題目
模擬一個基于 DNS(域名系統)和 Nginx 的 Web 服務架構。
整體是模擬從用戶輸入域名,經 DNS 解析找到 Web 服務器,再由 Web 服務器(Nginx)提供內容的完整 Web 服務流程。
主機規劃
| 主機名 | ip地址 | 軟件 | 說明 |
|---|---|---|---|
| dns | 192.168.30.11 | bind | 用于dns解析 |
| nginx | 192.168.30.10 | nginx | 為用戶提供web訪問相關服務 |
架構圖
配置DNS
改服務器名稱&ip
(可改可不改)
[root@tomcat1 ~]# hostnamectl hostname dns
[root@tomcat1 ~]# exit
安裝bind
[root@dns ~]# dnf install bind -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.Last metadata expiration check: 1 day, 18:52:48 ago on Sun 14 Sep 2025 06:32:32 PM CST.
Dependencies resolved.
====================================================================================Package Arch Version Repository Size
====================================================================================
Installing:bind x86_64 32:9.16.23-14.el9_3 appSteam 506 k
Installing dependencies:bind-dnssec-doc noarch 32:9.16.23-14.el9_3 appSteam 48 kbind-libs x86_64 32:9.16.23-14.el9_3 appSteam 1.2 Mbind-license noarch 32:9.16.23-14.el9_3 appSteam 13 kfstrm x86_64 0.6.1-3.el9 appSteam 30 klibmaxminddb x86_64 1.5.2-3.el9 appSteam 36 klibuv x86_64 1:1.42.0-1.el9 appSteam 153 kprotobuf-c x86_64 1.3.3-13.el9 baseOS 37 kpython3-bind noarch 32:9.16.23-14.el9_3 appSteam 71 kpython3-ply noarch 3.11-14.el9 baseOS 111 k
Installing weak dependencies:bind-dnssec-utils x86_64 32:9.16.23-14.el9_3 appSteam 119 kbind-utils x86_64 32:9.16.23-14.el9_3 appSteam 211 kTransaction Summary
====================================================================================
Install 12 PackagesTotal size: 2.5 M
Installed size: 7.2 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionPreparing : 1/1 Installing : bind-license-32:9.16.23-14.el9_3.noarch 1/12 Installing : protobuf-c-1.3.3-13.el9.x86_64 2/12 Installing : libuv-1:1.42.0-1.el9.x86_64 3/12 Installing : libmaxminddb-1.5.2-3.el9.x86_64 4/12 Installing : fstrm-0.6.1-3.el9.x86_64 5/12 Installing : bind-libs-32:9.16.23-14.el9_3.x86_64 6/12 Installing : bind-utils-32:9.16.23-14.el9_3.x86_64 7/12 Installing : bind-dnssec-doc-32:9.16.23-14.el9_3.noarch 8/12 Installing : python3-ply-3.11-14.el9.noarch 9/12 Installing : python3-bind-32:9.16.23-14.el9_3.noarch 10/12 Installing : bind-dnssec-utils-32:9.16.23-14.el9_3.x86_64 11/12 Running scriptlet: bind-32:9.16.23-14.el9_3.x86_64 12/12 Installing : bind-32:9.16.23-14.el9_3.x86_64 12/12 Running scriptlet: bind-32:9.16.23-14.el9_3.x86_64 12/12 Verifying : protobuf-c-1.3.3-13.el9.x86_64 1/12 Verifying : python3-ply-3.11-14.el9.noarch 2/12 Verifying : bind-32:9.16.23-14.el9_3.x86_64 3/12 Verifying : bind-dnssec-doc-32:9.16.23-14.el9_3.noarch 4/12 Verifying : bind-dnssec-utils-32:9.16.23-14.el9_3.x86_64 5/12 Verifying : bind-libs-32:9.16.23-14.el9_3.x86_64 6/12 Verifying : bind-license-32:9.16.23-14.el9_3.noarch 7/12 Verifying : bind-utils-32:9.16.23-14.el9_3.x86_64 8/12 Verifying : fstrm-0.6.1-3.el9.x86_64 9/12 Verifying : libmaxminddb-1.5.2-3.el9.x86_64 10/12 Verifying : libuv-1:1.42.0-1.el9.x86_64 11/12 Verifying : python3-bind-32:9.16.23-14.el9_3.noarch 12/12
