zoukankan      html  css  js  c++  java

  • test

    实现互联网架构DNS服务

    DNS架构.png

    注意:

    • 从后往前搭建,好测试
    • 测试时注意rndc flush,因为有缓存时优先使用缓存

    1. 配置www主机:

      • yum install -y httpd

      • vim /var/www/html/index.html

        Welcome to magedu!

      • systemctl start httpd

    2. 配置主DNS:

      • vim /etc/named.conf

        1.  
          listen-on port 53 { localhost; };
        2.  
          allow-query { any; };
        3.  
          allow-transfer { 192.168.39.75; };
        4.  
          dnssec-enable no;
        5.  
          dnssec-validation no;

      • vim /etc/named.rfc1912.zones

        1.  
          zone "magedu.com" IN {
        2.  
          type master;
        3.  
          file "magedu.com.zone";
        4.  
          };

      • named-checkconf

      • vim /var/named/magedu.com.zone

        1.  
          $TTL 1D
        2.  
          @ IN SOA dns1 admin (
        3.  
          2018072401
        4.  
          1D
        5.  
          2H
        6.  
          3D
        7.  
          1D )
        8.  
          NS dns1
        9.  
          NS dns2
        10.  
          dns1 A 192.168.39.74
        11.  
          dns2 A 192.168.31.75
        12.  
          www A 192.168.31.76

      • chmod 640 magedu.com.zone

      • chown :named magedu.com.zone

      • named-checkzone magedu.com. magedu.com.zone

      • systemctl start named

    3. 配置从DNS:

      • vim /etc/named.conf

        1.  
          listen-on port 53 { localhost; };
        2.  
          allow-query { any; };
        3.  
          allow-transfer { 192.168.39.75; };
        4.  
          dnssec-enable no;
        5.  
          dnssec-validation no;

      • vim /etc/named.rfc1912.zones

        1.  
          zone "magedu.com" IN {
        2.  
          type slave;
        3.  
          masters { 192.168.39.74; };
        4.  
          file "slaves/magedu.com.slave.zone";
        5.  
          };

      • named-checkconf

      • systemctl start named

    4. 配置comDNS:

      • vim /etc/named.conf

        1.  
          listen-on port 53 { localhost; };
        2.  
          allow-query { any; };
        3.  
          dnssec-enable no;
        4.  
          dnssec-validation no;

      • vim /etc/named.rfc1912.zones

        1.  
          zone "com" IN {
        2.  
          type master;
        3.  
          file "com.zone";
        4.  
          };

      • named-checkconf

      • vim /var/named/com.zone

        1.  
          $TTL 1D
        2.  
          @ IN SOA dns1 admin (
        3.  
          2018072401
        4.  
          1D
        5.  
          2H
        6.  
          3D
        7.  
          1D )
        8.  
          NS dns1
        9.  
          magedu NS dns2
        10.  
          magedu NS dns3
        11.  
          dns1 A 192.168.39.73
        12.  
          dns2 A 192.168.39.74
        13.  
          dns3 A 192.168.39.75

      • chmod 640 com.zone

      • chown :named com.zone

      • named-checkzone com. com.zone

      • systemctl start named

    5. 配置根DNS:

      • vim /etc/named.conf

        1.  
          listen-on port 53 { localhost; };
        2.  
          allow-query { any; };
        3.  
          dnssec-enable no;
        4.  
          dnssec-validation no;
        5.  
           
        6.  
          zone "." IN {
        7.  
          type master;
        8.  
          file "root.zone";
        9.  
          };

      • named-checkconf

      • vim /var/named/root.zone

        1.  
          $TTL 1D
        2.  
          @ IN SOA dns1 admin (
        3.  
          2018072401
        4.  
          1D
        5.  
          2H
        6.  
          3D
        7.  
          1D )
        8.  
          NS dns1
        9.  
          com NS dns2
        10.  
          dns1 A 192.168.39.72
        11.  
          dns2 A 192.168.39.73

      • chmod 640 root.zone

      • chown :named root.zone

      • named-checkzone . root.zone

      • systemctl start named

    6. 配置局域网DNS:

