DNS resolve separate presentation
Isolated domain name server resolution, in fact, is the primary domain name server, analytical separation mentioned here, mainly refers to different depending on the client, provide a different DNS record. Client from a different address requests parsing the same domain name, to provide different analytical results.
Build a separate DNS resolution servers
lab environment
Build experimental topology
In this experiment, I will CentOS 7 virtual machine used as a gateway, and DNS server set up to provide DNS resolution services in CentOS 7 system, while turning a win 7, a win 10 clients as a client, and CentOS 7 network connections, win 7 modeled as a wide area network clients, win 10 to simulate a LAN client, win 7 will do our mode dual-card system in CentOS 7 and win 10 in a different segment of the client, to the two clients connected. And set different IP address: win 7IP address: 12.0.0.12/24, win 10IP address: 192.168.100.100, CentOS 7 two gateway card are: 192.168.100.1/24,12.0.0.1/24 . As shown below:
Purpose: To establish a separate DNS resolution server.
Build experimental environment
1, first installed in CentOS 7 DNS services, and the establishment of dual card, the card only in host mode, and set the gateway, win 7 and win 10 client network card is also set to host-only mode, the device binding in the same network equipment .
[root@localhost ~]# yum install bind -y Loaded plugins: fastestmirror, langpacks base | 3.6 kB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 (1/4): extras/7/x86_64/primary_db | 215 kB 00:25 (2/4): base/7/x86_64/group_gz | 166 kB 00:25 It has been installed: bind.x86_64 32:9.9.4-74.el7_6.2 ... // ... omitted part Be upgraded as a dependency: bind-libs.x86_64 32:9.9.4-74.el7_6.2 bind-libs-lite.x86_64 32:9.9.4-74.el7_6.2 bind-license.noarch 32:9.9.4-74.el7_6.2 Volume-utils.x86_64 32: 9.9.4-74.el7_6.2 Finished!
2, CentOS 7 system configuration card static IP addresses, two network cards are configured as a gateway to use.
[Root @ localhost ~] # cd / etc / sysconfig / network-scripts / // card into the profile directory
[Root @ localhost network-scripts] # ls // View catalog
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes // card configuration file is not added
ifdown-post ifup-eth ifup-sit
[Root @ localhost network-scripts] # ifconfig // View card information
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet)
RX packets 32470 bytes 45131799 (43.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11167 bytes 710926 (694.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags = 4163 <UP, BROADCAST, RUNNING, MULTICAST> mtu 1500 // card Added
ether 00:0c:29:5b:d3:aa txqueuelen 1000 (Ethernet)
RX packets 317 bytes 51515 (50.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 204 bytes 35976 (35.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[Root @ localhost network-scripts] # vim ifcfg-ens33 // enter edit card information
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO = static // change dhcp to static
DEFROUTE = yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE = yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=2ef6b862-5201-48c5-a450-23b3720ab3a0
DEVICE=ens33
ONBOOT=yes
IPADDR = 192.168.100.1 // set the value of the IP address as the LAN gateway address
NETMASK = 255.255.255.0 // Set the subnet mask
~
~
~
: Wq // save and exit
[Root @ localhost network-scripts] # cp -p ifcfg-ens33 ifcfg-ens36 // copy ens33 profile for ens36, add the NIC configuration settings file
[Root @ localhost network-scripts] # vim ifcfg-ens36 // card to enter the edit profile
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE = yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE = yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME = Change ens36 // 33 to 36
DEVICE = Change ens36 // 33 to 36
ONBOOT=yes
IPADDR = 12.0.0.1 // change the IP address outside the network gateway
NETMASK=255.255.255.0
~ // Note, UUID entry to be deleted, can not have two of the same UUID, delete the system can automatically recognize
~
: Wq // save and exit
[Root @ localhost network-scripts] # service network restart // Network Service Restart
Restarting network (via systemctl): [OK]
[Root @ localhost network-scripts] # ifconfig // View card information
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255 // Obtain an IP address
inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet)
RX packets 32595 bytes 45170473 (43.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11353 bytes 743789 (726.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255 // Obtain an IP address
inet6 fe80::f6eb:23e3:3afb:fef4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:d3:aa txqueuelen 1000 (Ethernet)
RX packets 456 bytes 94448 (92.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 372 bytes 64348 (62.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3, are provided with win 10 win 7IP address to be CentOS 7 two network cards.
