简述DNS服务器原理,并搭建主-辅服务器
1.DNS服务器原理
1.1 DNS是什么
DNS(Domain Name Service)的作用就是根据域名查询IP地址的方式
DNS查询类型对于客户端来说是递归查询,对于DNS服务器来说,绝大多是迭代查询。DNS名称解析中,从名称到IP的查询叫做正向解析,而从IP到名称的查询叫做反向解析。如果DNS服务器至少解析了一个或一个以上的域叫做DNS主服务器或者DNS辅助服务器,如果不负责任何解析叫做DNS缓存服务器。
DNS名称解析中,从名称到IP的查询叫做正向解析,而从IP到名称的查询叫做反向解析。如果DNS服务器至少解析了一个或一个以上的域叫做DNS主服务器或者DNS辅助服务器,如果不负责任何解析叫做DNS缓存服务器。
1.2 DNS的域名解析过程
-
客户访问时,先查自己的hosts文件,有则返回
-
客户hosts中没有就去查自己的缓存,有则返回
-
客户缓存没有就去找dns服务器
-
dns服务器先找根服务器获得顶级域服务器地址
-
dns服务器在找顶级域服务器去获得二级域服务器地址
-
dns服务器从二级域服务器获得最终的IP地址
-
客户端从dns服务器中得到IP地址
2.搭建主从DNS
2.1 环境
| 设备 | IP | DNS |
|---|---|---|
| DNS主服务器node1 | 10.0.0.11 | 10.0.0.11 |
| DNS辅服务器node2 | 10.0.0.12 | 10.0.0.12 |
| 客户端node3 | 10.0.0.13 | 10.0.0.11、10.0.0.12 |
修改DNS配置文件
[root@node1 ~]# vim /etc/resolv.conf nameserver 10.0.0.11 [root@node2 ~]# vim /etc/resolv.conf nameserver 10.0.0.12
安装软件
[root@node1 ~]# yum -y install bind bind-utils [root@node2 ~]# yum -y install bind bind-utils [root@node3 ~]# yum -y install bind-utils
2.2 搭建主DNS
2.2.1 修改主配置文件,全局设置
[root@node1 ~]# vim /etc/named.conf
listen-on port 53 { 10.0.0.11; };#修改监听通信地址IP
allow-query { any; };#修改允许任何人连接,设置成any
#关闭dnsec加密验证功能
# dnssec-enable no;
# dnssec-validation no;
=====================================================================
options {
listen-on port 53 { 10.0.0.11; };#修改监听通信地址IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };#修改允许任何人连接,设置成any
……
2.2.2 添加正向解析、反向解析
增加
[root@node1 ~]# vim /etc/named.rfc1912.zones
zone "feifa.net" IN{
type master; #自定义主类
file "feifa.net.zone" # 相对路径在/var/named下
allow-transfer { 10.0.0.12; }; #从服务器IP
also-notify { 10.0.0.12; };
};
zone "10.0.0.in-addr.arpa" IN{
type master; #自定义主类
file "feifa.net.local" # 相对路径在/var/named下
allow-transfer { 10.0.0.12; }; #从服务器IP
};
2.2.3 修改配置文件
# 复制配置文件
[root@node1 ~]# cp -p /var/named/named.localhost /var/named/feifa.net.zone
[root@node1 ~]# cp -p /var/named/named.loopback /var/named/feifa.net.local
# 设置正向解析
[root@node1 ~]# vim /var/named/feifa.net.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 10.0.0.11
www IN A 10.0.0.11
ftp IN A 10.0.0.11
mail IN CNAME www
# 设置反向解析
[root@node1 ~]# vim /var/named/feifa.net.local
$TTL 1D
@ IN SOA feifa.net. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS feifa.net.
