Linux网络服务-----实验---dns分离
程序员文章站
2022-07-13 21:46:07
...
一.DNS分离解析概念
- DNS的分离解析,是指根据不同的客户端提供不同的域名解析记录。来自不同地址的客户机请求解析同一域名时,为其提供不同的解析结果。也就是内外网客户请求访问相同的域名时,能解析出不同的IP地址,实现负载均衡。
二.实验环境
- vmware workstation虚拟平台
- 一台centos7服务器(局域网IP地址:192.168.100.1;外网IP地址:12.0.0.1),服务器需要双网卡,安装bind软件
- 两台centos7客户机(一台机器IP地址:192.168.100.100;一台机器12.0.0.12)
- 三台虚拟机均处于仅主机模式
三.实验步骤
服务器的网卡设置
[aaa@qq.com ~]# rpm -q bind
bind-9.11.4-9.P2.el7.x86_64
[aaa@qq.com ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::fe27:a784:dd8d:8487 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:de:a0:aa txqueuelen 1000 (Ethernet)
RX packets 423 bytes 41746 (40.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 204 bytes 23332 (22.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255
inet6 fe80::cddb:7513:83e6:a6e6 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:de:a0:b4 txqueuelen 1000 (Ethernet)
RX packets 413 bytes 40670 (39.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 193 bytes 22357 (21.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
......
[aaa@qq.com ~]#
局域网客户机的网卡设置和DNS服务器IP地址设置
[aaa@qq.com ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.100 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::d5e8:9ff7:efc1:5ec prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:0b:69:b8 txqueuelen 1000 (Ethernet)
RX packets 340 bytes 36110 (35.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 234 bytes 21562 (21.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
......
[aaa@qq.com ~]#
[aaa@qq.com ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.100.1
[aaa@qq.com ~]#
外网客户机的网卡设置和DNS服务器IP地址设置
[aaa@qq.com ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 12.0.0.12 netmask 255.0.0.0 broadcast 12.255.255.255
inet6 fe80::99f8:b791:1ac2:a9b4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:42:9f:35 txqueuelen 1000 (Ethernet)
RX packets 309 bytes 31921 (31.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 224 bytes 20772 (20.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
......
[aaa@qq.com ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 12.0.0.1
[aaa@qq.com ~]#
服务器DNS服务的配置
配置dns主配置文件
[aaa@qq.com ~]# vim /etc/named.conf
options {
#监听所有访问DNS服务器的主机
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
#监听双网卡
allow-query { any; };
配置dns区域配置文件
[aaa@qq.com ~]# vim /etc/named.rfc1912.zones
view "lan" {
#匹配解析局域网网段
match-clients { 192.168.100.0/24; };
#正向解析的域名
zone "kgc.com" IN {
type master;
file "kgc.com.lan";
};
#根域名解析
zone "." IN {
type hint;
file "named.ca";
};
};
view "wan" {
#匹配解析外网网段
match-clients { 12.0.0.0/24; };
zone "kgc.com" IN {
type master;
file "kgc.com.wan";
};
};
#需要把其他配置数据删掉
配置dns区域数据配置文件
复制模板文件
[aaa@qq.com named]# cp -p named.localhost kgc.com.lan
[aaa@qq.com named]# cp -p named.localhost kgc.com.wan
[aaa@qq.com named]# vim kgc.com.lan
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 192.168.100.1
www IN A 192.168.100.88
ftp IN A 192.168.100.99
* IN A 9.9.9.9
[aaa@qq.com named]# vim kgc.com.wan
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 12.0.0.1
www IN A 12.0.0.1
ftp IN A 12.0.0.1
* IN A 6.6.6.6
~
在DNS服务器上开启dns服务,关闭防火墙和增强安全性功能
[aaa@qq.com named]# systemctl start named
[aaa@qq.com named]# systemctl stop firewalld
[aaa@qq.com named]# setenforce 0
[aaa@qq.com named]# 四.验证实验结果