CentOS7.0下智能DNS服务配置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7.0下智能DNS服务配置相关的知识,希望对你有一定的参考价值。
CentOS7.0下智能DNS服务配置
智能DNS简介
智能DNS是域名服务在业界首创的智能解析服务。能自动判断访问者的IP地址并解析出对应的IP地址,使网通用户会访问到网通服务器,电信用户会访问到电信服务器。
实验环境:Centos7.0最小化四台,XP三台。
Bind Server:192.168.9.203
Apache Server(电信): 192.168.9.204
Apache Server(网通): 192.168.9.205
Apache Server(any): 192.168.9.206
Bind服务器配置(203)
配置Bind服务器的IP地址
[root@server01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=1c8237c2-f173-40e8-8f8a-ba22e2e5ffdf
DEVICE=eno16777736
ONBOOT=yes
IPADDR0=192.168.9.203
GATEWAY0=192.168.9.1
PREFIX0=24
DNS1=114.114.114.114
安装bind软件以及环境
[root@server01 ~]# yum install -y bind bind-devel bind-chroot
已加载插件:fastestmirror
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 bind.x86_64.32.9.9.4-38.el7_3.2 将被 安装
--> 正在处理依赖关系 bind-libs = 32:9.9.4-38.el7_3.2,它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要
--> 正在处理依赖关系 liblwres.so.90()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要
--> 正在处理依赖关系 libisccfg.so.90()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要
--> 正在处理依赖关系 libisccc.so.90()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要
--> 正在处理依赖关系 libisc.so.95()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要
--> 正在处理依赖关系 libdns.so.100()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要
--> 正在处理依赖关系 libbind9.so.90()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要
已安装:
bind.x86_64 32:9.9.4-38.el7_3.2 bind-chroot.x86_64 32:9.9.4-38.el7_3.2
bind-devel.x86_64 32:9.9.4-38.el7_3.2
作为依赖被安装:
GeoIP.x86_64 0:1.5.0-11.el7 bind-libs.x86_64 32:9.9.4-38.el7_3.2
作为依赖被升级:
bind-libs-lite.x86_64 32:9.9.4-38.el7_3.2 bind-license.noarch 32:9.9.4-38.el7_3.2
完毕!
安装完成
修改Bind主配置文件
[root@server01 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.9.203; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
[root@server01 ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
view "dianxin" { #设置面向电信用户的视图
match-clients {dianxin_acl;}; #匹配来自电信的客户端地址
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.com" IN {
type master;
file "abc.com.dianxin"; #指向面向电信用户的数据库文件
};
zone "9.168.192.in-addr.arpa" IN {
type master;
file "192.168.9.dianxin"; #指向面向电信用户的数据库文件
};
};
view "wangtong" { #设置面向网通用户的视图
match-clients {wangtong_acl;}; #匹配来自网通的客户端地址
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.com" IN {
type master;
file "abc.com.wangtong"; #指向面向网通用户的数据库文件
};
zone "9.168.192.in-addr.arpa" IN {
type master;
file "192.168.9.wangtong"; #指向面向网通用户的数据库文件
};
};
view "any" {
match-clients {any;};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.com" IN {
type master;
file "abc.com.any";
};
zone "9.168.192.in-addr.arpa" IN {
type master;
file "192.168.9.any";
};
};
include "dianxin.acl";
include "wangtong.acl";
配置ACL访问控制列表
[root@server01 ~]# vim /var/named/dianxin.acl
acl "dianxin_acl" {
192.168.9.11/32; #写入电信地址
};
[root@server01 ~]# vim /var/named/wangtong.acl
acl "wangtong_acl" {
192.168.9.21/32; #写入网通地址
};
建立数据库文件(正向解析)
电信
[root@server01 ~]# vim /var/named/abc.com.dianxin
$TTL 86400
@ IN SOA server01.abc.com. root@abc.com. (
2013042710
1M
1H
1W
3H )
@ IN NS server01.abc.com.
server01.abc.com. IN A 192.168.9.203
server02.abc.com. IN A 192.168.9.204
www.abc.com. IN CNAME server02.abc.com.
网通
[root@server01 ~]# vim /var/named/abc.com.wangtong
$TTL 86400
@ IN SOA server01.abc.com. root@abc.com. (
2013042710
1M
1H
1W
3H )
@ IN NS server01.abc.com.
server01.abc.com. IN A 192.168.9.203
server03.abc.com. IN A 192.168.9.205
www.abc.com. IN CNAME server03.abc.com.
Any
[root@server01 ~]# vim /var/named/abc.com.any
$TTL 86400
@ IN SOA server01.abc.com. root@abc.com. (
2013042710
1M
1H
1W
3H )
@ IN NS server01.abc.com.
server01.abc.com. IN A 192.168.9.203
server04.abc.com. IN A 192.168.9.206
www.abc.com. IN CNAME server04.abc.com.
