搭建一个简单的DNS
为了更方便和清晰的了解DNS的作用,通过搭建一个简单的DNS服务来学习。
在搭建之前,先简单了解一下DNS的工作原理
- 客户端把访问的域名传递给DNS服务器a,如果有记录,则将IP传递给客户端
- DNS服务器a没有记录,则以 递归方式 访问其他服务器。首先访问根域
- 根域将匹配的一级域名DNS服务器b地址传递给DNS服务器a
- DNS服务器a再去访问DNS服务器b,DNS服务器b再将匹配的二级域名DNS服务器c传递给DNS服务器a
- DNS服务器a再去访问DNS服务器c,重复以上3,4步骤
- DNS服务器a得到客户端要访问域名的ip地址,传递给客户端,并留下记录,方便以后访问。
简单模拟一个DNS工作
1.准备两台终端,客户端,服务器。
这里我以Centos6.9为客户端,Centos7.3位服务器。
2.在服务端安装bind(提供DNS服务的软件)
[root@centos7 named]# yum -y install bind
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.163.com
* updates: mirrors.btte.net
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-50.el7_3.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==================================================================================================
Package Arch Version Repository Size
==================================================================================================
Installing:
bind x86_64 32:9.9.4-50.el7_3.1 updates 1.8 M
Transaction Summary
==================================================================================================
Install 1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Downloading packages:
bind-9.9.4-50.el7_3.1.x86_64.rpm | 1.8 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-9.9.4-50.el7_3.1.x86_64 1/1
Verifying : 32:bind-9.9.4-50.el7_3.1.x86_64 1/1
Installed:
bind.x86_64 32:9.9.4-50.el7_3.1
Complete!`
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
3.关闭linux安全策略和防火墙
1).服务器–Centos7
sed -i ‘s/SELINUX=enforcing/SELINUX=permissive/g’ /etc/selinux/config
iptables -F
systemctl disable firewalld
systemctl stop firewalld
- 1.
- 2.
- 3.
- 4.
2).客户端–Centos6
sed -i ‘s/SELINUX=enforcing/SELINUX=permissive/g’ /etc/selinux/config
chkconfig iptables off
service iptables stop
- 1.
- 2.
- 3.
检查selinux安全策略是否修改为”允许”
cat /etc/selinux/config
4.启动DNS服务器
systemctl start named
systemctl enable named
- 1.
- 2.
启动后确认端口开启(端口号默认为 53)
ss -nutl
- 1.
把服务器53端口绑定在所有服务器ip上
cd -p /etc/named.conf{,.bak}
- 1.
(需要修改陪指文件,建议先备份 )
vim /etc/named.conf
- 1.
修改listen-on port 53 {localhost; }中的localhost
改为any或0.0.0.0或将整行注释
vim /etc/sysconfig/network-scripts/ifcfg-ens33
- 1.
在***一行加上DNS1=127.0.0.1
重启服务(配置文件生效)
systemctl restart network
- 1.
在客户端(Centos6)配置DNS,指向服务器DNS(Centos7)
vim /etc/sysconfig/network-scripts/ifcfg-eth0
- 1.
***加上DNS1=172.16.0.24(DNS)
systemctl restart network
- 1.
在服务器(Centos7)配置DNS,允许本地以外的地址访问
vim /etc/named.conf
- 1.
修改allow-query { localhost;any; };
改为any或0.0.0.0或将整行注释
在客户端(Centos6)尝试连接外网
[root@centos6 ~]# dig www.baidu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59143
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 347 IN CNAME www.a.shifen.com.
www.a.shifen.com. 43 IN A 61.135.169.121
www.a.shifen.com. 43 IN A 61.135.169.125
;; AUTHORITY SECTION:
a.shifen.com. 254 IN NS ns1.a.shifen.com.
a.shifen.com. 254 IN NS ns3.a.shifen.com.
a.shifen.com. 254 IN NS ns5.a.shifen.com.
a.shifen.com. 254 IN NS ns2.a.shifen.com.
a.shifen.com. 254 IN NS ns4.a.shifen.com.
;; ADDITIONAL SECTION:
ns1.a.shifen.com. 254 IN A 61.135.165.224
ns2.a.shifen.com. 254 IN A 180.149.133.241
ns3.a.shifen.com. 254 IN A 61.135.162.215
ns4.a.shifen.com. 254 IN A 115.239.210.176
ns5.a.shifen.com. 254 IN A 119.75.222.17
;; Query time: 1 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Mon Jul 24 14:16:16 2017
;; MSG SIZE rcvd: 260
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
