美文网首页
模拟互联网DNS

模拟互联网DNS

作者: Ben0606 | 来源:发表于2018-09-27 10:53 被阅读0次

模拟互联网DNS

目标

  1. 模拟互联网DNS从根域到具体主机
  2. 通过模拟的互联网DNS来解析www.gx.com主机
  3. 本地DNS服务器若无相应的FQDN则从模拟的根去递归查询
  4. 只实验正向解析

主机规划

hostname zone ip 说明 系统版本
rootdns . 192.168.32.71 根域服务器 CenOS 7
comdns com 192.168.32.72 com域服务器 CenOS 7
gxdns1 gx.com 192.168.32.73 gx.com域主服务器 CenOS 7
gxdns2 gx.com 192.168.32.61 gx.com域从服务器 CenOS 6
websrv www.gx.com主机 192.168.32.199 gx.com下的www服务器 CenOS 6
localdns localdns 192.168.32.63 本地DNS服务器 CenOS 6
7op 192.168.32.109 普通主机 CenOS 7

1. web服务器

  • 启用http
[root@websrv ~]#ss -nlt |grep :80
LISTEN     0      128                      :::80                      :::*
  • 测试web
[root@websrv ~]#curl 192.168.32.199
<h1> www.gx.com </h1>

2. gx.com.DNS服务器搭建

2.1 gx.com主服务器

  • 主配置文件/etc/named.conf 
options {
//  listen-on port 53 { 127.0.0.1; };
//  listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
//  allow-query     { localhost; };
    allow-transfer  { 192.168.32.61; };         // 新增,只允许从服务器做区域传送
    masterfile-format text ;    // 同步至从服务器的区域解析文件格式为text
    recursion yes;

//  dnssec-enable yes;
//  dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
  • 配置文件/etc/named.rfc1912.zones定义gx.com区域
zone "gx.com" IN {
    type master;
    file "gx.com.zone";
};
  • 配置gx.com区域解析文件/var/named/gx.com.zone 
[root@gxdns1 ~]#cat /var/named/gx.com.zone 
$TTL 1D
$ORIGIN gx.com.

@   IN  SOA gxdns1  admin   (
    0
    1H
    5M
    7D
    1D
)

    IN  NS  gxdns1
    IN  NS  gxdns2
gxdns1  IN  A   192.168.32.73
gxdns2  IN  A   192.168.32.61
www     IN  A   192.168.32.199
  • 启动服务,测试gx.com主DNS服务器解析www主机
[root@gxdns1 ~]#systemctl start named
[root@gxdns1 ~]#dig www.gx.com @192.168.32.73 +short
192.168.32.199

[root@gxdns1 ~]#dig www.gx.com @192.168.32.73

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.gx.com @192.168.32.73
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42954
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gx.com.            IN  A

;; ANSWER SECTION:
www.gx.com.     86400   IN  A   192.168.32.199

;; AUTHORITY SECTION:
gx.com.         86400   IN  NS  gxdns1.gx.com.
gx.com.         86400   IN  NS  gxdns2.gx.com.

;; ADDITIONAL SECTION:
gxdns1.gx.com.      86400   IN  A   192.168.32.73
gxdns2.gx.com.      86400   IN  A   192.168.32.61

;; Query time: 0 msec
;; SERVER: 192.168.32.73#53(192.168.32.73)
;; WHEN: Tue Sep 25 19:44:09 CST 2018
;; MSG SIZE  rcvd: 129

2.2 gx.com从服务器

  • 主配置文件/etc/named.conf 
options {
//  listen-on port 53 { 127.0.0.1; };
//  listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//  allow-query     { localhost; };
    allow-transfer { none; }; //禁止向其他主机区域传递解析库文件
    recursion yes;
    
//  dnssec-enable yes;
//  dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};
  • 配置/etc/named.rfc1912.zones定义gx.com区域,定义从服务器
zone "gx.com" IN {
    type slave;
    masters { 192.168.32.73; }; //指定gx.com主服务器
    file "slaves/gx.com.zone"; //区域传递的解析库文件存放位置
};
  • 启动服务,查看从主服务器区域传递的解析库文件/var/named/slaves/gx.com.zone 
[root@gxdns2 ~]#service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

[root@gxdns2 ~]#cat /var/named/slaves/gx.com.zone
$ORIGIN .
$TTL 86400  ; 1 day
gx.com          IN SOA  gxdns1.gx.com. admin.gx.com. (
                0          ; serial
                3600       ; refresh (1 hour)
                300        ; retry (5 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS  gxdns1.gx.com.
            NS  gxdns2.gx.com.
$ORIGIN gx.com.
gxdns1          A   192.168.32.73
gxdns2          A   192.168.32.61
www         A   192.168.32.199
[root@gxdns2 ~]#
  • 测试gx.com从DNS服务器解析www主机
[root@gxdns2 ~]#dig www.gx.com @192.168.32.61 +short
192.168.32.199
[root@gxdns2 ~]#dig www.gx.com @192.168.32.61

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.gx.com @192.168.32.61
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39398
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.gx.com.            IN  A

;; ANSWER SECTION:
www.gx.com.     86400   IN  A   192.168.32.199

;; AUTHORITY SECTION:
gx.com.         86400   IN  NS  gxdns1.gx.com.
gx.com.         86400   IN  NS  gxdns2.gx.com.

