我的Linux主机内网用的是局域网,ip为192.168.100.156,该局域网外网ip为202.114.107.159。
注意:如果需要支持外网使用我们的dns服务器则需要注意以下两点。
在/etc/named.conf配置文件中使用view;
在路由器中的转发规则中的虚拟服务中添加端口映射,添加53端口,并且映射为内网ip192.168.100.156,然后生该条目生效即可。
1、bind安装
yum -y install bind
rpm -qa|grep bind
2、/etc/named.conf配置文件
options {3、建立对内、对外区域数据库文件
listen-on port 53 { any;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
pid-file "/var/named/named.pid";
forwarders {202.114.64.2;};
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv.isc.org.;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "LAN"{
match-clients{192.168.100.0/24;};
zone "." IN {
type hint;
file "named.root";
};
zone "dazhong.cn" IN{
type master;
file "named.dazhong.cn";
allow-update {none;};
};
zone "100.168.192.in-addr.arpa" IN{
type master;
file "named.100.168.192";
allow-update {none;};
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN{
type master;
file "named.local";
allow-update {none;};
};
};
view "WAN"{
match-clients{any;};
zone "." IN {
type hint;
file "named.root";
};
zone "dazhong.cn" IN{
type master;
file "named.dazhong.cn.wan";
allow-update {none;};
};
};
include "/etc/named.rfc1912.zones";
include "/etc/pki/dnssec-keys//named.dnssec.keys";
include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";
named.dazhong.cn文件内容:
$TTL 3h
dazhong.cn. IN SOA ns.dazhong.cn. root.dazhong.cn(
1;
3h;
1h;
1w;
1h);
dazhong.cn. IN NS ns.dazhong.cn.
dazhong.cn. IN MX 10 mail
ns IN A 192.168.100.156
mail IN CNAME ns.dazhong.cn.
www IN CNAME ns.dazhong.cn.
named.100.168.192文件内容:
$TTL 3h
100.168.192.in-addr.arpa. IN SOA ns.dazhong.cn. root.dazhong.cn. (
1;
3h;
1h;
1w;
1h);
100.168.192.in-addr.arpa. IN NS ns.dazhong.cn.
156.100.168.192.in-addr.arpa. IN PTR ns.dazhong.cn.
157.100.168.192.in-addr.arpa. IN PTR mail.dazhong.cn.
158.100.168.192.in-addr.arpa. IN PTR www.dazhong.cn.
named.dazhong.cn.wan文件内容:
$TTL 3h
dazhong.cn. IN SOA ns.dazhong.cn. root.dazhong.cn(
1;
3h;
1h;
1w;
1h);
dazhong.cn. IN NS ns.dazhong.cn.
dazhong.cn. IN MX 10 mail
ns IN A 202.114.107.159
mail IN CNAME ns.dazhong.cn.
www IN CNAME ns.dazhong.cn.
4、/etc/resolvs.conf
nameserver 192.168.100.156
nameserver 202.114.107.159
serch localhost.domain dazhong.ns
5、启动服务
setenforce 0 //禁用selinux服务
service named start或者/usr/sbin/named -g &
netstat -an|grep :53
6、使用nslookup进行测试
如上图:www.baidu.com是www.a.shifen.com的别名,ip地址解析为119.75.217.109;
www.dazhong.cn是ns.dazhong.cn的别名,ip地址解析为192.168.100.156;
ip地址192.168.100.156反向解析为ns.dazhong.cn。
外网测试,则需要更改测试主机的dns为我们的外网ip202.114.107.159,然后进行如上类似操作即可。