一:邮件记录解析
[root@lpf ~]# yum install -y bind
[root@lpf ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@lpf named]# vim /etc/named.conf
...
12 options {
13 listen-on port 53 { any; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 recursing-file "/var/named/data/named.recursing";
20 secroots-file "/var/named/data/named.secroots";
21 allow-query { any; };
22
:set nu
[root@lpf named]# vim /etc/named.rfc1912.zones
....
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
[root@lpf named]# vim kgc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
IN MX 5 mail.kgc.com
mail IN A 192.168.88.88
www IN A 192.168.66.66
smtp IN CNAME mail
* IN A 6.6.6.6
[root@lpf named]# echo "nameserver 192.168.100.100" > /etc/resolv.conf
[root@lpf named]# host www.kgc.com
www.kgc.com has address 192.168.66.66
[root@lpf named]# host mail.kgc
Host mail.kgc not found: 3(NXDOMAIN)
[root@lpf named]# host mail.kgc.com
mail.kgc.com has address 192.168.88.88
[root@lpf named]# host smtp.kgc.com
smtp.kgc.com is an alias for mail.kgc.com.
mail.kgc.com has address 192.168.88.88
[root@lpf named]# host 111.kgc.com
111.kgc.com has address 6.6.6.6
二:反向解析
[root@lpf named]# vim /etc/named.rfc1912.zones
......
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "66.168.192.in-addr.arpa" IN {
type master;
file "kgc.com.local";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
[root@lpf named]# vim kgc.com.local
$TTL 1D
@ IN SOA kgc.com admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 127.0.0.1
66 IN PTR www.kgc.com. //注意域名后面的这个.不要漏掉
[root@lpf named]# systemctl restart named
echo "nameserver 192.168.100.100" > /etc/resolv.conf
[root@lpf named]# host 192.168.66.66
66.66.168.192.in-addr.arpa domain name pointer www.kgc.com.
三:主从复制解析
主服务器往备份服务器指
[root@lpf named]# vim /etc/named.rfc1912.zones
.....
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-transfer { 192.168.100.110; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
从服务器
[root@lpf ~]# iptables -F
[root@lpf ~]# setenforce 0
[root@lpf ~]# yum install bind -y
[root@lpf ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopbac
[root@lpf ~]# vim /etc/named.rfc1912.zones
.......
25 zone "kgc.com" IN {
26 type slave;
27 file "slaves/kgc.com.zone";
28 masters { 192.168.100.100; };
29 };
30 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
root@lpf /etc/named]# systemctl start named
[root@lpf /var/named]# ls slaves/
kgc.com.zone
[root@lpf /var/named]# cd slaves
[root@lpf /var/named/slaves]# ll
total 4
-rw-r--r-- 1 named named 398 Jul 7 18:54 kgc.com.zone
[root@lpf /var/named/slaves]# echo "nameserver 192.168.100.110" > /etc/resolv.conf
[root@lpf /var/named/slaves]# host www.kgc.com
www.kgc.com has address 192.168.66.66
[root@lpf /var/named/slaves]# host mail.kgc.com
mail.kgc.com has address 192.168.88.88
[root@lpf /var/named/slaves]# host smtp.kgc.com
smtp.kgc.com is an alias for mail.kgc.com.
mail.kgc.com has address 192.168.88.88
[root@lpf /var/named/slaves]# host 444.kgc.com
444.kgc.com has address 6.6.6.6
下面主服务器添加解析记录,从服务器要把数据文件删掉,重新获取
#主服务器100.100
[root@lpf named]# vim kgc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
IN MX 5 mail.kgc.com
mail IN A 192.168.88.88
www IN A 192.168.66.66
ftp IN A 192.168.77.77
smtp IN CNAME mail
* IN A 6.6.6.6
[root@lpf named]# systemctl restart named
[root@lpf named]# host ftp.kgc.com
ftp.kgc.com has address 192.168.77.77
#100.110从服务器
[root@lpf /var/named/slaves]# host ftp.kgc.com
ftp.kgc.com has address 6.6.6.6
#此时不能解析,要删除备份slavers的数据,再重新生成记录
[root@lpf /var/named/slaves]# ll
total 4
-rw-r--r-- 1 named named 398 Jul 7 18:54 kgc.com.zone
[root@lpf /var/named/slaves]# rm -rf kgc.com.zone
[root@lpf /var/named/slaves]# systemctl restart named
[root@lpf /var/named/slaves]# ll
total 4
-rw-r--r-- 1 named named 437 Jul 7 19:13 kgc.com.zone
[root@lpf /var/named/slaves]# host ftp.kgc.com
ftp.kgc.com has address 192.168.77.77
四:分离解析
4.1:安装DNS服务,并设置三台主机仅主机模式
环境:
- 一台WIN10 12.0.0.12 充当外部客户机
- 一台 CentOS 7.6 192.168.100.100 充当内部客户机
- 一台CentOS 7.6 采用两个网卡,一个ens33 采用12.0.0.1 一个ens36采用192.168.100.1 充当分离解析服务器
[root@lpf ~]# yum install bind -y
已加载插件:fastestmirror, langpacks
/var/run/yum.pid 已被锁定,PID 为 11334 的另一个程序正在运行。
Another app is currently holding the yum lock; waiting for it to exit...
