unit5.DNS域名解析服务的部署及优化方案
1.
(问答题)
1.配置2台服务器要求如下:
a)服务器1:
主机名:dns-master.timinglee.org
ip地址: 172.25.254.100
配置好软件仓库
b)服务器2:
主机名:dns-slave.timinglee.org
ip地址:172.25.254.200
配置好软件仓库
2.dns-master是一台权威dns,次dns要具备一下功能
a)可以解析timinglee.org域中的主机,此域中的主机列表为
172.25.254.100 bbs.timinglee.org
172.25.254.200 login.timinglee.org
b)可以为timinglee.org这个域提供邮件解析记录,邮件服务器的地址为172.25.254.10
c)可以为172.25.254.0/24网段提供反向解析记录,反向解析记录为:
172.25.254.100 bbs.timinglee.org
172.25.254.200 login.timinglee.org
3.dns-slave主机是dns-master主机的辅助dns,当master主机中的数据发生变化后其内容自动发生改变
一,
a)服务器1(dns-master.timinglee.org)配置
1.设置主机名
[root@server ~]# hostnamectl set-hostname dns-master.timinglee.org
[root@server ~]# reboot
结果:
[root@dns-master ~]#
2.配置网络
[root@dns-master ~]# ifconfig
ens160:
[root@dns-master ~]# vim /etc/NetworkManager/system-connections/ens160.nmconnection
[root@dns-master ~]# systemctl restart NetworkManager
在vim中:
...
[ipv4]
address1=192.168.187.131/24,192.168.187.2
address2=172.25.254.100/24
method=manual
...
3.安装BIND
[root@dns-master ~]# yum install bind -y
4.启动BIND
[root@dns-master ~]# systemctl enable --now named
[root@dns-master ~]# firewall-cmd --permanent --add-service=dns
[root@dns-master ~]# firewall-cmd --reload
结果:
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
success
success
b)服务器2为1在配置前的克隆(dns-slave.timinglee.org)配置
1.设置主机名
[root@note ~]# hostnamectl set-hostname dns-slave.timinglee.org
[root@note ~]# reboot
[root@dns-slave ~]#
2.配置网络
[root@dns-slave ~]# vim /etc/NetworkManager/system-connections/ens160.nmconnection
[root@dns-slave~]# systemctl restart NetworkManager
在vim中:
...
[ipv4]
address1=192.168.187.132/24,192.168.187.2
address2=172.25.254.200
method=manual
...
3.安装BIND
[root@dns-slave ~]# yum install bind -y
4.启动BIND
[root@dns-slave ~]# systemctl enable --now named
[root@dns-slave ~]# firewall-cmd --permanent --add-service=dns
[root@dns-slave ~]# firewall-cmd --reload
结果:
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
success
success
二,
a)b)c)
[root@dns-master ~]# vim /etc/named.rfc1912.zones
在vim中
...
// 正向维护的域
zone "timinglee.org" IN {
type master;
file "timinglee.org.zone";
allow-update { none; };
also-notify { 172.25.254.200; };
};
// 反向维护的域
zone "254.25.172.in-addr.arpa" IN {
type master;
file "172.25.254.ptr";
allow-update { none; };
};
...
[root@dns-master ~]# cd /var/named
生成正向解析A记录文件
[root@dns-master named]# cp -p named.localhost timinglee.org.zone
[root@dns-master named]# vim timinglee.org.zone
在vim中:
...
@ IN SOA dns.timinglee.org. root.timinglee.org. (
...
NS dns.timingless.org.
dns A 172.25.254.100
www CNAME bbs.timinglee.org.
bbs.timinglee.org. A 172.25.254.100
login.timinglee.org. A 172.25.254.200
timinglee.org. MX 1 172.25.254.100
...
生成反向解析A记录文件
[root@dns-master named]# cp -p named.localhost 172.25.254.ptr
[root@dns-master named]# vim 172.25.254.ptr
在vim中:
...
NS dns.timingless.org.
dns A 172.25.254.100
100 PTR bbs.timinglee.org.
200 PTR login.timinglee.org.
...
三,
[root@dns-slave named]# vim /etc/named.rfc1912.zones
在vim中:
...
zone "timinglee.org" IN {
type slave;
file "slaves/timinglee.org.zone";
masters{172.25.254.100};
allow-update { none; };
};
...
测试:
服务重启:
[root@dns-master named]# systemctl restart named
正向解析:
[root@dns-master named]# dig -t A www.timinglee.org @172.25.254.100
; <<>> DiG 9.16.23-RH <<>> -t A www.timinglee.org @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37416
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6284fdc316a458ec01000000663a5ffaab319d9a34f6e30e (good)
;; QUESTION SECTION:
;www.timinglee.org. IN A
;; ANSWER SECTION:
www.timinglee.org. 86400 IN CNAME bbs.timinglee.org.
bbs.timinglee.org. 86400 IN A 172.25.254.100
;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed May 08 01:08:10 CST 2024
;; MSG SIZE rcvd: 108
邮件解析:
[root@dns-master named]# dig -t MX timinglee.org @172.25.254.100
; <<>> DiG 9.16.23-RH <<>> -t MX timinglee.org @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7445
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3b15c838a778927301000000663a611aad06a8b1e6f1f29b (good)
;; QUESTION SECTION:
;timinglee.org. IN MX
;; ANSWER SECTION:
timinglee.org. 86400 IN MX 1 172.25.254.10.timinglee.org.
;; Query time: 1 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed May 08 01:12:58 CST 2024
;; MSG SIZE rcvd: 113
反向解析:
[root@dns-master named]# dig -x 172.25.254.200 @172.25.254.100
; <<>> DiG 9.16.23-RH <<>> -x 172.25.254.200 @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: fc96105ee08c255201000000663a6093606625f73287f01a (good)
;; QUESTION SECTION:
;200.254.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
200.254.25.172.in-addr.arpa. 86400 IN PTR login.timinglee.org.
;; Query time: 2 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed May 08 01:10:43 CST 2024
;; MSG SIZE rcvd: 117