務器上有用戶所需內容;查詢各個服務器當前的負載情況,判斷哪一台服務器尚有服務能力。基於以上這些條件的綜合分析之后,區域負載均衡設備會向全局負載均衡設備返回一台緩存服務器的IP地址。
6.全局負載均衡設備把服務器的IP地址返回給用戶。
7.用戶向緩存服務器發起請求,緩存服務器響應用戶請求,將用戶所需內容傳送到用戶終端。如果這台緩存服務器上並沒有用戶想要的內容,而區域均衡設備依然將它分配給了用戶,那么這台服務器就要向它的上一級緩存服務器請求內容,直至追溯到網站的源服務器將內容拉到本地。
DNS服務器根據用戶IP地址,將域名解析成相應節點的緩存服務器IP地址,實現用戶就近訪問。使用CDN服務的網站,只需將其域名解析權交給CDN的GSLB設備,將需要分發的內容注入CDN,就可以實現網站內容加速。
四.DNS什么時候使用tcp 53端口和UDP 53端口
tcp 53端口在DNS的主從同步使用
udp 53端口在DNS查詢使用,但也影響主從同步
五.實現DNS正向主服務器
1.實驗目的
搭建DNS正向主服務器,實現web服務器基於FQDN的訪問
2.環境要求
需要三台主機
DNS服務器:10.0.0.8
web服務器:10.0.0.7
DNS客戶端:10.0.0.6
3.前提准備
關閉SELinux
關閉防火牆
時間同步
#10.0.0.8作為時間服務器
[root@centos8 ~]# dnf -y install chrony
[root@centos8 ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst
server time1.cloud.tencent.com iburst
server slb.time.edu.cn iburst
#server作為時鍾服務器,iburst選項當服務器可達時,發送一個八個數據包而不是通常的一個數據包。包間隔通常為2秒,可加快初始同步速度
allow 10.0.0.0/24 #允許10.0.0.0網段訪問本服務器
local stratum 10 #server指令中的時間服務器不可用,也允許將本地時間作為標准時間授時給其它客戶端
:wq
[root@centos8 ~]# systemctl restart chronyd
[root@centos8 ~]# ss -ntul
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:* #123是chrony的服務端端口
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* #323是chrony的客戶端端口
udp UNCONN 0 0 [::1]:323 [::]:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
[root@centos8 ~]# chronyc sources -nv
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 37 4 -598us[ -11ms] +/- 35ms ##* 星號表示和這台服務器已經同步時間
^- 139.199.215.251 2 6 67 3 +11ms[ +11ms] +/- 50ms
#其它作為客戶端
#在10.0.0.7上實現
[root@centos7 ~]# yum -y install chrony
[root@centos7 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos7 ~]# systemctl restart chronyd
[root@centos7 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 6 +24us[ +26us] +/- 32ms
[root@centos7 ~]# ss -ntul
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 [::1]:323 [::]:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 128 [::]:22 [::]:*
#在10.0.0.6上實現
[root@centos6 ~]# yum -y install chrony
[root@centos6 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos6 ~]# service chronyd restart
Stopping chronyd: [FAILED]
Starting chronyd: [ OK ]
[root@centos6 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 18 +15ns[ -880us] +/- 79ms
4.實現步驟
4.1 在DNS服務端安裝bind
##在10.0.0.8上實現
[root@centos8 ~]# dnf -y install bind
4.2 修改bind配置文件
#在10.0.0.8上實現
[root@centos8 ~]# vim /etc/named.conf
#注釋掉下面兩行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
:wq
[root@centos8 ~]# vim /etc/named.rfc1912.zones
#加入下面內容
zone "neteagles.vip" IN {
type master;
file "neteagles.vip.zone";
};
:wq
4.3 DNS區域數據庫文件
#在10.0.0.8上實現
[root@centos8 ~]# cp -p /var/named/named.localhost /var/named/neteagles.vip.zone
#如果沒有加-p,選項,需要修改/var/named/neteagles.vip.zone權限為640,所屬組為named,chmod 640 /var/named/neteagles.vip.zone,chown .named /var/named/neteagles.vip.zone
[root@centos8 ~]# ll /var/named
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 root named 2253 Aug 25 01:31 named.ca
-rw-r----- 1 root named 152 Aug 25 01:31 named.empty
-rw-r----- 1 root named 152 Aug 25 01:31 named.localhost
-rw-r----- 1 root named 168 Aug 25 01:31 named.loopback
-rw-r----- 1 root named 152 Aug 25 01:31 neteagles.vip.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
[root@centos8 ~]# vim /var/named/neteagles.vip.zone
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.8
www A 10.0.0.7
:wq
4.4 檢查配置文件和數據庫文件格式,並啟動服務
#在10.0.0.8上實現
[root@centos8 ~]# named-checkconf #檢查配置文件格式
[root@centos8 ~]# named-checkzone neteagles.vip /var/named/neteagles.vip.zone #檢查數據庫文件格式
-bash: named-checkzone: command not found #centos8 上已經沒有這個命令
[root@centos8 ~]# systemctl enable --now named #第一次啟動服務
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
#如果不是第一次啟動服務,用rndc reload,重新加載服務
4.5 實現WEB服務
#在10.0.0.7上實現
[root@centos7 ~]# yum -y install httpd;echo www.neteagles.vip > /var/www/html/index.html;systemctl enable --now httpd
[root@centos7 ~]# curl 10.0.0.7
www.neteagles.vip
4.6 在客戶端實現測試
#在10.0.0.6上實現
[root@centos6 ~]# alias vie0
alias vie0='vim /etc/sysconfig/network-scripts/ifcfg-eth0'
#vie0 是設置網卡配置的別名
[root@centos6 ~]# vie0
DNS1=10.0.0.8
:wq
[root@centos6 ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 10.0.0.6 is already in use for device eth0...
