一、DNS简介
1、DNS
DNS是域名系统(Domain Name System)的简称,它是一个将域名和IP相互映射的分布式数据库。有了DNS服务器,我们只需要记录一个网站的域名即可访问,而再也不需要记忆那一串长长的IP地址了。全球有386台根服务器,被编号为A到M共13个标号,编号相同的根服务器使用同一个IP,386台根服务器总共只使用13个IP,因此可以抵抗针对其所进行的分布式拒绝服务攻击(DDoS)。中国大陆在北京有两台编号为L的根服务器镜像,编号为F、I、J的各一,共5台镜像,所以刚才提到的那个故障应该就是国内的DNS根域镜像的故障。
2、分布式数据库
早期的网络比较单一,域名也比较少,所以hosts文件可以说是比较简单的数据库了,但到了后来网络的爆炸式发展,一个hosts文件、一台服务器、一组DNS集群都不能扛得住越来越多的主机请求,所以到后来出现了分布式数据库,把一个数据库切成n片,放到不同的主机上来解析客户端的请求,当需要解析不同的主机时,就到不同的服务器上去实现,以到达缓解根服务器巨大的压力。
二、实验环境
VMware Workstation Pro15
两台 Red Hat Enterprise Linux Server release 7.1 (Maipo)
xshell 6(可不需要)
防火墙与selinux关闭
三、安装服务
#主从服务器安装一样的包
[root@localhost ~]# yum install -y bind*
四、配置服务
1、配置主DNS
2、全局配置选项options
listen-on port 53 { 127.0.0.1; }; IP改为从服务器IP网段,我这是192.168.22.0/24
allow-query { localhost; }; localhost改为允许的网段,any为所有
[root@localhost named]# vim /etc/named.conf options { listen-on port 53 { 192.168.22.0/24; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; };
3、写入正反向配置
zone "kk.cn" IN { type slave; file "slaves/kk.a.zone"; masters {192.168.22.77; }; }; zone "22.168.192.in-addr.arpa" IN { type slave; file "slaves/kk.b.zone"; masters {192.168.22.77; }; };
五、重启从服务器DNS
[root@localhost ~]# systemctl restart named
查询服务状态,如果正确大致为这样
[root@localhost named]# systemctl status named ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2019-07-17 10:37:24 CST; 9s ago Process: 56688 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS) Process: 56686 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 56691 (named) CGroup: /system.slice/named.service └─56691 /usr/sbin/named -u named Jul 17 10:37:24 localhost.localdomain named[56691]: transfer of 'kk.cn/IN' from 192.168.22.77#53: Transfer completed: 1 mess.../sec) Jul 17 10:37:24 localhost.localdomain named[56691]: zone kk.cn/IN: sending notifies (serial 0) Jul 17 10:37:24 localhost.localdomain named[56691]: validating @0x7f5ffc60b3e0: . DNSKEY: unable to find a DNSKEY which ve...r '.' Jul 17 10:37:24 localhost.localdomain named[56691]: validating @0x7f5ffc60b3e0: . DNSKEY: please check the 'trusted-keys' ...conf. Jul 17 10:37:24 localhost.localdomain named[56691]: error (broken trust chain) resolving './NS/IN': 199.7.91.13#53 Jul 17 10:37:24 localhost.localdomain named[56691]: zone 22.168.192.in-addr.arpa/IN: Transfer started. Jul 17 10:37:24 localhost.localdomain named[56691]: transfer of '22.168.192.in-addr.arpa/IN' from 192.168.22.77#53: connecte...52989 Jul 17 10:37:24 localhost.localdomain named[56691]: zone 22.168.192.in-addr.arpa/IN: transferred serial 0 Jul 17 10:37:24 localhost.localdomain named[56691]: transfer of '22.168.192.in-addr.arpa/IN' from 192.168.22.77#53: Transfer.../sec) Jul 17 10:37:24 localhost.localdomain named[56691]: zone 22.168.192.in-addr.arpa/IN: sending notifies (serial 0) Hint: Some lines were ellipsized, use -l to show in full.
六、测试
1、配置网卡的DNS
配置DNS1=从服务器IP地址,我这为192.168.22.107
[root@localhost named]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet BOOTPROTO=static NAME=ens33 UUID=727a9a45-718b-45bc-a13c-e6f5c35ab721 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.22.107 NETMASK=255.255.255.0 GATEWAY=192.168.22.2 DNS1=192.168.22.107
2、重启网络服务
[root@localhost named]# systemctl restart network
3、开始测试
[root@localhost ~]# nslookup > 192.168.22.77 Server: 192.168.22.107 Address: 192.168.22.107#53 77.22.168.192.in-addr.arpa name = k1.kk.cn. > 192.168.22.107 Server: 192.168.22.107 Address: 192.168.22.107#53 107.22.168.192.in-addr.arpa name = k2.kk.cn. > k1.kk.cn Server: 192.168.22.107 Address: 192.168.22.107#53 Name: k1.kk.cn Address: 192.168.22.77 > k2.kk.cn Server: 192.168.22.107 Address: 192.168.22.107#53 Name: k2.kk.cn Address: 192.168.22.107
七、附录
待添加