DNS resolve separate presentation
Isolated domain name server resolution, in fact, is the primary domain name server, analytical separation mentioned here, mainly refers to different depending on the client, provide a different DNS record. Client from a different address requests parsing the same domain name, to provide different analytical results.
Build a separate DNS resolution servers
lab environment
Build experimental topology
In this experiment, I will CentOS 7 virtual machine used as a gateway, and DNS server set up to provide DNS resolution services in CentOS 7 system, while turning a win 7, a win 10 clients as a client, and CentOS 7 network connections, win 7 modeled as a wide area network clients, win 10 to simulate a LAN client, win 7 will do our mode dual-card system in CentOS 7 and win 10 in a different segment of the client, to the two clients connected. And set different IP address: win 7IP address: 12.0.0.12/24, win 10IP address: 192.168.100.100, CentOS 7 two gateway card are: 192.168.100.1/24,12.0.0.1/24 . As shown below:
Purpose: To establish a separate DNS resolution server.
Build experimental environment
1, first installed in CentOS 7 DNS services, and the establishment of dual card, the card only in host mode, and set the gateway, win 7 and win 10 client network card is also set to host-only mode, the device binding in the same network equipment .
[root@localhost ~]# yum install bind -y Loaded plugins: fastestmirror, langpacks base | 3.6 kB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 (1/4): extras/7/x86_64/primary_db | 215 kB 00:25 (2/4): base/7/x86_64/group_gz | 166 kB 00:25 It has been installed: bind.x86_64 32:9.9.4-74.el7_6.2 ... // ... omitted part Be upgraded as a dependency: bind-libs.x86_64 32:9.9.4-74.el7_6.2 bind-libs-lite.x86_64 32:9.9.4-74.el7_6.2 bind-license.noarch 32:9.9.4-74.el7_6.2 Volume-utils.x86_64 32: 9.9.4-74.el7_6.2 Finished!
2, CentOS 7 system configuration card static IP addresses, two network cards are configured as a gateway to use.
[Root @ localhost ~] # cd / etc / sysconfig / network-scripts / // card into the profile directory [Root @ localhost network-scripts] # ls // View catalog ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort ifdown ifdown-sit ifup-ipv6 ifup-tunnel ifdown-bnep ifdown-Team ifup-isdn ifup-wireless ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global ifdown-ib ifdown-tunnel ifup-plusb network-functions ifdown-ippp ifup ifup-post network-functions-ipv6 ifdown-ipv6 ifup-aliases ifup-ppp ifdown-isdn ifup-bnep ifup-routes // card configuration file is not added ifdown-post ifup-eth ifup-sit [Root @ localhost network-scripts] # ifconfig // View card information ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20<link> ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet) RX packets 32470 bytes 45131799 (43.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11167 bytes 710926 (694.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens36: flags = 4163 <UP, BROADCAST, RUNNING, MULTICAST> mtu 1500 // card Added ether 00:0c:29:5b:d3:aa txqueuelen 1000 (Ethernet) RX packets 317 bytes 51515 (50.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 204 bytes 35976 (35.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [Root @ localhost network-scripts] # vim ifcfg-ens33 // enter edit card information TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO = static // change dhcp to static DEFROUTE = yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE = yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=2ef6b862-5201-48c5-a450-23b3720ab3a0 DEVICE=ens33 ONBOOT=yes IPADDR = 192.168.100.1 // set the value of the IP address as the LAN gateway address NETMASK = 255.255.255.0 // Set the subnet mask ~ ~ ~ : Wq // save and exit [Root @ localhost network-scripts] # cp -p ifcfg-ens33 ifcfg-ens36 // copy ens33 profile for ens36, add the NIC configuration settings file [Root @ localhost network-scripts] # vim ifcfg-ens36 // card to enter the edit profile TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE = yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE = yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME = Change ens36 // 33 to 36 DEVICE = Change ens36 // 33 to 36 ONBOOT=yes IPADDR = 12.0.0.1 // change the IP address outside the network gateway NETMASK=255.255.255.0 ~ // Note, UUID entry to be deleted, can not have two of the same UUID, delete the system can automatically recognize ~ : Wq // save and exit [Root @ localhost network-scripts] # service network restart // Network Service Restart Restarting network (via systemctl): [OK] [Root @ localhost network-scripts] # ifconfig // View card information ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255 // Obtain an IP address inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20<link> ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet) RX packets 32595 bytes 45170473 (43.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11353 bytes 743789 (726.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255 // Obtain an IP address inet6 fe80::f6eb:23e3:3afb:fef4 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:5b:d3:aa txqueuelen 1000 (Ethernet) RX packets 456 bytes 94448 (92.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 372 bytes 64348 (62.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3, are provided with win 10 win 7IP address to be CentOS 7 two network cards.
