内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档介绍企业级DNS服务部署综合实战案例。
风哥提示:
Part01-BIND DNS部署
1.1 BIND安装配置
[root@fgedu-dns1 ~]# yum install -y bind bind-utils
# 配置named.conf
[root@fgedu-dns1 ~]# cat > /etc/named.conf << 'EOF'
options {
listen-on port 53 { 192.168.1.10; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
forwarders {
8.8.8.8;
8.8.4.4;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "fgedu.net.cn" IN {
type master;
file "fgedu.net.cn.zone";
allow-update { none; };
allow-transfer { 192.168.1.11; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-update { none; };
allow-transfer { 192.168.1.11; };
};
EOF
# 创建正向解析区域
[root@fgedu-dns1 ~]# cat > /var/named/fgedu.net.cn.zone << 'EOF'
$TTL 86400
@ IN SOA ns1.fgedu.net.cn. admin.fgedu.net.cn. (
2026040401 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
@ IN NS ns1.fgedu.net.cn.
@ IN NS ns2.fgedu.net.cn.
@ IN MX 10 mail.fgedu.net.cn.
@ IN A 192.168.1.100
ns1 IN A 192.168.1.10
ns2 IN A 192更多学习教程公众号风哥教程itpux_com.168.1.11
www IN A 192.168.1.100
api IN A 192.168.1.100
mail IN A 192.168.1.101
ftp IN A 192.168.1.102
vpn IN A 192.168.1.103
git IN A 192.168.1.104
harbor IN A 192.168.1.105
; 服务发现
_web._tcp.www IN SRV 0 5 80 www.fgedu.net.cn.
_api._tcp.api IN SRV 0 5 8080 api.fgedu.net.cn.
EOF
# 创建反向解析区域
[root@fgedu-dns1 ~]# cat > /var/named/192.168.1.zone << 'EOF'
$TTL 86400
@ IN SOA ns1.fgedu.net.cn. admin.fgedu.net.cn. (
2026040401 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
@ IN NS ns1.fgedu.net.cn.
@ IN NS ns2.fgedu.net.cn.
10 IN PTR ns1.fgedu.net.cn.
11 IN PTR ns2.fgedu.net.cn.
100 IN PTR www.fgedu.net.cn.
101 IN PTR mail.fgedu.net.cn.
102 IN PTR ftp.fgedu.net.cn.
103 IN PTR vpn.fgedu.net.cn.
EOF
# 检查配置
[root@fgedu-dns1 ~]# named-checkconf
[root@fgedu-dns1 ~]# named-checkzone fgedu.net.cn /var/named/fgedu.net.cn.zone
zone fgedu.net.cn/IN: loaded serial 2026040401
OK
# 启动BIND
[root@fgedu-dns1 ~]# systemctl enable named --now
Part02-DNS主从复制
2.1 从服务器配置
[root@fgedu-dns2 ~]# cat > /etc/named.conf << 'EOF' options { listen-on port 53 { 192.168.1.11; }; directory "/var/named"; allow-query { any; }; recursion yes; }; zone "fgedu.net.cn" IN { type slave; file "slaves/fgedu.net.cn.zone"; masters { 192.168.1.10; }; }; zone "1.168.192.in-addr.arpa" IN { type slave; file "slaves/192.168.1.zone"; masters { 192.168.1.10; }; }; EOF # 启动从服务器 [root@fgedu-dns2 ~]# systemctl enable named --now # 验证区域传输 [root@fgedu-dns2 ~]# ls -la /var/named/slaves/ total 8 drwxrwx---. 2 named named 6 Apr 4 23:00 . drwxr-xr-x. 8 root root 76 Apr 4 23:00 .. -rw-r--r--. 1 named named 512 Apr 4 23:00 fgedu.net.cn.zone -rw-r--r--. 1 named named 512 Apr 4 23:00 192.168.1.zone # 测试DNS解析 [root@fgedu-client ~]# nslookup www.fgedu.net.cn 192.168.1.10 Server: 192.168.1.10 Address: 192.168.1.10#53 Name: www.fgedu.net.更多视频教程www.fgedu.net.cncn Address: 192.168.1.100 [root@fgedu-client ~]# dig @192.168.1.10 www.fgedu.net.cn ; <<>> DiG 9.16.23 <<>> @192.168.1.10 www.fgedu.net.cn