[ OK ]
[root@centos6 ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 10.0.0.8 #顯示DNS已經被改為10.0.0.8
#測試網頁,能顯示就是成功
[root@centos6 ~]# curl www.neteagles.vip
www.neteagles.vip
[root@centos6 ~]# dig www.neteagles.vip
-bash: dig: command not found
[root@centos6 ~]# yum -y install bind-utils
[root@centos6 ~]# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31449
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS master.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8) #這里也顯示是通過10.0.0.8解析的
;; WHEN: Wed Jan 6 19:44:44 2021
;; MSG SIZE rcvd: 88
六.反向解析
#在10.0.0.8上實現
[root@centos8 ~]# cat /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
[root@centos8 ~]# vim /etc/named.rfc1912.zones
#添加下面內容
zone "0.0.10.in-addr.arpa" {
type master;
file "10.0.0.zone";
};
:wq
[root@centos8 ~]# cp -p /var/named/named.loopback /var/named/10.0.0.zone
[root@centos8 ~]# ll /var/named
total 24
-rw-r----- 1 root named 168 Aug 25 01:31 10.0.0.zone
drwxrwx--- 2 named named 23 Jan 6 19:38 data
drwxrwx--- 2 named named 60 Jan 6 19:39 dynamic
-rw-r----- 1 root named 2253 Aug 25 01:31 named.ca
-rw-r----- 1 root named 152 Aug 25 01:31 named.empty
-rw-r----- 1 root named 152 Aug 25 01:31 named.localhost
-rw-r----- 1 root named 168 Aug 25 01:31 named.loopback
-rw-r----- 1 root named 200 Jan 6 19:36 neteagles.vip.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
[root@centos8 ~]# vim /var/named/10.0.0.zone
$TTL 1D
@ IN SOA ns1 admin.neteagles.vip. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.neteagles.vip.
100 PTR www.neteagles.vip.
200 PTR app.zhang.vip.
:wq
[root@centos8 ~]# rndc reload
server reload successful
[root@centos6 ~]# dig -t ptr 100.0.0.10.in-addr.arpa @10.0.0.8
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> -t ptr 100.0.0.10.in-addr.arpa @10.0.0.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58766
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;100.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.0.0.10.in-addr.arpa. 86400 IN PTR www.neteagles.vip.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 86400 IN NS ns1.neteagles.vip.
;; Query time: 1 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan 6 19:56:38 2021
;; MSG SIZE rcvd: 102
[root@centos6 ~]# dig -x 10.0.0.100 @10.0.0.8
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> -x 10.0.0.100 @10.0.0.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35405
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;100.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.0.0.10.in-addr.arpa. 86400 IN PTR www.neteagles.vip.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 86400 IN NS ns1.neteagles.vip.
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan 6 19:57:12 2021
;; MSG SIZE rcvd: 102
[root@centos6 ~]# host 10.0.0.100
100.0.0.10.in-addr.arpa domain name pointer www.neteagles.vip.
[root@centos6 ~]# nslookup 10.0.0.200
Server: 10.0.0.8
Address: 10.0.0.8#53
200.0.0.10.in-addr.arpa name = app.zhang.vip.
[root@centos6 ~]# nslookup
> 10.0.0.100
Server: 10.0.0.8
Address: 10.0.0.8#53
100.0.0.10.in-addr.arpa name = www.neteagles.vip.