配置反向解析
电信
[root@server01 ~]# vim /var/named/192.168.9.dianxin
$TTL 86400
@ IN SOA server01.abc.com. root@abc.com. (
2013042710
1M
1H
1W
3H )
@ IN NS server01.abc.com.
203.9.168.192.in-addr.arpa. IN PTR server01.abc.com.
204.9.168.192.in-addr.arpa. IN PTR server02.abc.com.
网通
[root@server01 ~]# vim /var/named/192.168.9.wangtong
$TTL 86400
@ IN SOA server01.abc.com. root@abc.com. (
2013042710
1M
1H
1W
3H )
@ IN NS server01.abc.com.
203.9.168.192.in-addr.arpa. IN PTR server01.abc.com.
205.9.168.192.in-addr.arpa. IN PTR server03.abc.com.
Any
[root@server01 ~]# vim /var/named/192.168.9.any
$TTL 86400
@ IN SOA server01.abc.com. root@abc.com. (
2013042710
1M
1H
1W
3H )
@ IN NS server01.abc.com.
203.9.168.192.in-addr.arpa. IN PTR server01.abc.com.
206.9.168.192.in-addr.arpa. IN PTR server04.abc.com.
查看/var/named/目录下的8个配置文件
[root@server01 ~]# cd /var/named/
[root@server01 named]# ll
总用量 52
-rw-r--r-- 1 root root 300 3月 15 07:09 192.168.9.any
-rw-r--r-- 1 root root 295 3月 15 07:08 192.168.9.dianxin
-rw-r--r-- 1 root root 300 3月 15 07:09 192.168.9.wangtong
-rw-r--r-- 1 root root 352 3月 15 06:50 abc.com.any
-rw-r--r-- 1 root root 338 3月 15 08:15 abc.com.dianxin
-rw-r--r-- 1 root root 352 3月 15 06:46 abc.com.wangtong
drwxr-x--- 7 root named 56 3月 15 06:25 chroot
drwxrwx--- 2 named named 22 3月 15 07:12 data
-rw-r--r-- 1 root root 40 3月 15 07:04 dianxin.acl
drwxrwx--- 2 named named 4096 3月 15 08:13 dynamic
-rw-r----- 1 root named 2076 1月 28 2013 named.ca
-rw-r----- 1 root named 152 12月 15 2009 named.empty
-rw-r----- 1 root named 152 6月 21 2007 named.localhost
-rw-r----- 1 root named 168 12月 15 2009 named.loopback
drwxrwx--- 2 named named 6 2月 15 21:16 slaves
-rw-r--r-- 1 root root 41 3月 15 06:41 wangtong.acl
[root@server01 named]#
语法测试并启动Bind服务
[root@server01 ~]# named-checkzone abc.com /var/named/abc.com.dianxin
zone abc.com/IN: loaded serial 2013042710
OK
[root@server01 ~]# named-checkzone abc.com /var/named/abc.com.wangtong
zone abc.com/IN: loaded serial 2013042710
OK
[root@server01 ~]# named-checkzone abc.com /var/named/abc.com.any
zone abc.com/IN: loaded serial 2013042710
OK
[root@server01 ~]# named-checkzone 9.168.192.in-addr.arpa /var/named/192.168.9.dianxin
zone 9.168.192.in-addr.arpa/IN: loaded serial 2013042710
OK
[root@server01 ~]# named-checkzone 9.168.192.in-addr.arpa /var/named/192.168.9.wangtong zone 9.168.192.in-addr.arpa/IN: loaded serial 2013042710
OK
[root@server01 ~]# named-checkzone 9.168.192.in-addr.arpa /var/named/192.168.9.any
zone 9.168.192.in-addr.arpa/IN: loaded serial 2013042710
OK
[root@server01 ~]# named-checkconf /etc/named.conf
[root@server01 named]# named-checkconf /etc/named.rfc1912.zones
注:如果测试遇到问题,见下:
①
[root@server01 ~]# named-checkconf /etc/named.conf
/etc/named.conf:52: when using 'view' statements, all zones must be in views
这表示在/etc/named.conf目录下的所有的zones必须都在views视图下,所以去/etc/named.conf 目录下将第52行zone区域删除即可。
②再测试
[root@server01 ~]# named-checkconf /etc/named.conf
/etc/named.rfc1912.zones:13: when using 'view' statements, all zones must be in views
这表示在/etc/named.rfc1912.zones目录下的所有的zones必须都在views视图下,所以去/etc/named.rfc1912.zones 目录下将第13到42行zone区域删除即可。
③
[root@server01 ~]# named-checkzone 9.168.192.in-addr.arpa /var/named/192.168.9.dianxin
/var/named/192.168.9.dianxin:2: ignoring out-of-zone data (abc.com)
/var/named/192.168.9.dianxin:8: ignoring out-of-zone data (abc.com)
zone 9.168.192.in-addr.arpa/IN: has 0 SOA records
zone 9.168.192.in-addr.arpa/IN: has no NS records
zone 9.168.192.in-addr.arpa/IN: not loaded due to errors.
