案例1:
环境:
环境部署:
为dns服务器添加两个网卡,并按上图设置各个主机的网络桥接
DNS服务器的主机名设置为ns1
ns1的ens33网卡的桥接不变(NAT模式)------->内网客户机192.168.10.106(NAT模式)
ns1的ens36网卡桥接到仅主机模式------>外网客户机172.16.16.106,桥接为仅主机模式
网卡参数
网卡1参数:
[root@localhost network-scripts]$ vim ifcfg-ens33
…………
BOOTPROTO=static
IPADDR=192.168.10.101
NETMASK=255.255.255.0
…………
ONBOOT=yes
网卡2参数:
[root@localhost network-scripts]$ vim ifcfg-ens36
…………
BOOTPROTO=static
IPADDR=173.16.16.101
NETMASK=255.255.255.0
#GATEWAY=192.168.10.254
…………
ONBOOT=yes
在修改完网卡参数后记得重启网络
为服务器安装bind,并暂时关闭防火墙和内核防护
[root@localhost ~]$ yum -y install bind*
[root@localhost ~]$ systemctl stop firewalld
[root@localhost ~]$ setenforce 0
修改配置文件
[root@localhost ~]$ vim /etc/named.conf
options {
listen-on port 53 { any; };
…………
allow-query { any; };
…………
#zone "." IN {
# type hint;
# file "named.ca";
#};
view "LAN" {
match-clients { 192.168.10.0/24; };
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
};
view "WAN" {
match-clients { any; };
zone "bt.com" IN {
type master;
file "wan.bt.com.zone";
};
};
…………
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
部署区域文件
内部区域文件
[root@localhost named]$ vim lan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
www IN A 192.168.10.102
mail IN A 192.168.10.103
ftp IN A 192.168.10.104
外部区域文件
[root@localhost named]$ vim wan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 173.16.16.101
www IN A 173.16.16.102
mail IN A 173.16.16.103
ftp IN A 173.16.16.104
[root@localhost named]$ chown named lan.bt.com.zone wan.bt.com.zone
语法检测
[root@localhost named]$ named-checkconf -z /etc/named.conf
zone bt.com/IN: loaded serial 0
zone bt.com/IN: loaded serial 0
[root@localhost named]$ named-checkzone bt.com /var/named/lan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
[root@localhost named]$ named-checkzone bt.com /var/named/wan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
启动服务
[root@localhost named]$ systemctl start named
客户端验证
外网客户端
[root@localhost ~]$ yum -y install bind-utils
[root@localhost ~]$ nslookup
> www.bt.com
Server: 173.16.16.1
Address: 173.16.16.1#53
Name: www.bt.com
Address: 173.16.16.101
内网客户端
[root@localhost ~]$ yum -y install bind-utils
[root@localhost ~]$ nslookup
> www.bt.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: www.bt.com
Address: 192.168.1.5
案例2:多域名解析
基于案例一的服务器操作即可
[root@localhost ~]$ vim /etc/named.conf
view "LAN" {
match-clients { 192.168.10.0/24; };
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
zone "benet.com" IN {
type master;
file "lan.benet.com.zone";
};
};
#有几个域名,就添加多少个zone,每个zone对应一个区域文件
…………
[root@localhost named]$ vim lan.benet.com.zone
$TTL 1D
@ IN SOA benet.com. admin.benet.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.benet.com.
ns1 IN A 192.168.10.101
www IN A 191.168.10.102
mail IN A 191.168.10.103
ftp IN A 191.168.10.104
[root@localhost named]$ chown named lan2.bt.com.zone
[root@localhost named]$ systemctl restart named
客户端测试
[root@localhost ~]$ nslookup ftp.benet.com
Server: 192.168.10.101
Address: 192.168.10.101#53
Name: ftp.benet.com
Address: 191.168.10.104
案例3:子域
重新开启两台主机
实验环境:
父域服务器:192.168.10.101
子域服务器:192.168.10.102
为两台主机安装bind,关闭防火墙和内核
[root@localhost ~]$ yum -y install bind*
[root@localhost ~]$ systemctl stop firewalld
[root@localhost ~]$ setenforce 0
主服务器的配置
设置named主配置文件
[root@localhost ~]$ vim /etc/named.conf
options {
listen-on port 53 { any; };
…………
allow-query { any; };
}
创建主DNS服务器
[root@localhost ~]$ vim /etc/named.rfc1912.zones
…………
zone "bt.com" IN {
type master;
file "bt.com.zone";
};
创建正向区域文件
[root@localhost ~]$ vim /var/named/bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
www IN A 192.168.10.103
ftp IN A 192.168.10.104
[root@localhost ~]$ chown :named /var/named/bt.com.zone
子服务器的配置
配置主配置文件
[root@localhost ~]$ vim /etc/named.conf
options {
listen-on port 53 { any; };
…………
allow-query { any; };
dnssec-enable no; #dnssec功能会对解析结果进行验证
dnssec-validation no; #是否为权威解答,不是就会报错
}
设置区域文件
[root@localhost ~]$ vim /etc/named.rfc1912.zones
在末尾添加:
zone "zz.bt.com" IN {
type master;
file "zz.bt.com.zone";
};
zone "bt.com" IN {
type forward;
forwarders { 192.168.10.101; }; # 转发器,本机无法解析的条目转发至10.101为其解析
};
创建反向区域文件
[root@localhost ~]$ vim /var/named/zz.bt.com.zone
$TTL 1D
@ IN SOA zz.bt.com. admin.zz.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns2.zz.bt.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
mail IN A 192.168.100.103
ftp IN A 192.168.100.104
[root@localhost ~]$ chown :named /var/named/zz.bt.com.zone