搜索到
6
篇与
的结果
-
实战案例:综合案例实现 Internet 的 DNS 服务架构【centos】 @[TOC](实战案例:综合案例实现 Internet 的DNS 服务架构【centos】)1.实验目的:搭建DNS实现internet dns架构2.环境要求需要8台主机节点名称ip地址节点信息centos710.0.0.7DNS客户端Rocky810.0.0.8本地DNS服务器(只缓存)Rocky810.0.0.18转发目标DNS服务器Rocky810.0.0.28根DNS服务器Rocky810.0.0.38org域DNS服务器Rocky810.0.0.48wang.org域主DNS服务器Rocky810.0.0.58wang.org域从DNS服务器Rocky810.0.0.68www.wang.org的WEB服务器3.前提准备关闭SElinux 关闭防火墙 时间同步4.实现步骤4.1.各种主机的网络配置(参看上面的环境要求)centos7#在客户端配置DNS服务器地址 vim /etc/sysconfig/network-scripts/ifcfg-ens33 NAME=eth0 DEVICE=eth0 BOOTPROTO=static IPADDR=10.0.0.6 NETMASK=255.255.255.0 DNS1=10.0.0.8 ONBOOT=yes service network restart4.2.实现WEB服务#在web服务器10.0.0.68/24上实现 yum install httpd echo www.wang.org > /var/www/html/index.html systemctl start httpd4.3.实现wang.org域的主DNS服务器#在wang.org域主DNS服务器10.0.0.48/24上实现 yum install bind -y vim /etc/named.conf #注释掉下面两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; #只允许从服务器进行区域传输 allow-transfer { 从服务器IP;}; vim /etc/named.rfc1912.zones #加上这段 zone "wang.org" { type master; file "wang.org.zone"; }; vim /var/named/wang.org.zone $TTL 1D @ IN SOA master admin.wang.org. ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master NS slave master A 10.0.0.48 slave A 10.0.0.58 www A 10.0.0.68chgrp named /var/named/wang.org.zone systemctl start named #第一次启动服务 rndc reload #不是第一次启动服务客户端测试 4.4.实现wang.org域的从DNS服务器配置#在wang.org域从DNS服务器10.0.0.58/24上实现 yum install bind -y vim /etc/named.conf // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; #不允许其它主机进行区域传输 allow-transfer { none;}; vim /etc/named.rfc1912.zones zone "wang.org" { type slave; masters { 主服务器IP;}; file "slaves/wang.org.slave"; };systemctl start named #第一次启动服务 rndc reload #不是第一次启动服务 ls /var/named/slaves/wang.org.slave #查看区域数据库文件是否生成客户端测试 4.5.实现 org 域的主DNS服务器#在org域的主DNS服务器10.0.0.38/24上实现 yum install bind -y vim /etc/named.conf #注释掉两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; vim /etc/named.rfc1912.zones #加上这段 zone "org" { type master; file "org.zone"; }; vim /var/named/org.zone $TTL 1D @ IN SOA master admin.wang.org. ( 1 1D 1H 1W 3D ) NS master magedu NS mageduns1 magedu NS mageduns2 master A 10.0.0.38 mageduns1 A 10.0.0.48 mageduns2 A 10.0.0.58chgrp named /var/named/org.zone systemctl start named #第一次启动服务 rndc reload #不是第一次启动服务客户端测试 4.6.实现根域的主DNS服务器#在根域的主DNS服务器10.0.0.28/24上实现 yum install bind -y vim /etc/named.conf #注释掉两行,第13行和第21行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; #将下面行改为: zone "." IN { type master; file "root.zone"; };vim /var/named/root.zone $TTL 1D @ IN SOA master admin.wang.org. ( 2 1D 1H 1W 3D ) NS master org NS orgns master A 10.0.0.28 orgns A 10.0.0.38#安全加固 chgrp named /var/named/root.zone chmod 640 /var/named/root.zone systemctl start named #第一次启动 rndc reload #不是第一次启动客户端测试 4.7.实现转发目标的DNS服务器#在转发目标的DNS服务器10.0.0.18/24上实现 yum install bind -y vim /etc/named.conf #注释掉两行,第13行和第21行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; dnssec-enable no; dnssec-validation no vim /var/named/named.ca . 518400 IN NS a.root-servers.net. a.root-servers.net. 3600000 IN A 10.0.0.28 systemctl start named #第一次启动 rndc reload #不是第一次启动客户端测试 4.8.