您好,登錄后才能下訂單哦!
? 分離解析的域名服務(wù)器,實際上也還是主域名服務(wù)器,這里所說的分離解析,主要是指根據(jù)不同的客戶端,提供不同的域名解析記錄。來自不同地址的客戶機(jī)請求解析同一域名時,為其提供不同的解析結(jié)果。
使用VMware 15軟件分別打開一臺win 10虛擬機(jī),一臺win 7虛擬機(jī)和一臺CentOS 7虛擬機(jī)
使用VMware 15
下載鏈接 許可證密匙
:UY758-0RXEQ-M81WP-8ZM7Z-Y3HDA
win 10 鏡像
下載鏈接win 7 鏡像
下載鏈接CentOS 7鏡像
下載鏈接在此次實驗中我將把CentOS 7虛擬機(jī)作為網(wǎng)關(guān)來使用,并在CentOS 7系統(tǒng)搭建DNS服務(wù)器提供DNS解析服務(wù),同時開啟一臺win 7、一臺win 10客戶機(jī)作為客戶機(jī),與CentOS 7進(jìn)行網(wǎng)絡(luò)連接,win 7模擬為廣域網(wǎng)的客戶機(jī),win 10模擬為局域網(wǎng)的客戶機(jī),win 7與win 10作為不同網(wǎng)段中的客戶機(jī)就要我們在CentOS 7系統(tǒng)中做雙網(wǎng)卡的模式,來使兩臺客戶機(jī)連接。并設(shè)定不同的IP地址:win 7IP地址為:12.0.0.12/24 、win 10IP地址為:192.168.100.100、CentOS 7中兩個網(wǎng)卡中網(wǎng)關(guān)分別是:192.168.100.1/24、12.0.0.1/24。如下圖:
實驗?zāi)康模航NS分離解析服務(wù)器。
1、首先在CentOS 7中安裝DNS服務(wù),并建立雙網(wǎng)卡,使網(wǎng)卡處于僅主機(jī)模式,并設(shè)置網(wǎng)關(guān),win 7與win 10客戶端網(wǎng)卡同樣設(shè)置為 僅主機(jī)模式,使設(shè)備綁定在同一網(wǎng)絡(luò)設(shè)備。
[root@localhost ~]# yum install bind -y
已加載插件:fastestmirror, langpacks
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/4): extras/7/x86_64/primary_db | 215 kB 00:25
(2/4): base/7/x86_64/group_gz | 166 kB 00:25
已安裝:
bind.x86_64 32:9.9.4-74.el7_6.2
...//省略部分內(nèi)容...
作為依賴被升級:
bind-libs.x86_64 32:9.9.4-74.el7_6.2
bind-libs-lite.x86_64 32:9.9.4-74.el7_6.2
bind-license.noarch 32:9.9.4-74.el7_6.2
bind-utils.x86_64 32:9.9.4-74.el7_6.2
完畢!
2、配置CentOS 7系統(tǒng)網(wǎng)卡靜態(tài)IP地址,兩塊網(wǎng)卡均配置為網(wǎng)關(guān)使用。
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ //進(jìn)入網(wǎng)卡配置文件目錄
[root@localhost network-scripts]# ls //查看目錄
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes //沒有添加的網(wǎng)卡配置文件
ifdown-post ifup-eth ifup-sit
[root@localhost network-scripts]# ifconfig //查看網(wǎng)卡信息
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet)
RX packets 32470 bytes 45131799 (43.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11167 bytes 710926 (694.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 //添加的網(wǎng)卡
ether 00:0c:29:5b:d3:aa txqueuelen 1000 (Ethernet)
RX packets 317 bytes 51515 (50.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 204 bytes 35976 (35.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]# vim ifcfg-ens33 //進(jìn)入編輯網(wǎng)卡信息
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static //更改dhcp為static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=2ef6b862-5201-48c5-a450-23b3720ab3a0
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.1 //設(shè)值IP地址,作為局域網(wǎng)網(wǎng)關(guān)地址
NETMASK=255.255.255.0 //設(shè)置子網(wǎng)掩碼
~
~
~
:wq //保存退出
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36 //復(fù)制ens33配置文件為ens36,為添加的網(wǎng)卡設(shè)置配置文件
[root@localhost network-scripts]# vim ifcfg-ens36 //進(jìn)入編輯網(wǎng)卡配置文件
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens36 //更改33為36
DEVICE=ens36 //更改33為36
ONBOOT=yes
IPADDR=12.0.0.1 //更改IP地址外網(wǎng)網(wǎng)關(guān)
NETMASK=255.255.255.0
~ //注意,UUID條目要刪除,不可有兩個相同的UUID,刪除讓系統(tǒng)自動識別即可
~
:wq //保存退出
[root@localhost network-scripts]# service network restart //重啟網(wǎng)絡(luò)服務(wù)
Restarting network (via systemctl): [ 確定 ]
[root@localhost network-scripts]# ifconfig //查看網(wǎng)卡信息
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255 //獲取IP地址
inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet)
RX packets 32595 bytes 45170473 (43.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11353 bytes 743789 (726.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255 //獲取IP地址
inet6 fe80::f6eb:23e3:3afb:fef4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:d3:aa txqueuelen 1000 (Ethernet)
RX packets 456 bytes 94448 (92.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 372 bytes 64348 (62.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3、分別設(shè)置win 10與win 7IP地址,使其與CentOS 7兩塊網(wǎng)卡連接。
1、進(jìn)入DNS服務(wù)主配置文件,配置主配置文件信息。
[root@localhost network-scripts]# cd ~
[root@localhost ~]# vim /etc/named.conf //進(jìn)入比編輯主配置文件
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
...//省略部分內(nèi)容...
