DNS reverse resolution, master-slave domain name server and domain name server separate resolution (experimental details)
table of Contents
1. DNS reverse resolution
step:
1. Modify the main configuration file
vim /etc/named.conf
options {
listen-on port 53 { any; }; ●监听53端口,ip地址使用提供服务的本地IP,也可用any表示所有
listen-on-v6 port 53 { ::1; }; #ipv6行如不使用可以注释掉或者删除
directory "/var/named"; #区域数据文件的默认存放位置
dump-file "/var/named/data/cache_dump.db"; #域名缓存数据库文件的位置
statistics-file "/var/named/data/named_stats.txt"; #状态统计文件的位置
memstatistics-file "/var/named/data/named_mem_stats.txt"; #内存统计文件的位置
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; ●允许使用本DNS解析服务的网段,也可用any代表所有
……
}
2. Modify the zone configuration file and add reverse zone configuration
vim /etc/named.rfc1912.zone #文件里有模版,可复制粘贴后修改
zone "126.168.192.in-addr.arpa" IN { ●反向解析的地址倒过来写,代表解析192.168.126网段的地址
type master;
file "chenwei.com.zone.local"; ●指定区域数据文件为chenwei.com.zone.local
allow-update { none; };
};
3. Configure the reverse zone data file
cd /var/named/
cp -p named.localhost chenwei.com.zone.local
vim /var/named/ chenwei.com.zone.local
$TTL 1D
@ IN SOA chenwei.com. admin.chenwei.com. ( #这里的“@”代表192.168.126段地址
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS chenwei.com.
A 192.168.126.10
10 IN PTR www.chenwei.com.
#PTR为反向指针,反向解析192.168.126.10地址结果为www.chenwei.com.
4. Restart the service to test
systemctl restart named
host 192.168.126.10
nslookup 192.168.126.10
Second, build a master-slave domain name server
step:
1. Modify the zone configuration file of the primary domain name server, modify the forward and reverse zone configuration
vim /etc/named.rfc1912.zone
zone "chenwei.com" IN {
type master; ●类型为主区域
file "chenwei.com.zone";
allow-transfer { 192.168.126.30; }; ●允许从服务器下载正向区域数据,这里添从服务器的IP地址
};
zone "126.168.192.in-addr.arpa" IN {
type master;
file "benet.com.zone.local";
allow-transfer { 192.168.126.30; };
};
2. Modify the zone configuration file from the domain name server, add positive and negative zone configuration
Need to open another virtual machine, the virtual machine IP address of this one is 192.168.126.30 above
vim /etc/named.rfc1912.zone
zone "chenwei.com" IN {
type slave; ●类型为从区域
masters { 192.168.126.10; }; ●指定主服务器的IP地址
file "slaves/chenwei.com.zone"; ●下载的区域数据文件保存到slaves/目录下
};
zone "126.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.126.10; };
file "slaves/chenwei.com.zone.local";
};
3. Both the master and slave restart the service and check whether the area data file has been downloaded successfully
systemctl restart named
cd /var/named
ll slaves
4. Add the slave DNS server address in the domain name resolution configuration file of the client
vim /etc/resolv.conf
5. Test
host 192.168.126.10
nslookup 192.168.126.10
Stop the service of the main server and simulate the main server failure
systemctl stop named
host 192.168.126.10
nslookup 192.168.126.10
Three, DNS separation resolution
The domain name server that separates resolution is actually the main domain name server, which mainly refers to providing different domain name resolution records according to different clients. For example, when clients from different network segment addresses of the intranet and the extranet request to resolve the same domain name, they will be provided with different resolution results.
Configure the gateway server to set up separate
DNS resolution. Set up separate DNS resolution on the gateway server, so that the local network host resolves www.chenwei.com to 192.168.126.10, and the external network host resolves www.chenwei.com to 12.0.0.10 (the network segment above is for reference only )
1. Configure dual network cards for the gateway server
. Add another network card in the shutdown state and restart the system
2. Configure the new network card ip address
ifconfig
ifconfig ens37 12.0.0.10/24
3. Install the bind package
yum install -y bind
Modify the main configuration file
vim /etc/named.conf
options {
listen-on port 53 { any; }; #监听本机或者any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #允许所有主机解析
……
};
include "/etc/named.rfc1912.zones";
4. Modify the regional configuration file
vim /etc/named.rfc1912.zone
#Note: Once the view is enabled, all zones must be under the view, so the default zone used by the system for self-check must also be placed under the view or deleted
vim /etc/named.rfc1912.zones
view "lan" { #定义内网view,view代表容器分割
match-clients { 192.168.126.0/24; }; #匹配内网网段
zone "chenwei.com" IN { #设置要解析的区域
type master;
file "chenwei.com.zone.lan"; #数据配置文件
}; zone "." IN { #可将根域配置从主配置文件剪切过来,dd+p
type hint; #hint是根区域类型
file "named.ca";
}; };
view "wan" { #定义外网view
match-clients { any; }; #匹配除了内网网段以外的任意地址
zone "long.com" IN {
type master;
file " chenwei.com.zone.wan";
};
};
5. Modify the regional data configuration file
cd /var/named
cp -p named.localhost chenwei.com.zone.lan
cp -p named.localhost chenwei.com.zone.wan
vim benet.com.zone.lan
vim benet.com.zone.wan
6, start the service
systemctl start named
Turn off firewall
systemctl stop firewalld
setenforce 0
7. Add the DNS server address to the domain name resolution configuration file of the internal and external network clients
Add vim /etc/resolv.conf to the intranet client
Add the DNS server address for the external network client (in the external network we use windows installed by the virtual machine)
8. Test
nslookup www.chenwei.com on internal and external network clients
Intranet test:
External network test:
