Shulou(Shulou.com)06/01 Report--

This article introduces how the DNS separation and parsing service of Linux server as a gateway is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

1. DNS separation and parsing service topology diagram

With the Linux server as the gateway, through the function of NAT address translation, different IP addresses can be obtained by parsing the same domain name according to the visitors of different networks. That is, the network is divided into two parts: the private network (local area network) and the public network (wide area network). The NAT gateway is set at the exit of the route from the private network to the public network. Bi-directional traffic must go through the NAT gateway network access can only be initiated by the private network side, and the public network cannot actively access the VPC; the private network IP is converted into the public network IP through the PAT port tag, and the public network IP can also be converted into the private network IP through the PAT port tag to achieve interaction.

II. Deployment of service environment

1. Need for simulation experiment: virtual machine CentOS 7 (gateway)

Virtual machine Windows 10-1 (private network)

Virtual machine Windows 10-2 (public network)

2. First install the BIND package with CentOS 7 and yum in the networked state, and then use it as the domain name resolution service.

3. After the installation is completed, adjust the two network cards of CentOS 7 to host-only mode (one network card can be added by clicking the settings).

4. Adjust the Nic pages of win 10-1 and win 10-2 in private network to host-only mode.

5. Go back to CentOS 7 and execute the "vim / etc/sysconfig/network-scripts/ifcfg-ens33" command to configure the ens33 Nic as the gateway of the private network.

6. Execute "cd / etc/sysconfig/network-scripts/" to the configuration file directory, and then execute the "cp-p ifcfg-ens33 ifcfg-ens36" command to retain the permission to copy the ens33 configuration file as the ens36 configuration file.

7. Execute the "vim ifcfg-ens36" command to enter the configuration file, replace all 33 with 36, delete the whole line of UUID and replace the original IP address with "12.0.0.1".

8. Execute the "service network restart" command to restart the network service.

9. Win10-1 hosts going to the private network manually configure IP addresses, gateways and DNS server addresses.

10. Win10-2 hosts going to the public network manually configure IP addresses, gateways and DNS server addresses.

11. Use the ping command to check whether it is interconnected.

3. Configure the three major files of DNS

1. Execute the "vim / etc/named.conf" command in CentOS 7 to enter the main configuration file, change the listening address to "any" and authorize "any" owner to access it.

2, execute the "cd / var/named/" command to enter the zone configuration file directory, and then execute the "vim / etc/named.rfc1912.zones" command to modify the zone configuration file (pay attention to spaces and semicolons).

View "lan" {match-clients {192.168.100.0 IN 24;}; zone "kgc.com" IN {type master; file "kgc.com.lan";}; zone "." IN {type hint; file "named.ca";}; view "wan" {match-clients {12.0.0.0 kgc.com.wan 24;}; zone "kgc.com" IN {type master; file "kgc.com.wan";};}

3. Execute the "cp-p named.localhost kgc.com.lan" command to copy the template file with reserved permissions, and then execute the "vim kgc.com.lan" command to modify it.

$TTL 1D @ IN SOA kgc.com. Admin.kgc.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS kgc.com. A 192.168.100.1smtp IN A 192.168.100.99www IN A 192.168.100.88

4. Execute the "cp-p kgc.com.lan kgc.com.wan" command to copy the configured template file with reserved permissions, and then execute the "vim kgc.com.wan" command to modify it.

$TTL 1D @ IN SOA kgc.com. Admin.kgc.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS kgc.com. A 12.0.0.1smtp IN A 12.0.0.1www IN A 12.0.0.1

5. Execute the "systemctl start named" command to start the domain name resolution service.

6. Execute the "systemctl status named" command to check the service status.

7. Finally, execute the "systemctl stop firewalld.service" command to turn off the firewall, and execute "setenforce 0" to turn off the enhanced security function.

8. Go to the win10-1 host of the private network, run the cmd command prompt and use the "nslookup www.kgc.com" or "nslookup smtp.kgc.com" command to obtain the IP address of domain name resolution.

9. Go to the win10-2 host of the public network, run the cmd command prompt and use the "nslookup www.kgc.com" or "nslookup smtp.kgc.com" command to obtain the IP address of domain name resolution.

On the Linux server as a gateway DNS separation and resolution service is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.