人心不同 各如其面 如之奈何如之奈何
——引子
我们的目标很明了——构建一个具有根的、私有的DNS(Domain Name System)。
这里不会陈述太多关于DNS与BIND的基础知识,如果您需要查看一些基础性的文章,文章末尾附录之中有传送门。
上图摘自《DNS与BIND》中文第四版。
上图便是我们整个DNS系统的鸟瞰,您需要特别注意,由于我们整个过程需要启动6个相互关联的、位于GNU/linux操作系统上的DNS服务器,一个小小的失误,极可能导致最终的失败,所以,在接下来的“游戏”里,您应该时刻知道我们目前处于系统的哪个位置。
此次实验共有6台服务器参与,他们皆位于VMnet2:192.168.31.0/24网络中,当然,如果加上Host主机,就是7台。
Host主机的ip地址默认为192.168.31.1,我们将Clone 1的IP设置为192.168.31.98,他将担负根DNS服务器的职责。Clone 2至Clone 6便直接对应设置为192.168.31.2依次至192.168.31.6。
下面,我们便开始此次游历。
Step root:
目前位置——服务器Clone 1,192.168.31.98,职能为根DNS服务器。
各配置文件如下。
# /etc/named.conf
1 acl listen_acl 2 { 3 any; 4 }; 5 acl allow_query_acl 6 { 7 any; 8 }; 9 acl allow_recursion_acl10 {11 none; # allow_recursion none12 };13 acl allow_transfer_acl14 {15 none;16 };17 acl allow_update_acl18 {19 none;20 };21 options22 {23 listen-on port 53 { listen_acl; };24 directory "/var/named";25 dump-file "/var/named/data/cache_dump.db";26 statistics-file "/var/named/data/named_stats.txt";27 memstatistics-file "/var/named/data/named_mem_stats.txt";28 allow-query { allow_query_acl; };29 allow-recursion { allow_recursion_acl; };30 allow-transfer { allow_transfer_acl; };31 allow-update { allow_update_acl; };32 };33 34 zone "." IN {35 type master; #master36 file "root.zone";37 };# /var/named/root.zone
1 . 86286 IN SOA dns-0.dns.mil. dns.mail.dns.mil. 2014031100 1800 900 604800 86400 2 3 . 518400 IN NS dns-0.dns.mil. 4 dns-0.dns.mil. 3600000 IN A 192.168.31.98 5 . 518400 IN NS dns-1.dns.mil. 6 dns-1.dns.mil. 3600000 IN A 192.168.31.98 7 8 cc. 600 IN NS dns-cc-0.dns.cc. 9 dns-cc-0.dns.cc. 600 IN A 192.168.31.310 org. 600 IN NS dns-org-0.dns.org.11 dns-org-0.dns.org. 600 IN A 192.168.31.312 13 ;根域划分 子域授权
确认、启动根DNS服务。
Step cc & Step org:
目前位置——顶级域DNS服务器Clone 3,192.168.31.3,我们将cc与org域的DNS服务皆放在Clone 3服务器上,其将担负顶级域DNS服务器的职能。
各配置文件如下。
# /etc/named.conf
1 acl listen_acl 2 { 3 any; 4 }; 5 acl allow_query_acl 6 { 7 any; 8 }; 9 acl allow_recursion_acl10 {11 none;12 };13 acl allow_transfer_acl14 {15 none;16 };17 acl allow_update_acl18 {19 none;20 };21 options22 {23 listen-on port 53 { listen_acl; };24 directory "/var/named";25 dump-file "/var/named/data/cache_dump.db";26 statistics-file "/var/named/data/named_stats.txt";27 memstatistics-file "/var/named/data/named_mem_stats.txt";28 allow-query { allow_query_acl; };29 allow-recursion { allow_recursion_acl; };30 allow-transfer { allow_transfer_acl; };31 allow-update { allow_update_acl; };32 };33 zone "." IN {34 type hint; #hint35 file "root.cache"; #指定root DNS服务器的IP地址与FQDN36 };37 zone "cc" IN {38 type master;39 file "cc.zone";40 };41 zone "org" IN {42 type master;43 file "org.zone";44 };# /var/named/root.cache
1 . 518400 IN NS dns-0.dns.mil.2 dns-0.dns.mil. 3600000 IN A 192.168.31.983 . 518400 IN NS dns-1.dns.mil.4 dns-1.dns.mil. 3600000 IN A 192.168.31.98
# /var/named/cc.zone
1 $TTL 600 2 3 cc. IN SOA dns-cc-0.dns.cc. dns-cc.mail.dns.cc. ( 4 2014031001 5 3H 6 15M 7 3D 8 1D 9 );10 11 cc. IN NS dns-cc-0.dns.cc.12 dns-cc-0.dns.cc. IN A 192.168.31.313 14 eecs.cc. IN NS dns.eecs.cc.15 dns.eecs.cc. IN A 192.168.31.4
# /var/named/org.zone
1 $TTL 600 2 3 org. IN SOA dns-org-0.dns.org. dns-org.mail.dns.org. ( 4 2014031001 5 3H 6 15M 7 3D 8 1D 9 );10 11 org. IN NS dns-org-0.dns.org.12 dns-org-0.dns.org. IN A 192.168.31.313 14 free.org. IN A 192.168.31.315 16 just.org. IN NS dns.just.org.17 dns.just.org. IN A 192.168.31.5
确认、启动顶级域DNS服务。
Step eecs.cc:
目前位置——eecs.cc域DNS服务器Clone4,192.168.31.4。
各配置文件如下。
