DNS separation resolution
- DNS separation resolution
-
- Configure dual network cards for the gateway server
- Install the bind package
- Modify the main configuration file
- Modify the zone configuration file
- Modify regional data configuration file
- Start service
- Add the DNS server address to the domain name resolution configuration file of the client on the internal and external networks
- Test on internal and external network clients
DNS separation resolution
The domain name server for separate resolution is actually the primary domain server, which mainly refers to providing different domain name resolution records according to different clients. For example, when clients from different network segment address areas of the internal network and external network request to resolve the same domain name, they will be provided with different resolution results to obtain different IP addresses.
Configure dual network cards for the gateway server
Add another network card in the shutdown state and restart the system
ifconfig
cd /etc/sysconfig/network-scripts/
cp ifcfg-ens33 ifcfg-ens36
Install the bind package
yum install -y bind
Modify the main configuration file
vim /etc/named.conf
options {
listen-on port 53 {
any; }; #监听本机或者any
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query {
any; }; #允许所有主机解析
……
};
include "/etc/named.rfc1912.zones";
Modify the zone configuration file
vim /etc/named.rfc1912.zones
view "lan" {
#定义内网view,view代表容器分割
match-clients {
192.168.172.0/24; }; #匹配内网网段
zone "zhangsan.com" IN {
#设置要解析的区域
type master;
file "zhangsan.com.zone.lan"; #数据配置文件
};
zone "." IN {
#可将根域配置从主配置文件剪切过来,dd+p
type hint; #hint是根区域类型
file "named.ca";
};
};
view "wan" {
#定义外网view
match-clients {
any; }; #匹配除了内网网段以外的任意地址
zone "zhangsan.com" IN {
type master;
file "zhangsan.com.zone.wan";
};
};
#注意:一旦启用view,所有的zone必须都在view下,所以要把系统默认的自检用的zone也放在view下或者删除
Modify regional data configuration file
cd /var/named
cp -p named.localhost zhangsan.com.zone.lan
cp -p named.localhost zhangsan.com.zone.wan
vim zhangsan.com.zone.lan
$TTL 1D
@ IN SOA zhangsan.com. admin.zhangsan.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS zhangsan.com.
A 192.168.172.10
www IN A 192.168.172.100 #内网主机通过解析www.zhangsan.com的地址得到192.168.172.100
vim zhangsan.com.zone.wan
$TTL 1D
@ IN SOA zhangsan.com. admin.zhangsan.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS zhangsan.com.
A 12.0.0.1
www IN A 12.0.0.100 #外网主机通过解析www.zhangsan.com的地址得到12.0.0.100
Start service
systemctl start named
Add the DNS server address to the domain name resolution configuration file of the client on the internal and external networks
echo "nameserver 192.168.163.15" >> /etc/resolv.conf #内网客户端
外网我们使用win10虚拟机模拟
Test on internal and external network clients
nslookup www.zhangsan.com