一:分离解析
1:实验环境部署
1:为dns服务器添加两个网卡,并按上图设置各个主机的网络桥接
DNS服务器的主机名设置为ns1
ns1的ens33网卡的桥接不变(NAT模式)------->内网客户机192.168.10.106(NAT模式)
ns1的ens36网卡桥接到仅主机模式------>外网客户机172.16.16.106,桥接为仅主机模式
备注:
用106主机做内网客户机
win10主机做外网客户机
2:用ifconfig命令查看网卡的名称
3:修改两个网卡的IP地址
两个网卡的参数如下:
[root@localhost network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.10.101
NETMASK=255.255.255.0
GATEWAY=192.168.10.254
DNS1=114.114.114.114
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
[root@localhost network-scripts]# vim ifcfg-ens36
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=173.16.16.101
NETMASK=255.255.255.0
#GATEWAY=192.168.10.254
DNS1=114.114.114.114
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens36
DEVICE=ens36
ONBOOT=yes
[root@localhost ~]# systemctl restart network:安装bind
2:安装软件包
[ro2ot@localhost ~]# hostnamectl set-hostname ns1
[root@localhost ~]# bash
[root@ns1 ~]# systemctl stop firewalld
[root@ns1 ~]# setenforce 0
[root@ns1 ~]# yum -y install bind
3:配置文件的修改
1:主配置文件
[root@ns1 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
view "LAN" {
match-clients { 192.168.10.0/24; };
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
};
view "WAN" {
match-clients { any; };
zone "bt.com" IN {
type master;
file "wan.bt.com.zone";
};
};
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
2:区域文件的设置
(1)内部区域文件
[root@ns1 ~]# cd /var/named/
[root@ns1 named]# vim lan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
www IN A 192.168.10.102
mail IN A 192.168.10.103
ftp IN A 192.168.10.104
(2)外部区域文件
[root@ns1 named]# vim wan.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 173.16.16.101
www IN A 173.16.16.102
mail IN A 173.16.16.103
ftp IN A 173.16.16.104
[root@ns1 named]# chown named lan.bt.com.zone wan.bt.com.zone
3:语法检测
[root@ns1 named]# named-checkconf -z /etc/named.conf
zone bt.com/IN: loaded serial 0
zone bt.com/IN: loaded serial 0
[root@ns1 named]# named-checkzone bt.com /var/named/lan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
[root@ns1 named]# named-checkzone bt.com /var/named/wan.bt.com.zone
zone bt.com/IN: loaded serial 0
OK
4:启动服务
[root@ns1 named]# systemctl start named
4:客户端验证
1:外网客户端
[root@localhost ~]# yum -y install bind-utils
[root@localhost ~]# nslookup www.bt.com
Server: 173.16.16.1
Address: 173.16.16.1#53
Name: www.bt.com
Address: 173.16.16.101
2:内网客户端
[root@localhost ~]# yum -y install bind-utils
[root@localhost ~]# nslookup www.bt.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: www.bt.com
Address: 192.168.1.5
二:多域名解析
[root@ns1 named]# vim /etc/named.conf
view "LAN" {
match-clients { 192.168.10.0/24;};
zone "bt.com" IN {
type master;
file "lan.bt.com.zone";
};
zone "benet.com" IN {
type master;
file "lan2.bt.com.zone";
};
};
[root@ns1 named]# vim lan2.bt.com.zone
$TTL 1D
@ IN SOA bt.com. admin.bt.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.bt.com.
ns1 IN A 192.168.10.101
www IN A 191.168.10.102
mail IN A 191.168.10.103
ftp IN A 191.168.10.104
[root@ns1 named]# chown named lan2.bt.com.zone
[root@ns1 named]# systemctl restart named
备注:有几个域名,就添加多少个zone,每个zone对应一个区域文件
客户端测试
[root@client ~]# nslookup ftp.benet.com
Server: 192.168.10.101
Address: 192.168.10.101#53
Name: ftp.benet.com
Address: 191.168.10.104
三:子域
实验环境:
父域服务器:192.168.10.101
子域服务器:192.168.10.102
一:主服务器的配置
1:安装bind
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install bind
2:设置named主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
};
3:创建主DNS服务器
[root@localhost ~]# vim /etc/named.rfc1912.zones
在末尾添加:
zone "accp.com" IN {
type master;
file "accp.com.zone";
};
4:创建正向区域文件
[root@localhost ~]# vim /var/named/accp.com.zone
$TTL 1D
@ IN SOA accp.com. admin.accp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.accp.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
www IN A 192.168.10.103
ftp IN A 192.168.10.104
[root@localhost ~]# chown :named /var/named/accp.com.zone
二:子域服务器设置
1:安装bind服务
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install bind
2:配置主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
备注:
dnssec-enable no; dnssec功能会对解析结果进行验证
dnssec-validation no; 是否为权威解答,不是就会报错
建议关闭,否则会影响委派转发
3:设置区域文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
在末尾添加:
zone "zz.accp.com" IN {
type master;
file "zz.accp.com.zone";
};
zone "accp.com" IN {
type forward;
forwarders { 192.168.10.101; };
};
备注:
forwarders { 192.168.10.101; }; 转发器,本机无法解析的条目转发至10.101为其解析
[root@localhost ~]# vim /var/named/zz.accp.com.zone
$TTL 1D
@ IN SOA zz.accp.com. admin.zz.accp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns2.zz.accp.com.
ns1 IN A 192.168.10.101
ns2 IN A 192.168.10.102
mail IN A 192.168.100.103
ftp IN A 192.168.100.104
标签:02,named,zone,com,域名解析,192.168,bt,DNS,root From: https://blog.csdn.net/weixin_71499831/article/details/139116480[root@localhost ~]# chown :named /var/named/zz.accp.com.zone