DNS server construction and network bridging method

The bridging method of the network is to experiment on the real machine, and back up the files ifcfg-br0, ifcfg-ens33 before the experiment;

Edit the ifcfg-ens33 file in the /etc/sysconfig/network-scripts/ directory :

After editing, save and exit, and edit the file ifcfg-br0:

After editing, save and exit, restart the network system: systemctl restart network; ifconfig view the bridged network;

The set bridge network is restored to the static network;

rm -fr ifcfg-br0 ##### delete bridge network ifcfg-br0

vim ifcfg-ens33 #####Edit ifcfg-enss

systemctl restart network; #####Restart network service;

Use the command method to build a bridge network on the virtual machine:

Check if other bridge interfaces exist on the network

Create a new bridge interface; view the newly created bridge interface

Give the new bridge network ip address

Check whether the bridge network already exists ip,

The bridge network cannot be used at this time, because the new bridge interface is not running on the physical network card

The bridge interface runs to the physical network card; check whether it is connected to the physical network card;

Detecting if the bridged network is running successfully

If bridged networking is not required, it can be achieved by the following steps:

remove physical NIC

Delete the bridge interface (if it cannot be deleted, stop the bridge interface activity and delete it)

Check to see if the deletion is complete

Start the virtual machine management, add a new network card to the virtual machine, restart the virtual machine to read the new network card; check the network card, delete the information on the original network card, and check to confirm the complete deletion;

Monitoring command: watch -n 1 ' cat /proc/net/bonding/bond0'

nmcli connetion add con-name bond0 ifname bond0 type bond mode active-backup ip4 192.168.88.128/24

######Add URL successfully

But the ping fails because the physical network card is not set;

nmcli connetion add con-name ens33 ifname ens33 type bond-slave master bond0

######Bind the physical network card to the bomd interface to run

At this point, our network can be pinged, which means that our bond0 network is unblocked.

nmcli connetion add con-name ens37 ifname ens37 type bond-slave master bond0

#####Bind another physical NIC to the bond0 interface to run;

ifdown ens37 ########stop the physical network card ens37, and the network card ens33 directly replaces ens37 to ensure that the network will not be interrupted;

ifup ens37 #####Activate the stopped physical network card

Note: If the physical network card cannot be loaded, close the system network management NetworkManger

The team method is similar to the bond method:

Monitoring command: watch -n 1 ' teamdctl team0 stat'

Delete the physical NIC and its interface in bound mode;

nmcli connection delete ens33 #####Delete the ens33 network card in bond0 mode

nmcli connection delete ens37 #####Delete the ens33 network card in bond0 mode

nmcli connection delete bond0 ##### delete bond0 mode

nmcli connetion add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' ip4 172.25.254.119/24 #####添加team模式

ifconfig ##Check if it is loaded

nmcli connetion add con-name ens33 type team-slave ifname ens33 master team0

#####Load ens33 physical network card to team0 mode

The problem encountered: The physical network card ens33 cannot be bound to the interface of team0. The solution is as follows: systemctl stop NetworkManager ###Close the network system and restart it; systemctl start NetworkManager ;

nmcli connetion add con-name ens37 type team-slave ifname ens37 master team0

#####Load ens37 physical network card to team0 mode

ping 192.168.88.132 ####If we can ping successfully, we have done team0

Delete the configured physical network card and its interface in team mode:

nmcli connection delete ens33 #####Delete the ens33 network card in team0 mode

nmcli connection delete ens37 #####Delete the ens33 network card in team0 mode

nmcli connection delete team0 ##### delete team0 mode

ifconfig #####Check if the team0 group is deleted; if not, restart the network or NetworkManger; if it still doesn't work, restart the system reboot

Check whether ens33 is deleted in the /etc/sysconfig/network-scriots/ directory, otherwise delete it, then configure the static network file configuration of ens33, and restart the network service;

DNS server setup:

DNS is short for Domain Name System, which consists of resolvers and name servers. A domain name server refers to a server that stores the domain names and corresponding IP addresses of all hosts in the network and has the function of converting domain names into IP addresses. The domain name must correspond to an IP address, and the IP address does not necessarily have a domain name.

A zone is a contiguous part of the DNS namespace that contains a set of resource records stored on a DNS server.

Resource record: The information data of the DNS server is stored according to the classification, which can resolve the DNS request of the client.

Zone file; contains zone resource record file, select DNS server as authoritative server, manage this zone.

DNS cache: When the DNS server resolves the client's request, if there is no local DNS information, it can access other DNS servers. When other domain name servers return query results, the DNS will be recorded in the local cache and become the DNS cache;

Forward resolution: the resolution process from a domain name to an IP address;

Reverse resolution: the resolution process from ip address to domain name;

type

master means that it defines the main domain name server, owns the zone data file, and provides management data for this zone

slave: Indicates that the secondary domain name server is defined and has a copy of the zone data file of the DNS server. The secondary DNS server will synchronize all zone data from the primary server.

init: Indicates the root domain name server in the Internet. When the server starts, it uses the root thread to look up the root nameservers and finds a list of the closest root nameservers;

forward: a forward zone is the main part of each zone's configuration forwarding

Stub: Similar to slave, but it only replicates the NS records of the primary DNS server instead of replicating all zone data like the secondary DNS server;

