小阿轩yx-DNS域名解析服务分离解析
分离解析介绍
- 分离解析的域名服务器实际也是主域名服务器
- 这里主要是指根据不同的客户端提供不同的域名解析记录
- 比如来自内网和外网的不同网段地址区域的客户机求解析同一域名时,为其提供不同的解析结果,得到不同的IP地址
先开一个系统新添加一个网络适配器
然后修改为仅主机模式
[root@localhost network-scripts]# vim ifcfg-ens33
......省略部分内容
IPADDR=192.168.10.101
NETMASK=255.255.255.0
......省略部分内容[root@localhost network-scripts]# vim ifcfg-ens36
......省略部分内容
IPADDR=173.16.16.101
NETMASK=255.255.255.0
#GATEWAY=192.168.10.254
DNS1=114.114.114.114
DNS2=8.8.8.8
NAME=ens36
DEVICE=ens36
......省略部分内容重启网络
[root@localhost ~]# systemctl restart network安装软件包bind
首先关闭防火墙
[root@localhost ~]# hostnamectl set-hostname ns1
[root@localhost ~]# bash
[root@ns1 ~]# systemctl stop firewalld
[root@ns1 ~]# setenforce 0安装软件包
[root@ns1 ~]# yum -y install bind设置开机自启
[root@ns1 ~]# systemctl enable named修改配置文件
主配置文件named.conf
[root@ns1 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
};
view "LAN" {
match-clients { 192.168.10.0/24; };
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
};
view "WAN" {
match-clients { any; };
zone "bt.com" IN {
type master;
file "wan.bt.com.zone";
};
};区域文件设置
内部区域文件
[root@ns1 ~]# cd /var/named/
[root@ns1 named]# vim lan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
www IN A 192.168.10.102
mail IN A 192.168.10.103
ftp IN A 192.168.10.104外部区域文件
[root@ns1 named]# vim wan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 173.16.16.101
www IN A 173.16.16.102
mail IN A 173.16.16.103
ftp IN A 173.16.16.104修改属组或属主
[root@ns1 named]# chown named lan.bt.com.zone wan.bt.com.zone检查配置文件
[root@ns1 named]# named-checkconf -z /etc/named.conf
zone bt.com/IN: loaded serial 0
zone bt.com/IN: loaded serial 0
[root@ns1 named]# named-checkzone bt.com /var/named/lan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
[root@ns1 named]# named-checkzone bt.com /var/named/wan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK启动服务
[root@ns1 named]# systemctl start named
[root@ns1 named]# netstat -anptu | grep named外网网卡模式改为仅主机,然后使用nslookup测试
[root@localhost ~]# nslookup
> www.bt.com
Server: 173.16.16.101
Address: 173.16.16.102#53
Name: www.bt.com
Address: 173.16.16.101
内网网卡模式改为NAT,然后使用nslookup测试
[root@localhost ~]# nslookup
> www.bt.com
Server: 192.168.10.101
Address: 192.168.10.101#53
Name: www.bt.com
Address: 192.168.10.102多域名解析
修改配置文件
[root@ns1 named]# vim /etc/named.conf
view "LAN" {
match-clients { 192.168.10.0/24;};
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
zone "benet.com" IN {
type master;
file "lan2.bt.com.zone";
};
};[root@ns1 named]# vim lan2.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.benet.com.
ns1 IN A 192.168.10.101
www IN A 191.168.10.102
mail IN A 191.168.10.103
ftp IN A 191.168.10.104修改属主
[root@ns1 named]# chown named lan2.bt.com.zone重启服务
[root@ns1 named]# systemctl restart named(注:有几个域名,就添加多少个zone,每个zone对应一个区域文件)
然后使用nslookup测试
[root@localhost ~]# nslookup ftp.benet.com
Server: 192.168.10.101
Address: 192.168.10.101#53
Name: ftp.benet.com
Address: 191.168.10.102子域
父域(10.101):benet.com --> www.benet.com
子域(10.103):zz.benet.com --> www.zz.benet.com
委派:将下级子域的解析交给下级域名服务器
主服务器的配置
先做父域
首先关闭防火墙
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld安装bind
[root@localhost ~]# yum -y install bind设置 named 主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
};创建主 DNS 服务器
[root@localhost ~]# vim /etc/named.rfc1912.zones
在末尾添加:
zone "benet.com" IN {
type master;
file "benet.com.zone";
};创建正向区域文件
[root@localhost ~]# cd /var/named
[root@localhost named]# vim benet.com.zone
$TTL 1D
@ IN SOA benet.com. admin.benet.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.accp.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
www IN A 192.168.10.103
ftp IN A 192.168.10.104修改属主属组
[root@localhost named]# chown :named /var/named/accp.com.zone子域服务器设置
首先关闭防火墙
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld安装bind
[root@localhost ~]# yum -y install bind配置主配置文件
[root@localhost named]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-enable no; # dnssec功能会对解析结果进行验证
dnssec-validation no; # 是否为权威解答,不是就会报错。建议关闭,否则会影响委派转发设置区域文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
# 在末尾添加:
zone "zz.benet.com" IN {
type master;
file "zz.benet.com.zone";
};
zone "benet.com" IN {
type forward;
forwarders { 192.168.10.101; };
};
(注:forwarders { 192.168.10.101; }; 转发器,本机无法解析的条目转发至10.101为其解析)
(注:192.168.10.101 是benet的权威服务器)修改配置文件
[root@localhost ~]# cd /var/named
[root@localhost named]# cp named.localhost zz.benet.com.zone
[root@localhost ~named# vim zz.benet.com.zone
$TTL 1D
@ IN SOA zz.benet.com. admin.benet.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns2.benet.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.103
www IN A 192.168.10.105修改属主
[root@localhost named]# chown named zz.benet.com.zone重启服务
[root@localhost named]# systemctl start named
小阿轩yx-DNS域名解析服务分离解析