> exit
七. 實現DNS從服務器
1.實驗目的
搭建DNS主從服務器架構,實現DNS服務冗余
2. 環境要求
需要四台主機
DNS主服務器:10.0.0.8
DNS從服務器:10.0.0.18
web服務器:10.0.0.7
DNS客戶端:10.0.0.6
3. 前提准備
關閉SELinux
關閉防火牆
時間同步
#在10.0.0.18上實現
[root@centos8-2 ~]# dnf -y install chrony
[root@centos8-2 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-2 ~]# systemctl restart chronyd
[root@centos8-2 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 7 +630ns[+9549ns] +/- 34ms
4. 實現步驟
4.1 主DNS服務器配置(參考DNS正向主服務器)
#在10.0.0.8上實現
[root@centos8 ~]# vim /etc/named.conf
#只允許從服務器進行區域傳輸
allow-transfer {10.0.0.18;};
:wq
[root@centos8 ~]# vim /var/named/neteagles.vip.zone
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.8
slave A 10.0.0.18
www A 10.0.0.7
:wq
[root@centos8 ~]# rndc reload
server reload successful
4.2 從服務器配置
#在10.0.0.18上實現
[root@centos8-2 ~]# dnf -y install bind
[root@centos8-2 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
// allow-query { localhost; };
#不允許其它主機進行區域傳輸
allow-transfer {none;};
:wq
[root@centos8-3 ~]# vim /etc/named.rfc1912.zones
#添加下面內容
zone "neteagles.vip" IN {
type slave;
masters {10.0.0.8;};
file "slaves/neteagles.vip.slave";
};
:wq
[root@centos8-2 ~]# named-checkconf
[root@centos8-2 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@centos8-2 ~]# ll /var/named/slaves/neteagles.vip.slave
-rw-r--r-- 1 named named 346 Jan 6 20:24 /var/named/slaves/neteagles.vip.slave
4.3 客戶端測試主從DNS服務架構
#在10.0.0.6上實現
[root@centos6 ~]# vie0
DNS1=10.0.0.8
DNS2=10.0.0.18
:wq
[root@centos6 ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 10.0.0.6 is already in use for device eth0...
[ OK ]
[root@centos6 ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 10.0.0.8
nameserver 10.0.0.18
[root@centos6 ~]# curl www.neteagles.vip
www.neteagles.vip
[root@centos6 ~]# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40752
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS master.neteagles.vip.
neteagles.vip. 86400 IN NS slave.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8) #可以看到是通過DNS10.0.0.8解析的
;; WHEN: Wed Jan 6 20:27:28 2021
;; MSG SIZE rcvd: 124
server reload successful
[root@centos8 ~]# systemctl stop named
[root@centos6 ~]# curl www.neteagles.vip
www.neteagles.vip
[root@centos6 ~]# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22171
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS master.neteagles.vip.
neteagles.vip. 86400 IN NS slave.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.18#53(10.0.0.18) #可以看到是通過DNS10.0.0.18解析的
;; WHEN: Wed Jan 6 20:29:05 2021
;; MSG SIZE rcvd: 124
八.實現DNS父域和子域服務
1.實驗目的
搭建DNS父域和子域服務器
2.環境要求
需要五台主機
DNS父域服務器:10.0.0.8
DNS子域服務器:10.0.0.28
父域的web服務器:10.0.0.7 www.neteagles.vip
子域的web服務器:10.0.0.17 www.shanghai.neteagles.vip
DNS客戶端:10.0.0.6
3.前提准備
關閉SELinux
關閉防火牆
時間同步
#在10.0.0.28上實現
[root@centos8-3 ~]# dnf -y install chrony
[root@centos8-3 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-3 ~]# systemctl restart chronyd
[root@centos8-3 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 9 +4ns[+3318ns] +/- 35ms
#在10.0.0.17上實現
[root@centos7-2 ~]# yum -y install chrony
[root@centos7-2 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos7-2 ~]# systemctl restart chronyd
[root@centos7-2 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 5 -578ns[ -30us] +/- 34ms
4.實現步驟
4.1 在父域DNS服務器上實現主neteagles.vip域的主DNS服務
#在10.0.0.8上實現
[root@centos8 ~]# vim /etc/named.conf
#關閉加密驗證
dnssec-enable no;
dnssec-validation no;
:wq
[root@centos8 ~]# vim /var/named/neteagles.vip.zone
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
shanghai NS shanghais #添加這行
master A 10.0.0.8
slave A 10.0.0.18
shanghais A 10.0.0.28 #添加這行
www A 10.0.0.7
:wq
[root@centos8 ~]# rndc reload
rndc: connect failed: 127.0.0.1#953: connection refused
[root@centos8 ~]# systemctl restart named
[root@centos8 ~]# rndc reload
server reload successful
4.2 實現子域的DNS服務器
#在10.0.0.28上實現
[root@centos8-3 ~]# dnf -y install bind
[root@centos8-3 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {none;};
