Linux:DNS的多向解析
这个实验是在其以及配置DNS解析服务器的前提下进行的
安装bind软件
[root@server100 ~]# dnf install bind -y
启动named服务并且设置开机自启
[root@server100 ~]# sysemctl enable --now named
首先添加一个IP,因为实验需要两个IP
[root@server100 ~]# vim /etc/NetworkManager/system-connections/eth0.nmconnection
# 具体修改内容如下:
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
method=manual
address1=172.25.254.100/24,172.25.254.2
address2=192.168.0.100/24,172.25.254.2
dns=114.114.114.114;
[root@server100 ~]# nmcli connection reload
[root@server100 ~]# nmcli connection up eth0
# 检查是否添加成功
[root@server100 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:19:96:ef brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname ens160
inet 172.25.254.100/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::67a0:8915:dfbb:2f8b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
修改主配置文件,添加配置段
# 最重要的一部分修改主配置文件,添加配置段
[root@server100 ~]# vim /etc/named.conf
# 翻到配置文件的后面
# 先屏蔽这段
/*
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
*/
# 添加172.25.254.0/24网段的配置段
view localnet{
match-clients { 172.25.254.0/24 ;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
# 添加其它网段的配置段
view inter {
match-clients { any ;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.inter";
};
include "/etc/named.root.key";
拷贝索引目录位置文件,并修改其内容
[root@server100 ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.inter
[root@server100 ~]# vim /etc/named.rfc1912.inter
zone "timinglee.org" IN {
type master;
file "timinglee.org.inter";
allow-update { none; };
};
拷贝IP与域名具体映射的文件,并修改其内容
[root@server100 ~]# cp -p /var/named/timinglee.org.zone /var/named/timinglee.org.inter
[root@server100 ~]# vim /var/named/timinglee.org.inter
$TTL 1D
@ IN SOA ns.timinglee.org. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.timinglee.org.
ns A 192.168.0.100
bbs A 192.168.0.200
测试访问不同网段的IP看是否可以切换DNS服务器来解析
# 测试
[root@server100 ~]# dig -t A timinglee.org @172.25.254.100
; <<>> DiG 9.16.23-RH <<>> -t A timinglee.org @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50784
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 01dad8fa3b61025b01000000663a091624149100391ebf42 (good)
;; QUESTION SECTION:
;timinglee.org. IN A
;; AUTHORITY SECTION:
timinglee.org. 10800 IN SOA ns.timinglee.org. rname.invalid. 0 86400 3600 604800 10800
;; Query time: 2 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Tue May 07 18:57:26 CST 2024
;; MSG SIZE rcvd: 122
[root@server100 ~]# dig -t A timinglee.org @192.168.0.100
; <<>> DiG 9.16.23-RH <<>> -t A timinglee.org @192.168.0.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7606
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 0982d433340d2d3401000000663a092926a7987fab452b3d (good)
;; QUESTION SECTION:
;timinglee.org. IN A
;; AUTHORITY SECTION:
timinglee.org. 10800 IN SOA ns.timinglee.org. rname.invalid. 0 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Tue May 07 18:57:45 CST 2024
;; MSG SIZE rcvd: 122