搭建一个公司内部的DNS
把地址改成公司内部服务器
[root@centos8 named]# vim /var/named/named.ca
把DNS指向自己内部服务器
[root@centos8 named]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" NAME="eth0" DEVICE="eth0" ONBOOT="ystatic IPADDR="10.0.0.134" GATEWAY="10.0.0.2" DNS1="127.0.0.1"
然后重启服务
SOA记录的建造#主机服务器
1.首先建立一个xxx.org这样的域 用来解析这个域里所有的资源记录的信息
[root@centos8 ~]# cat /var/named/named.localhost $TTL 1D @ IN SOA @ rname.invalid. ( #主DNS服务器的名称(本域);邮箱 0 ; serial #数据库版本号 1D ; refresh #同步的时间间隔 1H ; retry #重置时间 1W ; expire #过期时长 3H ) ; minimum #否定结果的缓存时长 NS @ A 127.0.0.1 AAAA ::1
name [TTL] IN rr_type value #格式
习惯用域名加.zone 作为文件命名方式
[root@centos8 named]# vim zty123.local.zone $TTL 86400 @ IN SOA master admin.zty123.com. ( 1 3600 10M 3D 1D ) NS master master A 10.0.0.134 www A 10.0.0.100 ~ ~ ~
更改bind配置文件
[root@centos8 named]# vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { localhost; }; #该主机的每一个IP地址 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { any; };
改权限、属组
[root@centos8 named]# chmod 640 /var/named/zty123.local.zone [root@centos8 named]# ll total 20 drwxrwx--- 2 named named 23 Sep 14 19:44 data drwxrwx--- 2 named named 60 Sep 14 19:44 dynamic -rw-r----- 1 root named 2253 Jul 7 22:14 named.ca -rw-r----- 1 root named 152 Jul 7 22:14 named.empty -rw-r----- 1 root named 152 Jul 7 22:14 named.localhost -rw-r----- 1 root named 168 Jul 7 22:14 named.loopback drwxrwx--- 2 named named 6 Jul 7 22:14 slaves -rw-r----- 1 root root 170 Sep 14 19:43 zty123.local.zone [root@centos8 named]# chgrp named zty123.local.zone [root@centos8 named]# ll total 20 drwxrwx--- 2 named named 23 Sep 14 19:44 data drwxrwx--- 2 named named 60 Sep 14 19:44 dynamic -rw-r----- 1 root named 2253 Jul 7 22:14 named.ca -rw-r----- 1 root named 152 Jul 7 22:14 named.empty -rw-r----- 1 root named 152 Jul 7 22:14 named.localhost -rw-r----- 1 root named 168 Jul 7 22:14 named.loopback drwxrwx--- 2 named named 6 Jul 7 22:14 slaves -rw-r----- 1 root named 170 Sep 14 19:43 zty123.local.zone
随后改配置文件(这是个专门存放区域信息的文件)#直接/etc/named.conf也行
[root@centos8 named]# cat /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and https://tools.ietf.org/html/rfc6303 // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // Note: empty-zones-enable yes; option is default. // If private ranges should be forwarded, add // disable-empty-zone "."; into options // zone "zty123.local" IN { #域名 type master; file "zty123.local.zone"; #主DNS服务器的数据库 }; zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; };
用名令查DNS错误
[root@centos8 named]# named-checkzone zty123.local /var/named/zty123.local.zone zone zty123.local/IN: loaded serial 1 OK
搭建从服务器(备份服务器)
下载并安装bind
改配置文件
[root@centos8 ~]# vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { // listen-on port 53 { 127.0.0.1; }; #注释 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { localhost; }; #注释
[root@centos8 ~]# vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and https://tools.ietf.org/html/rfc6303 // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // Note: empty-zones-enable yes; option is default. // If private ranges should be forwarded, add // disable-empty-zone "."; into options // zone "zty123.local" { #域名 type slave; #从服务器名 master {10.0.0.134}; #主服务器地址 file "slaves/zty123.local.zone.slave"; #表示从主服务器复制过来的文件 }; #加入
同步 rndc reload
更新的时候 现在从服务器还没有更新文件 需要在主服务器加上从服务器并更新版本号(推) 或者从服务器主动去拉
安全
在没有安全设置的情况下 不更改主服务器任何设置 随意一个主机都能成为主服务器的从服务器 想抓就能抓
[10:41:18 root@centos7 ~]#dig -t axfr zty123.local @10.0.0.134 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> -t axfr zty123.local @10.0.0.134 ;; global options: +cmd zty123.local. 86400 IN SOA master.zty123.local. admin.zty123.com. 2 3600 600 259200 86400 zty123.local. 86400 IN NS master.zty123.local. zty123.local. 86400 IN NS slave.zty123.local. *.zty123.local. 86400 IN A 10.0.0.100 k8s-master.zty123.local. 86400 IN A 1.1.1.1 master.zty123.local. 86400 IN A 10.0.0.134 web.zty123.local. 86400 IN A 10.0.0.100 www.zty123.local. 86400 IN CNAME web.zty123.local. zty123.local. 86400 IN SOA master.zty123.local. admin.zty123.com. 2 3600 600 259200 86400 ;; Query time: 0 msec ;; SERVER: 10.0.0.134#53(10.0.0.134) ;; WHEN: Tue Sep 15 11:12:42 CST 2020 ;; XFR size: 9 records (messages 1, bytes 269)
