反向解析
在正向解析的基础上
[root@localhost ~]# vim /etc/named.rfc1912.zones //修改区域配置文件
...
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "30.168.192.in-addr.arpa" IN { //配置反向解析的区域
type master; //定义DNS类型
file "hello.com.zone"; //设置对应的反向区域数据库文件(可和正向解析不同名)
allow-update { none; }; //设置允许动态更新的客户端地址(none为禁止)
};
[root@localhost named]# vi /var/named/hello.com.zone //修改配置文件
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www A 192.168.30.3 //添加一条主机记录
3 PTR www.hello.com. //添加反向解析记录(注意域名最后的.)
重启DNS服务查看结果
缓存DNS服务器
[root@localhost ~]# yum -y install bind //下载安装DNS服务
修改配置文件
[root@localhost ~]# vim /etc/named.conf //DNS的主配置文件,删除其他的配置,保留以下配置
options {
directory "/var/named";
forwarders { 192.168.30.3; }; 指定一个DNS服务器
allow-query { any; };
};
重启服务验证结果
主从域名服务器
主配置
zone "hello.com" IN {
type master;
file "hello.com.zone"; //设置对应的数据库文件
allow-transfer { 192.168.30.4; }; //填写从服务器的地址
also-notify { 192.168.30.4; }; //同步给192.168.30.4
};
...
zone "30.168.192.in-addr.arpa" IN {
type master;
file "hello.com.zone"; //设置对应的数据库文件
allow-transfer { 192.168.30.4; }; //填写从服务器的地址
also-notify { 192.168.30.4; }; //同步给192.168.30.4
};
[root@localhost ~]# yum -y install bind //下载安装DNS服务
从配置
zone "hello.com" IN {
type slave;
file "slaves/hello.com.zone.slave"; //设置对应的数据库文件
masters { 192.168.30.3; }; //填写主服务器的地址
};
zone "30.168.192.in-addr.arpa" IN {
type slave;
file "slaves/hello.com.zone.slave"; //设置对应的数据库文件
masters { 192.168.30.3; }; //填写主服务器的地址
};
重启后验证结果
[root@localhost slaves]# nslookup 192.168.30.3 192.168.30.4 //前IP为解析的地址,后为DNS服务器地址
3.30.168.192.in-addr.arpa name = www.hello.com.
[root@localhost slaves]# nslookup 192.168.30.3 192.168.30.3
3.30.168.192.in-addr.arpa name = www.hello.com.
[root@localhost slaves]# nslookup www.hello.com 192.168.30.3
Server: 192.168.30.3
Address: 192.168.30.3#53
Name: www.hello.com
Address: 192.168.30.3
[root@localhost slaves]# nslookup www.hello.com 192.168.30.4
Server: 192.168.30.4
Address: 192.168.30.4#53
Name: www.hello.com
Address: 192.168.30.3
修改主的配置文件
[root@localhost ~]# vim /var/named/hello.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
1 ; serial //将其增大,最大十位数
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
ftp A 192.168.30.3 //将www改为ftp
3 PTR www.hello.com.
[root@localhost slaves]# ll
总用量 4
-rw-r--r--. 1 named named 275 5月 24 15:46 hello.com.zone.slave
[root@localhost slaves]# ll //同步的文件已更新
总用量 4
-rw-r--r--. 1 named named 373 5月 24 15:57 hello.com.zone.slave
[root@localhost slaves]#
[root@localhost slaves]# nslookup ftp.hello.com 192.168.30.4 //已同步
Server: 192.168.30.4
Address: 192.168.30.4#53
Name: ftp.hello.com
Address: 192.168.30.3
[root@localhost slaves]# nslookup ftp.hello.com 192.168.30.3 //已同步
Server: 192.168.30.3
Address: 192.168.30.3#53
Name: ftp.hello.com
Address: 192.168.30.3
[root@localhost slaves]# nslookup 192.168.30.3 192.168.30.3
3.30.168.192.in-addr.arpa name = www.hello.com.
[root@localhost slaves]# nslookup 192.168.30.3 192.168.30.4
3.30.168.192.in-addr.arpa name = www.hello.com.
分离解析
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf //删除此配置文件中的zone
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
root@localhost ~]# vim /etc/named.rfc1912.zones //删除所有zone,使用view
view "lan" {
match-clients { 192.168.192.0/24; };
zone "hello.com" IN {
type master;
file "hello.com.zone.lan";
};
};
view "wan" {
match-clients { 100.0.0.0/8; };
zone "hello.com" IN {
type master;
file "hello.com.zone.wan";
};
};
[root@localhost named]# cp -p named.localhost hello.com.zone.lan //复制区域数据文件
[root@localhost named]# cp -p named.localhost hello.com.zone.wan
[root@localhost ~]# vim /var/named/hello.com.zone.lan //内网配置
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.30.4
www IN A 192.168.30.4
[root@localhost ~]# vim /var/named/hello.com.zone.wan //外网配置
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 100.0.0.1
www A 100.0.0.1
22318
web服务从内网映射到公网
[root@lo0-100 ~]# iptables -t nat -A PREROUTING -d 100.0.0.1 -i ens37 -j DNAT --to-destination 192.168.30.4
[root@lo0-100 ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere lo0-100.BSTNMA-VFTTP-361.verizon-gni.net to:192.168.30.4
vim /etc/sysctl.conf //配置内核参数开启路由转发,echo 1 > /proc/sys/net/ipv4/ip_forward为临时配置
net.ipv4.ip_forward=1
sysctl -p 从文件加载系统参数