Shulou(Shulou.com)06/02 Report--

I. DNS separation and resolution

1. In fact, the domain name server for separation and resolution is also the main domain name server. The separation resolution (DNS) here mainly refers to providing different domain name resolution records according to different clients. When machines from different addresses request to resolve the same domain name, different resolution results are provided for them.

two。 For example, when the DNS server provides services to both Internet and the enterprise internal local area network, you can

The data of local area network users accessing the company domain name (www.kgc.com) is sent directly to the website and mail server located in the intranet, so as to reduce the address translation burden of the gateway server, as shown in the figure.

two。 Experimental environment

Equipment requires ip address one Linux computer as domain name server two network cards public network: 12.0.0.1 Intranet: 192.168.10.1 two pc one analog external network PC one analog intranet pc external network address: 12.0.0.12 Intranet: 192.168.10.10

Three experimental steps

1.yum-y install bind installation

two。 Create a master configuration file (/ etc/named.conf)

Options {

Listen-on port 53 {any;}; / / changed to any

Listen-on-v6 port 53 {:: 1;}

Directory "/ var/named"

Dump-file "/ var/named/data/cache_dump.db"

Statistics-file "/ var/named/data/named_stats.txt"

Memstatistics-file "/ var/named/data/named_mem_stats.txt"

Allow-query {any;}; / / changed to any

3. Create a zone configuration file (/ etcvim / etc/named.rfc1912.zones / named.)

View "lan" {/ / set an attempt to face the intranet

Match-clients {192.168.10.0amp 24;}; / / the matching condition is the client address from the intranet

Zone "kgc.com" IN {type master; file "kgc.com.lan"; / / specify an address data file for intranet users}; zone "." IN {/ / cut the root domain of the main configuration file to type hint; file "named.ca";};}

View "wan" {/ / set settings for external network users

Match-clients {12.0.0.0amp 24;}; / / the matching condition is 12.0.0.0 IP address range can be set to any

Zone "kgc.com" IN {

Type master

File "kgc.com.wan"; / / specify the location database file for external network users

}

}

4. Create a zone configuration data file (create kgc.com.lan and kgc.com.wan files in the / var/named directory)

The content of kgc.com.lan file is as follows

$TTL 1D

@ IN SOA kgc.com. Admin.kgc.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS kgc.com.

A 192.168.10.1

Www IN A 192.168.10.100

Smtp IN A 192.168.10.111

The content of kgc.con.wan file is as follows

$TTL 1D

@ IN SOA kgc.com. Admin.kgc.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS kgc.com.

A 12.0.0.1

Www IN A 12.0.0.1

Smtp IN A 12.0.0.1

5. Turn off Firewall systemctl stop Firewalld

6. Start the service systemctl start bind

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.