在主服务器上更改配置文件
[root@centos8 named]# vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { // listen-on port 53 { localhost; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { any; }; allow-transfer {10.0.0.100;}; #指定从服务器的IP地址 /* [root@centos8 named]# rndc reload #同步
现在主服务器抓不到了 但是从服务器还能抓到 所以改从服务器的配置文件
[root@centos8 ~]# vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { localhost; }; allow-transsfer {none;}; #不让任何人传输 [root@centos8 named]# rndc reload #同步
子域
在同一台机上 同时有父域子域
[root@centos8 named]# vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and https://tools.ietf.org/html/rfc6303 // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // Note: empty-zones-enable yes; option is default. // If private ranges should be forwarded, add // disable-empty-zone "."; into options // zone "zty123.local" IN { type master; file "zty123.local.zone"; }; zone "jl.zty123.local" IN { #这是新加的吉林子域 type master; file "jl.zty123.local.zone"; };
可以改一个文件当子域的配置文件
[root@centos8 named]# cp -p zty123.local.zone jl.zty123.local.zone
[root@centos8 named]# vim jl.zty123.local.zone $TTL 86400 @ IN SOA master admin.zty123.com. ( 2 3600 10M 3D 1D ) NS master master A 10.0.0.134 www A 2.2.2.2
[root@centos8 named]# named-checkzone jl.zty123.local jl.zty123.local.zone zone jl.zty123.local/IN: loaded serial 2 OK #检查一下语法 [root@centos8 named]# rndc reload #重新加载
找个机器解析一下
[20:13:59 root@centos6 ~]$dig www.jl.zty123.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> www.jl.zty123.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44917 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.jl.zty123.local. IN A ;; ANSWER SECTION: www.jl.zty123.local. 86400 IN A 2.2.2.2 ;; AUTHORITY SECTION: jl.zty123.local. 86400 IN NS master.jl.zty123.local. ;; ADDITIONAL SECTION: master.jl.zty123.local. 86400 IN A 10.0.0.134 ;; Query time: 1 msec ;; SERVER: 10.0.0.134#53(10.0.0.134) ;; WHEN: Wed Sep 9 20:57:55 2020 ;; MSG SIZE rcvd: 90
在主服务器做委派 把子域交给单独管理 主服务器不管
在父服务器上 添加子域
[root@centos8 named]# vim zty123.local.zone $TTL 86400 @ IN SOA master admin.zty123.com. ( 2 3600 10M 3D 1D ) NS master NS slave sz NS szns1 #子域 szns1 A 10.0.0.136 #子域IP;被委派的管理者 master A 10.0.0.134 www CNAME web web A 10.0.0.100 * A 10.0.0.100 k8s-master A 1.1.1.1 ~ [root@centos8 named]# rndc reload
在子服务器上
[root@centos8 ~]# dnf -y install bind;systemctl enable --now named
[root@centos8 ~]# vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { // listen-on port 53 { 127.0.0.1; }; #注释 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { localhost; }; #注释
[root@centos8 ~]# vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and https://tools.ietf.org/html/rfc6303 // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // Note: empty-zones-enable yes; option is default. // If private ranges should be forwarded, add // disable-empty-zone "."; into options // zone "sz.zty123.local"{ #添加下列几行 type master; file "sz.zty123.local.zone"; };
新建
[root@centos8 ~]# cd /var/named/ [root@centos8 named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [root@centos8 named]# vim sz.zty123.local.zone $TTL 1D @ IN SOA ns1 admin ( 1 1H 10M 1D 1H ) NS ns1 ns1 A 10.0.0.136 www A 6.6.6.6 mail A 7.7.7.7 [root@centos8 named]# rndc reload
这样深圳的DNS服务器就搭好了
[root@centos8 ~]#yum install bind -y [root@centos8 ~]#vim /etc/named.conf #注释掉两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; forward first; forwarders { 10.0.0.134;}; #关闭dnsec功能 dnssec-enable no; dnssec-validation no; [root@centos8 ~]#systemctl start named #第一次启动服务 [root@centos8 ~]#rndc reload #不是第一次启动服务
[root@centos8 ~]#yum install bind -y [root@centos8 ~]#vim /etc/named.conf #注释掉两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; vim /etc/named.rfc1912.zones #加上下面这段 zone "magedu.org" { type master; file "magedu.org.zone"; }; [root@centos8 ~]# cp -p /var/named/named.localhost /var/named/magedu.org.zone #如果没有-p,需要改权限。chgrp named magedu.org.zone [root@centos8 ~]# vim /var/named/magedu.org.zone $TTL 1D @ IN SOA master admin.magedu.org. ( 2019042214 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 10.0.0.135 www CNAME websrv #web服务器地址 websrv A 10.0.0.129 [root@centos8 ~]#systemctl start named [root@centos8 ~]#rndc reload
