Linux Service Management--dns Internet Architecture model implementation

Premise:

Prepare 8 Linux servers;

"1" a host as a user client:

With a telco DNS server is a local area network; IP address: 192.168.27.6 DNS address point to: [[email protected] ~] $cat/etc/resolv.conf # Generated by Networkmana Gersearch Magedu.comnameserver 192.168.27.5

"2" Telco DNS server configuration:

Telco DNS server: IP address: 192.168. The address of the 27.5 root server points to: [[email protected] named] $cat   named.ca.518400innsa.root-servers.net.a.root-servers.net.3600000ina192.168.27.166 Server master configuration file configuration:[[email  Protected] named] $cat  /etc/named.conf //listen-on port 53 { 127.0.0.1;  };LISTEN-ON-V6 PORT 53 { ::1;&NBSP,};d irectory  "/var/named";d ump-file  "/ Var/named/data/cache_dump.db ";statistics-file "/var/named/data/named_stats.txt ";memstatistics-file " /var/named/data/named_mem_stats.txt ";//allow-query     { localhost; };/*   - if you are building an authoritative dns server, do  not enable recursion. - if you are building a recursive   (caching)  dns server, you need to enable    recursion.   - if your recursive dns server has a public ip address, you must enable access     control to limit queries to your legitimate users.  Failing to do so will   cause your server to become  part of large scale DNS amplification    attacks.  Implementing bcp38 within your network would greatly   reduce  such attack surface */recursion yes;dnssec-enable no;dnssec-validation no; After the grammar check is correct, start the named service; [[email protected] named] $systemctl  start named client DNS needs to point to this DNS server ; This is for experimentation, temporary pointing; [[email protected] ~] $cat  /etc/resolv.conf # Generated by  networkmanagersearch magedu.comnameserver 192.168.27.5

"3" Dual Web server configuration:

web1.magedu.com 192.168.27.3web2.magedu.com 192.168.27.4 Server installation completed, production page; [email protected] ~]# echo ' [email prot Ected] ' >>/var/www/html/index.html [[email protected] ~]# echo ' [email protected] ' >>/var/www/htm l/index.html emptying rules; iptables-vnl; Iptables-f

"4" Master-slave DNS server configuration;

   dns1.magedu.com 192.168.27.17dns2.magedu.com 192.168.27.18[4.1]dns1.magedu.com  192.168.27.17 configuration: Primary DNS Server Master profile configuration: [[email protected] ~] $vim  /etc/named.confoptions {//       listen-on port 53 { 127.0.0.1; };         listen-on-v6 port 53 { ::1; };         directory        "/var/named";         dump-file        "/var/named/data/cache_ Dump.db ";        statistics-file "/var/named/data/named_stats.txt ";        memstatistics-file "/var/named/data/named_mem_stats.txt ";//      allow-query     { localhost; }; [[Email protected]&nbsP;~] $vim  /etc/named.rfc1912.zoneszone  "magedu.com"  IN {         type master;        file  "Magedu.com.zone" ;}; Zone Library configuration: [[email protected] named] $vim  magedu.com.zone$TTL 1D@IN SOA dns1  admin  (0; serial1d; refresh1h; retry1w; expire3h );  minimum@nsdns1@nsdns2dns1a192.168.27.17dns2a192.168.27.18web     a        192.168.27.3web     A        192.168.27.4www     CNAME   web*        A       192.168.27.3@        a       192.168.27.3 Note: The permissions of the file; [[email protected] named] $ll   Magedu.com.zone-rw-r-----.  1 root  named 265 jan 20 09:05 magedu.com.zone 

[4.2]dns2.magedu.com 192.168.27.18 Configuration: Configuration file from DNS server: [[email protected] named] $vim/etc/named.rfc1912.zoneszone " Magedu.com "in {type slave;masters {192.168.27.17;}; File "Slaves/magedu.com.slave.zone";}; Note The permissions of the directory, otherwise you cannot pull the zone file; [[email protected] named] $ll-D/var/named/drwxrwx---. 8 root named 177 Jan 06:59/var/named/Restart the service to sync the zone files; [[email protected] named] $systemctl restart Named[[email protecte D] named] $ll-D/var/named/slaves/magedu.com.slave.zone-rw-r--r--. 1 named named 449 Jan 21:22/var/named/slaves/magedu.com.slave.zone

"5". com DNS server configuration

. Comdns Server: IP address: 192.168.27.177DNS configuration file: [[email protected] ~] $vim  /etc/named.rfc1912.zonezone   "com"  IN {        type master;         file  "Com.zone";}; Zone library file configuration: [[email protected] named] $cat  /var/named/com.zone  $TTL  1D@IN  soadns1admin  (0; serial1d; refresh1h; retry1w; expire3h );  minimum@nsdns1magedunsdns2magedunsdns3dns1a192.168.27.177dns2a192.168.27.17dns3a192.168.27.18 service startup; [email  protected] named] $systemctl  start named[[email protected] named] $ss  - tnlstate    recv-q send-q    local address:port        Peer Address:Port               LISTEN      0       10          192.168.27.177:53         *:*                    LISTEN      0      10              127.0.0.1:53    *: *    [[email protected] ~] $dig  -t ns com @192.168.27.177[[ Email protected] ~] $dig  -t ns magedu.com @192.168.27.177[[email protected]  ~] $dig  www.magedu.com  @192.168.27.177

Configuration of the "6" root server:

Rootdns Server ip:192.168.27.166;named configuration file: [[email protected] ~] $vim  /etc/named.confoptions {//       listen-on port 53 { 127.0.0.1; };         listen-on-v6 port 53 { ::1; };         directory        "/var/named";         dump-file        "/var/named/data/cache_ Dump.db ";        statistics-file "/var/named/data/named_stats.txt ";        memstatistics-file "/var/named/data/named_mem_stats.txt ";//      allow-query     { localhost; };         recursion yes;         dnssec-enable no;        dnssec-validation no; #zone   "."  IN {#       type hint;#        file  "named.ca"; #}; #zone   "."  IN {        type master;         file  "Root.zone";}; include  "/etc/named.rfc1912.zones";include  "/etc/named.root.key"; Zone profile: [[email protected]  named] $cat  root.zone  $TTL  1D@IN SOAdns1admin  (0; serial1d; refresh1h;  retry1W; expire3H );  minimum@nsdns1comnsdns2dns1a192.168.27.166dns2a192.168.27.177 grammar check: [[ Email protected] named] $named-checkzone root root.zone zone root/in: loaded  serial 0ok Permission modification: [[email protected] named] $chmod  640 root.zone [roo[email  protected] named] $ll  root.zone -rw-r----- 1 root named 184 jan 21 11:19 root.zone 

"7" test;

[[Email protected] ~] $dig www.magedu.com @192.168.27.166; QUESTION Section:;www.magedu.com.ina; ANSWER section: www.magedu.com.86289INCNAMEweb.magedu.com.web.magedu.com.86289INA192.168.27.3web.magedu.com.86289INA192.168.27.4 ;; Authority section:magedu.com.86289innsdns2.magedu.com.magedu.com.86289innsdns1.magedu.com.; ADDITIONAL section:dns1.magedu.com.86289ina192.168.27.17dns2.magedu.com.86289ina192.168.27.18; Query Time:2 msec;; server:192.168.27.166#53 (192.168.27.166); When:sun Jan 06:24:51 EST 2018; MSG SIZE rcvd:163

Linux Service Management--dns Internet Architecture model implementation