另一个应用程序是:PackageKit
内存:129 M RSS (547 MB VSZ)
已启动: Tue Jul 7 19:17:44 2020 - 02:04之前
状态 :睡眠中,进程ID:11334
Another app is currently holding the yum lock; waiting for it to exit...
另一个应用程序是:PackageKit
[root@lpf ~]#kill -911334
[root@lpf ~]# yum install bind -y
#中间服务器 添加两块网卡并且设置仅主机模式
[root@lpf lpf]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=e927c915-1f32-4f8e-b4d4-77c7a3ed4823
DEVICE=ens33
ONBOOT=yes
IPADDR=12.0.0.1
PREFIX=24
[root@lpf lpf]# cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens36
[root@lpf lpf]# vim /etc/sysconfig/network-scripts/ifcfg-ens36
YPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens36
UUID=e927c915-1f32-4f8e-b4d4-77c7a3ed4823
DEVICE=ens36
ONBOOT=yes
IPADDR=192.168.100.1
PREFIX=24
[root@lpf lpf]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255
inet6 fe80::6ccd:4151:e216:e709 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2f:0b:bb txqueuelen 1000 (Ethernet)
RX packets 45 bytes 5157 (5.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 37 bytes 4685 (4.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::c786:99d0:c3db:d6e1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2f:0b:c5 txqueuelen 1000 (Ethernet)
RX packets 43 bytes 5007 (4.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 39 bytes 4835 (4.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#客户机局域网LINUX
[root@lpf /home/lpf]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=e927c915-1f32-4f8e-b4d4-77c7a3ed4823
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.100.100
PREFIX=24
GATEWAY=192.168.100.1
DNS1=192.168.100.1
[root@lpf /home/lpf]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.100 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::b9bf:ddd0:cb7e:460e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f5:10:97 txqueuelen 1000 (Ethernet)
RX packets 973 bytes 102723 (100.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 318 bytes 38436 (37.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@lpf /home/lpf]# ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.657 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=1.43 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=1.24 ms
WIN 10设置
#中间服务器
[root@lpf lpf]# vim /etc/sysctl.conf
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1
[root@lpf lpf]# sysctl -p
net.ipv4.ip_forward = 1
#中间服务器
[root@lpf lpf]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
12.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 ens36
192.168.100.0 0.0.0.0 255.255.255.0 U 101 0 0 ens36
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
4.2:配置分离解析
[root@lpf lpf]# vim /etc/named.conf
.......
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
.....
[root@lpf lpf]# vim /etc/named.conf
主配置文件这个根域解析复制到局域配置文件里,并把主配置文件的根域解析删掉,这里一定要删
......
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
.......
[root@lpf named]# vim /etc/named.rfc1912.zones
.......
/ See /usr/share/doc/bind*/sample/ for example named configuration files.
// #配置内网域
view "lan" {
match-clients { 192.168.100.0/24; }; #配置内部解析的网段,区域配置
zone "kgc.com" IN {
type master;
file "kgc.com.lan"; #指内网区域数据配置文件
};
#把/etc/named.conf 的根域剪切到这里的内网域,不能放在下面的外网域,因为访问外网有根域解析
zone "." IN {
type hint;
file "named.ca";
};
};
#配置外网域 12.0.0.0/24网段
view "wan" {
match-clients { 12.0.0.0/24; };
zone "kgc.com" IN {
type master;
file "kgc.com.wan"; #指外网区域数据配置文件
};
};
#后面的内容删除
[root@lpf named]# cp -p named.localhost kgc.com.lan
[root@lpf named]# vim kgc.com.lan #设置内网区域数据配置文件
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.100.1 #提供解析服务的地址,这里是网关
www IN A 192.168.88.88 #内网访问www.kgc.com解析成192.168.88.88
[root@lpf named]# cp -p kgc.com.lan kgc.com.wan
[root@lpf named]# vim kgc.com.wan #设置外网区域数据配置文件
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 12.0.0.1 #提供解析服务的地址,这里是网关
www IN A 12.0.0.1 #外网访问www.kgc.com解析成12.0.0.1
~
[root@lpf named]# systemctl start named
#检查自己解析
[root@lpf named]# echo "nameserver 12.0.0.1" > /etc/resolv.conf
[root@lpf named]# host www.kgc.com
www.kgc.com has address 12.0.0.1
[root@lpf named]# echo "nameserver 192.168.100.1" > /etc/resolv.conf
[root@lpf named]# host www.kgc.com
www.kgc.com has address 192.168.88.88
查看外网访问www.kgc.com 访问解析成12.0.0.1
查看内网访问www.kgc.com 访问解析成192.168.88.88