Shulou(Shulou.com)06/02 Report--

Introduction to DNS Separation and parsing

The domain name server separated and resolved by ​ is actually the main domain name server. The separation and resolution here mainly refers to providing different domain name resolution records according to different clients. When clients from different addresses request to resolve the same domain name, they provide them with different resolution results.

Set up the experimental environment of DNS separation and parsing server

Open a win 10 virtual machine, a win 7 virtual machine and a CentOS 7 virtual machine using VMware 15 software

Use VMware 15 to download the link license key: UY758-0RXEQ-M81WP-8ZM7Z-Y3HDA

Win 10 Image download Link win 7 Image download Link CentOS 7 Image download Link build Experimental Topology Diagram

In this experiment, I will use the CentOS 7 virtual machine as the gateway, and set up a DNS server on the CentOS 7 system to provide DNS parsing services. At the same time, I will open a win 7 and a win 10 client as the client to connect with CentOS 7, win 7 as the client of the wide area network and win 10 as the client of the LAN. As clients in different network segments, win 7 and win 10 require us to do the dual network card mode in the CentOS 7 system to connect the two clients. And set different IP addresses: the win 7IP address is 12.0.0.12, the win 10IP address is 192.168.100.100, and the gateways in the two network cards in CentOS 7 are 192.168.100.1Comp24 and 12.0.0.1Comp24, respectively. As shown below:

Objective: to establish a DNS separation and parsing server.

Set up an experimental environment

1. First, install DNS service in CentOS 7, set up double network cards, make the network card in host-only mode, and set up gateway. Win 7 and win 10 client network cards are also set to host-only mode, so that the device is bound to the same network device.

[root@localhost ~] # yum install bind-y loaded plug-in: fastestmirror Langpacksbase | 3.6kB 00:00 extras | 3.4kB 00:00 updates | 3.4kB 00:00 (1go 4): Extras/7/x86_64/primary_db | 215 kB 00:25: base/7/x86_64/group_gz | 166kB 00:25 installed: bind.x86_64 32 kB 9.9.4-74.el7_6.2. .. / / omit part of the content. Upgraded as a dependency: bind-libs.x86_64 32 74.el7_6.2 bind-license.noarch 9.9.4-74.el7_6.2 bind-libs-lite.x86_64 32 74.el7_6.2 bind-license.noarch 9.9.4-74.el7_6.2 Bind-utils.x86_64 32 9.9.4-74.el7_6.2 over!

2. Configure the static IP address of the CentOS 7 system network card, and both network cards are configured for gateway use.

[root@localhost ~] # cd / etc/sysconfig/network-scripts/ enter the Nic configuration file directory [root@localhost network-scripts] # ls / / View directory ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPortifdown ifdown-sit ifup-ipv6 ifup-tunnelifdown-bnep ifdown-Team ifup-isdn ifup-wirelessifdown -eth ifdown-TeamPort ifup-plip init.ipv6-globalifdown-ib ifdown-tunnel ifup-plusb network-functionsifdown-ippp ifup ifup-post network-functions-ipv6ifdown-ipv6 ifup-aliases ifup-pppifdown-isdn ifup-bnep ifup-routes / / No added network card profile ifdown-post ifup-eth ifup-sit [root@localhost network-scripts] # ifconfig / / View the network card letter Ens33: flags=4163 mtu 1500 inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20 ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet) RX packets 32470 bytes 45131799 (43.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11167 bytes 710926 (694.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens36: flags=4163 mtu 1500 / / added network card Ether 00:0c:29:5b:d3:aa txqueuelen 1000 (Ethernet) RX packets 317 bytes 51515 (50.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 204bytes 35976 (35.1KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost network-scripts] # vim ifcfg-ens33 / / enter the edit network card information TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=static / / more Change dhcp to staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=2ef6b862-5201-48c5-a450-23b3720ab3a0DEVICE=ens33ONBOOT=yesIPADDR=192.168.100.1 / / set IP address Set the subnet mask as the LAN gateway address NETMASK=255.255.255.0 / / ~ ~: wq / / Save exit [root@localhost network-scripts] # cp-p ifcfg-ens33 ifcfg-ens36 / / copy ens33 configuration file to ens36 Set the configuration file for the added network card [root@localhost network-scripts] # vim ifcfg-ens36 / / enter and edit the network card configuration file TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens36 / / change 33 to 36DEVICE=ens36 / / change 33 to 36ONBOOT=yesIPADDR=12.0.0.1 / / more Change the IP address to the public network gateway NETMASK=255.255.255.0~ / / Note To delete a UUID entry, you cannot have two identical UUID Delete and let the system automatically recognize ~: wq / / Save and exit [root@localhost network-scripts] # service network restart / / restart the network service Restarting network (via systemctl): [OK] [root@localhost network-scripts] # ifconfig / / View the network card information ens33: flags=4163 mtu 1500 inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255 / / obtain the IP address inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20 ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet) RX packets 32595 bytes 45170473 (43.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11353 bytes 743789 (726.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens36: flags=4163 mtu 1500 inet 12.0.0.1 netmask 255.255.0 broadcast 12.0.0.255 / / obtain IP address inet6 fe80::f6eb:23e3:3afb:fef4 prefixlen 64 scopeid 0x20 ether 00:0c:29:5b:d3:aa txqueuelen 1000 (Ethernet) RX packets 456 bytes 94448 (92.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 372bytes 64348 (62.8KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

