Detailed explanation of the implementation method of DNS separation and resolution

DNS Separation analysis of , It refers to providing different domain name resolution records according to different clients . When clients from different addresses request to resolve the same domain name , Provide different parsing results . That is, when internal and external customers request to access the same domain name , Can resolve different IP Address , Load balancing .

Experimental environment ：

DNS The server ：RedHat 6.5 System Extranet IP The address is 12.0.0.1 Intranet IP The address is 192.168.10.1 Intranet clients ：Windows 7 System IP The address is 192.168.10.10 Internet clients ：Windows 7 System IP The address is 12.0.0.10

The premise of the experiment ：DNS The server Dual network cards are required , install bind Software

The system installs a network card by default , Add another network card , use ifconfig Command view

Restart network service

ifconfig Command to view intranet and Intranet IP Set up

Yum install bind Software

The experimental steps ：

The first 1 Step ： modify bind The main configuration file of the service program （/etc/named.conf）

Set the listening port and allow query host parameters to any. Because of the configuration DNS The implementation method of separation and parsing is explained in detail Function and DNS There is a conflict in the root server configuration parameters , You need to delete the root domain information .

vim /etc/named.conf     # Edit the main configuration file 

options { listen-on port 53 { any; }; # Set listening address and port listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; # Allow to use DNS Address of service recursion yes;

-

zone "." IN { # Delete the root domain information type hint; file "named.ca"; };

The first 2 Step ： Edit area profile （/etc/named.rfc1912.zone）

Because the area profile is enabled differently for different client addresses zone Zone setup , Use separate data files , So clear the original data in the configuration file .

The main use of “” Configuration statements and ” configuration option , According to different client addresses “benet.com” The query of the domain corresponds to different data files , Thus different analytical results are obtained .

The first 3 Step ： Create regional data configuration file （/var/named）

Create two different regional data files through template files , Corresponding to the client domain name request of Intranet and Intranet , The name should be consistent with the name specified in the area configuration file above .

cd /var/named                             # Toggle directory 
cp -p named.localhost benet.com.zone.lan  # Preserve the properties of the file , Establish intranet user data file 
cp -p named.localhost benet.com.zone.wan  # Preserve the properties of the file , Establish an external user data file 

vim /var/named/benet.com.zone.lan        # Edit intranet user data file 

$TTL 1D
@       IN SOA  benet.com. admin.benet.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      benet.com.
        A       192.168.10.1                   # Server intranet IP Address 
www   IN A       192.168.10.80          # Intranet address record （www.benet.com）
mail IN A       192.168.10.25          # Intranet address record （mail.benet.com）

vim benet.com.zone.wan              # Edit Internet user data file 

$TTL 1D
@       IN SOA  benet.com. admin.benet.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      benet.com.
        A       12.0.0.1                      # Server extranet IP Address 
www  IN A       12.0.0.20            # Internet address record （www.benet.com）
mail IN A       12.0.0.45            # Internet address record （mail.benet.com）

The first 4 Step ： start-up named service

service named start

The first 5 Step ： Turn off the firewall

service iptables stop

The first 6 Step ： The verification results

The intranet client will DNS The address is set to the intranet of the server IP, The Internet client will DNS Set the address to the external network of the server IP, And then use nslookup Command to resolve the domain name .