DNS综合实验
DNS综合实验

DNS综合实验

实验准备

#关闭火墙
systemctl disable --now firewalld.service
#清空防火墙
iptables -vnL
iptables -F
#关闭selinux
[root@root ~]# vim /etc/selinux/config 
SELINUX=disabled
[root@root ~]# reboot

客户机配置(10.0.0.151)

#DNS地址指向DNS服务器
[09:14:42 root@client~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
NAME=ens33
DEVICE=ens33
IPADDR=10.0.0.151
GATEWAY=10.0.0.2
DNS1=10.0.0.152
ONBOOT=yes

[09:19:23 root@client~]# nmcli connection reload 
[09:19:27 root@client~]# nmcli connection down ens33;nmcli connection up ens33 
Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

[09:21:08 root@client~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.152

WEB服务配置(10.0.0.158)

[root@www ~]# yum -y install httpd
[root@www ~]# systemctl  start httpd
[root@www ~]# curl localhost
Hello M50

实现magedu.com域的主DNS服务器(10.0.0.156)

[root@magedu ~]# yum -y install bind

[root@magedu ~]# vim /etc/named.conf
#注释下面两行 
//  allow-query     { localhost; };
//  listen-on port 53 { 127.0.0.1; };
 allow-transfer { 10.0.0.157;};

[root@magedu ~]# vim /etc/named.rfc1912.zones 
zone "magedu.com" IN {
    type master;
    file "magedu.com.zone";
   };

[root@magedu ~]# cd /var/named/
[root@magedu named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@magedu named]# cp -p named.localhost magedu.com.zone
[root@magedu named]# ll
total 20
drwxrwx---. 2 named named    6 Apr 13 05:30 data
drwxrwx---. 2 named named    6 Apr 13 05:30 dynamic
-rw-r-----. 1 root  named  152 Apr 13 05:31 magedu.com.zone
-rw-r-----. 1 root  named 2253 Apr 13 05:31 named.ca
-rw-r-----. 1 root  named  152 Apr 13 05:31 named.empty
-rw-r-----. 1 root  named  152 Apr 13 05:31 named.localhost
-rw-r-----. 1 root  named  168 Apr 13 05:31 named.loopback
drwxrwx---. 2 named named    6 Apr 13 05:30 slaves

[root@magedu named]# vim magedu.com.zone 
$TTL 1D
@   IN SOA  master admin.magedu.org. (
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
          NS   master
          NS   slave
master    A    10.0.0.156
slave     A    10.0.0.157
www       A    10.0.0.158

[root@magedu named]# systemctl start named

实现magedu.com域的从DNS服务器配置(10.0.0.157)

[root@slave ~]# yum -y install bind

[root@slave ~]# vim /etc/named.conf 
//  allow-query     { localhost; };
//  listen-on port 53 { 127.0.0.1; };

[root@slave ~]# vim /etc/named.rfc1912.zones 
zone "magedu.com" IN {
        type slave;
        masters { 10.0.0.156; };
        file "slave/magedu.com.slave";
};

[root@slave ~]# systemctl start named

实现com域的主DNS服务器(10.0.0.155)

[root@com ~]# yum -y install bind

[root@com ~]# vim /etc/named.conf 
//  allow-query     { localhost; };
//  listen-on port 53 { 127.0.0.1; };

[root@com ~]# vim /etc/named.rfc1912.zones 
zone "com" {
      type master;
      file "com.zone";
};

[root@com ~]# cd /var/named/
[root@com named]# cp -p named.localhost com.zone

[root@com named]# vim com.zone 
$TTL 1D
@       IN SOA   master admin.magedu.org. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                  NS master
magedu            NS mageduns1
magedu            NS mageduns2
master            A  10.0.0.155
mageduns1         A  10.0.0.156
mageduns2         A  10.0.0.157

[root@com named]# systemctl start named

实现根域的主DNS服务器(10.0.0.154)


[root@root ~]# yum -y install bind
[root@root ~]# vim /etc/named.conf 
//  allow-query     { localhost; };
//  listen-on port 53 { 127.0.0.1; };

zone "." IN {
        type hint;
        //file "named.ca";    
        file "root.zone";
};

[root@root ~]# vim /var/named/root.zone 
$TTL 1D
@       IN SOA  master admin.magedu.org. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                NS      master
com             NS      coms
master          A       10.0.0.154
coms            A       10.0.0.155

[root@root named]# systemctl start named

实现转发目标的DNS服务器(10.0.0.153)

[root@Forward ~]# yum -y install bind


[root@Forward ~]# vim /etc/named.conf 
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no


[root@Forward ~]# vim /var/named/named.ca 

; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      a.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     518400  IN      A       10.0.0.154

;; Query time: 24 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Thu Apr 05 15:57:34 CEST 2018
;; MSG SIZE  rcvd: 811

[root@Forward ~]# systemctl start named

实现本地只缓存DNS服务器(10.0.0.152)