:wq
[root@centos8-3 ~]# vim /etc/named.rfc1912.zones
zone "shanghai.neteagles.vip" {
type master;
file "shanghai.neteagles.vip.zone";
};
:wq
[root@centos8-3 ~]# cp -p /var/named/named.localhost /var/named/shanghai.neteagles.vip.zone
[root@centos8-3 ~]# ll /var/named/
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 root named 2253 Aug 25 01:31 named.ca
-rw-r----- 1 root named 152 Aug 25 01:31 named.empty
-rw-r----- 1 root named 152 Aug 25 01:31 named.localhost
-rw-r----- 1 root named 168 Aug 25 01:31 named.loopback
-rw-r----- 1 root named 152 Aug 25 01:31 shanghai.neteagles.vip.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
[root@centos8-3 ~]# vim /var/named/shanghai.neteagles.vip.zone
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.28
websrv A 10.0.0.17
www CNAME websrv
:wq
[root@centos8-3 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
4.3 在父域和子域的web服務器上安裝httpd服務
#在10.0.0.17上實現
[root@centos7-2 ~]# yum -y install httpd;echo www.shanghai.neteagles.vip > /var/www/html/index.html;systemctl enable --now httpd
[root@centos7-2 ~]# curl 10.0.0.17
www.shanghai.neteagles.vip
4.4 客戶端測試
#在10.0.0.6上實現
[root@centos6 ~]# curl www.neteagles.vip
www.neteagles.vip
[root@centos6 ~]# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42852
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7 #父域web在10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS slave.neteagles.vip.
neteagles.vip. 86400 IN NS master.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan 6 21:17:08 2021
;; MSG SIZE rcvd: 124
[root@centos6 ~]# curl www.shanghai.neteagles.vip
www.shanghai.neteagles.vip
[root@centos6 ~]# dig www.shanghai.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.shanghai.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47531
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.shanghai.neteagles.vip. IN A
;; ANSWER SECTION:
www.shanghai.neteagles.vip. 86400 IN CNAME websrv.shanghai.neteagles.vip. #子域別名
websrv.shanghai.neteagles.vip. 86400 IN A 10.0.0.17 #子域web在10.0.0.17
;; AUTHORITY SECTION:
shanghai.neteagles.vip. 86400 IN NS master.shanghai.neteagles.vip.
;; ADDITIONAL SECTION:
master.shanghai.neteagles.vip. 86400 IN A 10.0.0.28
;; Query time: 4 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan 6 21:16:15 2021
;; MSG SIZE rcvd: 118
九.實現DNS forward(只緩存)服務器
1.實驗目的
搭建DNS轉發(只緩存)服務器
2.環境要求
需要四台主機
DNS緩存服務器:10.0.0.38
DNS主服務器:10.0.0.8
web服務器:10.0.0.7
DNS客戶端:10.0.0.6
3.前提准備
關閉SELinux
關閉防火牆
時間同步
#在10.0.0.38上實現
[root@centos8-4 ~]# dnf -y install chrony
[root@centos8-4 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-4 ~]# systemctl restart chronyd
[root@centos8-4 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 5 -527ns[ -28us] +/- 33ms
4.實現步驟
4.1 實現轉發(只緩存)DNS服務器
#在10.0.0.38上實現
[root@centos8-4 ~]# dnf -y install bind
[root@centos8-4 ~]# vim /etc/named.conf
#注釋掉下面兩行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
forward first;
forwarders {10.0.0.8;};
#關閉dnssec功能
dnssec-enable no;
dnssec-validation no;
:wq
[root@centos8-4 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
4.2 實現主DNS服務器(參看前面案例)
4.3 web服務器配置(參看前面案例)
4.4 客戶端測試
#在10.0.0.6上實現
[root@centos6 ~]# curl www.neteagles.vip
www.neteagles.vip
[root@centos6 ~]# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62918
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS master.neteagles.vip.
neteagles.vip. 86400 IN NS slave.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 0 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan 6 21:37:51 2021
;; MSG SIZE rcvd: 124
[root@centos6 ~]# dig www.neteagles.vip @10.0.0.38
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip @10.0.0.38
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58089
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.7
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS slave.neteagles.vip.
neteagles.vip. 86400 IN NS master.neteagles.vip.