Configuring DNS Services in CentOS 7
1, the main configuration file into the DNS service, configure the primary configuration file information.
[root@localhost network-scripts]# cd ~ [Root @ localhost ~] # vim /etc/named.conf // enter the main configuration file editing than // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html ... // ... omitted part options { listen-on port 53 {any;}; // change to monitor all network cards, because we've added another piece of card, network card so that all can be resolved by the domain name listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query {any;}; // change to all addresses, so that it can use all the network segments DNS service /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. ... // ... omitted part : Wq // save and exit
2, change the DNS service area Profile
root@localhost ~]# vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // delete all entries under here, and start writing here zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; ... // ... omitted part
// // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // view "lan" {// set the internal configuration of LAN users area match- {192.168.100.0/24;}; // entry matching the client IP address from the LAN zone "linuxmi.com" IN {// Set the domain name information type master; // main zone type area file "linuxmi.com.lan"; // zone data file "linuxmi.com.lan" }; zone "." IN {// root DNS configuration (to be copied from the master configuration file named.conf) type hint; file "named.ca"; }; }; view "wan" {// domain structure is provided for a wide area network users match-clients {12.0.0.0/24;}; // entries matching the client IP address from the WAN zone "linuxmi.com" IN { type master; file "linuxmi.com.wan"; // zone data file "linuxmi.com.wan" }; }; ~ ~ ~ : Wq // save and exit
3, configure the DNS service zone data files (note that the configuration file format written content)
[Root @ localhost ~] # cd / var / named // entry region configuration file storage directory [root@localhost named]# cp -p named.localhost linuxmi.com.lan //复制named.localhost为linuxmi.com.lan [Root @ localhost named] # vim linuxmi.com.lan // into the editing area data file information $TTL 1D @ IN SOA linuxmi.com. Admin.linuxmi.com. (// change the domain name, mailbox management 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS linuxmi.com. // Change the domain name server records address A 192.168.100.1 // change being analytical entry address www IN A 192.168.100.88 // www Add resolve the address of the domain name smtp IN A 192.168.100.99 // add a host name resolution address ~ ~ ~ : Wq // save and exit
[root@localhost named]# cp -p linuxmi.com.lan linuxmi.com.wan //复制linuxmi.com.lan为linuxmi.com.wan [Root @ localhost named] # vim linuxmi.com.wan // into the editing area data file information $TTL 1D @ IN SOA linuxmi.com. admin.linuxmi.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS linuxmi.com. A 12.0.0.1 // address of 12.0.0.1 to resolve changes www IN A 12.0.0.1 smtp IN A 12.0.0.1 ~ ~ ~ : Wq // save and exit
Start and Authentication Service
1, start the DNS service, and turn off the firewall and security features
[Root @ localhost named] # systemctl start named // Start the DNS service [Root @ localhost named] # systemctl status named // View service starts circumstances ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since May 2019-09-08 15:32:06 CST; 17s ago // service starts successfully Process: 23372 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 23368 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 23374 (named) CGroup: /system.slice/named.service └─23374 /usr/sbin/named -u named -c /etc/named.conf ... // ... omitted part [Root @ localhost named] # systemctl stop firewalld.service // turn off the firewall [Root @ localhost named] # setenforce 0 // Close Enhanced security features
2, verify resolve addresses 7 client win, the IP address to see whether we have set
C: \ Users \ Administrator> nslookup www.linuxmi.com // Check to resolve domain names Server: UnKnown Address: 12.0.0.1 Name: www.linuxmi.com Address: 12.0.0.1 // successfully resolve the address C: \ Users \ Administrator> // hostname resolution nslookup smtp.linuxmi.com Server: UnKnown Address: 12.0.0.1 Name: smtp.linuxmi.com Address: 12.0.0.1 // successfully resolve the address
3. Verify resolve addresses client win in 10, to see whether the IP address set for us
C: \ Users \ Sun> nslookup www.linuxmi.com // Check to resolve domain names Server: UnKnown Address: 192.168.100.1 Name: www.linuxmi.com Address: 192.168.100.88 // successfully resolve the address C: \ Users \ Sun> // hostname resolution nslookup smtp.linuxmi.com Server: UnKnown Address: 192.168.100.1 Name: smtp.linuxmi.com Address: 192.168.100.99 // successfully resolve the address
Through the above experiments successfully built a separate DNS resolution service, we want to help! ! !