首页 > 代码库 > 从根开始的DNS服务器架构,让整个互联网掌控于你的手中

从根开始的DNS服务器架构,让整个互联网掌控于你的手中

    做为想完全掌握DNS服务的同学来说,就很有必要去理解一下,到底我们做为客户机在上网时把DNS地址指向电信提供的DNS服务器后,我们在浏览器上输入一个域名的同时,这些DNS服务器是如何帮我们解析出对应的IP地址的。那么今天就给大家揭密一下,如何从根开始搭建一个完整的互联网体系下的DNS服务器架构,从此,让整体互联网从你开始,让整个互联网掌控于你的手中。


环境需求:

    1、5台DNS服务器

    2、操作系统版本:Centos7.2

    3、DNS解析器(bind)版本:9.9.4


架构部署如图所示

技术分享

.服务器:

Name:dns.root.

IP:10.1.42.71


com服务器:

Name:dns.com.

IP:10.1.42.72


bidu.com服务器:

Name:dns.baidu.com.

IP:10.1.42.73


www.baidu.com服务器:

Name:www.baidu.com.

IP:10.1.42.74


运营商DNS服务器:

Name:dns.dx.

IP:10.1.42.75


客户机:

IP:10.1.42.76

DNS:10.1.42.75



.服务器的配置

1,修改主机名(由于需要机器较多,便于自己识别)

[root@centos730g ~]# hostnamectl set-hostname dns.root.

[root@dns ~]# hostname

dns.root

[root@dns ~]# 


2,配置网络接口

[root@dns ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 


DEVICE=eno16777736

ONBOOT=yes

BOOTPROTO=none

IPADDR=10.1.42.71

PREFIX=16


3,关闭防火墙(由于机器较多,直接关闭比较方便)

[root@dns ~]# systemctl stop firewalld

[root@dns ~]# 


4,安装bind

[root@dns ~]# yum install -y bind

......过程省略

Installed:

  bind.x86_64 32:9.9.4-29.el7


Dependency Installed:

  bind-libs.x86_64 32:9.9.4-29.el7


Complete!

[root@dns ~]# 


5,编辑DNS主配文件

[root@dns ~]# vim /etc/named.conf 

 //      listen-on port 53 { 127.0.0.1; };

//      allow-query     { localhost; };

注释掉上述两行


dnssec-enable no;

dnssec-validation no;

上述两项的yes改为no,这两项yes是使用加密及签名来保证DNS服务器通信安全的,由于我们没有使用,所以必须改为no,否则下级DNS是无法与上级DNS进行通信的


zone "." IN {

type master;

file "named.ca";

};

修改根的类型:hint-->master


6,重写根的解析文件/var/named/named.ca

[root@dns ~]# cd /var/named/

[root@dns named]# echo >named.ca

[root@dns named]# vim named.ca

$TTL 1D

. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )

. IN NS dns.root.

dns.root. IN A 10.1.42.71

com IN NS dns.com.

dns.com. IN A 10.1.42.72

[root@dns named]# 


7,检查配置文件语法有无错误

[root@dns named]# named-checkconf 

[root@dns named]# named-checkzone . named.ca

zone ./IN: loaded serial 1

OK

[root@dns named]# 


8,启动.服务器,检查日志确认启动成功

[root@dns named]# systemctl start named

[root@dns named]# cat /var/log/messages 

Sep 28 15:25:44 centos730g named[3712]: zone localhost/IN: loaded serial 0

Sep 28 15:25:44 centos730g named[3712]: zone localhost.localdomain/IN: loaded serial 0

Sep 28 15:25:44 centos730g named[3712]: all zones loaded

Sep 28 15:25:44 centos730g named[3712]: running

Sep 28 15:25:44 centos730g named[3712]: managed-keys-zone: Unable to fetch DNSKEY set ‘.‘: ncache nxrrset

Sep 28 15:25:44 centos730g systemd: Started Berkeley Internet Name Domain (DNS).

Sep 28 15:25:44 centos730g systemd: Reached target Host and Network Name Lookups.

Sep 28 15:25:44 centos730g systemd: Starting Host and Network Name Lookups.

[root@dns named]# 

日志里面有上述信息的出现说明dns.root.服务器启动成功


9,.服务器本机使用dig检测解析效果

[root@dns named]# dig dns.root.


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26131

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 86400 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 86400 IN NS dns.root.