[root@DNS ~]# yum -y install bind

[root@DNS ~]# vim /etc/named.conf 
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
            forward only;
        forwarders { 10.0.0.18;};

        dnssec-enable no;
        dnssec-validation no;


[root@DNS ~]# systemctl start named

客户机访问WEB服务

[16:46:50 root@client~]# curl www.magedu.com
Hello M50

[19:35:42 root@client~]# dig www.magedu.com @10.0.0.157

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.magedu.com @10.0.0.157
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52131
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: da80db3792349a773cbf9c2f62f4e994c042bd5f4236718e (good)
;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86400	IN	A	10.0.0.158

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	slave.magedu.com.
magedu.com.		86400	IN	NS	master.magedu.com.

;; ADDITIONAL SECTION:
master.magedu.com.	86400	IN	A	10.0.0.156
slave.magedu.com.	86400	IN	A	10.0.0.157

;; Query time: 0 msec
;; SERVER: 10.0.0.157#53(10.0.0.157)
;; WHEN: Thu Aug 11 19:35:48 CST 2022
;; MSG SIZE  rcvd: 160


[19:35:48 root@client~]# dig www.magedu.com @10.0.0.156

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.magedu.com @10.0.0.156
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27778
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 979f7a7bfaf22c7e0870427d62f4e9a1be0a435c21e79335 (good)
;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86400	IN	A	10.0.0.158

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	master.magedu.com.
magedu.com.		86400	IN	NS	slave.magedu.com.

;; ADDITIONAL SECTION:
master.magedu.com.	86400	IN	A	10.0.0.156
slave.magedu.com.	86400	IN	A	10.0.0.157

;; Query time: 1 msec
;; SERVER: 10.0.0.156#53(10.0.0.156)
;; WHEN: Thu Aug 11 19:36:01 CST 2022
;; MSG SIZE  rcvd: 160

[19:36:14 root@client~]# dig www.magedu.com @10.0.0.155

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.magedu.com @10.0.0.155
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15158
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 8f13fcd4a47d01427c94732662f4e9b188f60e9b087aea63 (good)
;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		75188	IN	A	10.0.0.158

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	mageduns1.com.
magedu.com.		86400	IN	NS	mageduns2.com.

;; ADDITIONAL SECTION:
mageduns1.com.		86400	IN	A	10.0.0.156
mageduns2.com.		86400	IN	A	10.0.0.157

;; Query time: 2 msec
;; SERVER: 10.0.0.155#53(10.0.0.155)
;; WHEN: Thu Aug 11 19:36:17 CST 2022
;; MSG SIZE  rcvd: 167

[19:36:17 root@client~]# dig www.magedu.com @10.0.0.154

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.magedu.com @10.0.0.154
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60849
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 005fc9f5cff2e329131aaf9f62f4e9c24f6aaf34c3729523 (good)
;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		75812	IN	A	10.0.0.158

;; AUTHORITY SECTION:
magedu.com.		75812	IN	NS	mageduns1.com.
magedu.com.		75812	IN	NS	mageduns2.com.

;; ADDITIONAL SECTION:
mageduns2.com.		75812	IN	A	10.0.0.157
mageduns1.com.		75812	IN	A	10.0.0.156

;; Query time: 1 msec
;; SERVER: 10.0.0.154#53(10.0.0.154)
;; WHEN: Thu Aug 11 19:36:34 CST 2022
;; MSG SIZE  rcvd: 167

[19:36:50 root@client~]# dig www.magedu.com @10.0.0.153

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.magedu.com @10.0.0.153
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19308
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7cbedfb1529f355ad7d8603d62f4e9d5c4162857b0d88e3a (good)
;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86400	IN	A	10.0.0.158

;; AUTHORITY SECTION:
magedu.com.		86400	IN	NS	mageduns2.com.
magedu.com.		86400	IN	NS	mageduns1.com.

;; ADDITIONAL SECTION:
mageduns1.com.		86400	IN	A	10.0.0.156
mageduns2.com.		86400	IN	A	10.0.0.157

;; Query time: 5 msec
;; SERVER: 10.0.0.153#53(10.0.0.153)
;; WHEN: Thu Aug 11 19:36:53 CST 2022
;; MSG SIZE  rcvd: 167

[19:36:53 root@client~]# dig www.magedu.com @10.0.0.152

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.magedu.com @10.0.0.152
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40879
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 830f371b94f60fb3283ddaae62f4e9e2638d1a66a4e2f2fd (good)
;; QUESTION SECTION:
;www.magedu.com.			IN	A

;; ANSWER SECTION:
www.magedu.com.		86387	IN	A	10.0.0.158

;; Query time: 2 msec
;; SERVER: 10.0.0.152#53(10.0.0.152)
;; WHEN: Thu Aug 11 19:37:06 CST 2022
;; MSG SIZE  rcvd: 87