域名反向解析
<h2 align="justify"><span style="background-color: rgba(255, 255, 0, 1)"><strong>配置DNS反向解析</strong></span></h2><h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>一》</strong></span><strong>首先检查是否安装<span style="font-family: Calibri">BIND</span>以及相关软件包,如果没有挂载光盘镜像安装软件,关闭防火墙与<span style="font-family: Calibri">SE</span>安全防护</strong></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">rpm -qc bind</span></strong></span><strong>(查询<span style="font-family: Calibri">bind</span>软件配置文件所在路径)</strong></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">/etc/named.conf</span></strong></span><strong>(主配置文件)</strong></p>
<p align="justify"><strong><span style="font-family: Calibri; color: rgba(255, 0, 0, 1)">/etc/named.rfc1912.zones</span>(</strong><strong>区域配置文件)</strong></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">/var/named/named.localhost</span></strong></span><strong>(区域数据配置文件)</strong></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">systemctl stop firewalld.service</span></strong></span><strong>(</strong><strong>关闭防火墙配置</strong><strong>)</strong></p>
<p align="justify"><strong><span style="font-family: Calibri"><span style="color: rgba(255, 0, 0, 1)">setenforce 0</span> </span></strong><strong>(临时关闭<span style="font-family: Calibri">Linux</span>系统的<span style="font-family: Calibri">SE</span>安全防护)</strong></p>
<p align="justify"> </p>
<h3 align="justify"><span><span style="background-color: rgba(0, 255, 0, 1)"><strong>二》</strong></span><strong>修改</strong><strong>全局配置与DNS正向解析一样,</strong><strong>配置文件,每条配置记录的行尾以分号“;”表示结束,以“#”号或“//”开始的部分表示注释文字(大段注释可以使用“/*……*/”的格式)</strong></span></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>vim /etc/named.conf</strong></span></p>
<p align="justify"><span><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706083608887-1044375689.png" alt="" loading="lazy"></strong></span></p>
<p align="justify"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>三》</strong></span><strong>修改区域配置文件,区域配置参数使用“<span style="font-family: Calibri">zone </span>……{};”的配置格式,一台<span style="font-family: Calibri">DNS</span>服务器可以为多个区域提供解析,因此在<span style="font-family: Calibri">named.conf</span>文件中可以有很多个<span style="font-family: Calibri">zone</span>配置段</strong></h3>
<p align="justify"><span style="background-color: rgba(255, 255, 255, 1); color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">vim /etc/named.rfc1912.zones</span></strong></span></p>
<p align="justify"><strong><span style="font-family: Calibri"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706083750735-240404559.png" alt="" loading="lazy"></span></strong></p>
<p align="justify"> </p>
<h3 align="justify"><span><span style="background-color: rgba(0, 255, 0, 1)"><strong>四》</strong></span><strong>配置反向数据文件</strong></span></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>cd /var/named/</strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>cp -p named.localhost AAA.com.zone.local</strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>vim /var/named/AAA.com.zone.local</strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706083845659-463680733.png" alt="" loading="lazy"></strong></span></p>
<p align="justify"> </p>
<h3 align="justify"><span><span style="background-color: rgba(0, 255, 0, 1)"><strong>五》</strong></span><strong>指定DNS服务器,重启服务进行正反解析验证</strong></span></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>vi /etc/resolv.conf</strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>host www.AAA.com</strong></span></p>
<p align="justify"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706083924319-1758083134.png" alt="" loading="lazy"></p>
<p align="justify"> </p>
<h2><span style="background-color: rgba(255, 255, 0, 1)"><strong>配置<span style="font-family: Calibri">DNS</span>主从域名服务器</strong></span></h2>
<h3 align="justify"><strong>主,从服务器的全局配置文件正常配置即可,主要在于区域文件配置,主服务器要允许从服务器连接主服务器下载正向反向解析数据,从服务器要配置指向主服务器的<span style="font-family: Calibri">IP</span></strong></h3>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>一》</strong></span><strong>修改主域名服务器的区域配置文件,修改正,反向区域配置</strong></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">vim /etc/named.rfc1912.zones</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">zone </span></strong><strong>“</strong><strong><span style="font-family: Calibri">AAA.com</span></strong><strong>”</strong><strong> <span style="font-family: Calibri">IN {</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">type master;</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">file </span></strong><strong>“</strong><strong><span style="font-family: Calibri">AAA.com.zone</span></strong><strong>”</strong><strong><span style="font-family: Calibri">;</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">allow-transfer { 192.168.150.25; } </span></strong></span><strong> 允许从服务器下载正向区域数据,<strong>这里添加从服务器IP地址</strong></strong></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>}; </strong></span><strong><span style="color: rgba(255, 0, 0, 1)"> </span> </strong></p>
