标签:
1、模拟互联网的搭建DNS处事
搭建流程:便利排错验证,优先搭建web处事器便利下个处事器的模拟验证
处事器搭建挨次
WEB处事 ---> 百度DNS主处事 ---> 百度DNS从处事 ---> 顶级域名DNS处事.com ---> 根DNS处事 ---> 企业转发DNS处事 ---> 企业DNS处事 ---> 企业客户机
web处事安置httpd处事实现web处事
DNS处事安置bind、bind-utils:实现DNS解析处事供给和调试成果
全局配置文件/etc/named.conf、/etc/named.rfc1912.zones的改削
解析数据库文件的编纂
配置文件的语法查抄、处事配置文件重载、处事重启
wen处事解析测试
处事器的规划导图如下
2、DNS处事器搭建实操
#WEB处事器10.0.0.10 centos6系统
[[email protected] ~]# yum install -y httpd chrony
[[email protected] ~]# service chronyd start
[[email protected] ~]# service iptables stop
[[email protected] ~]# getenforce 0
[[email protected] ~]# service httpd start
[[email protected] ~]# echo "this test web 10.0.0.10" > /var/www/http/index.html
#baidu主DNS处事器10.0.0.11
centos8系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl enable --now chronyd
[[email protected] ~]# systemctl enable --now named.service
[[email protected] ~]# vim /etc/named.conf
***
options {
//
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
//
allow-query
{ localhost; };
allow-transfer {none}
***
[[email protected] ~]# vim /etc/named.rfc1912.zones
***
//
zone "yun.com" {
type master;
file "yun.com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[[email protected] ~]# vim /var/named/yun.com.zone
$TTL 1D
@
IN
SOA
ns1
admin ( 1 1H 1H 1W 1D )
NS
ns1
NS
ns2
ns1
A
10.0.0.11
ns2
A
10.0.0.12
www
A
10.0.0.10
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named
#baidu从DNS处事器
centos6
service iptables stop
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# service chronyd start
[[email protected] ~]# service named start
[[email protected] ~]# service iptables stop
[[email protected] ~]# getenforce 0
[[email protected] ~]# vim /etc/named.conf
***
options {
//
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//
allow-query
{ localhost; };
allow-transfer {none}
recursion yes;
***
[[email protected] ~]# vi /etc/named.rfc1912.zones
***
//
zone "yun.com" {
type slave;
masters {10.0.0.11;};
file "slaves/yun.com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[[email protected] ~]#ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 347 Feb 13 21:14 yun.com.zone
[[email protected] ~]# rndc reload
[[email protected] ~]# service named restart
#互联网顶级域名comDNS处事器
centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
//
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
//
allow-query
{ localhost; };
allow-transfer {none}
***
[[email protected] ~]# vi /etc/named.rfc1912.zones
***
//
zone "com"{
type master;
file "com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
***
[[email protected] ~]# vi /var/named/com.zone
***
$TTL 1D
@
IN
SOA
ns1
yun ( 2 1D 1H 1W 1D )
NS
ns1
yun
NS
ns2
ns1
A
10.0.0.13
ns2
A
10.0.0.11
ns2
A
10.0.0.12
***
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named
#互联网根DNS处事器
centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
//
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
//
allow-query
{ localhost; };
allow-transfer {none}
***
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type master;
file "root.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[[email protected] ~]# vi /var/named/root.zone
***
$TTL 1D
@
IN
SOA
ns1
yun ( 2 1D 1H 1W 1D )
NS
ns1
com
NS
ns2
ns1
A
10.0.0.14
ns2
A
10.0.0.13
***
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named
#企业内部转发DNS处事器
ubuntu系统
[email protected]:~# apt install -y bind9 chrony
[email protected]:~# systemctl disable --now ufw.service
[email protected]:~# systemctl enable --now named chronyd
[email protected]:~# vim /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replac
// the all-0's placeholder.
forward only;
forwarders {
10.0.0.14;
};
dnssec-validation no;
#
***
[email protected]:~# systemctl restart named
#企业内部转发DNS
centos7系统
[[email protected] ~]# yum install -y bind bind-utils chrony
[[email protected] ~]# systemctl disable --now firewalld
[[email protected] ~]# getenforce 0
[[email protected] ~]# systemctl enable --now named chronyd
[[email protected] ~]# vi /etc/named.conf
***
options {
//
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
//
allow-query
{ localhost; };
allow-transfer {none}
***
dnssec-enable no;
dnssec-validation no;
***
[[email protected] ~]# vi /var/named/named.ca
; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;.
IN
NS
;; ANSWER SECTION:
.
518400 IN
NS
a.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net.
518400 IN
A
10.0.0.14
[[email protected] ~]# rndc reload
[[email protected] ~]# systemctl restart named
3、安置过程中遇到坑
处事器安置之前必然必然必然要确认时间同步!!!selinux封锁!!!防火墙封锁!!!
![[转]Node.js中package.json中^和~的区别](/uploads/allimg/200519/054J34453_lit.png "[转]Node.js中package.json中^和~的区别")