;; ADDITIONAL SECTION:
gxdns1.gx.com.      86400   IN  A   192.168.32.73
gxdns2.gx.com.      86400   IN  A   192.168.32.61

;; Query time: 0 msec
;; SERVER: 192.168.32.61#53(192.168.32.61)
;; WHEN: Sat Sep  1 02:14:04 2018
;; MSG SIZE  rcvd: 118

3. com.区域服务器搭建

  • 主配置文件/etc/named.conf 
options {
//  listen-on port 53 { 127.0.0.1; };
//  listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
//  allow-query     { localhost; };
    allow-transfer { none; };
    recursion yes;

//  dnssec-enable yes;
//  dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
  • 配置文件/etc/named.rfc1912.zones新增区域com
zone "com" IN {
    type master;
    file "com.zone";
};
  • com.区域解析文件
[root@comsrv ~]#cat /var/named/com.zone 
$TTL 86400
$ORIGIN com.

com.        IN  SOA comdns  admin   (
    0
    1H
    5M
    7D
    1D
)

        IN  NS  comdns
gx      IN  NS  gxdns1.gx    ;定义子域gx, 其dns为gxdns1.gx
gx      IN  NS  gxdns2.gx    ;定义子域gx, 其dns为gxdns2.gx
comdns      IN  A   192.168.32.72
gxdns1.gx   IN  A   192.168.32.73
gxdns2.gx   IN  A   192.168.32.61
  • 启动服务,测试com-DNS服务器解析www主机
[root@comsrv ~]#systemctl start named

[root@comsrv ~]#dig www.gx.com @192.168.32.72 +short
192.168.32.199
[root@comsrv ~]#dig www.gx.com @192.168.32.72

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.gx.com @192.168.32.72
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7402
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gx.com.            IN  A

;; ANSWER SECTION:
www.gx.com.     85984   IN  A   192.168.32.199

;; AUTHORITY SECTION:
gx.com.         86400   IN  NS  gxdns1.gx.com.
gx.com.         86400   IN  NS  gxdns2.gx.com.

;; Query time: 0 msec
;; SERVER: 192.168.32.72#53(192.168.32.72)
;; WHEN: Tue Sep 25 20:19:24 CST 2018
;; MSG SIZE  rcvd: 97

4. 根区域服务器搭建

  • 主配置文件/etc/named.conf,修改zone"." 
options {
//  listen-on port 53 { 127.0.0.1; };
//  listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
//  allow-query     { localhost; };
    allow-transfer { none;  };

    recursion yes;

//  dnssec-enable yes;
//  dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
       
    // 根的解析文件和类型都做了修改
    zone "." IN {
    type master;   // hint --> master
    file "root.zone"; // named.ca --> root.zone
    };


};
  • 根解析区域库文件/var/named/root.zone 
[root@rootsrv named]#cat /var/named/root.zone 
$TTL 1D
$ORIGIN .
@           IN  SOA rootdns admin ( 0 1H 5M 7D 1D )
            IN  NS  rootdns
com         IN  NS  comdns.com
rootdns     IN  A   192.168.32.71
comdns.com  IN  A   192.168.32.72
  • 启动服务,测试root-DNS服务器解析www主机
[root@rootsrv named]#systemctl start named

[root@rootsrv named]#dig www.gx.com @192.168.32.71 +short
192.168.32.199
[root@rootsrv named]#dig www.gx.com @192.168.32.71

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.gx.com @192.168.32.71
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27214
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gx.com.            IN  A

;; ANSWER SECTION:
www.gx.com.     86105   IN  A   192.168.32.199

;; AUTHORITY SECTION:
gx.com.         86105   IN  NS  gxdns1.gx.com.
gx.com.         86105   IN  NS  gxdns2.gx.com.

