准备工作:准备四台DNS服务器,一台客户机,分别用一下IP:
1.客户机 192.168.182.218
2.转发的缓存DNS服务器192.168.182.214
3.迭代查询的DNS服务器192.168.182.215
4.根服务器和.com服务器 apt.com服务器192.168.182.217
5.二级DNS服务器hbp.com192.168.182.216
依次配置DNS服务器:
第一步:配置二级DNS服务器,named.conf文件如下:
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "hbp.com" IN {
type master;
file "hbp.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
hbp.com.zone配置如下:
[root@localhost ~]# cat /var/named/hbp.com.zone $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.hbp.com. ns A 192.168.182.213 www A 192.168.200.100 oa A 192.168.200.253 [root@localhost ~]#
第二步:配置根DNS服务器,同时作为.com服务器和apt.com服务器,named.conf配置如下:
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
recursion no;
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug{
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type master;
file ".zone";
};
zone "com" IN {
type master;
file ".com.zone";
};
zone "apt.com" IN {
type master;
file "apt.com.zone";
};
zone配置文件如下:
.zone配置:
$TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS gen. gen. IN A 192.168.182.217 com. IN NS gen.
.com.zone配置如下:
$TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS com. com. A 192.168.182.217 hbp.com. IN NS ns.hbp.com. ns.hbp.com. A 192.168.182.216 apt.com. IN NS ns.apt.com. ns.apt.com. A 192.168.182.217
apt.com.zone配置如下:
$TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.apt.com. ns.apt.com. A 192.168.182.217 www A 115.115.115.115
第三步,配置迭代DNS服务器,配置文件如下:
named.conf配置文件如下:
options {
directory "/var/named";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
这里修改named.ca文件,指向我们模拟的根DNS服务器,配置文件如下:
; <<>> DiG 9.9.4-P2-RedHat-9.9.4-12.P2 <<>> +norec NS . @a.root-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26229 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 24 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS gen. ;; ADDITIONAL SECTION: gen. 518400 IN A 192.168.182.217 ;; Query time: 58 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Wed Apr 23 14:52:37 CEST 2014 ;; MSG SIZE rcvd: 727
第四步,配置缓存DNS服务器,配置文件如下:
named.conf文件:
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
forwarders{192.168.182.215;};
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
第五步,重启所有服务器的named服务,将客户机的DNS设置为缓存DNS服务器的IP地址,在客户机上测试解析,效果如图:
双击图片查看大图
以上实验模拟了互联网中DNS解析的全过程,从客户机到DNS缓存服务器,到公共DNS服务器,到根DNS服务器,再到权威DNS服务器,实现了私有DNS根服务器的的搭建。
原文链接:搭建私有DNS根服务器,模拟互联网DNS解析全过程,转载请注明来源!