options {
listen-on port 53 { any; }; //更改為監(jiān)聽所有網(wǎng)卡,因為我們添加了另一塊網(wǎng)卡,這樣所有網(wǎng)卡就都可以通過來解析域名
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //更改為所有地址,這樣所有網(wǎng)段就都可以使用DNS服務(wù)
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
...//省略部分內(nèi)容...
:wq //保存退出
2、更改DNS服務(wù)區(qū)域配置文件
root@localhost ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
//刪除此處下所有條目,并在此處開始編寫內(nèi)容
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
...//省略部分內(nèi)容...
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
view "lan" { //設(shè)置對內(nèi)局域網(wǎng)用戶的區(qū)域結(jié)構(gòu)
match-{ 192.168.100.0/24; }; //匹配條目來自局域網(wǎng)的客戶端IP地址
zone "kgc.com" IN { //設(shè)置域名信息
type master; //區(qū)域類型為主區(qū)域
file "kgc.com.lan"; // 區(qū)域數(shù)據(jù)文件為“kgc.com.lan”
};
zone "." IN { //配置根域名解析(可以從主配置文件named.conf中復(fù)制即可)
type hint;
file "named.ca";
};
};
view "wan" { //設(shè)置面向廣域網(wǎng)用戶的區(qū)域結(jié)構(gòu)
match-clients { 12.0.0.0/24; }; //匹配條目來自廣域網(wǎng)的客戶端IP地址
zone "kgc.com" IN {
type master;
file "kgc.com.wan"; // 區(qū)域數(shù)據(jù)文件為“kgc.com.wan”
};
};
~
~
~
:wq //保存退出
3、配置DNS服務(wù)區(qū)域數(shù)據(jù)文件(注意配置文件內(nèi)容的書寫格式)
[root@localhost ~]# cd /var/named //進(jìn)入?yún)^(qū)域配置文件存放目錄
[root@localhost named]# cp -p named.localhost kgc.com.lan //復(fù)制named.localhost為kgc.com.lan
[root@localhost named]# vim kgc.com.lan //進(jìn)入編輯區(qū)域數(shù)據(jù)文件信息
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. ( //更改域名、管理郵箱
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com. //更改域名服務(wù)器記錄地址
A 192.168.100.1 //更改正向解析條目地址
www IN A 192.168.100.88 //添加www域名的解析地址
smtp IN A 192.168.100.99 //添加主機(jī)名解析地址
~
~
~
:wq //保存退出
[root@localhost named]# cp -p kgc.com.lan kgc.com.wan //復(fù)制kgc.com.lan為kgc.com.wan
[root@localhost named]# vim kgc.com.wan //進(jìn)入編輯區(qū)域數(shù)據(jù)文件信息
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 12.0.0.1 //更改解析地址為12.0.0.1即可
www IN A 12.0.0.1
smtp IN A 12.0.0.1
~
~
~
:wq //保存退出
1、啟動DNS服務(wù),并關(guān)閉防火墻與安全功能
[root@localhost named]# systemctl start named //啟動DNS服務(wù)
[root@localhost named]# systemctl status named //查看服務(wù)啟動情況
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2019-09-08 15:32:06 CST; 17s ago //服務(wù)成功啟動
Process: 23372 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 23368 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 23374 (named)
CGroup: /system.slice/named.service
└─23374 /usr/sbin/named -u named -c /etc/named.conf
...//省略部分內(nèi)容...
[root@localhost named]# systemctl stop firewalld.service //關(guān)閉防火墻
[root@localhost named]# setenforce 0 //關(guān)閉增強(qiáng)性安全功能
2、在win 7客戶端中驗證解析地址,看是否為我們設(shè)定的IP地址
C:\Users\Administrator>nslookup www.kgc.com //查看解析域名
服務(wù)器: UnKnown
Address: 12.0.0.1
名稱: www.kgc.com
Address: 12.0.0.1 //成功解析地址
C:\Users\Administrator>nslookup smtp.kgc.com //主機(jī)名解析
服務(wù)器: UnKnown
Address: 12.0.0.1
名稱: smtp.kgc.com
Address: 12.0.0.1 //成功解析地址
3、在win 10客戶端中驗證解析地址,看是否為我們設(shè)定的IP地址
C:\Users\Sun>nslookup www.kgc.com //查看解析域名
服務(wù)器: UnKnown
Address: 192.168.100.1
名稱: www.kgc.com
Address: 192.168.100.88 //成功解析地址
C:\Users\Sun>nslookup smtp.kgc.com //主機(jī)名解析
服務(wù)器: UnKnown
Address: 192.168.100.1
名稱: smtp.kgc.com
Address: 192.168.100.99 //成功解析地址
通過上面的實驗成功搭建DNS的分離解析服務(wù),希望對大家有所幫助?。?!
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。