关于DNS解析

7台主机的故事

7台主机纠缠不休的往事

这是一个男默女泪的催人泪下的真实故事

情节离奇曲折，事件接二连三，到底是怎样的执着让众多运维工程师掩面而泣

2019.4.23

Tuvia_24

注意：在实验前一定要确保7台机器都可以相互ping通!!

CentOS7 :: www :: 192.168.36.67

[root@www ~]# yum install httpd -y               [root@www ~]# echo 'welcome to Tuvia`s home !' > /var/www/html/index.html           # 自行编辑一个网页内容；便于识别# 最好到Windows浏览器打开192.168.36.67查看一下该网页进行验证

CentOS6 :: Clint :: 192.168.36.6

验证

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0BOOTPROTO=staticIPADDR=192.168.36.6NETMASK=255.255.255.0DNS1=192.168.36.7                               ## 指定DNS ##ONBOOT=yes            ：wq[root@localhost ~]# service network restartShutting down interface eth0:  Device state: 3 (disconnected)                                                           [  OK  ]Shutting down interface eth1:                              [  OK  ]Shutting down loopback interface:                          [  OK  ]Bringing up loopback interface:                            [  OK  ][root@localhost ~]# cat /etc/resolv.conf# Generated by NetworkManagernameserver 192.168.36.7[root@localhost ~]# curl 192.168.36.67welcome to Tuvia`s home !

CentOS7 :: Master :: 192.168.36.37

[root@severus ~]# yum install bind -y[root@severus ~]# vim /etc/named.conf        listen-on port 53 { 127.0.0.1; };           #找到这行将这行注释掉        allow-query     { localhost; };             #找到这行将这行注释掉//      listen-on port 53 { 127.0.0.1; };           #注释；即无效//      allow-query     { localhost; };             #注释；即无效        allow-transfer {192.168.36.47;};            #并在options中添加这行；意味只允许47同步数据                    :wq[root@severus ~]#rndc reload[root@severus ~]# vim /etc/named.rfc1912.zones //zone "magedu.com" {             #在//下添加此内容    type master;    file "magedu.com.zone";};                    :wq[root@severus ~]# cd /var/named[root@severus named]# lsdata  dynamic  magedu.com.zone  named.ca  named.empty  named.localhost  named.loopback  slaves[root@severus named]# vim magedu.com.zone$TTL 1D@ IN    SOA   ns1 adm.magedu.com. ( 1 1H 10M 1D 3H )        NS ns1        NS ns2ns1 A 192.168.36.37ns2 A 192.168.36.47www A 192.168.36.67[root@severus named]# lltotal 20drwxrwx--- 2 named named   23 Apr 23 00:09 datadrwxrwx--- 2 named named   31 Apr 23 09:34 dynamic-rw-r--r-- 1 root  root   137 Apr 23 11:16 magedu.com.zone-rw-r----- 1 root  named 2281 May 22  2017 named.ca-rw-r----- 1 root  named  152 Dec 15  2009 named.empty-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost-rw-r----- 1 root  named  168 Dec 15  2009 named.loopbackdrwxrwx--- 2 named named    6 Oct 31 08:29 slaves[root@severus named]# chgrp named magedu.com.zone [root@severus named]# chmod 640 magedu.com.zone [root@severus named]# systemctl start named

CentOS6 :: Clint :: 192.168.36.6

验证

[root@localhost ~]# dig www.magedu.com @192.168.36.37; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.37;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1068;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;www.magedu.com.            IN  A;; ANSWER SECTION:www.magedu.com.     86400   IN  A   192.168.36.67           #;; AUTHORITY SECTION:magedu.com.     86400   IN  NS  ns1.magedu.com.         #magedu.com.     86400   IN  NS  ns2.magedu.com.         #;; ADDITIONAL SECTION:ns1.magedu.com.     86400   IN  A   192.168.36.37           #ns2.magedu.com.     86400   IN  A   192.168.36.47           #;; Query time: 1 msec;; SERVER: 192.168.36.37#53(192.168.36.37);; WHEN: Tue Apr 23 04:23:11 2019;; MSG SIZE  rcvd: 116

CentOS7 :: Slaves :: 192.168.36.47

[18:24:54 root@severus ~]#yum install bind -y[19:25:07 root@severus ~]#vim /etc/named.conf         listen-on port 53 { 127.0.0.1; };           #找到这行将这行注释掉        allow-query     { localhost; };             #找到这行将这行注释掉//      listen-on port 53 { 127.0.0.1; };           #注释；即无效//      allow-query     { localhost; };             #注释；即无效        allow-transfer {none;};                     #并在options中添加这行；意为不允许任何人同步数据                    :wq[19:27:01 root@severus ~]#vim /etc/named.rfc1912.zones //zone "magedu.com" {                                 #在//下添加此内容    type slave;    masters {192.168.36.37;};    file "slaves/magedu.com.zone";};                    :wq[19:32:13 root@severus ~]#systemctl start named[19:34:06 root@severus ~]#ll /var/named/slaves/total 4-rw-r--r--. 1 named named 304 Apr 23 17:39 magedu.com.zone          #同步来的数据库

