一、分离解析
分离解析的域名服务器实际也是主域名服务器,这里主要是指根据不同的客户端提供不同的域名解析记录。比如来自内网和外网的不同网段地址的客户机请求解析同一域名时,为其提供不同的解析结果。
1.实验环境部署
(1)为dns服务器添加两个网卡,并按上图设置各个主机的网络桥接
DNS服务器的主机名设置为ns1
ns1的ens33网卡的桥接不变(NAT模式)------->内网客户机192.168.10.106(NAT模式)
ns1的ens36网卡桥接到仅主机模式------>外网客户机172.16.16.106,桥接为仅主机模式
备注:
用106主机做内网客户机
win10主机做外网客户机
(2)用ifconfig命令查看网卡的名称
(3)修改两个网卡的IP地址
两个网卡的参数如下:
[root@localhost network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.10.101
NETMASK=255.255.255.0
GATEWAY=192.168.10.254
DNS1=114.114.114.114
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
[root@localhost network-scripts]# vim ifcfg-ens36
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=173.16.16.101
NETMASK=255.255.255.0
#GATEWAY=192.168.10.254
DNS1=114.114.114.114
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens36
DEVICE=ens36
ONBOOT=yes
[root@localhost ~]# systemctl restart network
2.安装bind
(1)安装软件包
[root@localhost ~]# hostnamectl set-hostname ns1
[root@localhost ~]# bash
[root@ns1 ~]# systemctl stop firewalld
[root@ns1 ~]# setenforce 0
[root@ns1 ~]# yum -y install bind
(2)设置开机自启
[root@ns1 ~]# systemctl enable named
3.配置文件的修改
(1)主配置文件
[root@ns1 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
view "LAN" {
match-clients { 192.168.10.0/24; };
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
};
view "WAN" {
match-clients { any; };
zone "bt.com" IN {
type master;
file "wan.bt.com.zone";
};
};
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
(2)区域文件的设置
- 内部区域文件
[root@ns1 ~]# cd /var/named/
[root@ns1 named]# vim lan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
www IN A 192.168.10.102
mail IN A 192.168.10.103
ftp IN A 192.168.10.104
- 外部区域文件
[root@ns1 named]# vim wan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 173.16.16.101
www IN A 173.16.16.102
mail IN A 173.16.16.103
ftp IN A 173.16.16.104
[root@ns1 named]# chown named lan.bt.com.zone wan.bt.com.zone
(3)语法检测
[root@ns1 named]# named-checkconf -z /etc/named.conf
zone bt.com/IN: loaded serial 0
zone bt.com/IN: loaded serial 0
[root@ns1 named]# named-checkzone bt.com /var/named/lan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
[root@ns1 named]# named-checkzone bt.com /var/named/wan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
(4)启动服务
[root@ns1 named]# systemctl start named
[root@ns1 named]# netstat -anptu | grep named
4.客户端验证
(1)外网客户端
[root@localhost ~]# yum -y install bind-utils
[root@localhost ~]# nslookup
> www.bt.com
Server: 173.16.16.1
Address: 173.16.16.1#53
Name: www.bt.com
Address: 173.16.16.101
(2)内网客户端
[root@localhost ~]# yum -y install bind-utils
[root@localhost ~]# nslookup
> www.bt.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: www.bt.com
Address: 192.168.1.5
二、多域名解析
1.修改配置文件
[root@ns1 named]# vim /etc/named.conf
view "LAN" {
match-clients { 192.168.10.0/24;};
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
zone "benet.com" IN {
type master;
file "lan2.bt.com.zone";
};
};
[root@ns1 named]# vim lan2.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
www IN A 191.168.10.102
mail IN A 191.168.10.103
ftp IN A 191.168.10.104
[root@ns1 named]# chown named lan2.bt.com.zone
[root@ns1 named]# systemctl restart named
备注:有几个域名,就添加多少个zone,每个zone对应一个区域文件
2.客户端测试
[root@client ~]# nslookup ftp.benet.com
Server: 192.168.10.101
Address: 192.168.10.101#53
Name: ftp.benet.com
Address: 191.168.10.104
三、子域
实验环境:
父域服务器:192.168.10.101
子域服务器:192.168.10.102
客户机:win10,IP与服务器在同一网段,DNS地址为子域服务器的IP地址
1.主服务器的配置
(1)安装bind
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install bind
(2)设置named主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
};
(3)创建主DNS服务器
[root@localhost ~]# vim /etc/named.rfc1912.zones
在末尾添加:
zone "accp.com" IN {
type master;
file "accp.com.zone";
};
(4)创建正向区域文件
[root@localhost ~]# vim /var/named/accp.com.zone
$TTL 1D
@ IN SOA accp.com. admin.accp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.accp.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
www IN A 192.168.10.103
ftp IN A 192.168.10.104
[root@localhost ~]# chown :named /var/named/accp.com.zone
2.子域服务器设置
(1)安装bind服务
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install bind
(2)配置主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
备注:
dnssec-enable no; dnssec功能会对解析结果进行验证
dnssec-validation no; 是否为权威解答,不是就会报错
建议关闭,否则会影响委派转发
(3)设置区域文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
在末尾添加:
zone "zz.accp.com" IN {
type master;
file "zz.accp.com.zone";
};
zone "accp.com" IN {
type forward;
forwarders { 192.168.10.101; };
};
备注:
forwarders { 192.168.10.101; };转发器,本机无法解析的条目转发至10.101为其解析
(4)创建正向区域文件
[root@localhost ~]# vim /var/named/zz.accp.com.zone
$TTL 1D
@ IN SOA zz.accp.com. admin.zz.accp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns2.zz.accp.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
mail IN A 192.168.10.103
ftp IN A 192.168.10.104
[root@localhost ~]# chown :named /var/named/zz.accp.com.zone
3.客户机测试
[root@client ~]# nslookup ftp.accp.com
Server: 192.168.10.102
Address: 192.168.10.102#53
Name: ftp.accp.com
Address: 191.168.10.104
[root@client ~]# nslookup ftp.zz.accp.com
Server: 192.168.10.102
Address: 192.168.10.102#53
Name: ftp.zz.accp.com
Address: 191.168.10.104