;; ADDITIONAL SECTION:
master.neteagles.vip. 86400 IN A 10.0.0.8
slave.neteagles.vip. 86400 IN A 10.0.0.18
;; Query time: 2 msec
;; SERVER: 10.0.0.38#53(10.0.0.38) #可以看到通過10.0.0.38轉發
;; WHEN: Wed Jan 6 21:38:34 2021
;; MSG SIZE rcvd: 124
十.利用view實現智能DNS
1.實驗目的
搭建DNS主從服務器架構,實現DNS服務冗余
2.環境要求
需要五台主機
DNS主服務器和web服務器1:10.0.0.8/24 192.168.1.8/24
web服務器2:10.0.0.7/24
web服務器3:192.168.1.7/24
DNS客戶端1:10.0.0.6/24
DNS客戶端2:192.168.1.6/24
3.前提准備
關閉SELinux
關閉防火牆
時間同步
#10.0.0.8和192.168.1.8做為時間服務器
[root@centos8 ~]# dnf -y install chrony
[root@centos8 ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst
server time1.cloud.tencent.com iburst
server slb.time.edu.cn iburst
allow 10.0.0.0/24
allow 192.168.1.0/24
local stratum 10
:wq
[root@centos8 ~]# systemctl restart chronyd
[root@centos8 ~]# chronyc sources -nv
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 7 -4864us[-1361us] +/- 32ms
^+ 139.199.215.251 2 6 17 7 +9283us[ +13ms] +/- 60ms
#其它做為客戶端
#在10.0.0.7上實現
[root@centos7 ~]# yum -y install chrony
[root@centos7 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos7 ~]# systemctl restart chronyd
[root@centos7 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 1 +14us[ +15us] +/- 40ms
#在192.168.1.7上實現
[root@centos7-2 ~]# yum -y install chrony
[root@centos7-2 ~]# vim /etc/chrony.conf
server 192.168.1.8 iburst
:wq
[root@centos7-2 ~]# systemctl restart chronyd
[root@centos7-2 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.1.8 3 6 7 2 +454us[ -723ms] +/- 33ms
#在10.0.0.6上實現
[root@centos6 ~]# yum -y install chrony
[root@centos6 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos6 ~]# service chronyd restart
Stopping chronyd: [FAILED]
Starting chronyd: [ OK ]
[root@centos6 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 4 -46ns[ -436us] +/- 31ms
#在192.168.1.6上實現
[root@centos6 ~]# yum -y install chrony
[root@centos6 ~]# vim /etc/chrony.conf
server 192.168.1.8 iburst
:wq
[root@centos6 ~]# service chronyd restart
Stopping chronyd: [FAILED]
Starting chronyd: [ OK ]
[root@centos6 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.1.8 3 6 17 2 +53ns[-1042us] +/- 32ms
4.實驗步驟
4.1 DNS服務器的網卡配置
#在10.0.0.8上實現
[root@centos8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:3f:19:17 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe3f:1917/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:3f:19:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.8/24 brd 192.168.1.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe3f:1921/64 scope link
valid_lft forever preferred_lft forever
4.2 主DNS服務端配置文件實現view
#在10.0.0.8上實現
[root@centos8 ~]# dnf -y install bind
[root@centos8 ~]# vim /etc/named.conf
#在文件最前面加下面行
acl beijingnet {
10.0.0.0/24;
};
acl shanghainet {
192.168.1.0/24;
};
acl othernet {
any;
};
#注釋掉下面兩行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#創建view
view beijingview {
match-clients {beijingnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview {
match-clients {shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview {
match-clients {othernet;};
include "/etc/named.rfc1912.zones.other";
};
:wq
4.3 實現區域配置文件
#在10.0.0.8上實現
[root@centos8 ~]# vim /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "neteagles.vip" {
type master;
file "neteagles.vip.zone.bj";
};
:wq
[root@centos8 ~]# vim /etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "neteagles.vip" {
type master;
file "neteagles.vip.zone.sh";
};
:wq
[root@centos8 ~]# vim /etc/named.rfc1912.zones.other
zone "." IN {
type hint;
file "named.ca";
};
zone "neteagles.vip" {
type master;
file "neteagles.vip.zone.other";
};
:wq
[root@centos8 ~]# ll /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.sh /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 1029 Aug 25 01:31 /etc/named.rfc1912.zones
-rw-r--r-- 1 root root 132 Jan 7 14:33 /etc/named.rfc1912.zones.bj
-rw-r--r-- 1 root root 135 Jan 7 14:36 /etc/named.rfc1912.zones.other
-rw-r--r-- 1 root root 132 Jan 7 14:35 /etc/named.rfc1912.zones.sh