<p align="justify"><strong> </strong></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">zone </span></strong><strong>“</strong><strong><span style="font-family: Calibri">150.168.192.in-addr.arpa</span></strong><strong>”</strong><strong> <span style="font-family: Calibri">IN {</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">type master;</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">file </span></strong><strong>“</strong><strong><span style="font-family: Calibri">AAA.com.zone.local</span></strong><strong>”</strong><strong><span style="font-family: Calibri">;</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">allow-transfer { 192.168.150.25; } </span></strong></span></p>
<p align="justify"><strong><span style="color: rgba(255, 0, 0, 1)">}; </span> </strong><strong> </strong></p>
<p align="justify"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084140044-149081988.png" alt="" loading="lazy"></strong></p>
<p align="justify"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>二》</strong></span><strong>修改主服务器正反向区域配置数据文件</strong></h3>
<p align="justify"><strong><span style="font-family: Calibri">*</span>新序列号用来主,从服务器的区域数据,当从服务器判断区域更新时,若发现主服务器的序列号与本地区域数据中的序列号相同,则不会进行下载更新。</strong></p>
<p align="justify"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084258706-1688287371.png" alt="" loading="lazy"></p>
<p align="justify"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>三》</strong></span><strong>修改从服务器全局配置文件 </strong></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">vim /etc/named.conf</span></strong></span></p>
<p align="justify"><strong><span style="font-family: Calibri"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084333869-864640382.png" alt="" loading="lazy"></span></strong></p>
<p align="justify"> </p>
<h3 align="justify"><span><strong><span style="background-color: rgba(0, 255, 0, 1)">四》</span>修改从服务器区域配置文件</strong></span></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>vim /etc/named.rfc1912.zones</strong></span></p>
<p align="justify"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084402731-514893787.png" alt="" loading="lazy"></p>
<p align="justify"> </p>
<h3 align="justify"><span><span style="background-color: rgba(0, 255, 0, 1)"><strong>五》</strong></span><strong>在主服务器的域名解析配置文件中添加主服务器地址,从服务器的域名解析配置文件中添加主服务器和从服务器的地址</strong></span></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>vim /etc/resolv.conf</strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>nameserver 192.168.150.20</strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>nameserver 192.168.150.25</strong></span></p>
<p align="justify"><span><strong>或 </strong><span style="color: rgba(255, 0, 0, 1)"><strong>echo </strong><strong>“</strong><strong>nameserver 192.168.150.20</strong><strong>”</strong><strong> >> /etc/resolv.conf</strong></span></span></p>
<p align="justify"><span><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084439974-764486277.png" alt="" loading="lazy"></strong></span></p>
<p align="justify"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>六》</strong></span><strong>重启主服务器和从服务器的服务,查看区域数据是否下载成功,断开主服务器,查看从服务器能否正常解析数据</strong></h3>
<p align="justify"><span><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084500800-641445590.png" alt="" loading="lazy"></strong></span></p>
<p align="justify"> </p>
<h2 align="justify"><span style="color: rgba(0, 0, 0, 1); background-color: rgba(255, 255, 0, 1)"><strong>DNS分类解析</strong></span></h2>
<p class="p"><strong>分离解析的域名服务器实际也是主域名服务器,这里主要是指根据不同的客户端提供不同的域名解析记录。比如来自</strong><strong>内</strong><strong>网和外网的不同网段地址区域的客户机请求解析同一域名时,为其提供不同的解析结果,得到不同的IP地址。</strong></p>
<p class="p"><strong>配置网关服务器搭建DNS分离解析</strong></p>
<p class="p"><strong>在网关服务器搭建DN</strong><strong>S</strong><strong>分离解析,使局域网主机解析www.</strong><strong>AAA</strong><strong>.com为192.168.</strong><strong>150</strong><strong>.200,外网主机解析www.</strong><strong>AAA</strong><strong>.co</strong><strong>m</strong><strong>为12.0.0.</strong><strong>50</strong></p>
<p class="p"><strong>基本配置步骤</strong></p>
<h3 class="p"><span style="background-color: rgba(0, 255, 0, 1)"><strong>一》</strong></span><strong>为网关服务器配置双网卡</strong></h3>
<p class="p"><strong>用的是虚拟机测试,在关机状态下添加一块网卡,重启系统</strong></p>
<p class="p"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084537249-624297673.png" alt="" loading="lazy"></strong></p>
