由于公司内部网络需要做测试,采用域名访问公司内网服务器。可是路由器不带有域名转发的功能,于是乎,就想到了采用DNS的方式。
背景:
公司内部服务器一台:
系统:CentOS6.5_x64 hostname:server.linuxidc.local IP:192.168.10.101、安装bind服务
yum -y install bind*2、配置DNS Server,以下所有蓝色地方都是修改的。
vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { // listen-on port 53 { 127.0.0.1; }; listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";———————————–
vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "linuxidc.local" IN { type master; file "named.linuxidc.local"; allow-update { none; }; }; zone "xxxx.com" IN { type master; file "named.xxxx.com"; allow-update { none; }; };一定要注意每句后面都有个分号;
3、添加DNS本机正向解析文件
vim /var/named/named.linuxidc.local $TTL 86400 @ IN SOA server.linuxidc.local. root.linuxidc.local. ( 2015080700 ;(序号)每次更新都要+1 3600 ;(更新频率)从服务器向主服务器要求更新时间 1800 ;(失败重新尝试时间)通常为更新频率的一半 604800 ;(失效时间)一直失败尝试时间限定 86400 ;(快取时间)可以理解为默认TTL时间 ) @ IN NS server.linuxidc.local. @ IN A 192.168.10.10 server IN A 192.168.10.10 ns IN A 192.168.10.10添加xxxx域名解析文件
vim /var/named/named.xxxx.com $TTL 86400 @ IN SOA ns.linuxidc.local. root.linuxidc.local. ( 2015080700 ;(序号)每次更新都要+1 3600 ;(更新频率)从服务器向主服务器要求更新时间 1800 ;(失败重新尝试时间)通常为更新频率的一半 604800 ;(失效时间)一直失败尝试时间限定 86400 ;(快取时间)可以理解为默认TTL时间 ) @ IN NS ns.linuxidc.local. @ IN A 192.168.10.10 www IN A 192.168.10.10 user IN A 192.168.10.10 admin IN A 192.168.10.10然后启动dns server
/etc/init.d/named start // 开机启动 chkconfig named on然后在路由器上配置第一个DNS 地址为:192.168.10.10
第二个DNS地址为正常的DNS地址。
这样,公司内部访问特定的xxxx.com域名,就会解析到内部服务器。同时还可以访问外网。
dig xxxx.com ; <<>> DiG 9.8.3-P1 <<>> xxxx.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61174 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;xxxx.com. IN A ;; ANSWER SECTION: xxxx.com. 86400 IN A 192.168.10.10 ;; AUTHORITY SECTION: xxxx.com. 86400 IN NS ns.linuxidc.local. ;; ADDITIONAL SECTION: ns.linuxidc.local. 86400 IN A 192.168.10.10 ;; Query time: 30 msec ;; SERVER: 192.168.10.10#53(192.168.10.10) ;; WHEN: Thu Sep 3 18:04:09 2015 ;; MSG SIZE rcvd: 86一般情况加,DNS服务器会做一个主/从模式,还需要反解析文件。这里主要公司内部测试使用,就没有做更多的东西。大家可以自行搜索。
BIND+DLZ+MySQL智能DNS的正向解析和反向解析实现方法
Ubuntu BIND9泛域名解析配置