建立分离、主从解析的域名服务器
案例:
域名服务器架设在企业网关服务器中,ip地址为173.16.16.1。
所负责的DNS域为“jgd.com”,在internet中的公共域名为“www.jgd.com”和“mail.jgd.com”均解析为网关服务器的ip地址“173.16.16.1”。
公司的网站、邮件服务器均位于局域网内,两台主机的ip地址分别为“192.168.0.2”和“192.168.0.3”
局域网内192.168.0.0/24内的主机均将DNS服务器的地址设为192.168.0.60,当局域网内的用户访问地址“www.jgd.com”和“mail.jgd.com”时分别解析为内部服务器的ip地址“192.168.0.2”和”192.168.0.3“
为上述服务器提供反向解析
(一)建立主域名服务器:
(1)布置环境,在机子上多加快网卡
(2)装包(4个bind包)
(3)确定本机的主机名、ip地址
[root@ns2 slaves]# vim /etc/hosts
192.168.0.61 ns1.jgd.com ns1
192.168.0.62 ns2.jgd.com ns2
[root@ns2 slaves]# vim /etc/resolv.conf
search jgd.com
nameserver 192.168.0.60
nameserver 192.168.0.61
nameserver 173.16.16.1
nameserver 173.16.16.2
(4)建立主配置文件
[root@jgd etc]# vim named.conf
options {
listen-on port 53 { 192.168.0.60;173.16.16.1; }; //监听的网口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { 192.168.0.0/24;173.16.16.0/24; }; //允许DNS查询的客户端
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "LAN" { //建立内网视图
match-clients {192.168.0.0/24;}; //匹配条件为来自内网的客户端
zone "jgd.com" IN {
type master;
file "lan.jgd.com.zone";
allow-transfer{ 192.168.0.61; 173.16.16.2; }; //允许从域名服务器下载该区域的地址数据库
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "lan.192.168.0.arpa";
allow-transfer{ 192.168.0.61; 173.16.16.2; };
};
};
view "WAN" { //建立外网视图
match-clients {any; };
zone "jgd.com" IN {
type master;
file "wan.jgd.com.zone";
allow-transfer{ 192.168.0.61; 173.16.16.2; };
};
zone "16.16.173.in-addr.arpa" IN {
type master;
file "wan.173.16.16.arpa";
allow-transfer{ 192.168.0.61; 173.16.16.2; };
};
};
(5)建立区域数据库文件
[root@jgd named]# vim lan.jgd.com.zone //内网正向解析数据库文件
$TTL 86400
@ IN SOA jgd.com. admin.jgd.com. (
44 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.jgd.com.
IN NS ns2.jgd.com.
IN MX 10 mail.jgd.com.
ns1 IN A 192.168.0.60
ns2 IN A 192.168.0.61
mail IN A 192.168.0.3
www IN A 192.168.0.2
[root@jgd named]# vim lan.192.168.0.arpa //内网反向解析数据库文件
$TTL 86400
@ IN SOA jgd.com. admin.jgd.com. (
44 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.jgd.com.
IN NS ns2.jgd.com.
60 IN PTR ns1.jgd.com.
62 IN PTR ns2.jgd.com.
2 IN PTR www.jgd.com.
3 IN PTR mail.jgd.com.
[root@jgd named]# vim wan.jgd.com.zone //外网正向解析数据库文件
$TTL 86400
@ IN SOA jgd.com. admin.jgd.com. (
45 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.jgd.com.
IN NS ns2.jgd.com.
IN MX 10 mail.jgd.com.
ns1 IN A 173.16.16.1
ns2 IN A 173.16.16.2
mail IN A 173.16.16.1
www IN A 173.16.16.1
[root@jgd named]# vim wan.173.16.16.arpa //外网反向解析数据库文件
$TTL 86400
@ IN SOA jgd.com. admin.jgd.com. (
45 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.jgd.com.
IN NS ns2.jgd.com.
1 IN PTR www.jgd.com.
(6)重新启动服务 service named restart
(7)验证主域名服务器
C:\Documents and Settings\Administrator>nslookup
Default Server: ns1.jgd.com
Address: 192.168.0.60
> www.jgd.com
Server: ns1.jgd.com
Address: 192.168.0.60
Name: www.jgd.com
Address: 192.168.0.2 //内视图验证成功
C:\Documents and Settings\Administrator>nslookup
Default Server: www.jgd.com
Address: 173.16.16.1
> www.jgd.com
Server: www.jgd.com
Address: 173.16.16.1
Name: www.jgd.com
Address: 173.16.16.1 //外视图验证成功
(二)建立从域名服务器
(1)布置环境,在机子上多加快网卡
(2)装包(4个bind包)
(3)确定本机的主机名、ip地址
[root@ns2 slaves]# vim /etc/hosts
192.168.0.61 ns1.jgd.com ns1
192.168.0.62 ns2.jgd.com ns2
[root@ns2 slaves]# vim /etc/resolv.conf
search jgd.com
nameserver 192.168.0.60
nameserver 192.168.0.61
nameserver 173.16.16.1
nameserver 173.16.16.2
(4)建立主配置文件
[root@ns2 etc]# vim named.conf
options {
listen-on port 53 { 192.168.0.61;173.16.16.2; }; //设置监听的网卡
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { 192.168.0.0/24;173.16.16.0/24; }; //允许DNS查询的客户端
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "LAN" { //设置内网试图
match-clients {192.168.0.0/24;};
zone "jgd.com" IN {
type slave;
masters { 192.168.0.60; 173.16.16.1; };
file "slaves/lan.jgd.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.0.60; 173.16.16.1; };
file "slaves/lan.192.168.0.arpa";
};
};
view "WAN" { //设置外网试图
match-clients {any; };
zone "jgd.com" IN {
type slave;
file "slaves/wan.jgd.com.zone";
masters{ 192.168.0.60; 173.16.16.1; };
};
zone "16.16.173.in-addr.arpa" IN {
type slave;
file "slaves/wan.173.16.16.arpa";
masters{ 192.168.0.60; 173.16.16.1; };
};
};
(5)重新启动服务:service named restart
(6)验证从域名服务器:
C:\Documents and Settings\Administrator>nslookup
*** Can't find server name for address 192.168.0.61: Non-existent domain
Default Server: UnKnown
Address: 192.168.0.61
> www.jgd.com
Server: UnKnown
Address: 192.168.0.61
Name: www.jgd.com
Address: 192.168.0.2 //验证内视图成功
C:\Documents and Settings\Administrator>nslookup
*** Can't find server name for address 173.16.16.2: Non-existent domain
Default Server: UnKnown
Address: 173.16.16.2
> www.jgd.com
Server: UnKnown
Address: 173.16.16.2
Name: www.jgd.com
Address: 173.16.16.1 //验证外试图成功
唉!。。其实这个实验困扰我好久了,不知道怎么了,从服务器下载过来的数据跟主服务器的数据不一样,总是解析出错,到了从服务器上就不分内外了,即使你在外网验证还是解析的真正服务器的IP,不能把外网查询解析成网关地址,很让我痛苦万分,后来我在主服务器上把区域数据库的刷新时间改大了点,突然好了,但没过一段时间又出现问题了,我接着改改区域数据库中的刷新时间又貌似好点了,让我痛苦万分,所以我把配置文件都贴了出来,希望那天有哥们能帮我解答这个问题~~求助!!
转载于:https://blog.51cto.com/jiagd/1068167
扫一扫
3320
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