<p class="p"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084545627-13405978.png" alt="" loading="lazy"></strong></p>
<p class="p"> </p>
<p align="justify"><span style="background-color: rgba(255, 0, 255, 1)"><strong>进入网卡配置相关信息,结束后重启两张网卡,然后<span style="font-family: Calibri">ifconfig</span>检查一下是否成功生效</strong></span></p>
<p align="justify"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084612321-1399064354.png" alt="" loading="lazy"></strong></p>
<p align="justify"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>二》</strong></span><strong>安装<span style="font-family: Calibri">bind</span>软件包,</strong><strong>关闭防火墙和<span style="font-family: Calibri">Linux SE</span>安全系统</strong></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">yum -y install bind</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">systemctl stop firewalld</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">setenforce 0</span></strong></span></p>
<p align="justify"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>三》</strong></span><strong>修改主配置文件</strong></h3>
<p align="justify"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084640783-589873111.png" alt="" loading="lazy"></strong></p>
<p class="p"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>四》</strong></span><strong>修改区域配置文件</strong></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">vim /etc/named.rfc1912.zones</span></strong></span></p>
<p align="justify"><span style="background-color: rgba(255, 0, 255, 1)"><strong>注意:一旦启用<span style="font-family: Calibri">view</span>,所有的<span style="font-family: Calibri">zone</span>必须都在<span style="font-family: Calibri">view</span>下,所以要把系统默认的自检用的<span style="font-family: Calibri">zone</span>也放在<span style="font-family: Calibri">view</span>下或者删除</strong></span></p>
<p align="justify"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084712448-1812243692.png" alt="" loading="lazy"></strong></p>
<p align="justify"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>五》</strong></span><strong>编辑区域数据配置文件</strong></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">cd /var/named</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">cp -p named.local AAA.com.zone.lan</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">cp -p named.local AAA.com.zone.wan</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">vim AAA.com.zone.lan(</span>先修改内网的<span style="font-family: Calibri">)</span></strong></span></p>
<p align="justify"><strong><span style="font-family: Calibri"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084747442-995681956.png" alt="" loading="lazy"></span></strong></p>
<p align="justify"> </p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong>vim AAA.con.zone.wan(修改外网的)</strong></span></p>
<p align="justify"><strong><span style="font-family: Calibri"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084819105-1649277444.png" alt="" loading="lazy"></span></strong></p>
<p align="justify"> </p>
<h3 align="justify"><span style="background-color: rgba(0, 255, 0, 1)"><strong>六》</strong></span><strong>启动服务并进行验证</strong></h3>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">systemctl start named</span></strong></span></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">vim /etc/resolv.conf</span></strong></span><strong>(将<span style="font-family: Calibri">dns</span>服务器地址添加到配置文件中)</strong></p>
<p align="justify"><span style="color: rgba(255, 0, 0, 1)"><strong><span style="font-family: Calibri">nslookup </span></strong><strong><span style="font-family: Calibri">www.AAA.com</span></strong></span></p>
<p align="justify"><strong><span style="font-family: Calibri"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084847622-1099554904.png" alt="" loading="lazy"></span></strong></p>
<p align="justify"> </p>
<p align="justify"><span style="background-color: rgba(255, 0, 255, 1)"><strong>外网使用一台<span style="font-family: Calibri">win10</span>虚拟机,首先设备网卡与外网卡是一个网段。然后进入主机配置<span style="font-family: Calibri">,</span>首先更改网卡信息</strong></span></p>
<p align="justify"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084908040-612551061.png" alt="" loading="lazy"></strong></p>
<p align="justify"><strong><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084914109-40533443.png" alt="" loading="lazy"></strong></p>
<p align="justify"> </p>
<p align="justify"><span style="background-color: rgba(255, 0, 255, 1)"><strong><span style="font-family: 宋体">进行测试</span></strong></span></p>
<p align="justify"><img src="https://img2020.cnblogs.com/blog/2388061/202107/2388061-20210706084931913-826567170.png" alt="" loading="lazy"></p><br><br>
来源:https://www.cnblogs.com/pengdi/p/14975251.html
頁:
[1]