构建分离解析DNS服务器
构建分离解析DNS服务器
实验准备和目的
1.目的
来自不同地址的客户机请求解析同一域名时,为其提供不同的解析结果
2.IP设置
| 外网 | DNS服务器eth1 | DNS服务器eth0 | 内网 | |
|---|---|---|---|---|
| IP | 172.16.16.1 | 172.16.16.77 | 192.168.2.77 | 192.168.2.1 |
| 网关 | 172.16.16.77 | 172.16.16.77 | 192.168.2.77 | 192.168.2.77 |
| 网卡 | vnet3 | vnet3 | vnet4 | vnet4 |
3.关闭防火墙和沙盒
iptables -F
setenforce 0
DNS服务器
1.安装bind软件
cd /media/RHEL_6.5\ x86_64\ Disc\ 1/Packages/
rpm -ivh bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm
2.编辑主配置文件named.conf
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
//
// /* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
//
// managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//zone "." IN {
// type hint;
// file "named.ca";
//};
include "/etc/named.rfc1912.zones";
//include "/etc/named.root.key";
2.编辑主配置文件区域部分named.rfc1912.zones
vim /etc/named.rfc1912.zones
view "LAN" {
match-clients { 192.168.2.0/24;};
zone "kgc.com" IN {
type master;
file "kgc.com.zone.lan";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
};
view "WAN" {
match-clients {any;};
zone "kgc.com" IN {
type master;
file "kgc.com.zone.wan";
};
};
3.创建区域文件
cd /var/named/
cp -p named.localhost kgc.com.zone.lan
cp -p named.localhost kgc.com.zone.wan
4.编辑区域文件
内网正向解析设置:
vim /var/named/kgc.com.zone.lan
$TTL 1D
@ IN SOA kgc.com. root.kgc.com. (
2018102301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
kaifa A 192.168.2.1
yunwei A 192.168.2.2
ceshi A 192.168.2.3
www A 192.168.2.100
外网正向解析设置:
vim /var/named/kgc.com.zone.wan
$TTL 1D
@ IN SOA kgc.com. root.kgcc.com. (
2018102301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
kaifa A 192.168.2.100
ceshi A 192.168.2.100
yunwei A 192.168.2.100
www A 192.168.2.100
5.重启服务
service named restart
6.指定DNS服务器IP
vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.2.77
nameserver 172.16.16.77
内网
1.指定DNS服务器IP
vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.2.77
2.验证测试
nslookup kaifa.kgc.com
nslookup yunwei.kgc.com
nslookup ceshi.kgc.com
nslookup www.kgc.com
外网
1.指定DNS服务器IP
vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.16.16.77
2.验证测试
nslookup kaifa.kgc.com
nslookup yunwei.kgc.com
nslookup ceshi.kgc.com
nslookup www.kgc.com
成功!