3. Set win 10 and win 7IP addresses respectively to connect them with CentOS 7 network cards.

Configure the DNS service in CentOS 7

1. Enter the DNS service master profile and configure the master profile information.

[root@localhost network-scripts] # cd ~ [root@localhost ~] # vim / etc/named.conf / / enter the main configuration file / / See the BIND Administrator's Reference Manual (ARM) for details about the// configuration located in / usr/share/doc/bind- {version} / Bv9ARM.html...// omit part of the content. Options {listen-on port 53 {any;} / / changed to monitor all network cards because we added another network card so that all network cards can resolve the domain name listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;} / / change to all addresses so that all network segments can use the DNS service / *-If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. -If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. . / / omit part of the content.: wq / / Save exit

2. Change the DNS servant region configuration file

Root@localhost ~] # vim / etc/named.rfc1912.zones / / named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1: localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c) 2007 R W Franks//// See / usr/share/doc/bind*/sample / for example named configuration files.// Delete all entries here And start writing content zone "localhost.localdomain" IN {type master here File "named.localhost"; allow-update {none;};}; zone "localhost" IN {type master; file "named.localhost"; allow-update {none;} . / / omit some contents. / Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1: localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c) 2007 R W Franks//// See / usr/share/doc/bind*/sample/ for example named configuration files.// View "lan" {/ / sets the area structure for LAN users match- {192.168.100.0and24 }; / / matching entries come from the client IP address zone "kgc.com" IN {/ / set domain name information type master; / / region type primary file "kgc.com.lan"; / / the zone data file is "kgc.com.lan"}; zone "." IN {/ / configure root domain name resolution (which can be copied from the main configuration file named.conf) type hint; file "named.ca";}; view "wan" {/ / set the area structure match-clients {12.0.0.0and24;} for WAN users / / the matching entry comes from the client IP address zone "kgc.com" IN {type master; file "kgc.com.wan" of the WAN; / / the zone data file is "kgc.com.wan"};}; ~: wq / / Save exit

3. Configure the DNS service area data file (pay attention to the writing format of the configuration file)

[root@localhost ~] # cd / var/named / / enter the zone configuration file storage directory [root@localhost named] # cp-p named.localhost kgc.com.lan / / copy named.localhost to kgc.com.lan [root@localhost named] # vim kgc.com.lan / / enter the editing area data file information $TTL 1D @ IN SOA kgc.com. Admin.kgc.com. (/ / change domain name, manage email 0; serial 1D; refresh 1H; retry 1W Expire 3H); minimum NS kgc.com. / / change the domain name server record address A 192.168.100.1 / / change the forward resolution entry address www IN A 192.168.100.88 / / add the resolution address smtp IN A 192.168.100.99 / / add the hostname resolution address ~ ~: wq / / Save and exit [root@localhost named] # cp-p kgc.com.lan kgc.com.wan / / copy kgc.com.lan to kgc.com.wan [root@localhost named] # vim kgc.com.wan / / enter the editing area data file information $TTL 1D @ IN SOA kgc.com. Admin.kgc.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS kgc.com. A 12.0.0.1 / / change the resolution address to 12.0.0.1 to www IN A 12.0.0.1smtp IN A 12.0.0.1 ~ ~: wq / / Save exit start and verify the service

1. Start the DNS service and turn off the firewall and security features

[root@localhost named] # systemctl start named / / start DNS service [root@localhost named] # systemctl status named / / View service startup ● named.service-Berkeley Internet Name Domain (DNS) Loaded: loaded (/ usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Day 2019-09-08 15:32:06 CST 17s ago / / service started successfully Process: 23372 ExecStart=/usr/sbin/named-u named-c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 23368 ExecStartPre=/bin/bash-c if [! "$DISABLE_ZONE_CHECKING" = "yes"]; then / usr/sbin/named-checkconf-z "$NAMEDCONF"; else echo "Checking of zone files is disabled" Fi (code=exited, status=0/SUCCESS) Main PID: 23374 (named) CGroup: / system.slice/named.service └─ 23374 / usr/sbin/named-u named-c / etc/named.conf...// omit part of the content. [root@localhost named] # systemctl stop firewalld.service / / turn off firewall [root@localhost named] # setenforce 0 / / turn off enhanced security features

2. Verify the parsed address in the win 7 client to see if the IP address is set for us

C:\ Users\ Administrator > nslookup www.kgc.com / / View resolution domain name server: UnKnownAddress: 12.0.0.1 name: www.kgc.comAddress: 12.0.0.1 / / successful resolution address C:\ Users\ Administrator > nslookup smtp.kgc.com / / hostname resolution server: UnKnownAddress : 12.0.0.1 name: smtp.kgc.comAddress: 12.0.0.1 / / address resolved successfully

3. Verify the parsed address in the win 10 client to see if the IP address is set for us

C:\ Users\ Sun > nslookup www.kgc.com / / View resolution domain name server: UnKnownAddress: 192.168.100.1 name: www.kgc.comAddress: 192.168.100.88 / / successful resolution address C:\ Users\ Sun > nslookup smtp.kgc.com / / Host name resolution server: UnKnownAddress: 192.168.100.1 name: smtp .kgc.comAddress: 192.168.100.99 / / successfully resolved the address

Through the above experiments successfully build the separation and resolution service of DNS, I hope it will be helpful to everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.