实验1:DNS正向服务器

发表于 更新于 分类于

实验目的

搭建 DNS 正向主服务器,实现 web 服务器基于 FQDN 的访问

环境要求

需要三台主机
DNS 服务端:10.0.0.175
web 服务器:10.0.0.8
DNS 客户端:10.0.0.57

提前准备

关闭 SElinux
关闭防火墙
时间同步

实现步骤

1. 在 DNS 服务端安装 bind

1
[root@centos8 ~]$yum -y install bind

2. 修改 bind 配置文件

修改配置文件 /etc/named.conf

1
2
3
#注释掉下面两行
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };

修改配置文件 vim /etc/named.rfc1912.zones

1
2
3
4
5
#加上下面内容, IN 可以省略
zone "magedu.local" IN {
    type master;
    file "magedu.local.zone";
};

3. DNS 区域数据库文件

在主目录(默认是/var/named/)下新建 DNS 区域数据库文件 magedu.local.zone

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#如果没有加-p选项,需要修改所有者或权限。chgrp named magedu.local.zone
[root@centos8 ~]$cd /var/named/
[root@centos8 named]$cp -p named.localhost magedu.local.zone
[root@centos8 named]$ll
total 32
drwxrwx--- 2 named named 4096 Sep 17 22:55 data
drwxrwx--- 2 named named 4096 Sep 17 21:49 dynamic
-rw-r----- 1 root  named  152 Jul  7 22:14 magedu.local.zone
-rw-r----- 1 root  named 2253 Jul  7 22:14 named.ca
-rw-r----- 1 root  named  152 Jul  7 22:14 named.empty
-rw-r----- 1 root  named  152 Jul  7 22:14 named.localhost
-rw-r----- 1 root  named  168 Jul  7 22:14 named.loopback
drwxrwx--- 2 named named 4096 Jul  7 22:14 slaves
[root@centos8 named]$vim magedu.local.zone
# 修改magedu.local.zone为以下内容:
$TTL 1D
@  IN 	SOA 	master 	admin.magedu.org. (		;master 会自动补全 master.magedu.local
         0 ; serial
         1D ; refresh
         1H ; retry
         1W ; expire
         3H ) ; minimum
  NS 		master
master  A 		10.0.0.175
www  A 		10.0.0.8

4. 检查配置文件和数据库文件格式,并启动服务

1
2
3
4
5
6
7
8
[root@centos8 named]$named-checkconf
[root@centos8 named]$named-checkzone magedu.local.zone /var/named/magedu.local.zone
zone magedu.local.zone/IN: loaded serial 0
OK
# systemctl start named 第一次启动服务
# rndc reload 不是第一次启动服务
[root@centos8 named]$rndc reload
server reload successful

5. 实现 WEB 服务

在 web 服务器 10.0.0.8 执行以下命令:

1
echo 'www.magedu.local' > /var/www/html/index.html

6. 在客户端实现测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# 添加DNS从服务器ip到/etc/resolv.conf
[root@centos7 ~]$cat /etc/resolv.conf
# Generated by NetworkManager
search magedu.org
nameserver 10.0.0.175

# dig
[root@centos7 ~]$dig www.magedu.local

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> www.magedu.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48252
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.local.              IN      A

;; ANSWER SECTION:
www.magedu.local.       86400   IN      A       10.0.0.8

;; AUTHORITY SECTION:
magedu.local.           86400   IN      NS      master.magedu.local.

;; ADDITIONAL SECTION:
master.magedu.local.    86400   IN      A       10.0.0.175

;; Query time: 1 msec
;; SERVER: 10.0.0.175#53(10.0.0.175)
;; WHEN: Thu Sep 17 19:11:55 CST 2020
;; MSG SIZE  rcvd: 98

# 能ping通
[root@centos7 ~]$ping www.magedu.local
PING www.magedu.local (10.0.0.8) 56(84) bytes of data.
64 bytes from 10.0.0.8 (10.0.0.8): icmp_seq=1 ttl=64 time=0.549 ms
64 bytes from 10.0.0.8 (10.0.0.8): icmp_seq=2 ttl=64 time=0.664 ms
64 bytes from 10.0.0.8 (10.0.0.8): icmp_seq=3 ttl=64 time=0.838 ms
^C
--- www.magedu.local ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.549/0.683/0.838/0.122 ms

# 能访问
[root@centos7 ~]$curl www.magedu.local
www.magedu.local

查看 web 服务器查的 http 访问记录:

1
2
3
[root@centos8 httpd]$cat /dev/null > access_log
[root@centos8 httpd]$tail -f access_log
10.0.0.57 - - [17/Sep/2020:07:47:55 -0400] "GET / HTTP/1.1" 200 17 "-" "curl/7.29.0"