系统环境:

[[email protected] ~]# cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 
[[email protected] ~]# uname -r
3.10.0-327.el7.x86_64
[[email protected] ~]# ip addr show enp0s8 | awk 'NR==3{print $2}'
192.168.235.36/24

#关闭防火墙和selinux


#DNS主服务器搭建

#安装DNS

[[email protected] ~]# yum install -y bind-chroot bind 
[[email protected] ~]# cp -R /usr/share/doc/bind-9.9.4/sample/var/named/* /var/named/chroot/var/named/
[[email protected] ~]# touch /var/named/chroot/var/named/data/cache_dump.db  
[[email protected] ~]# touch /var/named/chroot/var/named/data/named_stats.txt 
[[email protected] ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[[email protected] ~]# touch /var/named/chroot/var/named/data/named.run
[[email protected] ~]# mkdir /var/named/chroot/var/named/dynamic    
[[email protected] ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind
[[email protected] ~]# chmod -R 777 /var/named/chroot/var/named/data
[[email protected] ~]# chmod -R 777 /var/named/chroot/var/named/dynamic
[[email protected] ~]# cp -p /etc/named.conf  /var/named/chroot/etc/named.conf
[[email protected] ~]# cp -p /etc/named.rfc1912.zones /var/named/chroot/etc/
[[email protected] ~]# vim /var/named/chroot/etc/named.rfc1912.zones 
[[email protected] ~]# cat /var/named/chroot/etc/named.rfc1912.zones | grep -v "^//"  | grep -v "^$"
zone "jxy.com" IN {
type master;
file "jxy.com.zone";
allow-update { any; };
};
zone "235.168.192.in-addr.arpa" IN {
type master;
file "192.168.235.zone";
allow-update { any; };
};
[[email protected] ~]# cp -p /var/named/named.localhost /var/named/chroot/var/named/jxy.com.zone 
[[email protected] ~]# vim /var/named/chroot/var/named/jxy.com.zone

DNS的搭建

[[email protected] chroot]# vim  /var/named/chroot/etc/named.conf
#修改/var/named/chroot/etc/named.conf 第11行改为如下值
[[email protected] chroot]# sed -n '11p' /var/named/chroot/etc/named.conf
listen-on port 53 { 192.168.235.36; };
#修改/var/named/chroot/etc/named.conf 第17行改为如下值
[[email protected] chroot]# sed -n '17p' /var/named/chroot/etc/named.conf
allow-query     { any; };


[[email protected] ~]# cp -p /var/named/named.loopback /var/named/chroot/var/named/192.168.235.zone
[[email protected] chroot]# vim /var/named/chroot/var/named/192.168.235.zone

DNS的搭建

[[email protected] chroot]#systemctl start named-chroot


#测试正向解析

[[email protected] named]# nslookup mail.jxy.com
Server:127.0.0.1
Address:127.0.0.1#53
Name:mail.jxy.com
Address: 192.168.253.37
[[email protected] named]# nslookup www.jxy.com
Server:127.0.0.1
Address:127.0.0.1#53
Name:www.jxy.com
Address: 192.168.253.36

#正向解析成功



#反向解析测试


[[email protected] ~]# nslookup 192.168.235.37
Server:127.0.0.1
Address:127.0.0.1#53
37.235.168.192.in-addr.arpaname = mail.jxy.com.
[[email protected] ~]# nslookup 192.168.235.36
Server:127.0.0.1
Address:127.0.0.1#53
36.235.168.192.in-addr.arpaname = ns.jxy.com.
36.235.168.192.in-addr.arpaname = www.jxy.com.

#反向解析成功!


#DNS从服务器搭建 

#用主服务器克隆一台从服务器

#修改主机名 为如下 

[[email protected]_2 ~]# cat /etc/hostname 
RHCE_2

#修改IP地址 为如下值

[[email protected]_2 ~]# ip addr show enp0s8 | awk 'NR==3{print $2}'
192.168.235.37/24

#修改named主配置文件 将监听地址修改为本机地址192.168.235.37

[[email protected]_2 ~]# vim /var/named/chroot/etc/named.conf 
[[email protected]_2 ~]# sed -n '11p' /var/named/chroot/etc/named.conf 
listen-on port 53 { 192.168.235.37; };


#修改区域配置文件 

[[email protected]_2 ~]# vim /var/named/chroot/etc/named.rfc1912.zones
[[email protected]_2 ~]# cat /var/named/chroot/etc/named.rfc1912.zones | grep -v "^//" | grep -v "^$"
zone "jxy.com" IN {
        type slave;
        file "slaves/jxy.com.zone";
        masters {192.168.235.36;};
};
zone "235.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/192.168.235.zone";
        masters {192.168.235.36;};
};

#主开启DNS服务

[[email protected] ~]# systemctl start named-chroot

#从开启DNS服务

[[email protected]_2 ~]# systemctl start named-chroot


#修改从服务器的网卡DNS 为本机IP地址192.168.235.37

#测试从服务

[[email protected]_2 ~]# nslookup 192.168.235.36
Server:::1
Address:::1#53
36.235.168.192.in-addr.arpaname = ns.jxy.com.
36.235.168.192.in-addr.arpaname = www.jxy.com.
[[email protected]_2 ~]# nslookup www.jxy.com
Server:::1
Address:::1#53
Name:www.jxy.com
Address: 192.168.253.36


#关闭主服务器

[[email protected] ~]# systemctl stop named-chroot

#重启从服务器

[[email protected]_2 ~]# systemctl restart named-chroot
[[email protected]_2 ~]# nslookup 192.168.235.36
;; Got SERVFAIL reply from ::1, trying next server
;; connection timed out; trying next origin
;; Got SERVFAIL reply from ::1, trying next server
;; connection timed out; no servers could be reached


#解析失败 测试成功


#DNS分离解析

#DNS服务器 两张网卡 一张 连接中国 一张连接 海外 




DNS服务器
 中国 :192.168.235.36

海外 :192.168.153.36
中国客户端  192.168.235.10
海外客户端 192.168.153.10



#修改 DNS区域配置文件

[[email protected] chroot]# cd /var/named/chroot/
[[email protected] chroot]# vim etc/named.rfc1912.zones
[[email protected] chroot]# cat etc/named.rfc1912.zones 
acl "haiwai" {192.168.153.0/24;};
acl "china" {192.168.235.0/24;};
view "china"{
match-clients {"china";};
zone "jxy.com" IN {
type master;
file "jxy.com.zone.china";
allow-update { any; };
};
};
view "haiwai"{
match-clients {"haiwai";};
zone "jxy.com" IN {
        type master;
        file "jxy.com.zone.haiwai";
        allow-update { any; };
};
};

#增加中国区域文件

[[email protected] chroot]# vim var/named/jxy.com.zone.china 
[[email protected] chroot]# cat var/named/jxy.com.zone.china

DNS的搭建

#增加海外区域文件

[[email protected] chroot]# vim  var/named/jxy.com.zone.haiwai

DNS的搭建

#在主配置文件增加一行

[[email protected] chroot]# vim etc/named.conf 
[[email protected] chroot]# sed -n '12p' etc/named.conf 
listen-on port 53 { 192.168.153.36; };

#并且注释掉 下面的内容

zone "." IN {
type hint;
file "named.ca";
};
[[email protected] chroot]# systemctl restart named-chroot


#测试分离解析

DNS的搭建

#模拟海外客户端访问 www.jxy.com



DNS的搭建

#模拟中国客户端访问  www.jxy.com


#可以看到对同一个域名解析出了不同的 IP地址