      • vim /etc/named.conf

        1.  
          listen-on port 53 { localhost; };
        2.  
          allow-query { any; };
        3.  
          dnssec-enable no;
        4.  
          dnssec-validation no;

      • vim /var/named/named.ca

        1.  
          . 86400 IN NS dns1
        2.  
          dns1 86400 A 192.168.39.72

      • systemctl start named

    7. 配置client:

      • vim /etc/resolv.conf

        nameserver 192.168.39.71

    编译安装BIND

    1. 下载bind

      • isc.org

    2. 编译安装bind

      • tar xvf bind-9.11.0a3.tar.gz
      • cd bind-9.11.0a3/
      • groupadd -r -g 53 named
      • useradd -r -u 53 -g 53 named
      • ./configure --prefix=/usr/local/bind9 --sysconfdir=/etc/named/ --without-openssl --disable-ipv6 --disable-chroot --enable-threads
      • make
      • make install

    3. 环境变量

      • vim /etc/profile.d/named.sh

        1.  
          export PATH=/usr/local/bind9/bin:
        2.  
          /usr/local/bind9/sbin/:$PATH

    4. 库和头文件

      • vim /etc/ld.so.conf.d/named.conf

        /usr/local/bind9/lib

      • ldconfig –v

      • ls -sv /usr/local/bind9/include /usr/include/named

    5. man帮助

      • vim /etc/man.config | /etc/man_db.conf

        MANPATH /usr/local/bind9/share/man

      • man named.conf

    6. 主配置文件

      • vim /etc/named/named.conf

        1.  
          options {
        2.  
          directory "/var/named/"
        3.  
          };
        4.  
          zone "." IN {
        5.  
          type hint;
        6.  
          file "named.ca";
        7.  
          };
        8.  
          zone "localhost" IN {
        9.  
          type master;
        10.  
          file “named.localhost";
        11.  
          allow-update {none;};
        12.  
          };
        13.  
          zone “1.0.0.127.in-addr.arpa" IN {
        14.  
          type master;
        15.  
          file "named.loopback";
        16.  
          allow-update {none;};
        17.  
          };

    7. 区域数据库

      • mkdir /var/named

      • named-checkconf

      • dig +norec @a.root-servers.net > /var/named/named.ca

      • vim /var/named/named.localhost

        1.  
          $TTL 1d
        2.  
          @ IN SOA localhost. admin.localhost. (
        3.  
          2016061801
        4.  
          1h
        5.  
          5m
        6.  
          7d
        7.  
          1d)
        8.  
          IN NS localhost.
        9.  
          localhost. IN A 127.0.0.1

      • vim /var/named/named.loopback

        1.  
          $TTL 1d
        2.  
          @ IN SOA localhost. admin.localhost. (
        3.  
          2016061801
        4.  
          1h
        5.  
          5m
        6.  
          7d
        7.  
          1d)
        8.  
          NS @
        9.  
          A 127.0.0.1
        10.  
          PTR localhost.

    8. 设置权限

      • chmod 640 /var/named/*
      • chmod 640 /etc/named/named.conf
      • chgrp -R named /var/named/
      • chgrp named /etc/named/named.conf

    9. 启动服务和测试

      • man named
      • named -u named -f -g -d 3 前端级别3方式运行
      • named -u named 后台运行
      • killall named
      • ss -tuln
      • tail /var/log/message
      • named -u named
  • 相关阅读:
    知识点:synchronized 原理分析
    知识点:spring 完全手册
    知识点:图说 Mysql 权限管理
    知识点:Mysql 基本用法之流程控制
    知识点:Mysql 基本用法之函数
    知识点:Mysql 基本用法之存储过程
    知识点:Mysql 基本用法之事务
    知识点:Mysql 基本用法之触发器
    知识点:Mysql 基本用法之视图
    知识点:MySQL表名不区分大小写的设置方法
  • 原文地址:https://www.cnblogs.com/heboxiang/p/15134948.html
Copyright © 2011-2022 走看看