实现本地只缓存DNS服务器#在转发目标的DNS服务器10.0.0.8/24上实现 yum install bind -y vim /etc/named.conf #注释掉两行,第13行和第21行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; forward only; forwarders { 10.0.0.18;}; dnssec-enable no; dnssec-validation no systemctl start named #第一次启动 rndc reload #不是第一次启动客户端测试 4.9.客户端测试[22:25:17 root@centos7 ~]# dig www.wang.org ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.wang.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23515 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.wang.org. IN A ;; ANSWER SECTION: www.wang.org. 84535 IN A 10.0.0.68 ;; AUTHORITY SECTION: wang.org. 84535 IN NS mageduns2.org. wang.org. 84535 IN NS mageduns1.org. ;; ADDITIONAL SECTION: mageduns2.org. 84535 IN A 10.0.0.58 mageduns1.org. 84535 IN A 10.0.0.48 ;; Query time: 2 msec ;; SERVER: 10.0.0.8#53(10.0.0.8) ;; WHEN: Sun Nov 03 22:25:40 CST 2024 ;; MSG SIZE rcvd: 1374.10.客户端诊断工具,查看IP走向tcpdump -i eth0 udp port 53 -nnendl -
实战案例:实现基于分布式的LAMP架构,并将NFS实 时同步到备份服务器 @[TOC](实战案例:实现基于分布式的LAMP架构,并将NFS实时同步到备份服务器)1、实验目的:实现基于分布式的LAMP架构,并将NFS实时同步到备份服务器2.环境要求需要6台主机节点名称ip地址节点信息ubuntu2210.0.0.100DNSubuntu2210.0.0.110www.wang.org网站ubuntu2210.0.0.120webubuntu2210.0.0.130Mysqlubuntu2210.0.0.140NFSubuntu2210.0.0.150BACKUP3.前提准备关闭SElinux 关闭防火墙 # ----- ufw disable [09:27:58 root@ubuntu2204:~]# ufw status Status: inactive #如果是inactive表示已经关闭,如果是active表示已经启动 时间同步 # ----- apt -y install chrony; chronyc sources -v ; timedatectl set-timezone Asia/Shanghai # 更新 apt update ; apt upgrade4.实现步骤4.1.DNS 服务器【10.0.0.100】运行脚本[root@ubuntu2204:~]# cat install_dns.sh #!/bin/bash DOMAIN=wang.org HOST=www HOST_IP=10.0.0.100 LOCALHOST=`hostname -I | awk '{print $1}'` . /etc/os-release color () { RES_COL=60 MOVE_TO_COL="echo -en \\033[${RES_COL}G" SETCOLOR_SUCCESS="echo -en \\033[1;32m" SETCOLOR_FAILURE="echo -en \\033[1;31m" SETCOLOR_WARNING="echo -en \\033[1;33m" SETCOLOR_NORMAL="echo -en \E[0m" echo -n "$1" && $MOVE_TO_COL echo -n "[" if [ $2 = "success" -o $2 = "0" ] ;then ${SETCOLOR_SUCCESS} echo -n $" OK " elif [ $2 = "failure" -o $2 = "1" ] ;then ${SETCOLOR_FAILURE} echo -n $"FAILED" else ${SETCOLOR_WARNING} echo -n $"WARNING" fi ${SETCOLOR_NORMAL} echo -n "]" echo } install_dns () { if [ $ID = 'centos' -o $ID = 'rocky' ];then yum install -y bind bind-utils elif [ $ID = 'ubuntu' ];then apt update apt install -y bind9 bind9-utils bind9-host bind9-dnsutils else color "不支持此操作系统,退出!" 1 exit fi } config_dns () { if [ $ID = 'centos' -o $ID = 'rocky' ];then sed -i -e '/listen-on/s/127.0.0.1/localhost/' -e '/allow-query/s/localhost/any/' -e 's/dnssec-enable yes/dnssec-enable no/' -e 's/dnssec-validation yes/dnssec-validation no/' /etc/named.conf cat >> /etc/named.rfc1912.zones <<EOF zone "$DOMAIN" IN { type master; file "$DOMAIN.zone"; }; EOF cat > /var/named/$DOMAIN.zone <<EOF \$TTL 1D @ IN SOA master admin ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A ${LOCALHOST} $HOST A $HOST_IP EOF chmod 640 /var/named/$DOMAIN.zone chgrp named /var/named/$DOMAIN.zone elif [ $ID = 'ubuntu' ];then sed -i 's/dnssec-validation auto/dnssec-validation no/' /etc/bind/named.conf.options cat >> /etc/bind/named.conf.default-zones <<EOF zone "$DOMAIN" IN { type master; file "/etc/bind/$DOMAIN.zone"; }; EOF cat > /etc/bind/$DOMAIN.zone <<EOF \$TTL 1D @ IN SOA master admin ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A ${LOCALHOST} $HOST A $HOST_IP EOF chgrp bind /etc/bind/$DOMAIN.zone else color "不支持此操作系统,退出!" 1 exit fi } start_service () { systemctl enable named systemctl restart named systemctl is-active named.service if [ $? -eq 0 ] ;then color "DNS 服务安装成功!" 0 else color "DNS 服务安装失败!" 1 exit 1 fi } install_dns config_dns start_service4.2.MySQL服务器【10.0.0.130】apt update && apt install mysql-server -yvim /etc/mysql/mysql.conf.d/mysqld.cnf # 注释掉 #bind-address = 127.0.0.1 #mysqlx-bind-address = 127.0.0.1 # 重启服务 systemctl restart mysql4.3.web服务器1【10.0.0.110】apt update && apt install apache2 php php-mysql -y修改主页[root@ubuntu2204:html]# echo 'welcome to M53 website' > /var/www/html/index.htm访问 wordpress官网: https://cn.wordpress.org下载上传并解压 4.4.web服务器2【10.0.0.120】apt update && apt install apache2 php php-mysql -y4.5.NFS服务器【10.0.0.140】【10.0.0.140】[root@ubuntu2204:~]# apt install nfs-server -y【10.0.0.110】【10.0.0.120】[root@ubuntu2204:wp-content]# apt install nfs-common -y【10.0.0.140】 【10.0.0.110】 【10.0.0.140】 【10.0.0.120】 4.6.rsync服务【10.0.0.150】配置文件内容[root@ubuntu2204:~]# cat /etc/rsyncd.conf uid = root gid = root max connections = 0 ignore errors exclude = lost+found/ log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock reverse lookup = no [backup] path = /data/backup/ comment = backup dir read only = no auth users = rsyncuser secrets file = /etc/rsync.pas服务器端生成验证文件 4.7.rsync服务【10.0.0.140】官方网站:https://rsync.samba.org/下载上传并解压查看是否同步 endl
-
实战案例:实现基于LAMP架构的类京东电商网站实战案例 @TOC1.实验目的:实现基于LAMP架构的类京东电商网站实战案例ShopXO 安全、稳定、高性能企业级B2C开源电商系统,基于php开发遵循MIT开源协议发布,无需授权、可商用、可二次开发、满足99%的电商运营需求,安装超过100万+官方网站:http://shopxo.net2.环境要求需要4台主机节点名称ip地址节点信息Rocky810.0.0.8eshop.wang.org网站Rocky810.0.0.18Mysqlubuntu2210.0.0.100防火墙ubuntu2210.0.0.110DNS主服务器3.前提准备关闭SElinux 关闭防火墙 # ----- ufw disable [09:27:58 root@ubuntu2204:~]# ufw status Status: inactive #如果是inactive表示已经关闭,如果是active表示已经启动 时间同步 # ----- apt -y install chrony; chronyc sources -v ; timedatectl set-timezone Asia/Shanghai # 更新 apt update ; apt upgrade4.实现步骤4台主机直接网络关系要打通4.1.apache+php 服务器【10.0.0.8】yum -y install httpd php php-mysqlnd php-json systemctl enable --now httpdrz unzip shopxo-v6.3.0.zip mv shopxo-v6.3.0/* /var/www/html/ chown -R apache.apache /var/www/html/tcpdump -i eth0 -nn port 804.2.Rocky linux8 安装php8.04.2.1.安装remi源dnf install epel-release dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm4.2.2.列出php版本dnf module list php4.2.3.变更php版本,Rocky8有提供php8版本,所以切换Rocky8提供的版本,而不是remi提供的版本,不过remi有提供php8.1和php8.2版本。dnf module reset php dnf module enable php:8.04.2.4.切换成remi提供的8.0版本dnf module enable php:remi-8.04.2.5.安装php# 报错安装 # dnf install libjpeg-turbo libtiff libwebp libXpm dnf install php php-cli php-curl php-mysqlnd php-gd php-opcache php-zip php-intl4.3.