bind-DNS服务器实现测试域名走本地内网,其他域名访问走公网测试
1.bind-DNS服务器实现测试域名走本地内网,其他域名访问走公网测试
[root@master-DNS ~]# cat /etc/named.conf options { listen-on port 53 { localhost; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { any; }; #公网的访问请求转发给223.5.5.5和119.29.29.29处理 forwarders { 223.5.5.5;119.29.29.29;}; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; #2个DNS安全策略设置为no dnssec-enable no; dnssec-validation no; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; #在/etc/named.rfc1912.zones指定内网测试域名读取/var/named/wang.org.zone 的配置 [root@master-DNS ~]# cat /etc/named.rfc1912.zones zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; #这里配置内网的测试域名wang.org zone "wang.org" IN { type master; file "wang.org.zone"; }; #内网域名数据库配置 [root@master-DNS ~]# cat /var/named/wang.org.zone $TTL 1D @ IN SOA master admin ( 3 ; seria #版本编号 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns1 NS dns2 dns1 A 192.168.100.139 #主DNS服务器节点 dns2 A 192.168.100.140 #备用DNS服务器节点 www A 192.168.100.137 dd.sh A 1.1.1.1 #检查语法,清除缓存,重载配置文件 [root@master-DNS ~]# named-checkconf [root@master-DNS ~]# rndc flush [root@master-DNS ~]# rndc reload server reload successful #客户端DNS配置 [root@m8 ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.100.139 nameserver 192.168.100.140 #客户端访问内网域名测试www.wang.org,dd.sh.wang.org #测试www.wang.org [root@m8 ~]# dig www.wang.org ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> www.wang.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25240 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.wang.org. IN A ;; ANSWER SECTION: www.wang.org. 86400 IN A 192.168.100.137 ;; AUTHORITY SECTION: wang.org. 86400 IN NS dns1.wang.org. wang.org. 86400 IN NS dns2.wang.org. ;; ADDITIONAL SECTION: dns1.wang.org. 86400 IN A 192.168.100.139 dns2.wang.org. 86400 IN A 192.168.100.140 ;; Query time: 0 msec ;; SERVER: 192.168.100.139#53(192.168.100.139) ;; WHEN: Sat Apr 22 07:48:19 CST 2023 ;; MSG SIZE rcvd: 127 #测试dd.sh.wang.org [root@m8 ~]# dig dd.sh.wang.org ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> dd.sh.wang.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65272 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;dd.sh.wang.org. IN A ;; ANSWER SECTION: dd.sh.wang.org. 86400 IN A 1.1.1.1 ;; AUTHORITY SECTION: wang.org. 86400 IN NS dns1.wang.org. wang.org. 86400 IN NS dns2.wang.org. ;; ADDITIONAL SECTION: dns1.wang.org. 86400 IN A 192.168.100.139 dns2.wang.org. 86400 IN A 192.168.100.140 ;; Query time: 0 msec ;; SERVER: 192.168.100.139#53(192.168.100.139) ;; WHEN: Sat Apr 22 07:48:25 CST 2023 ;; MSG SIZE rcvd: 129 #host命令测试 [root@m8 ~]# host dd.sh.wang.org dd.sh.wang.org has address 1.1.1.1 [root@m8 ~]# host www.wang.org www.wang.org has address 192.168.100.137 #客户端host马路测试公网域名 [root@m8 ~]# host www.baidu.com www.baidu.com is an alias for www.a.shifen.com. www.a.shifen.com has address 120.232.145.144 www.a.shifen.com has address 120.232.145.185 #dig命令测试公网 [root@m8 ~]# dig www.baidu.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35771 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 27 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 79 IN CNAME www.a.shifen.com. www.a.shifen.com. 79 IN A 120.232.145.144 www.a.shifen.com. 79 IN A 120.232.145.185 ;; AUTHORITY SECTION: . 518235 IN NS a.root-servers.net. . 518235 IN NS m.root-servers.net. . 518235 IN NS e.root-servers.net. . 518235 IN NS l.root-servers.net. . 518235 IN NS h.root-servers.net. . 518235 IN NS j.root-servers.net. . 518235 IN NS g.root-servers.net. . 518235 IN NS f.root-servers.net. . 518235 IN NS d.root-servers.net. . 518235 IN NS k.root-servers.net. . 518235 IN NS c.root-servers.net. . 518235 IN NS i.root-servers.net. . 518235 IN NS b.root-servers.net. ;; ADDITIONAL SECTION: f.root-servers.net. 518235 IN A 192.5.5.241 m.root-servers.net. 518235 IN A 202.12.27.33 g.root-servers.net. 518235 IN A 192.112.36.4 b.root-servers.net. 518235 IN A 199.9.14.201 j.root-servers.net. 518235 IN A 192.58.128.30 i.root-servers.net. 518235 IN A 192.36.148.17 c.root-servers.net. 518235 IN A 192.33.4.12 d.root-servers.net. 518235 IN A 199.7.91.13 h.root-servers.net. 518235 IN A 198.97.190.53 a.root-servers.net. 518235 IN A 198.41.0.4 e.root-servers.net. 518235 IN A 192.203.230.10 k.root-servers.net. 518235 IN A 193.0.14.129 l.root-servers.net. 518235 IN A 199.7.83.42 f.root-servers.net. 518235 IN AAAA 2001:500:2f::f m.root-servers.net. 518235 IN AAAA 2001:dc3::35 g.root-servers.net. 518235 IN AAAA 2001:500:12::d0d b.root-servers.net. 518235 IN AAAA 2001:500:200::b j.root-servers.net. 518235 IN AAAA 2001:503:c27::2:30 i.root-servers.net. 518235 IN AAAA 2001:7fe::53 c.root-servers.net. 518235 IN AAAA 2001:500:2::c d.root-servers.net. 518235 IN AAAA 2001:500:2d::d h.root-servers.net. 518235 IN AAAA 2001:500:1::53 a.root-servers.net. 518235 IN AAAA 2001:503:ba3e::2:30 e.root-servers.net. 518235 IN AAAA 2001:500:a8::e k.root-servers.net. 518235 IN AAAA 2001:7fd::1 l.root-servers.net. 518235 IN AAAA 2001:500:9f::42 ;; Query time: 0 msec ;; SERVER: 192.168.100.139#53(192.168.100.139) ;; WHEN: Sat Apr 22 07:50:19 CST 2023 ;; MSG SIZE rcvd: 884
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 提示词工程——AI应用必不可少的技术
· Open-Sora 2.0 重磅开源!
· 周边上新:园子的第一款马克杯温暖上架