DNS separation resolution
- DNS separation resolution overview and configuration environment
- DNS separation resolution operation steps
-
- 1. Configure dual network cards for the gateway server and install the bind package
- 2. Modify the main configuration file
- 3. Modify the zone configuration file
- 4. Modify the regional data configuration file
- 5. Start the service and check the network connection
- 6. Add DNS server addresses for clients on internal and external networks
- 7. Internal and external network client test
DNS separation resolution overview and configuration environment
- The domain name server for separate resolution is actually the main domain name server, and here is mainly to provide different domain name resolution records according to different clients. For example, when clients from two different network segment address areas on the internal network and external network request to resolve the same domain name, separate DNS resolution will provide them with different resolution results, thereby obtaining different IP addresses.
- Experimental configuration environment
- DNS separation resolution service is built on the gateway server, and dual network cards are configured on the gateway server
- Local area network host IP: 12.88.88.10. External host IP: 192.168.88.1
- The local area network host resolves www.qz.com as 12.88.88.15. The external host resolves www.qz.com as 192.168.88.15
- Here, Windows is used as the external network test machine
DNS separation resolution operation steps
1. Configure dual network cards for the gateway server and install the bind package
-
Add VMnet to the virtual machine
-
The virtual machine network card can be added in both power-off and power-on states
-
Modify the newly added VMnet address on the host machine to facilitate the connection of Xshell
-
Make changes to the two network card configuration files
[root@localhost /]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens36
[root@localhost /]# vim /etc/sysconfig/network-scripts/ifcfg-ens36
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO=static
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens36" (需更改成ens36)
#UUID="0ad9bd17-0626-458e-8107-90b7c832a577" (因为该文件是从ens33复制过来的,所以UUID号相同,此处进行注释操作)
DEVICE="ens36" (需更改成ens36)
ONBOOT="yes"
IPADDR=192.168.88.1
NETMASK=255.255.255.0
#GATEWAY=192.168.131.2
#DNS1=192.168.131.2
[root@localhost network-scripts]# systemctl restart network
- Install the bind package and turn off the firewall and enhanced security features
[root@localhost /]# yum install -y bind
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
2. Modify the main configuration file
[root@localhost /]# vim /etc/named.conf
options {
listen-on port 53 {
any; }; (因为内、外客户端有2个不同网段,所以使用any。也可换成对应的2个网段)
#listen-on-v6 port 53 {
::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query {
any; }; (允许所有主机进行解析)
3. Modify the zone configuration file
[root@localhost /]# vim /etc/named.rfc1912.zones
view "lan" {
(定义内网view。view代表容器分隔)
match-clients {
12.88.88.0/24; }; (匹配内网网段)
zone "qz.com" IN {
(设置要解析的区域)
type master;
file "qz.com.zone.lan"; (数据配置文件)
};
zone "." IN {
(从主配置文件里将根域配置剪切复制过来)
type hint; (hint是根区域类型)
file "named.ca";
};
};
view "wan" {
(定义外网view)
match-clients {
any; }; (匹配除了内网网段以外的任意地址)
zone "qz.com" IN {
type master;
file "qz.com.zone.wan";
};
(注意:因为一旦启用view,所有的zone必须都在view下,所以需要把系统默认的自检用的zone也放在view下或者直接删除)
4. Modify the regional data configuration file
[root@localhost /]# cd /var/named/
[root@localhost named]# cp -p named.localhost qz.com.zone.lan
[root@localhost /]# vim var/named/qz.com.zone.lan
$TTL 1D
@ IN SOA qz.com. admin.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS qz.com.
A 12.88.88.10
www IN A 12.88.88.15 (内网主机通过解析www.qz.com地址将得到12.88.88.15)
[root@localhost named]# cp -p qz.com.zone.lan qz.com.zone.wan
[root@localhost /]# vim var/named/qz.com.zone.wan
$TTL 1D
@ IN SOA qz.com. admin.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS qz.com.
A 192.168.88.1
www IN A 192.168.88.15 (外网主机通过解析www.qz.com地址将得到192.168.88.15)
5. Start the service and check the network connection
[root@localhost /]# systemctl start named
[root@localhost named]# netstat -nautp | grep named
tcp 0 0 192.168.88.1:53 0.0.0.0:* LISTEN 5146/named
tcp 0 0 12.88.88.10:53 0.0.0.0:* LISTEN 5146/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5146/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5146/named
tcp6 0 0 ::1:953 :::* LISTEN 5146/named
udp 0 0 192.168.88.1:53 0.0.0.0:* 5146/named
udp 0 0 192.168.122.1:53 0.0.0.0:* 5146/named
udp 0 0 12.88.88.10:53 0.0.0.0:* 5146/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 5146/named
6. Add DNS server addresses for clients on internal and external networks
- Intranet client
[root@localhost ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 12.88.88.10
- Extranet client
7. Internal and external network client test
- Intranet client
[root@localhost ~]# host qz.com
qz.com has address 12.88.88.10
- Extranet client