配置网关【10.0.0.8】vim /etc/sysconfig/network-scripts/ifcfg-eth0 GATEWAY=10.0.0.100nmcli conn reload;nmcli conn up eth04.4.MySQL 服务器 【10.0.0.18】mysql> create database shopxo; Query OK, 1 row affected (0.00 sec) mysql> create user shopxo@'10.0.0.%' identified by '123456'; Query OK, 0 rows affected (0.02 sec) mysql> grant all on shopxo.* to shopxo@'10.0.0.%'; Query OK, 0 rows affected (0.00 sec)4.5.Linux防火墙设置防火墙规则iptables -nvL iptables -t nat -A PREROUTING -d 192.168.10.100 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.8:80开启ip_forwardsysctl -a | grep ip_for vim /etc/sysctl.conf net.ipv4.ip_forward = 1 sysctl -p新增加一个网卡[19:06:55 root@firewalld:~]# vim /etc/netplan/01-netcfg.yaml network: version: 2 renderer: networkd ethernets: eth0: addresses: - 10.0.0.100/24 gateway4: 10.0.0.2 nameservers: search: - baidu.com addresses: [8.8.8.8, 129.19.19.19, 233.6.6.6] eth1: addresses: - 192.168.10.100/24netplan apply4.6.DNS主服务器apt -y install bind9vim /etc/bind/named.conf.options # 修改 dnssec-validation no;vim /etc/bind/named.conf.default-zones # 新增 zone "wang.org" IN { type master; file "/etc/bind/wang.org.zone"; };vim /etc/bind/wang.org.zone $TTL 1D @ IN SOA master admin ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 10.0.0.110 eshop A 192.168.10.1004.7.配置网站4.8.主页4.9.压力测试yum -y install php-opcache测试页面[19:53:54 root@Rocky8 ~]# vim /var/www/html/test.php <?php phpinfo(); ?>yum -y install httpd-tools[20:18:30 root@centos7 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 NAME=eth1 DEVICE=eth1 IPADDR=192.168.10.7 PREFIX=24 ONBOOT=yes BOOTPROTO=static DNS=192.168.10.110 #不需要网关 #不用配置DNS[20:23:01 root@centos7 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 NAME=eth0 BOOTPROTO=static IPADDR=10.0.0.7 PREFIX=24 GATEWAY=10.0.0.2 DNS1=192.168.10.110 ONBOOT=yes[20:23:25 root@centos7 ~]# cat /etc/resolv.conf # Generated by NetworkManager search 9 nameserver 192.168.10.110# 测试 curl http://eshop.wang.org/test.php ab -c 10 -n 100 http://eshop.wang.org/endl
-
跳板机、堡垒机项目 @TOC1.堡垒机与跳板机跳板机,堡垒机是未来工作环境中,远程连接必备设备或服务,要求我们只能连接堡垒机或跳板机,然后通过它在对服务器进行管理与控制。跳板机:简单的跳板工具.堡垒机:跳板工具+审计功能.堡垒机产品 开源软件Jumpserver,Teleport.物理硬件设备购买云服务购买2.项目实战【实战前拍快照】官网:https://tp4a.com/download官方文档:https://doc-v3.tp4a.com/install/下载软件包检查文件大小解压进入目录并安装根据提示进行安装全部完成安装检查teleport是否运行中关闭或重启服务2.1.Teleport下载软件包--拖拽上传并解压安装2.2.检查teleport是否运行/etc/init.d/teleport status2.3.关闭或重启服务/etc/init.d/teleport stop /etc/init.d/teleport start /etc/init.d/teleport restart2.4.关闭防火墙和Selinux#关闭防火墙 systemctl stop firewalld systemctl disable firewalld #检查防火墙是否关闭 systemctl status firewalld #不显示绿色(running)即可。 #关闭selinux(工作中基本关闭) setenforce 0 #临时关闭 vim /etc/selinux/config #找出中间的行SELINUX=enforcing 修改为 SELINUX=disabled getenforce #结果是permissive或2.5.访问网站10.0.0.7:7190endl
-