Configuring DNS Services in CentOS 7
1, the main configuration file into the DNS service, configure the primary configuration file information.
[root@localhost network-scripts]# cd ~
[Root @ localhost ~] # vim /etc/named.conf // enter the main configuration file editing than
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
... // ... omitted part
options {
listen-on port 53 {any;}; // change to monitor all network cards, because we've added another piece of card, network card so that all can be resolved by the domain name
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query {any;}; // change to all addresses, so that it can use all the network segments DNS service
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
... // ... omitted part
: Wq // save and exit
2, change the DNS service area Profile
root@localhost ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// delete all entries under here, and start writing here
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
... // ... omitted part
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
view "lan" {// set the internal configuration of LAN users area
match- {192.168.100.0/24;}; // entry matching the client IP address from the LAN
zone "linuxmi.com" IN {// Set the domain name information
type master; // main zone type area
file "linuxmi.com.lan"; // zone data file "linuxmi.com.lan"
};
zone "." IN {// root DNS configuration (to be copied from the master configuration file named.conf)
type hint;
file "named.ca";
};
};
view "wan" {// domain structure is provided for a wide area network users
match-clients {12.0.0.0/24;}; // entries matching the client IP address from the WAN
zone "linuxmi.com" IN {
type master;
file "linuxmi.com.wan"; // zone data file "linuxmi.com.wan"
};
};
~
~
~
: Wq // save and exit
3, configure the DNS service zone data files (note that the configuration file format written content)
[Root @ localhost ~] # cd / var / named // entry region configuration file storage directory
[root@localhost named]# cp -p named.localhost linuxmi.com.lan //复制named.localhost为linuxmi.com.lan
[Root @ localhost named] # vim linuxmi.com.lan // into the editing area data file information
$TTL 1D
@ IN SOA linuxmi.com. Admin.linuxmi.com. (// change the domain name, mailbox management
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS linuxmi.com. // Change the domain name server records address
A 192.168.100.1 // change being analytical entry address
www IN A 192.168.100.88 // www Add resolve the address of the domain name
smtp IN A 192.168.100.99 // add a host name resolution address
~
~
~
: Wq // save and exit
[root@localhost named]# cp -p linuxmi.com.lan linuxmi.com.wan //复制linuxmi.com.lan为linuxmi.com.wan
[Root @ localhost named] # vim linuxmi.com.wan // into the editing area data file information
$TTL 1D
@ IN SOA linuxmi.com. admin.linuxmi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS linuxmi.com.
A 12.0.0.1 // address of 12.0.0.1 to resolve changes
www IN A 12.0.0.1
smtp IN A 12.0.0.1
~
~
~
: Wq // save and exit
Start and Authentication Service
1, start the DNS service, and turn off the firewall and security features
[Root @ localhost named] # systemctl start named // Start the DNS service
[Root @ localhost named] # systemctl status named // View service starts circumstances
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since May 2019-09-08 15:32:06 CST; 17s ago // service starts successfully
Process: 23372 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 23368 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 23374 (named)
CGroup: /system.slice/named.service
└─23374 /usr/sbin/named -u named -c /etc/named.conf
... // ... omitted part
[Root @ localhost named] # systemctl stop firewalld.service // turn off the firewall
[Root @ localhost named] # setenforce 0 // Close Enhanced security features
2, verify resolve addresses 7 client win, the IP address to see whether we have set
C: \ Users \ Administrator> nslookup www.linuxmi.com // Check to resolve domain names Server: UnKnown Address: 12.0.0.1 Name: www.linuxmi.com Address: 12.0.0.1 // successfully resolve the address C: \ Users \ Administrator> // hostname resolution nslookup smtp.linuxmi.com Server: UnKnown Address: 12.0.0.1 Name: smtp.linuxmi.com Address: 12.0.0.1 // successfully resolve the address
3. Verify resolve addresses client win in 10, to see whether the IP address set for us
C: \ Users \ Sun> nslookup www.linuxmi.com // Check to resolve domain names Server: UnKnown Address: 192.168.100.1 Name: www.linuxmi.com Address: 192.168.100.88 // successfully resolve the address C: \ Users \ Sun> // hostname resolution nslookup smtp.linuxmi.com Server: UnKnown Address: 192.168.100.1 Name: smtp.linuxmi.com Address: 192.168.100.99 // successfully resolve the address
Through the above experiments successfully built a separate DNS resolution service, we want to help! ! !