# /etc/named.conf
1 # /etc/named.conf 2 acl listen_acl 3 { 4 any; 5 }; 6 acl allow_query_acl 7 { 8 any; 9 };10 acl allow_recursion_acl11 {12 none;13 };14 acl allow_transfer_acl15 {16 none;17 };18 acl allow_update_acl19 {20 none;21 };22 options23 {24 listen-on port 53 { listen_acl; };25 directory "/var/named";26 dump-file "/var/named/data/cache_dump.db";27 statistics-file "/var/named/data/named_stats.txt";28 memstatistics-file "/var/named/data/named_mem_stats.txt";29 allow-query { allow_query_acl; };30 allow-recursion { allow_recursion_acl; };31 allow-transfer { allow_transfer_acl; };32 allow-update { allow_update_acl; };33 };34 35 zone "." IN {36 type hint;37 file "root.cache";38 };39 zone "eecs.cc" IN {40 type master;41 file "eecs.cc.zone";42 };View Code# /var/named/root.cache
1 ; /var/named/root.cache2 . 518400 IN NS dns-0.dns.mil.3 dns-0.dns.mil. 3600000 IN A 192.168.31.984 . 518400 IN NS dns-1.dns.mil.5 dns-1.dns.mil. 3600000 IN A 192.168.31.98View Code
# /var/named/eecs.cc.zone
1 ; /var/named/eecs.cc.zone 2 $TTL 600 3 4 eecs.cc. IN SOA dns.eecs.cc. dns.mail.eecs.cc. ( 5 2014031001 6 3H 7 15M 8 3D 9 1D10 );11 12 eecs.cc. IN NS dns.eecs.cc.13 dns.eecs.cc. IN A 192.168.31.414 15 eecs.cc. IN A 192.168.31.416 mail.eecs.cc. IN A 192.168.31.417 www.eecs.cc. IN A 192.168.31.418 ftp.eecs.cc. IN A 192.168.31.419 cs.eecs.cc. IN A 192.168.31.4View Code
确认、启动eecs.cc域DNS服务。
Step just.org:
目前位置——just.org域DNS服务器Clone 5,192.168.31.5。
各配置文件如下。
# /etc/named.conf
1 # /etc/named.conf 2 acl listen_acl 3 { 4 any; 5 }; 6 acl allow_query_acl 7 { 8 any; 9 };10 acl allow_recursion_acl11 {12 none;13 };14 acl allow_transfer_acl15 {16 none;17 };18 acl allow_update_acl19 {20 none;21 };22 options23 {24 listen-on port 53 { listen_acl; };25 directory "/var/named";26 dump-file "/var/named/data/cache_dump.db";27 statistics-file "/var/named/data/named_stats.txt";28 memstatistics-file "/var/named/data/named_mem_stats.txt";29 allow-query { allow_query_acl; };30 allow-recursion { allow_recursion_acl; };31 allow-transfer { allow_transfer_acl; };32 allow-update { allow_update_acl; };33 };34 35 zone "." IN {36 type hint;37 file "root.cache";38 };39 zone "just.org" IN {40 type master;41 file "just.org.zone";42 };View Code # /var/named/root.cache
1 ; /var/named/root.cache2 . 518400 IN NS dns-0.dns.mil.3 dns-0.dns.mil. 3600000 IN A 192.168.31.984 . 518400 IN NS dns-1.dns.mil.5 dns-1.dns.mil. 3600000 IN A 192.168.31.98View Code
# /var/named/just.org.zone
1 ; /var/named/just.org.zone 2 $TTL 600 3 4 just.org. IN SOA dns.just.org. dns.mail.just.org. ( 5 2014031001 6 3H 7 15M 8 3D 9 1D10 );11 12 just.org. IN NS dns.just.org.13 dns.just.org. IN A 192.168.31.514 15 www.just.org. IN A 192.168.31.516 mail.just.org. IN A 192.168.31.5View Code
确认、启动just.org域DNS服务。
Step DNS Server:
目前位置——递归DNS服务器Clone 6,192.168.31.6,此服务器直接向用户提供DNS服务。
各配置文件如下。
# /etc/named.conf
1 acl listen_acl 2 { 3 any; 4 }; 5 acl allow_query_acl 6 { 7 any; 8 }; 9 acl allow_recursion_acl10 {11 any; # allow_recursion any12 };13 acl allow_transfer_acl14 {15 none;16 };17 acl allow_update_acl18 {19 none;20 };21 options22 {23 listen-on port 53 { listen_acl; };24 directory "/var/named";25 dump-file "/var/named/data/cache_dump.db";26 statistics-file "/var/named/data/named_stats.txt";27 memstatistics-file "/var/named/data/named_mem_stats.txt";28 allow-query { allow_query_acl; };29 allow-recursion { allow_recursion_acl; };30 allow-transfer { allow_transfer_acl; };31 allow-update { allow_update_acl; };32 33 };34 35 zone "." IN {36 type hint;37 file "root.cache";38 };# /var/named/root.cache
1 ; /var/named/root.cache2 . 518400 IN NS dns-0.dns.mil.3 dns-0.dns.mil. 3600000 IN A 192.168.31.984 . 518400 IN NS dns-1.dns.mil.5 dns-1.dns.mil. 3600000 IN A 192.168.31.98View Code
确认、启动递归DNS服务。
至此,整个系统构建完成。
我们使用Clone 2主机对我们的DNS系统进行测试。
1.编辑/etc/resolv.conf文件,已达到设置系统默认nameserver的目的;
2.进行测试,结果如下图:
附录:
基础资料传送门:http://www.CUOXin.com/smilenana/p/3414077.htmlhttp://www.CUOXin.com/xiaoluo501395377/tag/CentOS/
新闻热点
疑难解答