Installed products updated.Installed:bind-32:9.16.23-14.el9_3.x86_64 bind-dnssec-doc-32:9.16.23-14.el9_3.noarch bind-dnssec-utils-32:9.16.23-14.el9_3.x86_64 bind-libs-32:9.16.23-14.el9_3.x86_64 bind-license-32:9.16.23-14.el9_3.noarch bind-utils-32:9.16.23-14.el9_3.x86_64 fstrm-0.6.1-3.el9.x86_64 libmaxminddb-1.5.2-3.el9.x86_64 libuv-1:1.42.0-1.el9.x86_64 protobuf-c-1.3.3-13.el9.x86_64 python3-bind-32:9.16.23-14.el9_3.noarch python3-ply-3.11-14.el9.noarch Complete!修改核心配置文件
修改模塊初始為:
[root@dns ~]#vim /etc/named.confoptions {listen-on port 53 { 127.0.0.1; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";secroots-file "/var/named/data/named.secroots";recursing-file "/var/named/data/named.recursing";allow-query { localhost; };/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */recursion yes;dnssec-validation yes;managed-keys-directory "/var/named/dynamic";geoip-directory "/usr/share/GeoIP";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */include "/etc/crypto-policies/back-ends/bind.config";
};zone "." IN {type hint;file "named.ca";
};改后:
[root@dns ~]#vim /etc/named.conf
options {listen-on port 53 { 192.168.30.11; };directory "/var/named";};zone "zlp.com" IN {type master;file "named.zlp";
};檢測語法:
[root@dns named]# named-checkconf寫區域數據文件
可以找模板,我們記不到
[root@dns named]# vim named.localhost $TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 127.0.0.1AAAA ::1再創建我們自己的named.zlp,在模板上修改就輕松多了
[root@dns ~]# cd /var/named
[root@dns named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@dns named]# vim named.zlp
$TTL 1D
@ IN SOA @ admin.zlp.com. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumIN NS ns
ns IN A 192.168.30.11
www IN A 192.168.30.10#檢測語法
[root@dns named]# named-checkzone zlp.com /var/named/named.zlp
zone zlp.com/IN: loaded serial 0
OK啟動服務
[root@dns ~]# systemctl start named
[root@dns ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; preset: disab>Active: active (running) since Tue 2025-09-16 13:50:24 CST; 10s agoProcess: 2048 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes>Process: 2052 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code>Main PID: 2053 (named)Tasks: 10 (limit: 12043)Memory: 33.2MCPU: 93msCGroup: /system.slice/named.service└─2053 /usr/sbin/named -u named -c /etc/named.confSep 16 13:50:24 dns named[2053]: network unreachable resolving './NS/IN': 2001:500:>
Sep 16 13:50:24 dns named[2053]: network unreachable resolving './DNSKEY/IN': 2001:>
Sep 16 13:50:24 dns named[2053]: network unreachable resolving './DNSKEY/IN': 2001:>
Sep 16 13:50:25 dns named[2053]: resolver priming query complete
Sep 16 13:50:25 dns named[2053]: checkhints: b.root-servers.net/A (170.247.170.2) m>