域名系统DNS服务【实验】 @TOC1.查DNSyum -y install bind-utils bind whois nslookup www.baidu.com dig www.baidu.com host www.baidu.com rndc reload #重新加载服务 rndc flush #清空缓存2.实战案例:实现DNS正向主服务器2.1.实验目的搭建DNS正向主服务器,实现web服务器基于FQDN的访问2.2.环境要求主机ip角色备注10.0.0.8DNS服务端为客户端主机提供DNS解析服务10.0.0.100web服务器提供web网站10.0.0.18DNS客户端客户端主机将DNS指向10.0.0.82.3.前提准备#关闭SELinux getenforce sestatus #关闭防火墙 systemctl status firewalld #时间同步 systemctl status chronyd2.4.安装软件【rocky8】yum -y install bind bind-utils systemctl start named #第一次启动服务2.5.修改bind 配置文件【rocky8】vim /etc/named.conf #注释掉下面两行 # listen-on port 53 { 127.0.0.1; } # allow-query { localhost; };vim /etc/named.rfc1912.zones #加上下面内容 zone "wang.org" IN { type master; file "wang.org.zone"; };2.6.DNS区域数据库文件【rocky8】vim /var/named/wang.org.zone $TTL 86400 @ IN SOA dns.wang.org. admin.magedu.com. ( 2024110216 3H 10M 1D 1W ) NS dns1 dns1 A 10.0.0.8 www A 10.0.0.18 db A 10.0.0.200cp -p /var/named/named.localhost /var/named/wang.org.zone #如果没有加-p选项,需要修改所有者或权限。chgrp named wang.org.zonevim /var/named/wang.org.zone $TTL 1D @ IN SOA master admin.wang.org. ( 20211102 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 10.0.0.8 www A 10.0.0.18 db A 10.0.0.2002.7.修改文件权限【rocky8】chmod 640 /var/named/wang.org.zone chgrp named /var/named/wang.org.zone #chown root.named /var/named/wang.org.zone ll /var/named/wang.org.zone2.8.检查配置文件和数据库文件格式,并启动服务【rocky8】named-checkzone wang.org /var/named/wang.org.zone rndc reload #不是第一次启动服务 curl www.wang.org2.9.修改DNS【rocky8】vim /etc/sysconfig/network-scripts/ifcfg-eth0 DNS1=10.0.0.8 #centos7 以上版执行现下面命令生效 nmcli con reload nmcli con up eth0 #centos 6 执行下面命令生效 service network restart #有以下记录,算是成功 cat /etc/resolv.conf # Generated by NetworkManager nameserver 10.0.0.82.10.实现WEB服务【ubuntu100】yum -y install nginx echo "www.wang.com --- this page from 10.0.0.18" > /usr/share/nginx/html/index.html systemctl start nginx2.11.测试【rocky8】curl www.wang.org2.12.在windows物理机上测试将Vmnet8网卡的DNS 设为 10.0.0.206,然后在浏览器内访问域名 3.实战:实现DNS自解析主机ip角色备注10.0.0.100DNS SERVER为客户端主机提供DNS解析服务10.0.0.18web 网站提供web网站10.0.0.8DNS客户端客户端主机将DNS指向10.0.0.1003.1.安装软件ubuntu100apt install -y bind9 bind9-utils bind9-host3.2.ubuntu100【新增 zones 记录】vim /etc/bind/named.conf.default-zones zone "linux-magedu.com" IN{ # IN 可以省略不写 type master; file "/etc/bind/db.linux-magedu.com"; };3.3.ubuntu100【设置具体解析规则】vim /etc/bind/db.linux-magedu.com linux-magedu.com. 86400 IN SOA linux-magedu-dns. admin.linux-magedu.com. ( 123 3H 15M 1D 1W ) linux-magedu.com. 86400 IN NS dns1.linux-magedu.com. dns1.linux-magedu.com. 86400 IN A 10.0.0.100 www.linux-magedu.com. 86400 IN A 10.0.0.18上述资源记录可以进行修改[root@ubuntu ~]# cat /etc/bind/db.linux-magedu.com $TTL 86400 #定义全局TTL,定义之后具体记录可以省略此字段 @ IN SOA linux-magedu-dns. admin.linux-magedu.com. ( 123 3H 15M 1D 1W ) NS dns1 dns1 A 10.0.0.206 www A 10.0.0.210 #用@表示域名 #dns1.linux-magedu.com. 可以写成 dns1 #因为在 /etc/bind/named.conf.default-zones 中明确指定了该配置文件用来解析的域名是 linuxmagedu.com #www.linux-magedu.com. 可以写成 www #多条记录中,如果后面记录字段值与前面记录字段值相同,则可以省略3.4.修改权限,修改属主属组chmod 640 /etc/bind/db.linux-magedu.com chgrp bind /etc/bind/db.linux-magedu.com #chown root.bind /var/named/wang.org.zone ll /var/named/wang.org.zone3.5.语法检查named-checkzone linux-magedu.com /etc/bind/db.linux-magedu.com3.6.重载生效rndc reload3.7.在web服务主机上实现网站【服务端rocky18】yum -y install nginx echo "www.linux-magedu.com --- this page from 10.0.0.18" > /usr/share/nginx/html/index.html systemctl start nginx3.8.