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.fgedu.net.cn. IN A ;; ANSWER SECTION: www.fgedu.net.cn. 86400 IN A 192.168.1.100 ;; AUTHORITY SECTION: fgedu.net.cn. 86400 IN NS ns1.fgedu.net.cn. fgedu.net.cn. 86400 IN NS ns2.fgedu.net.cn. ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) ;; WHEN: Sat Apr 04 23:00:00 CST 2026 ;; MSG SIZE rcvd: 96
Part03-DNS负载均衡
3.1 轮询DNS配置
[root@fgedu-dns1 ~]# cat > /var/named/fgedu.net.cn.zone << 'EOF' $TTL 60 @ IN SOA ns1.fgedu.net.cn. admin.fgedu.net.cn. ( 2026040402 ; Serial 60 ; Refresh 30 ; Retry 3600 ; Expire 60 ; Minimum TTL ) @ IN NS ns1.fgedu.net.cn. @ IN NS ns2.fgedu.net.cn. ; Web服务器轮询 www IN A 192.168.1.20 www IN A 192.168.1.21 www IN A 19from PG视频:www.itpux.com2.168.1.22 ; API服务器轮询 api IN A 192.168.1.30 api IN A 192.168.1.31 api IN A 192.168.1.32 ; 邮件服务器 @ IN MX 10 mail1.fgedu.net.cn. @ IN MX 20 mail2.fgedu.net.cn. mail1 IN A 192.168.1.40 mail2 IN A 192.168.1.41 ; 健康检查记录 health IN A 192.168.1.100 EOF # 重载配置 [root@fgedu-dns1 ~]# rndc reload server reload successful # 测试轮询 [root@fgedu-client ~]# for i in {1..3}; do nslookup www.fgedu.net.cn 192.168.1.10 | grep Address | tail -1; done Address: 192.168.1.20 Address: 192.168.1.21 Address: 192.168.1.22
Part04-DNS监控
4.1 DNS监控配置
[root@fgedu-dns1 ~]# wget https://github.com/prometheus-community/bind_exporter/releases/download/v0.7.0/bind_exporter-0.7.0.linux-amd64.tar.gz
[root@fgedu-dns1 ~]# tar xzf bind_exporter-0.7.0.linux-amd64.tar.gz
[root@fgedu-dns1 ~]# mv bind_exporter-0.7.0.linux-amd64/bind_exporter /usr/local/bin/
# 配置BIND统计
[root@fgedu-dns1 ~]# cat >> /etc/named.conf << 'EOF'
statistics-channels {
inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
};
EOF
[root@fgedu-dns1 ~]# systemctl restart named
# 启动Exporter
[root@fgedu-dns1 ~]# cat > /etc/systemd/system/bind_exporter.service << 'EOF'
[Unit]
Description=BIND Exporter
After=network.target
[Service]
Type=simple
User=named
ExecStart=/usr/local/bin/bind_exporter --bind.stats-url=http://127.0.0.1:8053/
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
[root@fgedu-dns1 ~]# systemctl daemon-reload
[root@fgedu-dns1 ~]# systemctl enable bind_exporter --now
# 配置Prometheus
[root@fgedu-prometheus ~]# cat >> /etc/prometheus/prometheus.yml << 'EOF'
- job_name: 'bind'
static_configs:
- targets: ['192.168.1.10:9119', '192.168.1.11:9119']
EOF
# 创建DNS健康检查脚本
[root@fgedu-dns1 ~]# cat > /usr/local/bin/dns-health-check.sh << 'EOF'
#!/bin/bash
# dns-health-check.sh
# from:www.itpux.com.qq113257174.wx:itpux-com
# web: http://www.fgedu.net.cn
echo "=== DNS健康检查 ==="
echo "检查时间: $(date)"
echo ""
echo "1. 服务状态"
systemctl is-active named
echo ""
echo "2. 解析测试"
domains=("www.fgedu.net.cn" "api.fgedu.net.cn" "mail.fgedu.net.cn")
for domain in "${domains[@]}"; do
result=$(dig +short $domain @localhost)
if [ -n "$result" ]; then
echo "$domain: $result"
else
echo "$domain: 解析失败!"
fi
done
echo ""
echo "3. 区域状态"
rndc status
echo ""
echo "4. 查询统计"
curl -s http://127.0.0.1:8053/ | grep -A 5 "queries"
echo ""
echo "=== 检查完成 ==="
EOF
[root@fgedu-dns1 ~]# chmod +x /usr/local/bin/dns-health-check.sh
- 配置主从DNS服务器
- 启用DNSSEC安全
- 配置合理的TTL值
- 实施DNS监控
- 定期备份区域文件
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
