Linux DNS 分离解析
程序员文章站
2022-08-08 16:33:21
设置 DNS 分离解析可以对不同的客户端提供不同的域名解析记录。来自不同地址的客户机请求同一域名时,为其提供不同的解析结果。 ......
设置dns分离解析可以对不同的客户端提供不同的域名解析记录。来自不同地址的客户机请求同一域名时,为其提供不同的解析结果。
安装 bind 包
[root@localhost ~]# yum install bind bind-utils -y
双网卡配置
两张网卡全部切换至仅主机模式。
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
- 配置内网网关
ip地址
[root@localhost network-scripts]# vim ifcfg-ens33 type=ethernet bootproto=static device=ens33 onboot=yes ipaddr=192.168.100.1 netmask=255.255.255.0
- 配置外网网关
ip地址
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens37 [root@localhost network-scripts]# vim ifcfg-ens37 type=ethernet bootproto=static device=ens37 onboot=yes ipaddr=12.0.0.1 netmask=255.255.255.0
- 重启网络服务
[root@localhost ~]# service network restart
restarting network (via systemctl): [ ok ]
[root@localhost ~]# ifconfig ens33
ens33: flags=4163<up,broadcast,running,multicast> mtu 1500
inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::20c:29ff:febc:ab96 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bc:ab:96 txqueuelen 1000 (ethernet)
rx packets 1056 bytes 299717 (292.6 kib)
rx errors 0 dropped 0 overruns 0 frame 0
tx packets 180 bytes 22441 (21.9 kib)
tx errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ifconfig ens37
ens37: flags=4163<up,broadcast,running,multicast> mtu 1500
inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255
inet6 fe80::20c:29ff:febc:aba0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bc:ab:a0 txqueuelen 1000 (ethernet)
rx packets 1010 bytes 301554 (294.4 kib)
rx errors 0 dropped 0 overruns 0 frame 0
tx packets 106 bytes 16880 (16.4 kib)
tx errors 0 dropped 0 overruns 0 carrier 0 collisions 0
编辑主配置文件
[root@localhost ~]# vim /etc/named.conf
- 配置监听网段、允许查询网段
listen-on port 53 { any; };
allow-query { any; };
- 删除根的配置部分,放到区域配置文件中。
zone "." in {
type hint;
file "named.ca";
};
编辑区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
删除所有已存在的配置,添加以下配置
view "lan" {
match-clients { 192.168.100.0/24; };
zone "yun.com" in {
type master;
file "yun.com.lan";
};
zone "." in {
type hint;
file "named.ca";
};
};
view "wan" {
match-clients { 12.0.0.0/24; };
zone "yun.com" in {
type master;
file "yun.com.wan";
};
};
编辑区域数据配置文件
[root@localhost ~]# cd /var/named/
- 编辑
lan区域数据文件
[root@localhost named]# cp -p named.localhost yun.com.lan
[root@localhost named]# vim yun.com.lan
$ttl 1d
@ in soa yun.com. admin.yun.com. (
0 ; serial
1d ; refresh
1h ; retry
1w ; expire
3h ) ; minimum
in ns yun.com.
in a 192.168.100.1
www in a 192.168.100.10
ftp in a 192.168.100.20
- 编辑
wan区域数据文件
[root@localhost named]# cp -p yun.com.lan yun.com.wan
[root@localhost named]# vim yun.com.wan
$ttl 1d
@ in soa yun.com. admin.yun.com. (
0 ; serial
1d ; refresh
1h ; retry
1w ; expire
3h ) ; minimum
in ns yun.com.
in a 12.0.0.1
www in a 12.0.0.1
ftp in a 12.0.0.1
启动服务
[root@localhost ~]# systemctl start named [root@localhost ~]# systemctl enable named created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
结果测试
两台客户机的网络为仅主机模式。
内网win10测试
microsoft windows [版本 10.0.10240] (c) 2015 microsoft corporation. all rights reserved. c:\users\ll>nslookup www.yun.com 服务器: unknown address: 192.168.100.1 名称: www.yun.com address: 192.168.100.10 c:\users\ll>nslookup ftp.yun.com 服务器: unknown address: 192.168.100.1 名称: ftp.yun.com address: 192.168.100.20
外网win7测试
microsoft windows [版本 6.1.7601] 版权所有 (c) 2009 microsoft corporation。保留所有权利。 c:\users\ll>nslookup www.yun.com 服务器: unknown address: 12.0.0.1 名称: www.yun.com address: 12.0.0.1 c:\users\ll>nslookup ftp.yun.com 服务器: unknown address: 12.0.0.1 名称: ftp.yun.com address: 12.0.0.1
上一篇: 竹叶青茶盒什么样的好呢?送礼就选这个