系统环境:
|
1
2
3
4
5
6
|
[root@RHCE ~]
# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@RHCE ~]
# uname -r
3.10.0-327.el7.x86_64
[root@RHCE ~]
# ip addr show enp0s8 | awk 'NR==3{print $2}'
192.168.235.36
/24
|
#关闭防火墙和selinux
#DNS主服务器搭建
#安装DNS
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[root@RHCE ~]
# yum install -y bind-chroot bind
[root@RHCE ~]
# cp -R /usr/share/doc/bind-9.9.4/sample/var/named/* /var/named/chroot/var/named/
[root@RHCE ~]
# touch /var/named/chroot/var/named/data/cache_dump.db
[root@RHCE ~]
# touch /var/named/chroot/var/named/data/named_stats.txt
[root@RHCE ~]
# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@RHCE ~]
# touch /var/named/chroot/var/named/data/named.run
[root@RHCE ~]
# mkdir /var/named/chroot/var/named/dynamic
[root@RHCE ~]
# touch /var/named/chroot/var/named/dynamic/managed-keys.bind
[root@RHCE ~]
# chmod -R 777 /var/named/chroot/var/named/data
[root@RHCE ~]
# chmod -R 777 /var/named/chroot/var/named/dynamic
[root@RHCE ~]
# cp -p /etc/named.conf /var/named/chroot/etc/named.conf
[root@RHCE ~]
# cp -p /etc/named.rfc1912.zones /var/named/chroot/etc/
[root@RHCE ~]
# vim /var/named/chroot/etc/named.rfc1912.zones
[root@RHCE ~]
# cat /var/named/chroot/etc/named.rfc1912.zones | grep -v "^//" | grep -v "^$"
zone
"jxy.com"
IN {
type
master;
file
"jxy.com.zone"
;
allow-update { any; };
};
zone
"235.168.192.in-addr.arpa"
IN {
type
master;
file
"192.168.235.zone"
;
allow-update { any; };
};
[root@RHCE ~]
# cp -p /var/named/named.localhost /var/named/chroot/var/named/jxy.com.zone
[root@RHCE ~]
# vim /var/named/chroot/var/named/jxy.com.zone
|
|
1
2
3
4
5
6
7
|
[root@RHCE chroot]
# vim /var/named/chroot/etc/named.conf
#修改/var/named/chroot/etc/named.conf 第11行改为如下值
[root@RHCE chroot]
# sed -n '11p' /var/named/chroot/etc/named.conf
listen-on port 53 { 192.168.235.36; };
#修改/var/named/chroot/etc/named.conf 第17行改为如下值
[root@RHCE chroot]
# sed -n '17p' /var/named/chroot/etc/named.conf
allow-query { any; };
|
|
1
|
[root@RHCE ~]
# cp -p /var/named/named.loopback /var/named/chroot/var/named/192.168.235.zone
|
|
1
|
[root@RHCE chroot]
# vim /var/named/chroot/var/named/192.168.235.zone
|
|
1
|
[root@RHCE chroot]
#systemctl start named-chroot
|
#测试正向解析
|
1
2
3
4
5
6
7
8
9
10
|
[root@RHCE named]
# nslookup mail.jxy.com
Server:127.0.0.1
Address:127.0.0.1
#53
Name:mail.jxy.com
Address: 192.168.253.37
[root@RHCE named]
# nslookup www.jxy.com
Server:127.0.0.1
Address:127.0.0.1
#53
Name:www.jxy.com
Address: 192.168.253.36
|
#正向解析成功
#反向解析测试
|
1
2
3
4
5
6
7
8
9
|
[root@RHCE ~]
# nslookup 192.168.235.37
Server:127.0.0.1
Address:127.0.0.1
#53
37.235.168.192.
in
-addr.arpaname = mail.jxy.com.
[root@RHCE ~]
# nslookup 192.168.235.36
Server:127.0.0.1
Address:127.0.0.1
#53
36.235.168.192.
in
-addr.arpaname = ns.jxy.com.
36.235.168.192.
in
-addr.arpaname = www.jxy.com.
|
#反向解析成功!