A 10.0.0.11
10 IN PTR www.feifa.net
11 IN PTR ftp.feifa.net
# 语法检查
[root@node1 ~]# named-checkconf -z /etc/named.conf
2.2.4 检查
# 开启检查 [root@node1 ~]# systemctl start named [root@node1 ~]# netstat -tunlp |grep named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5759/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5759/named tcp6 0 0 ::1:953 :::* LISTEN 5759/named tcp6 0 0 ::1:53 :::* LISTEN 5759/named udp 0 0 127.0.0.1:53 0.0.0.0:* 5759/named udp6 0 0 ::1:53 :::* 5759/named #其中53端口被监听,953端口被rndc监听 #效果检查 [root@node1 ~]# nslookup ftp.feifa.net Server: 10.0.0.11 Address: 10.0.0.11#53 Name: ftp.feifa.net Address: 10.0.0.11 [root@node1 ~]# nslookup www.feifa.net Server: 10.0.0.11 Address: 10.0.0.11#53 Name: www.feifa.net Address: 10.0.0.11 [root@node1 ~]# nslookup mail.feifa.net Server: 10.0.0.11 Address: 10.0.0.11#53 mail.feifa.net canonical name = www.feifa.net. Name: www.feifa.net Address: 10.0.0.11
2.3 搭建从DNS
2.3.1 修改从配置文件
[root@node2 ~]# vim /etc/named.conf
options {
listen-on port 53 { 10.0.0.12; }; #修改为从服务器IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; }; #修改为any
2.3.2 修改区域设置
[root@node2 ~]# vim /etc/named.rfc1912.zones
zone "feifa.net" IN{
type slave; #
masters { 10.0.0.11; };
allow-notify { 10.0.0.11; };
file "slaves/feifa.net.zone"; #
};
zone "10.0.0.in-addr.arpa" IN{
type slave; #
masters { 10.0.0.11; };
allow-notify { 10.0.0.11; };
file "slaves/feifa.net.local"; #
};
# 检查语法
[root@node2 ~]# named-checkconf -z /etc/named.conf
2.3.3 查看生成效果
[root@node2 ~]# systemctl start named [root@node2 ~]# ll /var/named/slaves/ total 8 -rw-r--r-- 1 named named 372 Oct 12 23:40 feifa.net.local -rw-r--r-- 1 named named 259 Oct 12 23:40 feifa.net.zone
2.3.4 查看从服务器解析效果
[root@node2 ~]# nslookup www.feifa.net Server: 10.0.0.12 Address: 10.0.0.12#53 Name: www.feifa.net Address: 10.0.0.11 [root@node2 ~]# nslookup ftp.feifa.net Server: 10.0.0.12 Address: 10.0.0.12#53 Name: ftp.feifa.net Address: 10.0.0.11 [root@node2 ~]# nslookup mail.feifa.net Server: 10.0.0.12 Address: 10.0.0.12#53 mail.feifa.net canonical name = www.feifa.net. Name: www.feifa.net Address: 10.0.0.11
2.3 客户机测试
配置客户机DNS [root@node3 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DNS1=10.0.0.11 DNS2=10.0.0.12
2.3.1 测试域名解析效果
#测试 [root@node3 ~]# nslookup www.feifa.net Server: 10.0.0.11 Address: 10.0.0.11#53 Name: www.feifa.net Address: 10.0.0.11 [root@node3 ~]# nslookup ftp.feifa.net Server: 10.0.0.11 Address: 10.0.0.11#53 Name: ftp.feifa.net Address: 10.0.0.11 [root@node3 ~]# nslookup mail.feifa.net Server: 10.0.0.11 Address: 10.0.0.11#53 mail.feifa.net canonical name = www.feifa.net. Name: www.feifa.net Address: 10.0.0.11
2.3.2 停用主服务器后域名解析效果
[root@node1 ~]# systemctl stop named [root@node3 ~]# nslookup www.feifa.net Server: 10.0.0.12 Address: 10.0.0.12#53 Name: www.feifa.net Address: 10.0.0.11 [root@node3 ~]# nslookup ftp.feifa.net Server: 10.0.0.12 Address: 10.0.0.12#53 Name: ftp.feifa.net Address: 10.0.0.11 [root@node3 ~]# nslookup mail.feifa.net Server: 10.0.0.12 Address: 10.0.0.12#53 mail.feifa.net canonical name = www.feifa.net. Name: www.feifa.net Address: 10.0.0.11
标签:10.0,named,01,09,feifa,0.11,服务器,net,root From: https://www.cnblogs.com/feifa/p/16052006.html