;; ADDITIONAL SECTION:
gxdns2.gx.com.      86105   IN  A   192.168.32.61
gxdns1.gx.com.      86105   IN  A   192.168.32.73

;; Query time: 0 msec
;; SERVER: 192.168.32.71#53(192.168.32.71)
;; WHEN: Tue Sep 25 20:43:24 CST 2018
;; MSG SIZE  rcvd: 129

[root@rootsrv named]#

5. 本地DNS区域服务器搭建

本地DNS区域DNS只做转发,解析库文件没有www.gx.com的解析,模拟无记录的情况去找模拟根来解析

  • 主配置文件/etc/named.conf

dnssec功能必须no,注释会无法解析

options {
//  listen-on port 53 { 127.0.0.1; };
//  listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//  allow-query     { localhost; };
    recursion yes;
    dnssec-enable no;     //不能注释,一定要写no,否认这解析失败
    dnssec-validation no; //不能注释,一定要写no,否认这解析失败

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};
  • 修改/var/named/named.ca文件,只保留一个根域,并指向自定义根域
[root@localnds ~]#cat /var/named/named.ca 
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     192.168.32.71
  • 启动服务,测试localdns服务器解析www主机
[root@localnds ~]#dig www.gx.com @192.168.32.63 

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.gx.com @192.168.32.63
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15088
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.gx.com.            IN  A

;; ANSWER SECTION:
www.gx.com.     86097   IN  A   192.168.32.199

;; AUTHORITY SECTION:
gx.com.         86097   IN  NS  gxdns2.gx.com.
gx.com.         86097   IN  NS  gxdns1.gx.com.

;; ADDITIONAL SECTION:
gxdns2.gx.com.      86097   IN  A   192.168.32.61
gxdns1.gx.com.      86097   IN  A   192.168.32.73

;; Query time: 0 msec
;; SERVER: 192.168.32.63#53(192.168.32.63)
;; WHEN: Sat Sep  1 18:08:17 2018
;; MSG SIZE  rcvd: 118

[root@localnds ~]#dig www.gx.com @192.168.32.63  +short
192.168.32.199

6. 与localnds同一网段的主机测试

  • 修改主机的dns指向localdns
[root@7op ~]#cat /etc/resolv.conf 
# Generated by NetworkManager
search guangxi.com
nameserver 192.168.32.63
  • 同一网段主机测试通过localdns服务器解析www主机
[root@7op ~]#dig www.gx.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.gx.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54662
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.gx.com.            IN  A

;; ANSWER SECTION:
www.gx.com.     85939   IN  A   192.168.32.199

;; AUTHORITY SECTION:
gx.com.         85939   IN  NS  gxdns1.gx.com.
gx.com.         85939   IN  NS  gxdns2.gx.com.

;; ADDITIONAL SECTION:
gxdns2.gx.com.      85939   IN  A   192.168.32.61
gxdns1.gx.com.      85939   IN  A   192.168.32.73

;; Query time: 0 msec
;; SERVER: 192.168.32.63#53(192.168.32.63)
;; WHEN: Tue Sep 25 21:06:18 CST 2018
;; MSG SIZE  rcvd: 129

[root@7op ~]#dig www.gx.com +short
192.168.32.199

相关文章

  • 模拟互联网DNS

    模拟互联网DNS 目标 模拟互联网DNS从根域到具体主机 通过模拟的互联网DNS来解析www.gx.com主机 本...

  • 根DNS的实现

    一、实现从根,com,rj.com 模拟互联网的DNS架构 DNS(Domain Name System,域名系统...

  • DNS介绍以及模拟dns解析过程实验

    DNS简介DNS域名的解析过程DNS服务器的资源记录实验模拟DNS解析过程 DNS简介   DNS(Domain ...

  • 临时解决mac解决安卓模拟器网络

    模拟器无网络是因为dns配置问题,需要更改模拟器dns 进入模拟器目录/Users/sean/Library/An...

  • DNS域名服务器,我们使用免费WIFI真的安全吗?

    DNS内幕 DNS是什么,可起到什么作用?没有DNS,今天我们所熟悉的互联网就会立即停工。DNS确实非常重要。不过...

  • github 无法访问

    dns解析流程: 域名>>本地hosts>>互联网dns服务器集群 因为存在dns,当你访问github域名时,你...

  • DNS详解

    DNS是互联网比较重要的一个服务 DNS是什么? Domain Name System :域名系统 DNS的作用?...

  • Binder进程通信之DNS

    Binder进程通信中的DNS -----ServiceManager 如同互联网中的"DNS"需要在浏览各种网页...

  • DNS根服务器模拟

    DNS访问的顺序 实现DNS转发模拟实验,需要6台虚拟机 配置顺序:主>从>com>根>S>C 配置前为了放置中间...

  • Dns解析和设置指定域名

    (1)DNS介绍: 网域名称系统(英文:DomainNameSystem,缩写:DNS)是互联网的一项服务。它作为...

网友评论

      本文标题:模拟互联网DNS

      本文链接:https://www.haomeiwen.com/subject/ceteoftx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|模拟互联网DNS|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!