在客户端主机上进行测试【客户端rocky8】#先修改客户端主机的DNS服务器地址 [19:11:01 root@Rocky8 ~]# cat /etc/resolv.conf # Generated by NetworkManager search 9 nameserver 10.0.0.100 curl www.linux-magedu.com host www.linux-magedu.com ping www.linux-magedu.com -c1 [19:15:33 root@Rocky8 ~]# curl www.linux-magedu.com www.linux-magedu.com --- this page from 10.0.0.183.9.在windows物理机上测试将Vmnet8网卡的DNS 设为 10.0.0.206,然后在浏览器内访问域名 4.实战:实现从服务器slave主机ip角色备注10.0.0.8DNS主服务端为客户端主机提供DNS解析服务10.0.0.18DNS从服务端为客户端主机提供DNS解析服务10.0.0.100web服务器提供web网站10.0.0.7DNS客户端客户端主机将DNS指向10.0.0.84.1.修改bind 配置文件【master】vim /etc/named.conf #注释掉下面两行 # listen-on port 53 { 127.0.0.1; } # allow-query { localhost; }; #加上这段 #只允许从服务器进行区域传输 allow-transfer { 从服务器IP;};vim /etc/named.rfc1912.zoneszone "wang.org" IN{ type slave; file "wang.org.zone"; };4.2.DNS区域数据库文件【master】vim /var/named/wang.org.zone $TTL 86400 @ IN SOA dns.wang.org. admin.magedu.com. ( 2024110216 3H 10M 1D 1W ) NS dns1 dns1 A 10.0.0.8 www A 10.0.0.18 db A 10.0.0.200cp -p /var/named/named.localhost /var/named/wang.org.zone #如果没有加-p选项,需要修改所有者或权限。chgrp named wang.org.zonevim /var/named/wang.org.zone $TTL 1D @ IN SOA master admin.wang.org. ( 20211102 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 10.0.0.8 www A 10.0.0.18 db A 10.0.0.2004.3.修改文件权限【master】chmod 640 /var/named/wang.org.zone chgrp named /var/named/wang.org.zone #chown root.named /var/named/wang.org.zone ll /var/named/wang.org.zone4.4.检查配置文件和数据库文件格式,并启动服务【master】named-checkzone wang.org /var/named/wang.org.zone rndc reload #不是第一次启动服务4.5.修改bind 配置文件【slave】vim /etc/named.conf #注释掉下面两行 # listen-on port 53 { 127.0.0.1; } # allow-query { localhost; }; #加上这段 #不允许其它主机进行区域传输 allow-transfer { none;};vim /etc/named.rfc1912.zoneszone "wang.org" IN{ type slave; masters {10.0.0.8;}; file "slaves/wang.org.slave.zone"; };4.6.启动服务器,自动同步数据库文件是否自动生成【slave】[20:39:34 root@slave ~]# systemctl enable --now named [20:39:42 root@slave ~]# ll /var/named/slaves total 4 -rw-r--r-- 1 named named 273 Nov 2 20:39 wang.org.slave.zone4.7.启动服务端【server】yum -y install nginx echo "www.wang.com --- this page from 10.0.0.18" > /usr/share/nginx/html/index.html systemctl start nginx4.8.启动客户端【client】dig www.wang.org @10.0.0.18修改DNSvim /etc/sysconfig/network-scripts/ifcfg-eth0 DNS1=10.0.0.8 DNS2=10.0.0.18systemctl restart network ping www.wang.org dig www.wang.org关闭主服务器rndc stop ss -ntlp修改主配置文件-查看是否同步[21:01:36 root@master ~]# vim /var/named/wang.org.zone $TTL 86400 @ IN SOA dns.wang.org. admin.magedu.com. ( 2024110220 3H 10M 1D 1W ) NS dns1 NS dns2 dns1 A 10.0.0.8 dns2 A 10.0.0.18 www A 10.0.0.100 db A 10.0.0.200rndc reload4.9.拒绝访问53端口## DNS什么时候使用端口号 53/tcp 和 53/udp tcp53是用来实现同步数据用的,不影响查询 udp53也要影响同步ss -ntlu iptables -A INPUT -p tcp --dport 53 -j REJECT5.实战:启用缓存yum -y install nscd systemctl status nscd systemctl enable --now nscd # 启用缓存 nscd -g6.实战:实现DNS反向解析[rocky8 ~]vim /etc/named.rfc1912.zones # 最底下添加 zone "0.0.10.in-addr.arpa" IN { type master; file "10.0.0.zone"; };cd /var/named vim 10.0.0.zone $TTL 1D @ IN SOA ns admin ( 1 1H 10M 3D 3H ) NS ns.wang.org. 100 PTR www.wang.org. 200 PTR www.a.com.named-checkconf named-checkzone 0.0.10.in-addr.arpa 10.0.0.zone[centos7 ~]dig -t ptr 100.0.0.10.in-addr.arpa dig -x 10.0.0.1007.install_dns.sh#!