;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 15:29:08 CST 2016

;; MSG SIZE  rcvd: 66


[root@dns named]# 

能得出如上解析信息,说明dns.root服务器可以正常提供解析服务了





com服务器的配置

1,前面4步同上,只是主机名与IP地址改为架构图上的对应信息就可以了

5,编辑DNS主配文件

[root@dns ~]# vim /etc/named.conf 

 //      listen-on port 53 { 127.0.0.1; };

//      allow-query     { localhost; };

注释掉上述两行


dnssec-enable no;

dnssec-validation no;

上述两项的yes改为no


zone "." IN {

type hint;

file "named.ca";

};


zone "com" IN {

type master;

file "com.zone";

};

根区域无需修改;新增com区域


6,复制.服务器上的named.ca文件到com服务器上

[root@dns ~]# scp 10.1.42.71:/var/named/named.ca /var/named/named.ca 

The authenticity of host ‘10.1.42.71 (10.1.42.71)‘ can‘t be established.

ECDSA key fingerprint is bb:2d:e3:b6:15:8f:b0:8d:66:28:2d:b5:5a:1b:a9:4e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘10.1.42.71‘ (ECDSA) to the list of known hosts.

root@10.1.42.71‘s password: 

named.ca 

[root@dns ~]#                                      100%  101     0.1KB/s   00:00

删除named.ca的最后两行

[root@dns ~]# cd /var/named/

[root@dns named]# cat named.ca 

$TTL 1D

. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )

. IN NS dns.root.

dns.root. IN A 10.1.42.71

[root@dns named]# 


7,新建com域的解析数据库,修改相应权限

[root@dns named]# vim com.zone


$TTL 1D

com. IN SOA dns.com. admin.com. ( 1 1D 1H 1W 1D )

com. IN NS dns.com.

dns.com. IN A 10.1.42.72

baidu.com. IN NS dns.baidu.com.

dns.baidu.com. IN A 10.1.42.73

[root@dns named]# chgrp named com.zone

[root@dns named]# chmod o-r com.zone 

[root@dns named]# ll 

total 32

-rw-r-----. 1 root  named  167 Sep 28 18:41 com.zone

drwxrwx---. 2 named named 4096 Sep 28 18:47 data

drwxrwx---. 2 named named 4096 Sep 28 18:47 dynamic

-rw-r-----. 1 root  named  101 Sep 28 15:42 named.ca

-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty

-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost

-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback

drwxrwx---. 2 named named 4096 Nov 20  2015 slaves

[root@dns named]# 


8,检查配置文件语法有无错误

[root@dns named]# named-checkconf 

[root@dns named]# named-checkzone com com.zone 

zone com/IN: getaddrinfo(dns.baidu.com) failed: Temporary failure in name resolution

zone com/IN: loaded serial 1

OK

[root@dns named]#

这里报出了一个获取dns.baidu.com域信息失败的错误,不用担心,正是因为我们的下级域baidu.com还没有搭建出来


9,启动dns.com服务器,检查日志确认启动成功

[root@dns named]# systemctl start named

[root@dns named]# cat /var/log/messages 

Sep 28 18:47:21 centos730g named[3728]: zone com/IN: loaded serial 1

Sep 28 18:47:21 centos730g named[3728]: zone localhost.localdomain/IN: loaded serial 0

Sep 28 18:47:21 centos730g named[3728]: zone localhost/IN: loaded serial 0

Sep 28 18:47:21 centos730g named[3728]: all zones loaded

Sep 28 18:47:21 centos730g named[3728]: running

Sep 28 18:47:21 centos730g systemd: Started Berkeley Internet Name Domain (DNS).

[root@dns ~]# 

日志里面有上述信息的出现说明dns.com服务器启动成功


10,在dns.com服务器上测试解析效果

[root@dns named]# dig dns.com. 


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.com.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 974

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.com. IN A


;; ANSWER SECTION:

dns.com. 86400 IN A 10.1.42.72


;; AUTHORITY SECTION:

com. 86400 IN NS dns.com.


;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 19:10:03 CST 2016

;; MSG SIZE  rcvd: 66


[root@dns named]# 

有结果和上述信息一样时说明dns.com服务器解析没问题


[root@dns named]# dig dns.root.


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33005

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 86400 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 86389 IN NS dns.root.


;; Query time: 4 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 19:51:01 CST 2016

;; MSG SIZE  rcvd: 66


[root@dns named]# 

有上述结果时说明com服务器是可以查询到根的





bidu.com服务器的配置

1,前4步和.服务器的配置操作相同,只是主机名与IP地址对应架构图就可以了

5,编辑DNS主配文件

[root@dns ~]# vim /etc/named.conf 

 //      listen-on port 53 { 127.0.0.1; };

//      allow-query     { localhost; };

注释掉上述两行


dnssec-enable no;

dnssec-validation no;

上述两项的yes改为no


zone "." IN {

        type hint;

        file "named.ca";

};


zone "baidu.com" IN {

        type master;

        file "baidu.com.zone";

};

根区域无需修改;新增baidu.com区域


6,复制dns.com服务器上的named.ca文件到dns.baidu.com服务器上

[root@dns ~]# scp 10.1.42.72:/var/named/named.ca /var/named/named.ca

The authenticity of host ‘10.1.42.72 (10.1.42.72)‘ can‘t be established.