Forward resolution of the dns server: check the network, configure the yum source, and start installing the dns service after completion

Start the dns service, turn off the firewall, and set the firewall to not start automatically;

When experimenting, we need to set the server's configuration file to allow everyone to access

The configuration file of dns service is in /etc/named.conf, this step is for global configuration;

listen-on port 53 {any;} ; ###Allow accessible servers

allow-query { any ; }; ###Allow server settings that can query data on this server

Zone file configuration: Edit the file named.rfc1912.zones in the /etc/ directory. The configuration file of the dns service does not save information, and the storage information is in the following zone configuration files;

During the experiment, we changed the domain name to our own, and the file name can be named by ourselves;

westos.com is the zone we manage; IN is the internet record; type is the type; type master for the main zone; file is the main zone file; westos.com.zones is the filename; allow-update { none } does not allow anyone to sync main zone file;

In the /var/named directory. We copy named.localhost to a copy called westos.com.zones

Note: Add parameters when copying, otherwise access will sometimes fail due to the owner and group of the file, remember!

When the file is copied, start editing:

TTL is the life cycle, the unit is seconds; and $TTL is set globally; @ means the domain name we specify, it should be noted that editing the domain name or other needs to be added later. It means blocking, otherwise the system will add it later specified domain name

serial: serial number, when we have an auxiliary server, the auxiliary server mainly looks at the serial number when synchronizing the global files of the main server. If the serial number changes, it will be synchronized, otherwise the data will not be synchronized; refresh: refresh time retry: refreshed again time expire: expiration time minimum: lifetime

The first line of ns records sets the domain name of the domain name server; when our server accesses itself during the test, we need to set the access ip;

Edit the configuration in the /etc/resolv.conf file:

Test Results:

The server sends a result to our request, indicating that we have initially completed the forward resolution service, and then build the reverse service;

The zone configuration file for the response analysis service is as follows: /etc/named.rfc1912.zones

The next step is to edit the reverse parsing file in /var/named/ to copy named.localhost and rename it to westos.com.ptr (note the owner and group of the file we copied)

Edit the copied file vim westos.com.ptr

Save and exit, then restart the dns service to start the test:

Remember the test command when dig -x 192.168.88.131

When our server has a lot of client access, it will cause a lot of pressure, which is to set up an auxiliary server to solve the pressure of the main server;

A secondary server has many advantages:

First: fault tolerance, when the main server crashes, the client can still resolve the name of the zone. Generally, the main server and the auxiliary server are installed in different subnets. When a connection subnet is interrupted, dns can also query the auxiliary server;

Second: Reduce wide area link traffic; if a zone has a large number of remote clients, the user can add auxiliary servers for the zone remotely, and configure the remote clients to query these servers first, so that the Prevents remote clients from making DNS queries over slow link communications .

Third; reduce the load on the primary server; the secondary server can answer queries for the zone, thereby reducing the number of queries that the primary server in the zone must answer .

Let's set up our secondary server:

Configure our network, configure the yum source, install the dns service; turn off the firewall, set the boot to not start automatically;

Edit the dns global configuration file /etc/named.conf and set it to allow anyone to access and view the file

The last two lines: forward only indicates that this is a caching domain name server; forwarders refers to forwarding dns requests to the ip server specified later;

Edit the zone-wide configuration file /etc/named.rfc1912.zones

Copy named.localhost to /var/named/ and rename it to westos.com.zones under the salvem directory

Restart the dns service, we will not edit the file, and will test whether the data will be copied from the main server later;

Set the IP of the primary server accessed by this secondary server

Client our test:

Configure the network to remain unblocked, configure the ip of the client to access the secondary server,

Sometimes we not only access the internal network, but also need to access the external network. Now build a server to access the external network!

We have set up an auxiliary server above, now delete the auxiliary service command configured in the main server, or reset the virtual machine, build the server according to the forward analysis, and then start to build the server to access the external network;

Remember to turn off the firewall! In /etc/named.conf we need to reconfigure the parameter command, first comment out the following command:

Next edit the commands we need below:

Remember to separate each command with a semicolon. Otherwise, there will be an error when restarting the service;

Copy a copy of westos.com.zones in the /var/named/ directory, rename it to westos.com.inter, and edit the file as follows:

Copy a copy of the file named.rfc1912.zones in the /etc/ directory, change the name to named.rfc1912.inter, and edit the file (where our external network information is placed)

Remember to copy the owner and group of the file!

Well, our server has now been built, restart the service, if there is an error, check the /var/log/messages log, and whether the firewall is closed, and the status of selinux;

Now we test on the local client, remember to rewrite the access address of the local server (/etc/resolv.conf):

Then test on another virtual machine, remember to configure the access ip address of the virtual machine:

Remote link to update dns server:

After the above experiment is completed, comment out the command we wrote in /etc/named.conf, restore the system itself, and then edit the file as follows:

Note: also-notify ###Who is allowed to update me remotely; save the file and exit;

Before testing, we need to back up the westos.com.zones file. When updating, other files will be generated in the /var/named/ directory to prevent loss, and other experiments will be done later to facilitate restoration;