Sep 16 13:50:25 dns named[2053]: checkhints: b.root-servers.net/A (199.9.14.201) ex>
Sep 16 13:50:25 dns named[2053]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::>
Sep 16 13:50:25 dns named[2053]: checkhints: b.root-servers.net/AAAA (2001:500:200:>
Sep 16 13:50:25 dns named[2053]: managed-keys-zone: Initializing automatic trust an>
Sep 16 13:50:25 dns named[2053]: managed-keys-zone: Initializing automatic trust an>
測試
能不能將Nginx ip調出
[root@dns ~]# dig -t A www.zlp.com @192.168.30.11; <<>> DiG 9.16.23-RH <<>> -t A www.zlp.com @192.168.30.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40508
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1a2ba8463985d47e0100000068c8fae89cc93c52d0eac7d5 (good)
;; QUESTION SECTION:
;www.zlp.com. IN A;; ANSWER SECTION:
www.zlp.com. 86400 IN A 192.168.30.10 #可以;; Query time: 0 msec
;; SERVER: 192.168.30.11#53(192.168.30.11)
;; WHEN: Tue Sep 16 13:51:36 CST 2025
;; MSG SIZE rcvd: 84配置Nginx
改服務器名稱&ip
#略
安裝nginx
[root@nginx ~]# rpm -qa | grep nginx
nginx-filesystem-1.20.1-14.el9_2.1.noarch
nginx-core-1.20.1-14.el9_2.1.x86_64
nginx-1.20.1-14.el9_2.1.x86_64
#已經安裝
配置nginx
[root@nginx ~]# cd /etc/nginx/conf.d/
[root@nginx conf.d]# ls
web.conf
[root@nginx conf.d]# vim web.conf
[root@nginx conf.d]# rm web.conf
rm: remove regular file 'web.conf'? y
#這個web.conf是上次nginx-tomcat案例時建的,可以刪了
[root@nginx conf.d]# vim nginx.conf
#寫好了可以檢查語法
[root@nginx conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful#沒問題
[root@nginx conf.d]# cat nginx.conf#內容
server {listen 80;server_name www.zlp.com;root /usr/share/nginx/html;#可以自己定義,主要這個文件存在就ok。多種定義方法,詳見nginx章節
}修改主頁
(如果通了,我們能知道是nginx傳回客戶端的)
當curl www.zlp.com 時,返回該內容,說明客戶端發送訪問強求后,Nginx服務器已經通過我們自定義的dns服務器拿到nginx服務器里面的nginx IP,找到nginx并拿到這個首頁(現實中是拿到zlp網頁ip給客戶端,客戶端直接用ip拿到首頁)
[root@nginx conf.d]# echo "welcome nginx,now successful" > /usr/share/nginx/html/index.html測試域名
[root@nginx conf.d]# ping www.zlp.com -c 3
PING overdue.aliyun.com (170.33.12.185) 56(84) bytes of data.
64 bytes from 170.33.12.185 (170.33.12.185): icmp_seq=1 ttl=128 time=89.2 ms
64 bytes from 170.33.12.185 (170.33.12.185): icmp_seq=2 ttl=128 time=154 ms
64 bytes from 170.33.12.185 (170.33.12.185): icmp_seq=3 ttl=128 time=325 ms
#ping通了,但不是我們要的ip啊,why問題:通了,但是返回一個未知ip
因為此時我們的dns服務器是默認的,而不是我們前面配置的,所以我們想要的網頁ip壓根不在默認dns服務器上
可以檢驗一下
[root@nginx ~]# nmcli d show ens160 | grep DNS
IP4.DNS[1]: 223.5.5.5
修改Nginx主機上dns地址
默認是223.5.5.5,但是要用我們自己配置的dns服務器,才能找我們自己弄的網頁,否則是外網的(就像我們測試的那樣)
[root@nginx ~]# nmcli c modify ens160 ipv4.dns 192.168.30.11
[root@nginx ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@nginx ~]# nmcli d show ens160 | grep DNS
IP4.DNS[1]: 192.168.30.11#修改過來了
訪問服務(檢驗)
開啟服務
[root@nginx ~]# systemctl start nginx
測試
[root@nginx ~]# curl www.zlp.com
welcome nginx,now successful#成功
)
方法)
:基礎概念與注解開發入門)
)
![Flutter-[2]第一個應用](http://pic.xiahunao.cn/Flutter-[2]第一個應用)