ECDSA key fingerprint is bb:2d:e3:b6:15:8f:b0:8d:66:28:2d:b5:5a:1b:a9:4e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘10.1.42.72‘ (ECDSA) to the list of known hosts.

root@10.1.42.72‘s password: 

named.ca                                       100%  101     0.1KB/s   00:00    

[root@dns ~]# 

[root@dns ~]cd /var/named

[root@dns named]# cat named.ca 

$TTL 1D

. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )

. IN NS dns.root.

dns.root. IN A 10.1.42.71

[root@dns named]# 


7,新建baidu.com域的解析数据库,修改相应权限

[root@dns named]# vim baidu.com.zone

$TTL 1D

@ IN SOA dns.baidu.com. admin.baidu.com. ( 1 1D 1H 1W 1D )

@ IN NS dns.baidu.com.

dns.baidu.com. IN A 10.1.42.73

www IN A 10.1.42.74

[root@dns named]# chgrp named baidu.com.zone 

[root@dns named]# chmod o-r baidu.com.zone

[root@dns named]# ll

total 32

-rw-r-----. 1 root  named  143 Sep 28 19:31 baidu.com.zone

drwxrwx---. 2 named named 4096 Nov 20  2015 data

drwxrwx---. 2 named named 4096 Nov 20  2015 dynamic

-rw-r-----. 1 root  named  101 Sep 28 19:33 named.ca

-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty

-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost

-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback

drwxrwx---. 2 named named 4096 Nov 20  2015 slaves

[root@dns named]#


8,检查配置文件语法有无错误

[root@dns named]# named-checkconf

[root@dns named]# named-checkzone baidu.com baidu.com.zone

zone baidu.com/IN: loaded serial 1

OK

[root@dns named]# 


9,启动dns.baidu.com服务器,检查日志确认启动成功

[root@dns named]# systemctl start named

[root@dns named]# cat /var/log/messages

Sep 28 20:17:37 centos730g named[3906]: zone baidu.com/IN: loaded serial 1

Sep 28 20:17:37 centos730g named[3906]: all zones loaded

Sep 28 20:17:37 centos730g named[3906]: running

Sep 28 20:17:37 centos730g systemd: Started Berkeley Internet Name Domain (DNS).

[root@dns named]# 

日志里面有上述信息的出现说明dns.baidu.com服务器启动成功


10,在dns.baidu.com服务器上测试解析效果

[root@dns named]# dig dns.baidu.com


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23110

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.baidu.com. IN A


;; ANSWER SECTION:

dns.baidu.com. 86400 IN A 10.1.42.73


;; AUTHORITY SECTION:

baidu.com. 86400 IN NS dns.baidu.com.


;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 20:20:17 CST 2016

;; MSG SIZE  rcvd: 72


[root@dns named]# 

有上述结果时说明dns.badu.com服务器解析没问题


[root@dns named]# dig dns.root.


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8606

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 86400 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 86366 IN NS dns.root.


;; Query time: 2 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 20:17:25 CST 2016

;; MSG SIZE  rcvd: 66


[root@dns named]#

有上述结果时说明dns.baidu.com是可以查询到根的


[root@dns named]# dig dns.com


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39687

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.com. IN A


;; ANSWER SECTION:

dns.com. 85539 IN A 10.1.42.72


;; AUTHORITY SECTION:

com. 85539 IN NS dns.com.


;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 20:18:02 CST 2016

;; MSG SIZE  rcvd: 66


[root@dns named]# 

有上述结果时说明baidu.com是可以解析到上级com的dns服务器的





运营商DNS服务器的配置

1,前4步和.服务器的配置操作相同,只是主机名与IP地址对应架构图就可以了

5,编辑DNS主配文件

[root@dns ~]# vim /etc/named.conf 

 //      listen-on port 53 { 127.0.0.1; };

//      allow-query     { localhost; };

注释掉上述两行


dnssec-enable no;

dnssec-validation no;

上述两项的yes改为no,zone区域无需修改


6,复制dns.com服务器上的named.ca文件到dns.dx服务器上

[root@dns ~]# scp 10.1.42.72:/var/named/named.ca /var/named/named.ca

The authenticity of host ‘10.1.42.72 (10.1.42.72)‘ can‘t be established.