#DNS从服务器搭建
#用主服务器克隆一台从服务器
#修改主机名 为如下
|
1
2
|
[root@RHCE_2 ~]
# cat /etc/hostname
RHCE_2
|
#修改IP地址 为如下值
|
1
2
|
[root@RHCE_2 ~]
# ip addr show enp0s8 | awk 'NR==3{print $2}'
192.168.235.37
/24
|
#修改named主配置文件 将监听地址修改为本机地址192.168.235.37
|
1
2
3
|
[root@RHCE_2 ~]
# vim /var/named/chroot/etc/named.conf
[root@RHCE_2 ~]
# sed -n '11p' /var/named/chroot/etc/named.conf
listen-on port 53 { 192.168.235.37; };
|
#修改区域配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@RHCE_2 ~]
# vim /var/named/chroot/etc/named.rfc1912.zones
[root@RHCE_2 ~]
# cat /var/named/chroot/etc/named.rfc1912.zones | grep -v "^//" | grep -v "^$"
zone
"jxy.com"
IN {
type
slave;
file
"slaves/jxy.com.zone"
;
masters {192.168.235.36;};
};
zone
"235.168.192.in-addr.arpa"
IN {
type
slave;
file
"slaves/192.168.235.zone"
;
masters {192.168.235.36;};
};
|
#主开启DNS服务
|
1
|
[root@RHCE ~]
# systemctl start named-chroot
|
#从开启DNS服务
|
1
|
[root@RHCE_2 ~]
# systemctl start named-chroot
|
#修改从服务器的网卡DNS 为本机IP地址192.168.235.37
#测试从服务
|
1
2
3
4
5
6
7
8
9
10
|
[root@RHCE_2 ~]
# nslookup 192.168.235.36
Server:::1
Address:::1
#53
36.235.168.192.
in
-addr.arpaname = ns.jxy.com.
36.235.168.192.
in
-addr.arpaname = www.jxy.com.
[root@RHCE_2 ~]
# nslookup www.jxy.com
Server:::1
Address:::1
#53
Name:www.jxy.com
Address: 192.168.253.36
|
#关闭主服务器
|
1
|
[root@RHCE ~]
# systemctl stop named-chroot
|
#重启从服务器
|
1
2
3
4
5
6
|
[root@RHCE_2 ~]
# systemctl restart named-chroot
[root@RHCE_2 ~]
# nslookup 192.168.235.36
;; Got SERVFAIL reply from ::1, trying next server
;; connection timed out; trying next origin
;; Got SERVFAIL reply from ::1, trying next server
;; connection timed out; no servers could be reached
|
#解析失败 测试成功
#DNS分离解析
#DNS服务器 两张网卡 一张 连接中国 一张连接 海外
| DNS服务器 |
中国 :192.168.235.36 |
| 海外 :192.168.153.36 | |
| 中国客户端 | 192.168.235.10 |
| 海外客户端 | 192.168.153.10 |
#修改 DNS区域配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@RHCE chroot]
# cd /var/named/chroot/
[root@RHCE chroot]
# vim etc/named.rfc1912.zones
[root@RHCE chroot]
# cat etc/named.rfc1912.zones
acl
"haiwai"
{192.168.153.0
/24
;};
acl
"china"
{192.168.235.0
/24
;};
view
"china"
{
match-clients {
"china"
;};
zone
"jxy.com"
IN {
type
master;
file
"jxy.com.zone.china"
;
allow-update { any; };
};
};
view
"haiwai"
{
match-clients {
"haiwai"
;};
zone
"jxy.com"
IN {
type
master;
file
"jxy.com.zone.haiwai"
;
allow-update { any; };
};
};
|
#增加中国区域文件
|
1
2
|
[root@RHCE chroot]
# vim var/named/jxy.com.zone.china
[root@RHCE chroot]
# cat var/named/jxy.com.zone.china
|
#增加海外区域文件
|
1
|
[root@RHCE chroot]
# vim var/named/jxy.com.zone.haiwai
|
#在主配置文件增加一行
|
1
2
3
|
[root@RHCE chroot]
# vim etc/named.conf
[root@RHCE chroot]
# sed -n '12p' etc/named.conf
listen-on port 53 { 192.168.153.36; };
|
#并且注释掉 下面的内容
|
1
2
3
4
|
zone
"."
IN {
type
hint;
file
"named.ca"
;
};
|
|
1
|
[root@RHCE chroot]
# systemctl restart named-chroot
|
#测试分离解析
#模拟海外客户端访问 www.jxy.com
#模拟中国客户端访问 www.jxy.com
#可以看到对同一个域名解析出了不同的 IP地址
本文转自 chaunceyjiang 51CTO博客,原文链接:http://blog.51cto.com/cqwujiang/1912143,如需转载请自行联系原作者