[root@centos8 ~]# chmod 640 /etc/named.rfc1912.zones.bj;chgrp named /etc/named.rfc1912.zones.bj
[root@centos8 ~]# chmod 640 /etc/named.rfc1912.zones.sh;chgrp named /etc/named.rfc1912.zones.sh
[root@centos8 ~]# chmod 640 /etc/named.rfc1912.zones.other;chgrp named /etc/named.rfc1912.zones.other
[root@centos8 ~]# ll /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj /etc/named.rfc1912.zones.sh /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 1029 Aug 25 01:31 /etc/named.rfc1912.zones
-rw-r----- 1 root named 132 Jan 7 14:33 /etc/named.rfc1912.zones.bj
-rw-r----- 1 root named 135 Jan 7 14:36 /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 132 Jan 7 14:35 /etc/named.rfc1912.zones.sh
4.4 創建區域數據庫文件
#在10.0.0.8上實現
[root@centos8 ~]# cp -p /var/named/named.localhost /var/named/neteagles.vip.zone.bj
[root@centos8 ~]# vim /var/named/neteagles.vip.zone.bj
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.8
websrv A 10.0.0.7
www CNAME websrv
:wq
[root@centos8 ~]# cp -p /var/named/neteagles.vip.zone.bj /var/named/neteagles.vip.zone.sh
[root@centos8 ~]# vim /var/named/neteagles.vip.zone.sh
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.8
websrv A 192.168.1.7
www CNAME websrv
:wq
[root@centos8 ~]# cp -p /var/named/neteagles.vip.zone.bj /var/named/neteagles.vip.zone.other
[root@centos8 ~]# vim /var/named/neteagles.vip.zone.other
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.8
websrv A 127.0.0.1
www CNAME websrv
:wq
[root@centos8 ~]# ll /var/named/neteagles.vip.zone.*
-rw-r----- 1 root named 240 Jan 7 14:45 /var/named/neteagles.vip.zone.bj
-rw-r----- 1 root named 241 Jan 7 14:48 /var/named/neteagles.vip.zone.other
-rw-r----- 1 root named 244 Jan 7 14:47 /var/named/neteagles.vip.zone.sh
[root@centos8 ~]# systemctl enable --now named
#啟動服務報錯
[root@centos8 ~]# cat /var/log/messages
Jan 7 14:50:21 centos8 bash[10314]: /etc/named.conf:73: when using 'view' statements, all zones must be in views #提示/etc/named.conf的73出錯
[root@centos8 ~]# vim /etc/named.conf
#注釋掉下面內容
#zone "." IN {
# type hint;
# file "named.ca";
#};
#注釋掉這行
#include "/etc/named.rfc1912.zones";
:wq
[root@centos8 ~]# systemctl start named
4.5 實現位於不同區域的三個WEB服務器
#分別在三台主機上安裝http服務
#在web服務器1:192.168.1.8/24上實現
[root@centos8 ~]# dnf -y install httpd;echo www.neteagles.vip in other> /var/www/html/index.html;systemctl enable --now httpd
[root@centos8 ~]# curl 192.168.1.8
www.neteagles.vip in other
#在web服務器2:10.0.0.7/24上實現
[root@centos7 ~]# yum -y install httpd;echo www.neteagles.vip in beijing> /var/www/html/index.html;systemctl enable --now httpd
[root@centos7 ~]# curl 10.0.0.7
www.neteagles.vip in beijing
#在web服務器3:192.168.1.7/24上實現
[root@centos7-2 ~]# yum -y install httpd;echo www.neteagles.vip in shanghai> /var/www/html/index.html;systemctl enable --now httpd
[root@centos7-2 ~]# curl 192.168.1.7
www.neteagles.vip in shanghai
4.6 客戶端測試
#分別在三台主機上訪問
#在DNS客戶端1:10.0.0.6/24上實現,確保DNS指向10.0.0.8
[root@centos6 ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 10.0.0.8
[root@centos6 ~]# curl www.neteagles.vip
www.neteagles.vip in beijing
#在DNS客戶端1:192.168.1.6/24上實現,確保DNS指向192.168.1.8
[root@centos6 network-scripts]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 192.168.1.8
[root@centos6 ~]# curl www.neteagles.vip
www.neteagles.vip in shanghai
#在DNS客戶端3:10.0.0.8/24上實現,確保DNS指向127.0.0.1
[root@centos8 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 127.0.0.1
[root@centos8 ~]# curl www.neteagles.vip
www.neteagles.vip in other
十一.綜合案例:實現internet的DNS服務架構
1.實驗目的
搭建DNS實現internet DNS架構
2.環境要求
需要8台主機
DNS客戶端:10.0.0.6/24
本地DNS服務器(只緩存):10.0.0.8/24
轉發目標DNS服務器:10.0.0.18/24
根DNS服務器:10.0.0.28/24
vip域DNS服務器:10.0.0.38/24
neteagles.vip域主DNS服務器:10.0.0.48/24
neteagles.vip域從DNS服務器:10.0.0.58/24
www.neteagles.vip的WEB服務器:10.0.0.68/24
3.前提准備
關閉SELinux
關閉防火牆
時間同步
#10.0.0.8 做為時間同步服務器
[root@centos8 ~]# dnf -y install chrony
[root@centos8 ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst
server time1.cloud.tencent.com iburst
server slb.time.edu.cn iburst
allow 10.0.0.0/24
local stratum 10
:wq
[root@centos8 ~]# systemctl restart chronyd
[root@centos8 ~]# chronyc sources -nv
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 12 -3244us[-5087us] +/- 37ms
^- 139.199.215.251 2 6 27 10 +8369us[+8369us] +/- 66ms
#其他做為客戶端
#在10.0.0.18上實現
[root@centos8-2 ~]# dnf -y install chrony
[root@centos8-2 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-2 ~]# systemctl restart chronyd
[root@centos8-2 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 16 +448ns[ +10us] +/- 39ms
#在10.0.0.28上實現
[root@centos8-3 ~]# dnf -y install chrony
[root@centos8-3 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-3 ~]# systemctl restart chronyd
[root@centos8-3 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 35 +1224ns[ +80us] +/- 37ms
#在10.0.0.38上實現
[root@centos8-4 ~]# dnf -y install chrony
[root@centos8-4 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-4 ~]# systemctl restart chronyd
[root@centos8-4 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 2 -830ns[ -52us] +/- 36ms
#在10.0.0.48上實現
[root@centos8-5 ~]# dnf -y install chrony
[root@centos8-5 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-5 ~]# systemctl restart chronyd
[root@centos8-5 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 2 +113ns[ +21us] +/- 33ms
#在10.0.0.58上實現
[root@centos8-6 ~]# dnf -y install chrony
[root@centos8-6 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-6 ~]# systemctl restart chronyd
[root@centos8-6 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 2 +215ns[ -14us] +/- 34ms
#在10.0.0.68上實現
[root@centos8-7 ~]# dnf -y install chrony
[root@centos8-7 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos8-7 ~]# systemctl restart chronyd
[root@centos8-7 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 2 -381ns[ -38us] +/- 34ms
#在10.0.0.6上實現
[root@centos6 ~]# yum -y install chrony
[root@centos6 ~]# vim /etc/chrony.conf
server 10.0.0.8 iburst
:wq
[root@centos6 ~]# service chronyd restart
Stopping chronyd: [FAILED]
Starting chronyd: [ OK ]
[root@centos6 ~]# chronyc sources -nv
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.8 3 6 17 4 -2ns[ +42us] +/- 84ms
4.實現步驟
4.1 各種主機的網絡配置(參看上面的環境要求)
4.2 實現WEB服務
#在web服務器10.0.0.68/24上實現
[root@centos8-7 ~]# dnf -y install httpd ;echo www.neteagles.vip >/var/www/html/index.html;systemctl enable --now httpd
[root@centos8-7 ~]# curl 10.0.0.68
www.neteagles.vip
4.3 實現neteagles..vip域的主DNS服務器
#在neteagles.vip域的主DNS服務器10.0.0.48/24上實現
[root@centos8-5 ~]# dnf -y install bind
[root@centos8-5 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {10.0.0.58;};
:wq
[root@centos8-5 ~]# vim /etc/named.rfc1912.zones
zone "neteagles.vip" {
type master;
file "neteagles.vip.zone";
};
:wq
[root@centos8-5 ~]# cp -p /var/named/named.localhost /var/named/neteagles.vip.zone
[root@centos8-5 ~]# ll /var/named
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 root named 2253 Aug 25 01:31 named.ca
-rw-r----- 1 root named 152 Aug 25 01:31 named.empty
-rw-r----- 1 root named 152 Aug 25 01:31 named.localhost
-rw-r----- 1 root named 168 Aug 25 01:31 named.loopback
-rw-r----- 1 root named 152 Aug 25 01:31 neteagles.vip.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
[root@centos8-5 ~]# vim /var/named/neteagles.vip.zone
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave
master A 10.0.0.48
slave A 10.0.0.58
www A 10.0.0.68
:wq
[root@centos8-5 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
4.4 實現neteagles.vip域的從DNS服務器配置
#在neteagles.vip域的從DNS服務器10.0.0.58/24上實現
[root@centos8-6 ~]# dnf -y install bind
[root@centos8-6 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {none;};
:wq
[root@centos8-6 ~]# vim /etc/named.rfc1912.zones
zone "neteagles.vip" {
type slave;
masters {10.0.0.48;};
file "slaves/neteagles.slave.zone";
};
:wq
[root@centos8-6 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@centos8-6 ~]# ll /var/named/slaves/neteagles.slave.zone
