分离解析简介
- 分离解析的域名服务器实际也是主域名服务器
- 这里主要是指根据不同的客户端提供不同的域名解析记录
- 比如来自内网和外网的不同网段地址区域的客户机求解析同一域名时,为其提供不同的解析结果,得到不同的IP地址
一:实验环境部署
- 为dns服务器添加两个网卡,并按上图设置各个主机的网络桥接
- DNS服务器的主机名设置为ns1
– ns1的ens33网卡的桥接不变(NAT模式)------->内网客户机192.168.10.106(NAT模式) - ns1的ens36网卡桥接到仅主机模式------>外网客户机172.16.16.106,桥接为仅主机模式
备注:
用106主机做内网客户机
win10主机做外网客户机
- 用ifconfig命令查看网卡的名称
- 修改两个网卡的IP地址
两个网卡的参数如下:
[root@localhost network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.10.101
NETMASK=255.255.255.0
GATEWAY=192.168.10.254
DNS1=114.114.114.114
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
[root@localhost network-scripts]# vim ifcfg-ens36
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=173.16.16.101
NETMASK=255.255.255.0
#GATEWAY=192.168.10.254
DNS1=114.114.114.114
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens36
DEVICE=ens36
ONBOOT=yes
[root@localhost ~]# systemctl restart network
安装bind
- 安装软件包
[root@localhost ~]# hostnamectl set-hostname ns1
[root@localhost ~]# bash
[root@ns1 ~]# systemctl stop firewalld
[root@ns1 ~]# setenforce 0
[root@ns1 ~]# yum -y install bind
- 设置开机自启
[root@ns1 ~]# systemctl enable named
配置文件的修改
- 主配置文件
[root@ns1 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
view "LAN" {
match-clients { 192.168.10.0/24; };
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
};
view "WAN" {
match-clients { any; };
zone "bt.com" IN {
type master;
file "wan.bt.com.zone";
};
};
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
- 区域文件的设置
(1)内部区域文件
[root@ns1 ~]# cd /var/named/
[root@ns1 named]# vim lan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
www IN A 192.168.10.102
mail IN A 192.168.10.103
ftp IN A 192.168.10.104
(2)外部区域文件
[root@ns1 named]# vim wan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 173.16.16.101
www IN A 173.16.16.102
mail IN A 173.16.16.103
ftp IN A 173.16.16.104
[root@ns1 named]# chown named lan.bt.com.zone wan.bt.com.zone
- 语法检测
[root@ns1 named]# named-checkconf -z /etc/named.conf
zone bt.com/IN: loaded serial 0
zone bt.com/IN: loaded serial 0
[root@ns1 named]# named-checkzone bt.com /var/named/lan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
[root@ns1 named]# named-checkzone bt.com /var/named/wan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
- 启动服务
[root@ns1 named]# systemctl start named
[root@ns1 named]# netstat -anptu | grep named
客户端验证
- 外网客户端
[root@localhost ~]# yum -y install bind-utils
[root@localhost ~]# nslookup
> www.bt.com
Server: 173.16.16.1
Address: 173.16.16.1#53
Name: www.bt.com
Address: 173.16.16.101
- 内网客户端
[root@localhost ~]# yum -y install bind-utils
[root@localhost ~]# nslookup
> www.bt.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: www.bt.com
Address: 192.168.1.5
多域名解析
[root@ns1 named]# vim /etc/named.conf
view "LAN" {
match-clients { 192.168.10.0/24;};
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
zone "benet.com" IN {
type master;
file "lan2.bt.com.zone";
};
};
[root@ns1 named]# vim lan2.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
www IN A 191.168.10.102
mail IN A 191.168.10.103
ftp IN A 191.168.10.104
[root@ns1 named]# chown named lan2.bt.com.zone
[root@ns1 named]# systemctl restart named
备注:有几个域名,就添加多少个zone,每个zone对应一个区域文件
客户端测试
[root@client ~]# nslookup ftp.benet.com
Server: 192.168.10.101
Address: 192.168.10.101#53
Name: ftp.benet.com
Address: 191.168.10.104
子域
实验环境:
父域服务器:192.168.10.101
子域服务器:192.168.10.102
主服务器的配置
- 安装bind
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install bind
- 设置named主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
};
- 创建主DNS服务器
[root@localhost ~]# vim /etc/named.rfc1912.zones
在末尾添加:
zone "accp.com" IN {
type master;
file "accp.com.zone";
};
- 创建正向区域文件
[root@localhost ~]# vim /var/named/accp.com.zone
$TTL 1D
@ IN SOA accp.com. admin.accp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.accp.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
www IN A 192.168.10.103
ftp IN A 192.168.10.104
[root@localhost ~]# chown :named /var/named/accp.com.zone
子域服务器设置
- 安装bind服务
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install bind
- 配置主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
备注:
dnssec-enable no; dnssec功能会对解析结果进行验证
dnssec-validation no; 是否为权威解答,不是就会报错
建议关闭,否则会影响委派转发
- 设置区域文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
在末尾添加:
zone "zz.accp.com" IN {
type master;
file "zz.accp.com.zone";
};
zone "accp.com" IN {
type forward;
forwarders { 192.168.10.101; };
};
备注:
forwarders { 192.168.10.101; }; 转发器,本机无法解析的条目转发至10.101为其解析
[root@localhost ~]# vim /var/named/zz.accp.com.zone
$TTL 1D
@ IN SOA zz.accp.com. admin.zz.accp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns2.zz.accp.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
mail IN A 192.168.100.103
ftp IN A 192.168.100.104
[root@localhost ~]# chown :named /var/named/zz.accp.com.zone