建立分離、主從解析的域名服務器
案例:
域名服務器架設在企業網關服務器中,ip地址爲173.16.16.1。
所負責的DNS域爲“jgd.com”,在internet中的公共域名爲“www.jgd.com”和“mail.jgd.com”均解析爲網關服務器的ip地址“173.16.16.1”。
公司的網站、郵件服務器均位於局域網內,兩臺主機的ip地址分別爲“192.168.0.2”和“192.168.0.3”
局域網內192.168.0.0/24內的主機均將DNS服務器的地址設爲192.168.0.60,當局域網內的用戶訪問地址“www.jgd.com”和“mail.jgd.com”時分別解析爲內部服務器的ip地址“192.168.0.2”和”192.168.0.3“
爲上述服務器提供反向解析
(一)建立主域名服務器:
(1)佈置環境,在機子上多加快網卡
(2)裝包(4個bind包)
(3)確定本機的主機名、ip地址
[root@ns2 slaves]# vim /etc/hosts
192.168.0.61 ns1.jgd.com ns1
192.168.0.62 ns2.jgd.com ns2
[root@ns2 slaves]# vim /etc/resolv.conf
search jgd.com
nameserver 192.168.0.60
nameserver 192.168.0.61
nameserver 173.16.16.1
nameserver 173.16.16.2
(4)建立主配置文件
[root@jgd etc]# vim named.conf
options {
listen-on port 53 { 192.168.0.60;173.16.16.1; }; //監聽的網口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { 192.168.0.0/24;173.16.16.0/24; }; //允許DNS查詢的客戶端
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "LAN" { //建立內網視圖
match-clients {192.168.0.0/24;}; //匹配條件爲來自內網的客戶端
zone "jgd.com" IN {
type master;
file "lan.jgd.com.zone";
allow-transfer{ 192.168.0.61; 173.16.16.2; }; //允許從域名服務器下載該區域的地址數據庫
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "lan.192.168.0.arpa";
allow-transfer{ 192.168.0.61; 173.16.16.2; };
};
};
view "WAN" { //建立外網視圖
match-clients {any; };
zone "jgd.com" IN {
type master;
file "wan.jgd.com.zone";
allow-transfer{ 192.168.0.61; 173.16.16.2; };
};
zone "16.16.173.in-addr.arpa" IN {
type master;
file "wan.173.16.16.arpa";
allow-transfer{ 192.168.0.61; 173.16.16.2; };
};
};
(5)建立區域數據庫文件
[root@jgd named]# vim lan.jgd.com.zone //內網正向解析數據庫文件
$TTL 86400
@ IN SOA jgd.com. admin.jgd.com. (
44 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.jgd.com.
IN NS ns2.jgd.com.
IN MX 10 mail.jgd.com.
ns1 IN A 192.168.0.60
ns2 IN A 192.168.0.61
mail IN A 192.168.0.3
www IN A 192.168.0.2
[root@jgd named]# vim lan.192.168.0.arpa //內網反向解析數據庫文件
$TTL 86400
@ IN SOA jgd.com. admin.jgd.com. (
44 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.jgd.com.
IN NS ns2.jgd.com.
60 IN PTR ns1.jgd.com.
62 IN PTR ns2.jgd.com.
2 IN PTR www.jgd.com.
3 IN PTR mail.jgd.com.
[root@jgd named]# vim wan.jgd.com.zone //外網正向解析數據庫文件
$TTL 86400
@ IN SOA jgd.com. admin.jgd.com. (
45 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.jgd.com.
IN NS ns2.jgd.com.
IN MX 10 mail.jgd.com.
ns1 IN A 173.16.16.1
ns2 IN A 173.16.16.2
mail IN A 173.16.16.1
www IN A 173.16.16.1
[root@jgd named]# vim wan.173.16.16.arpa //外網反向解析數據庫文件
$TTL 86400
@ IN SOA jgd.com. admin.jgd.com. (
45 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.jgd.com.
IN NS ns2.jgd.com.
1 IN PTR www.jgd.com.
(6)重新啓動服務 service named restart
(7)驗證主域名服務器
C:\Documents and Settings\Administrator>nslookup
Default Server: ns1.jgd.com
Address: 192.168.0.60
> www.jgd.com
Server: ns1.jgd.com
Address: 192.168.0.60
Name: www.jgd.com
Address: 192.168.0.2 //內視圖驗證成功
C:\Documents and Settings\Administrator>nslookup
Default Server: www.jgd.com
Address: 173.16.16.1
> www.jgd.com
Server: www.jgd.com
Address: 173.16.16.1
Name: www.jgd.com
Address: 173.16.16.1 //外視圖驗證成功
(二)建立從域名服務器
(1)佈置環境,在機子上多加快網卡
(2)裝包(4個bind包)
(3)確定本機的主機名、ip地址
[root@ns2 slaves]# vim /etc/hosts
192.168.0.61 ns1.jgd.com ns1
192.168.0.62 ns2.jgd.com ns2
[root@ns2 slaves]# vim /etc/resolv.conf
search jgd.com
nameserver 192.168.0.60
nameserver 192.168.0.61
nameserver 173.16.16.1
nameserver 173.16.16.2
(4)建立主配置文件
[root@ns2 etc]# vim named.conf
options {
listen-on port 53 { 192.168.0.61;173.16.16.2; }; //設置監聽的網卡
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { 192.168.0.0/24;173.16.16.0/24; }; //允許DNS查詢的客戶端
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "LAN" { //設置內網試圖
match-clients {192.168.0.0/24;};
zone "jgd.com" IN {
type slave;
masters { 192.168.0.60; 173.16.16.1; };
file "slaves/lan.jgd.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.0.60; 173.16.16.1; };
file "slaves/lan.192.168.0.arpa";
};
};
view "WAN" { //設置外網試圖
match-clients {any; };
zone "jgd.com" IN {
type slave;
file "slaves/wan.jgd.com.zone";
masters{ 192.168.0.60; 173.16.16.1; };
};
zone "16.16.173.in-addr.arpa" IN {
type slave;
file "slaves/wan.173.16.16.arpa";
masters{ 192.168.0.60; 173.16.16.1; };
};
};
(5)重新啓動服務:service named restart
(6)驗證從域名服務器:
C:\Documents and Settings\Administrator>nslookup
*** Can't find server name for address 192.168.0.61: Non-existent domain
Default Server: UnKnown
Address: 192.168.0.61
> www.jgd.com
Server: UnKnown
Address: 192.168.0.61
Name: www.jgd.com
Address: 192.168.0.2 //驗證內視圖成功
C:\Documents and Settings\Administrator>nslookup
*** Can't find server name for address 173.16.16.2: Non-existent domain
Default Server: UnKnown
Address: 173.16.16.2
> www.jgd.com
Server: UnKnown
Address: 173.16.16.2
Name: www.jgd.com
Address: 173.16.16.1 //驗證外試圖成功
唉!。。其實這個實驗困擾我好久了,不知道怎麼了,從服務器下載過來的數據跟主服務器的數據不一樣,總是解析出錯,到了從服務器上就不分內外了,即使你在外網驗證還是解析的真正服務器的IP,不能把外網查詢解析成網關地址,很讓我痛苦萬分,後來我在主服務器上把區域數據庫的刷新時間改大了點,突然好了,但沒過一段時間又出現問題了,我接着改改區域數據庫中的刷新時間又貌似好點了,讓我痛苦萬分,所以我把配置文件都貼了出來,希望那天有哥們能幫我解答這個問題~~求助!!