CentOS7 :: comDNS :: 192.168.36.27

[17:11:37 root@severus ~]#yum install bind -y[17:12:18 root@severus ~]#vim /etc/named.conf         listen-on port 53 { 127.0.0.1; };           #找到这行将这行注释掉        allow-query     { localhost; };             #找到这行将这行注释掉//      listen-on port 53 { 127.0.0.1; };           #注释；即无效//      allow-query     { localhost; };             #注释；即无效                    :wq[17:12:50 root@severus ~]#vim /etc/named.rfc1912.zones //zone "com" {    type master;    file "com.zone";};                    :wq[17:14:21 root@severus named]#vim com.zone$TTL 1D@ IN SOA ns1 admin.magedu.com. (1 1D 1H 1W 3D )             NS ns1magedu       NS mageduns1magedu       NS mageduns2ns1  A  192.168.36.27mageduns1 A 192.168.36.37mageduns2 A 192.168.36.47                    :wq[17:16:58 root@severus named]#systemctl start named

CentOS6 :: Clint ::192.168.36.6

验证

[root@localhost ~]# dig www.magedu.com @192.168.36.27; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.27;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60127;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;www.magedu.com.            IN  A;; ANSWER SECTION:www.magedu.com.     86400   IN  A   192.168.36.67           #;; AUTHORITY SECTION:magedu.com.     86400   IN  NS  mageduns1.com.          #magedu.com.     86400   IN  NS  mageduns2.com.          #;; ADDITIONAL SECTION:mageduns1.com.      86400   IN  A   192.168.36.37           #mageduns2.com.      86400   IN  A   192.168.36.47           #;; Query time: 3 msec;; SERVER: 192.168.36.27#53(192.168.36.27);; WHEN: Tue Apr 23 04:41:49 2019;; MSG SIZE  rcvd: 128

CentOS :: RootDNS :: 192.168.36.17

[root@severus ~]# yum install bind -y[root@severus ~]# vim /etc/named.conf         listen-on port 53 { 127.0.0.1; };           #找到这行将这行注释掉        allow-query     { localhost; };             #找到这行将这行注释掉//      listen-on port 53 { 127.0.0.1; };           #注释；即无效//      allow-query     { localhost; };             #注释；即无效zone "." IN {                                       #找到此内容        type hint;        file "named.ca";};zone "." IN {                                       #改为此内容        type master;        file "root.zone";                    :wq[root@severus ~]# cd /var/named[root@severus named]# vim root.zone$TTL 1D@ IN SOA ns1 admin.magedu.com. (1 1D 1H 1W 3D )             NS ns1com          NS comnsns1  A  192.168.36.17comns A 192.168.36.27                    :wq[root@severus named]# systemctl start named

CentOS6 :: Clint ::192.168.36.6

验证

[root@localhost ~]# dig www.magedu.com @192.168.36.17; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.17;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38615;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;www.magedu.com.            IN  A;; ANSWER SECTION:www.magedu.com.     86400   IN  A   192.168.36.67           #;; AUTHORITY SECTION:magedu.com.     86400   IN  NS  mageduns1.com.          #magedu.com.     86400   IN  NS  mageduns2.com.          #;; ADDITIONAL SECTION:mageduns1.com.      86400   IN  A   192.168.36.37           #mageduns2.com.      86400   IN  A   192.168.36.47           #;; Query time: 3 msec;; SERVER: 192.168.36.17#53(192.168.36.17);; WHEN: Tue Apr 23 04:49:51 2019;; MSG SIZE  rcvd: 128

CentOS7 :: LDNS :: 192.168.36.7

[root@severus ~]# yum install bind -y[root@severus ~]# vim /etc/named.conf         listen-on port 53 { 127.0.0.1; };           #找到这行将这行注释掉        allow-query     { localhost; };             #找到这行将这行注释掉//      listen-on port 53 { 127.0.0.1; };           #注释；即无效//      allow-query     { localhost; };             #注释；即无效        dnssec-enable yes;                          #找到这两行        dnssec-validation yes;        dnssec-enable no;                           #将yes改为no        dnssec-validation no;                        :wq[root@severus ~]# vim /var/named/named.ca.                       518400  IN      NS      a.root-servers.net.a.root-servers.net.     3600000 IN      A       192.168.36.17[root@severus ~]# systemctl start named[root@severus ~]# rndc flush                        #清除缓存

CentOS7 :: LDNS :: 192.168.36.17

[root@severus ~]# rndc flush                        #清除缓存

CentOS7 :: LDNS :: 192.168.36.27

[root@severus ~]# rndc flush                        #清除缓存

CentOS7 :: LDNS :: 192.168.36.37

[root@severus ~]# rndc flush                        #清除缓存

CentOS7 :: LDNS :: 192.168.36.47

[root@severus ~]# rndc flush                        #清除缓存

CentOS6 :: Clint :: 192.168.36.6

验证

[root@localhost ~]# dig www.magedu.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17145;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;www.magedu.com.            IN  A;; ANSWER SECTION:www.magedu.com.     86400   IN  A   192.168.36.67               #;; AUTHORITY SECTION:magedu.com.     86400   IN  NS  ns2.magedu.com.             #magedu.com.     86400   IN  NS  ns1.magedu.com.             #;; ADDITIONAL SECTION:ns1.magedu.com.     86400   IN  A   192.168.36.37               #ns2.magedu.com.     86400   IN  A   192.168.36.47               #;; Query time: 7 msec;; SERVER: 192.168.36.7#53(192.168.36.7);; WHEN: Tue Apr 23 05:00:36 2019;; MSG SIZE  rcvd: 116

总结：                        此实验重点在于理解；步骤繁琐重复细节较多；切勿急于求成