-rw-r--r-- 1 named named 346 Jan 6 23:09 /var/named/slaves/neteagles.slave.zone
4.5 實現vip域的主DNS服務器
#在vip域的主DNS服務器10.0.0.38/24上實現
[root@centos8-4 ~]# dnf -y install bind
[root@centos8-4 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
:wq
[root@centos8-4 ~]# vim /etc/named.rfc1912.zones
zone "vip" {
type master;
file "vip.zone";
};
:wq
[root@centos8-4 ~]# cp -p /var/named/named.localhost /var/named/vip.zone
[root@centos8-4 ~]# ll /var/named
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 root named 2253 Aug 25 01:31 named.ca
-rw-r----- 1 root named 152 Aug 25 01:31 named.empty
-rw-r----- 1 root named 152 Aug 25 01:31 named.localhost
-rw-r----- 1 root named 168 Aug 25 01:31 named.loopback
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
-rw-r----- 1 root named 152 Aug 25 01:31 vip.zone
[root@centos8-4 ~]# vim /var/named/vip.zone
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
neteagles NS neteaglesns1
neteagles NS neteaglesns2
master A 10.0.0.38
neteaglesns1 A 10.0.0.48
neteaglesns2 A 10.0.0.58
:wq
[root@centos8-4 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
4.6 實現根域的主DNS服務器
#在根域的主DNS服務器10.0.0.28/24上實現
[root@centos8-3 ~]# dnf -y install bind
[root@centos8-3 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
#修改下面內容為:
zone "." IN {
type master;
file "root.zone";
};
:wq
[root@centos8-3 ~]# cp -p /var/named/named.localhost /var/named/root.zone
[root@centos8-3 ~]# ll /var/named/
total 20
drwxrwx--- 2 named named 6 Aug 25 01:31 data
drwxrwx--- 2 named named 6 Aug 25 01:31 dynamic
-rw-r----- 1 root named 2253 Aug 25 01:31 named.ca
-rw-r----- 1 root named 152 Aug 25 01:31 named.empty
-rw-r----- 1 root named 152 Aug 25 01:31 named.localhost
-rw-r----- 1 root named 168 Aug 25 01:31 named.loopback
-rw-r----- 1 root named 152 Aug 25 01:31 root.zone
drwxrwx--- 2 named named 6 Aug 25 01:31 slaves
[root@centos8-3 ~]# vim /var/named/root.zone
$TTL 1D
@ IN SOA master admin.neteagles.vip. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
vip NS vipns
master A 10.0.0.28
vipns A 10.0.0.38
:wq
[root@centos8-3 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
4.6 實現轉發目標的DNS服務器
#在轉發目標的DNS服務器10.0.0.18/24上實現
[root@centos8-2 ~]# dnf -y install bind
[root@centos8-2 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
:wq
[root@centos8-2 ~]# vim /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 10.0.0.28
:wq
[root@centos8-2 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
4.7 實現本地只緩存DNS服務器
#在轉發目標的DNS服務器10.0.0.8/24上實現
[root@centos8 ~]# dnf -y install bind
[root@centos8 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
forward only;
forwarders {10.0.0.18;};
dnssec-enable no;
dnssec-validation no
:wq
[root@centos8 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
4.8 客戶端測試
#在10.0.0.6上實現
[root@centos6 ~]# yum -y install bind-utils
[root@centos6 ~]# vie0
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.0.6
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.8
:wq
[root@centos6 ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 10.0.0.6 is already in use for device eth0...
[ OK ]
[root@centos6 ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain neteagles.cn
nameserver 10.0.0.8
[root@centos6 ~]# dig www.neteagles.vip
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> www.neteagles.vip
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60725
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neteagles.vip. IN A
;; ANSWER SECTION:
www.neteagles.vip. 86400 IN A 10.0.0.68
;; AUTHORITY SECTION:
neteagles.vip. 86400 IN NS neteaglesns2.vip.
neteagles.vip. 86400 IN NS neteaglesns1.vip.
;; ADDITIONAL SECTION:
neteaglesns1.vip. 86400 IN A 10.0.0.48
neteaglesns2.vip. 86400 IN A 10.0.0.58
;; Query time: 9 msec
;; SERVER: 10.0.0.8#53(10.0.0.8)
;; WHEN: Wed Jan 6 23:50:19 2021
;; MSG SIZE rcvd: 137
[root@centos6 ~]# curl www.neteagles.vip
www.neteagles.vip