这表示/var/named/192.168.9.dianxin目录中的第2行和第8行的abc.com.应该改为@
④
[root@Web1 ~]# named-checkconf /etc/named.rfc1912.zones
/etc/named.rfc1912.zones:66: open: dianxin.acl: file not found
你可能会遇见这一个问题,你进入到/var/named/目录下,在测试一下,就行了。
启动named服务
[root@server01 named]# systemctl restart named
[root@server01 named]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
配置Apache服务器(电信204)
[root@server02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=1c8237c2-f173-40e8-8f8a-ba22e2e5ffdf
DEVICE=eno16777736
ONBOOT=yes
IPADDR0=192.168.9.204
GATEWAY0=192.168.9.1
PREFIX0=24
DNS1=114.114.114.114
安装Apache软件包
[root@server02 ~]# yum install -y httpd httpd-devel
已加载插件:fastestmirror
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/2): extras/7/x86_64/primary_db | 139 kB 00:00:00
(2/2): updates/7/x86_64/primary_db | 3.8 MB 00:00:02
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: mirrors.zju.edu.cn
* updates: mirrors.cn99.com
软件包 httpd-2.4.6-45.el7.centos.x86_64 已安装并且是最新版本
软件包 httpd-devel-2.4.6-45.el7.centos.x86_64 已安装并且是最新版本
无须任何处理
修改apache配置文件
[root@server02 ~]# vim /etc/httpd/conf/httpd.conf
只要将95行的ServerName改为www.abc.com即可
85 #
86 ServerAdmin root@localhost
87
88 #
89 # ServerName gives the name and port that the server uses to identify itself.
90 # This can often be determined automatically, but we recommend you specify
91 # it explicitly to prevent problems during startup.
92 #
93 # If your host doesn't have a registered DNS name, enter its IP address here.
94 #
95 ServerName www.abc.com:80
96
97 #
98 # Deny access to the entirety of your server's filesystem. You must
99 # explicitly permit access to web content directories in other
100 # <Directory> blocks below.
101 #
102 <Directory />
103 AllowOverride none
104 Require all denied
105 </Directory>
106
修改apache默认文档
[root@server02 ~]# vim /var/www/html/index.html
dianxin11111111111111111111111111111111111111111111111111111
启动apache服务
[root@server02 ~]# systemctl restart httpd
[root@server02 ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
配置Apache服务器(网通205)
配置通电信
网页内容改为wangtong222222222222222222222222222222222
配置Apache服务器(Any206)
配置通电信
网页内容改为Any33333333333333333333333333333333333333
分别配置防火墙和SELinux(关闭)
Bind服务器
[root@server01 ~]# firewall-cmd --permanent --add-service=dns
success
[root@server01 ~]# firewall-cmd --reload
success
电信Apache
[root@server02 ~]# firewall-cmd --permanent --add-service=http
success
[root@server02 ~]# firewall-cmd --reload
success
网通Apache
[root@server03 ~]# firewall-cmd --permanent --add-service=http
success
[root@server03 ~]# firewall-cmd --reload
success
Any Apache
[root@server04 ~]# firewall-cmd --permanent --add-service=http
success
[root@server04 ~]# firewall-cmd --reload
success
客户端测试
电信
IP:192.168.9.11/24
DNS:192.168.9.203
Windows+r,执行cmd。
C:\Documents and Settings\Administrator>cd \
C:\>nslookup www.abc.com
Server: server01.abc.com
Address: 192.168.9.203
Name: server02.abc.com
Address: 192.168.9.204
Aliases: www.abc.com
查看网页文件
打开IE浏览器,输入www.abc.com
dianxin11111111111111111111111111111111111111111
网通
IP:192.168.9.21/24
DNS:192.168.9.203
Windows+r,执行cmd。
C:\Documents and Settings\Administrator>cd \
C:\>nslookup www.abc.com
Server: server01.abc.com
Address: 192.168.9.203
Name: server03.abc.com
Address: 192.168.9.205
Aliases: www.abc.com
查看网页文件
打开IE浏览器,输入www.abc.com
wangtong2222222222222222222222222222222222222222
Any
IP:192.168.9.31/24
DNS:192.168.9.203
Windows+r,执行cmd。
C:\Documents and Settings\Administrator>cd \
C:\>nslookup www.abc.com
Server: server01.abc.com
Address: 192.168.9.203
Name: server04.abc.com
Address: 192.168.9.206
Aliases: www.abc.com
查看网页文件
打开IE浏览器,输入www.abc.com
Any3333333333333333333333333333333333333333333333
以上是关于CentOS7.0下智能DNS服务配置的主要内容,如果未能解决你的问题,请参考以下文章