实现web服务
#安装http服务 [root@centos8 ~]#yum install httpd #配置主页面 [root@centos8 ~]#echo www.zty123.org > /var/www/html/index.html #启动服务 [root@centos8 ~]#systemctl start httpd
环境要求:8台主机
1、DNS客户端:10.0.0.6/24
2、本地DNS服务器(只缓存):10.0.0.8/24
3、转发目标DNS服务器:10.0.0.18/24
把每个主机的ip以及DNS改成相应的要求
客户端centos6
[root@centos6 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0 NAME=eth0 DEVICE=eth0 BOOTPROTO=static IPADDR=10.0.0.6 NETMASK=255.255.255.0 DNS1=10.0.0.8 ONBOOT=yes service network restart
[root@centos6 ~]#yum install httpd [root@centos6 ~]#echo www.magedu.org > /var/www/html/index.html [root@centos6 ~]#systemctl start httpd
[root@centos8 ~]#yum install bind -y [root@centos8 ~]#vim /etc/named.conf #注释掉下面两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; allow-transfer { 10.0.0.58;}; [root@centos8 ~]#vim /etc/named.rfc1912.zones zone "magedu.org" { #加上这段 type master; file "magedu.org.zone"; }; [root@centos8 ~]#vim /var/named/magedu.org.zone $TTL 1D @ IN SOA master admin.magedu.org. ( 1 1D 1H 1W 3H ) NS master NS slave master A 10.0.0.48 slave A 10.0.0.58 www A 10.0.0.68 [root@centos8 ~]#chgrp named /var/named/magedu.org.zone #改属组 [root@centos8 ~]#systemctl start named
[root@centos8 ~]#yum -y install bind [root@centos8 ~]#vim /etc/named.conf // listen-on port 53 { 127.0.0.1; }; #注释掉 // allow-query { localhost; }; #注释掉 allow-transfer { none;}; #改成none [root@centos8 ~]#vim /etc/named.rfc1912.zones zone "magedu.org" { #添加这段 type slave; masters { 10.0.0.48;}; file "slaves/magedu.org.slave"; }; [root@centos8 ~]#systemctl start named [root@centos8 ~]#ls /var/named/slaves/magedu.org.slave #查看区域数据库文件是否生成
[root@centos8 ~]#yum install bind -y [root@centos8 ~]#vim /etc/named.conf #注释掉两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; [root@centos8 ~]#vim /etc/named.rfc1912.zones #加上这段 zone "org" { type master; file "org.zone"; }; [root@centos8 ~]#vim /var/named/org.zone $TTL 1D @ IN SOA master admin.magedu.org. ( 1 1D 1H 1W 3D ) NS master magedu NS mageduns1 magedu NS mageduns2 master A 10.0.0.38 mageduns1 A 10.0.0.48 mageduns2 A 10.0.0.58 [root@centos8 ~]#chgrp named /var/named/org.zone systemctl start named
[root@centos8 ~]#yum install bind -y [root@centos8 ~]#vim /etc/named.conf #注释掉两行,第13行和第21行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; #将下面行改为: zone "." IN { type master; file "root.zone"; }; [root@centos8 ~]#vim /var/named/root.zone $TTL 1D @ IN SOA master admin.magedu.org. ( 1 1D 1H 1W 3D ) NS master org NS orgns master A 10.0.0.28 orgns A 10.0.0.38 [root@centos8 ~]#chgrp named /var/named/root.zone [root@centos8 ~]#chmod 640 /var/named/root.zone
[root@centos8 ~]#yum install bind -y [root@centos8 ~]#vim /etc/named.conf // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; dnssec-enable no; dnssec-validation no [root@centos8 ~]#vim /var/named/named.ca . 518400 IN NS a.root-servers.net. a.root-servers.net. 3600000 IN A 10.0.0.28 [root@centos8 ~]#systemctl start named
[root@centos8 ~]#yum install bind -y [root@centos8 ~]#vim /etc/named.conf // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; forward only; forwarders { 10.0.0.18;}; dnssec-enable no; dnssec-validation no [root@centos8 ~]#systemctl start named
[root@centos6 ~]#cat /etc/resolv.conf nameserver 10.0.0.8 [root@centos6 ~]#dig www.magedu.org ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.magedu.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40755 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.org. IN A ;; ANSWER SECTION: www.magedu.org. 86181 IN A 10.0.0.68 ;; AUTHORITY SECTION: magedu.org. 86181 IN NS ns2.magedu.org. magedu.org. 86181 IN NS ns1.magedu.org. ;; ADDITIONAL SECTION: ns2.magedu.org. 86181 IN A 10.0.0.48 ns1.magedu.org. 86181 IN A 10.0.0.58 ;; Query time: 1 msec ;; SERVER: 10.0.0.8#53(10.0.0.8) ;; WHEN: Fri May 10 17:28:39 CST 2019 ;; MSG SIZE rcvd: 127 成功 [root@centos6 ~]#curl www.magedu.org [root@centos6 ~]#www.magedu.org