Shulou(Shulou.com)06/02 Report--

The separation and resolution of DNS means that different domain name resolution records are provided according to different clients. When clients from different addresses request to resolve the same domain name, they provide them with different resolution results. That is, when internal and external network customers request to access the same domain name, they can resolve different IP addresses and achieve load balancing.

The host of the wide area network cannot directly access a web service of a segment of the local area network below. If there is a DNS separation and parsing function in the middle, a private network WEB service can be accessed directly.

But how to build such a DNS separation and parsing service, let's do a small experiment.

Experimental environment: VMware14, a Linux server, a host window xp simulating the external network, and a host windows 7 simulating the private network.

Here we simply draw a topology diagram. The gateway in the middle, that is, the DNS separation and parsing Linux server, provides two interfaces, one to connect to the local LAN with a simulated IP of 192.168.100.0, and one interface to connect to the public network host with a simulated IP of 12.0.0.12.

Because to achieve a separate parsing function, the Linux system here needs to use two network cards, so we first add a network card to the Linux system, and then use the ifconfig command to check it.

After the addition is completed, there are two different network cards bound to VMware here. The first network card of the Linux system is bound to the first network card of the VMware virtual machine, while the second network card of the Linux system is bound to the second network card of the VMware virtual machine.

On the other hand, the xp system that simulates the external network and the windows 7 system that simulates the internal network are bound to different NICs that have just been bound by the Linux system.

Here, the xp system that simulates the public network is bound to the first network card of VMware.

The Windows 7 system, which simulates the intranet, is the second network card bound to the VMware virtual machine.

The information of two network cards has come out here, and then we use the cd / etc/sysconfig/network-scripts/ command to enter the file directory of the network card.

Then use the ls command to view all the files in the current directory and find that there is only one configuration file for the network card and no configuration file for ifcfg-ens34.

How to generate the configuration file of such a second network card? Here, use the cp ifcfg-ens32 ifcfg-ens34 command to directly copy a configuration file of the first network card and rename it to the name of the second network card. Then use the ls command to view all the files in the current folder, and you can see that the configuration file for the second network card has been generated.

Here only make a copy of the configuration file, but the content is still the content of the first network card, here to use vim ifcfg-ens34 to enter the modification of the second network card configuration file.

Change the name of the first network card to the name of the second network card, and then delete the line of UUID.

The modification is as follows.

After the modification, according to the plan of the topology diagram, we will set an ip address of the external network and a gateway IP of the internal network for the two network cards respectively.

The following picture shows the modified configuration file of the first network card.

The following figure is the modified configuration file of the second network card.

Next, to modify the configuration file of Linux's DNS service, first use rpm-Q bind to check whether the service package is installed, which is not installed here. Next we will install such a package using yum-y install bind. The IP address has been changed to a static address, and it is no longer possible to get the support of the yum server from the WAN, so we have to use the installation image locally to install such a software package. For blogs that set up yum feeds locally, please refer to this article: https://blog.51cto.com/14451009/2429563 (CentOS uses local image files to make yum feeds).

The package for parsing bind, the DNS service on Linux, is installed here.

First use the vim / etc/named.conf command to modify the main configuration file of the service. Change the listening port and the query host to any. Because the DNS separation and resolution feature configured by yourself conflicts with the configuration parameters of the DNS root domain server, the root domain information about 51-54 lines needs to be deleted.

Here, use the cp / etc/named.rfc1912.zones / etc/named.rfc1912.zones.bak command to copy a backup of the local configuration file, and then go to the file to modify it.

Here, delete the contents of the original configuration file, and then write your own data. The first represents the intranet, and the second represents the regional profile of the extranet.

Next, move to the directory of / var/named/ and use the cp-p named.localhost kgc.com.nei command to copy a template for the zone data configuration file.

After the replication is completed, enter the modification of the post-replication data configuration file. The IP address of the domain name resolution points to 192.168.100.1, while the address of the www hostname points to an assumed non-existent IP server 192.168.100.88, which is the zone data configuration file of the intranet.

Next, use the cp-p kgc.com.nei kgc.com.wai command to copy a configuration file that comes out of an extranet. For the same domain name, it is 12.0.0.1 in the external network and 192.168.100.88 in the internal network. Enter the systemctl start named command to start the service when the configuration is complete.

Next, configure a static IP address on the host Windows 7 that simulates the intranet.

Then the www.kgc.com here is resolved to the 192.168.100.88 address of the intranet.

Next, configure the fixed IP on the Windows xp system that simulates the public network. .

Use the nslookup command to parse again, and the client simulating the external network here will resolve to the IP address of 12.0.0.1.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.