ECDSA key fingerprint is bb:2d:e3:b6:15:8f:b0:8d:66:28:2d:b5:5a:1b:a9:4e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘10.1.42.72‘ (ECDSA) to the list of known hosts.

root@10.1.42.72‘s password: 

named.ca                                       100%  101     0.1KB/s   00:00    

[root@dns ~]# 

[root@dns ~]cd /var/named

[root@dns named]# cat named.ca 

$TTL 1D

. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )

. IN NS dns.root.

dns.root. IN A 10.1.42.71

[root@dns named]#


7,检查配置文件语法有无错误,由于没有新增任何区域解析数据库文件,所以无需检查区域解析数据库存文件

[root@dns named]# named-checkconf 


8,启动dns.dx服务器,检查日志确认启动成功

[root@dns named]# cat /var/log/messages 

Sep 28 21:20:52 centos730g named[3232]: zone localhost.localdomain/IN: loaded serial 0

Sep 28 21:20:52 centos730g named[3232]: all zones loaded

Sep 28 21:20:52 centos730g named[3232]: running

Sep 28 21:20:52 centos730g named[3232]: managed-keys-zone: Unable to fetch DNSKEY set ‘.‘: ncache nxrrset

Sep 28 21:20:52 centos730g systemd: Started Berkeley Internet Name Domain (DNS).

Sep 28 21:20:52 centos730g systemd: Reached target Host and Network Name Lookups.

Sep 28 21:20:52 centos730g systemd: Starting Host and Network Name Lookups.

[root@dns named]# 


9,在dns.dx服务器上测试解析效果

[root@dns named]# dig dns.root. 


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32756

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 86400 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 86136 IN NS dns.root.


;; Query time: 2 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 21:25:16 CST 2016

;; MSG SIZE  rcvd: 66


[root@dns named]# 

能够得到上述结果时,说明运营商的DNS服务器是可以寻找到根DNS的


[root@dns named]# dig www.baidu.com


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dig www.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26532

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dig. IN A


;; AUTHORITY SECTION:

. 10800 IN SOA dns.root. admin.root. 1 86400 3600 604800 86400


;; Query time: 3 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 23:06:44 CST 2016

;; MSG SIZE  rcvd: 81


;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39968

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.baidu.com. IN A


;; ANSWER SECTION:

www.baidu.com. 85427 IN A 10.1.42.74


;; AUTHORITY SECTION:

baidu.com. 85419 IN NS dns.baidu.com.


;; ADDITIONAL SECTION:

dns.baidu.com. 85419 IN A 10.1.42.73


;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Sep 28 23:06:44 CST 2016

;; MSG SIZE  rcvd: 92


[root@dns named]# 

能够得到上述结果时,说明整个运营商的DNS服务器的转发解析是完全没问题的。可以开始为客户机提供DNS服务了





客户机配置运营商DNS服务器IP地址做全网解析测试

[root@khj ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 


DEVICE=eno16777736

ONBOOT=yes

BOOTPROTO=none

IPADDR=10.1.42.76

PREFIX=16

DNS1=10.1.42.75

客户机的DNS地址指向运营商的DNS服务器IP


[root@khj ~]# dig dns.root.


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31081

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dns.root. IN A


;; ANSWER SECTION:

dns.root. 84609 IN A 10.1.42.71


;; AUTHORITY SECTION:

. 84609 IN NS dns.root.


;; Query time: 1 msec

;; SERVER: 10.1.42.75#53(10.1.42.75)

;; WHEN: Wed Sep 28 23:19:47 CST 2016

;; MSG SIZE  rcvd: 66


[root@khj ~]# 

能够得到上述结果时,说明客户机是可以通过运营商的DNS服务器寻找到根DNS的


[root@khj ~]# dig www.baidu.com


; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5575

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.baidu.com. IN A


;; ANSWER SECTION:

www.baidu.com. 84500 IN A 10.1.42.74


;; AUTHORITY SECTION:

baidu.com. 84492 IN NS dns.baidu.com.


;; ADDITIONAL SECTION:

dns.baidu.com. 84492 IN A 10.1.42.73


;; Query time: 3 msec

;; SERVER: 10.1.42.75#53(10.1.42.75)

;; WHEN: Wed Sep 28 23:21:55 CST 2016

;; MSG SIZE  rcvd: 92


[root@khj ~]# 

能够得到上述结果时,说明客户机是可以通过运营商的DNS服务器正常解析各网站的域名,所以客户机也就只需要在配置网络接口时指定一下运营商给我们提供的DNS服务器IP之后,即可漫游整个互联网。而我们在地址栏上输入所有的域名后,后台大量的解析工作由我们全网的DNS服务器体系为我们默默地解析好了。


    整个试验至此,说明整个互联网DNS架构是基本完善了。当然我们这里的DNS安全方面已经忽略掉了,实际互联网环境中是必须建立相应的安全防护的。本文在这里就不做过多的探讨了。


    能够看完此文,并严格按照环境及架构去部署实验的朋友,相信你的实验结果和本文一样,是没有问题的。当你实验成功之时,你便能真正感受到:“从此,让整体互联网从你开始,让整个互联网掌控于你的手中”。

本文出自 “爱情防火墙” 博客,请务必保留此出处http://183530300.blog.51cto.com/894387/1857791

从根开始的DNS服务器架构,让整个互联网掌控于你的手中