/bin/bash DOMAIN=wang.org HOST=www HOST_IP=10.0.0.100 LOCALHOST=`hostname -I | awk '{print $1}'` . /etc/os-release color () { RES_COL=60 MOVE_TO_COL="echo -en \\033[${RES_COL}G" SETCOLOR_SUCCESS="echo -en \\033[1;32m" SETCOLOR_FAILURE="echo -en \\033[1;31m" SETCOLOR_WARNING="echo -en \\033[1;33m" SETCOLOR_NORMAL="echo -en \E[0m" echo -n "$1" && $MOVE_TO_COL echo -n "[" if [ $2 = "success" -o $2 = "0" ] ;then ${SETCOLOR_SUCCESS} echo -n $" OK " elif [ $2 = "failure" -o $2 = "1" ] ;then ${SETCOLOR_FAILURE} echo -n $"FAILED" else ${SETCOLOR_WARNING} echo -n $"WARNING" fi ${SETCOLOR_NORMAL} echo -n "]" echo } install_dns () { if [ $ID = 'centos' -o $ID = 'rocky' ];then yum install -y bind bind-utils elif [ $ID = 'ubuntu' ];then apt update apt install -y bind9 bind9-utils bind9-host else color "不支持此操作系统,退出!" 1 exit fi } config_dns () { if [ $ID = 'centos' -o $ID = 'rocky' ];then sed -i -e '/listen-on/s/127.0.0.1/localhost/' -e '/allow-query/s/localhost/any/' -e 's/dnssec-enable yes/dnssec-enable no/' -e 's/dnssec-validation yes/dnssec-validation no/' /etc/named.conf cat >> /etc/named.rfc1912.zones <<EOF zone "$DOMAIN" IN { type master; file "$DOMAIN.zone"; }; EOF cat > /var/named/$DOMAIN.zone <<EOF \$TTL 1D @ IN SOA master admin ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A ${LOCALHOST} $HOST A $HOST_IP EOF chmod 640 /var/named/$DOMAIN.zone chgrp named /var/named/$DOMAIN.zone #chown root.named /var/named/$DOMAIN.zone elif [ $ID = 'ubuntu' ];then sed -i 's/dnssec-validation auto/dnssec-validation no/' /etc/bind/named.conf.options cat >> /etc/bind/named.conf.default-zones <<EOF zone "$DOMAIN" IN { type master; file "/etc/bind/$DOMAIN.zone"; }; EOF cat > /etc/bind/$DOMAIN.zone <<EOF \$TTL 1D @ IN SOA master admin ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A ${LOCALHOST} $HOST A $HOST_IP EOF chgrp bind /etc/bind/$DOMAIN.zone else color "不支持此操作系统,退出!" 1 exit fi } start_service () { systemctl enable named systemctl restart named systemctl is-active named.service if [ $? -eq 0 ] ;then color "DNS 服务安装成功!" 0 else color "DNS 服务安装失败!" 1 exit 1 fi } install_dns config_dns start_service8.实战:子域的实现主机ip角色备注10.0.0.8DNS主服务端为客户端主机提供DNS解析服务10.0.0.18DNS从服务端为客户端主机提供DNS解析服务10.0.0.28子域为客户端主机提供DNS解析服务10.0.0.100web服务器提供web网站10.0.0.7DNS客户端客户端主机将DNS指向10.0.0.8[10:31:28 root@master ~]# vim /var/named/wang.org.zone $TTL 86400 @ IN SOA dns.wang.org. admin.magedu.com. ( 2024110226 3H 10M 1D 1W ) NS dns1 NS dns2 dns1 A 10.0.0.8 dns2 A 10.0.0.18 www A 10.0.0.100 db A 10.0.0.200 www.sh A 1.1.1.1[09:55:42 root@centos7 ~]# dig www.sh.wang.org[10:31:28 root@master ~]# vim /var/named/wang.org.zone $TTL 86400 @ IN SOA dns.wang.org. admin.magedu.com. ( 2024110226 3H 10M 1D 1W ) NS dns1 NS dns2 bj NS bjdns dns1 A 10.0.0.8 dns2 A 10.0.0.18 bjdns A 10.0.0.28 www A 10.0.0.100 db A 10.0.0.200 www.sh A 1.1.1.1[10:33:54 root@Rocky8 ~]# bash install_dns.sh [10:34:50 root@Rocky8 ~]# dig www.bj.wang.org @127.0.0.1 [10:55:15 root@Rocky8 ~]# vim /var/named/bj.wang.org.zone $TTL 1D @ IN SOA master admin ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 10.0.0.28 www A 2.2.2.2dig www.bj.wang.org[10:55:15 root@Rocky8 ~]# vim /var/named/bj.wang.org.zone $TTL 1D @ IN SOA master admin ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS master master A 10.0.0.28 www A 3.3.3.3# 清除缓存信息,不清楚否则等一天 [10:56:29 root@master ~]# rndc flush9.实战:只能DNS的实现9.1.DNS 服务器的网卡配置#配置两个IP地址 #eth0:10.0.0.7/24 #eth1: 192.168.10.7/24[14:52:18 root@centos7 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:cb:3a:dd brd ff:ff:ff:ff:ff:ff inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:cb:3a:e7 brd ff:ff:ff:ff:ff:ff inet 192.168.10.7/24 brd 192.168.10.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fecb:3ae7/64 scope link valid_lft forever preferred_lft forever#配置两个IP地址 #eth0:10.0.0.8/24 #eth1: 192.168.10.8/24[14:59:43 root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:62:cb:f7 brd ff:ff:ff:ff:ff:ff altname enp3s0 altname ens160 inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe62:cbf7/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:62:cb:01 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 192.168.10.8/24 brd 192.168.10.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe62:cb01/64 scope link valid_lft forever preferred_lft forever9.2.主DNS服务端配置文件实现 viewvim /etc/named.conf#在文件最前面加下面行 acl test_net { 10.0.0.0/24; 172.16.0.0/24; }; acl product_net{ 192.168.10.0/24; };#注释掉下面两行 // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; # 末尾注释掉 // zone "." IN { // type hint; // file "named.ca"; // }; #其它略# 创建view view test_view { match-clients {test_net;}; include "/etc/named.rfc1912.zones.test"; }; view product_view { match-clients {product_net;}; include "/etc/named.rfc1912.zones.product"; }; #include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";9.3.实现区域配置文件vim /etc/named.rfc1912.zones.product# 前面添加 zone "wang.org" IN { type master; file "wang.org.zone.product"; }; # 末尾添加 zone "." IN { type hint; file "named.ca"; };vim /etc/named.rfc1912.zones.test# 前面添加 zone "wang.org" IN { type master; file "wang.org.zone.test"; }; # 末尾添加 zone "." IN { type hint; file "named.ca"; };chgrp named /etc/named.rfc1912.zones.test chgrp named /etc/named.rfc1912.zones.product9.4.创建区域数据库文件vim /var/named/wang.org.zone.test $TTL 86400 @ IN SOA dns.wang.org. admin.magedu.com. ( 2024110226 3H 10M 1D 1W ) NS dns1 dns1 A 10.0.0.8 www A 10.0.0.100vim /var/named/wang.org.zone.product $TTL 86400 @ IN SOA dns.wang.org. admin.magedu.com. ( 2024110226 3H 10M 1D 1W ) NS dns1 dns1 A 192.168.10.8 www A 10.0.0.100 * A 10.0.0.123 @ A 10.0.0.121chgrp named /var/named/wang.org.zone.test chgrp named /var/named/wang.org.zone.product systemctl start named #第一次启动服务 rndc reload #不是第一次启动服务9.5.客户端测试10.客户端诊断工具,查看IP走向tcpdump -i eth0 udp port 53 -nn11.面试题DNS工作原理递归和迭代查询的区别DNS什么时候使用端口号 53/tcp 和 53/udptcp53是用来实现同步数据用的,不影响查询 udp53也要影响同步CDN工作原理上家公司域名解析是怎么解析的,哪个平台解析的企业外部用的阿里云的,内部自己搭的DNS软件bindendl
