题目要求
服务器AppSrv上的工作任务
3. DNS(BIND)
为chinaskills.cn域提供域名解析。
为www.chinaskills.cn、download.chinaskills.cn和mail.chinaskills.cn提供解析。
启用内外网解析功能,当内网客户端请求解析的时候,解析到对应的内部服务器地址,当外部客户端请求解析的时候,请把解析结果解析到提供服务的公有地址。
请将IspSrv作为上游DNS服务器,所有未知查询都由该服务器处理。
项目实施
关闭selinux跟防火墙:
[root@appsrv ~]# setenforce 0
[root@appsrv ~]# systemctl stop firewalld
安装dhs软件包:
[root@appsrv ~]#yum install bind -y
修改配置文件,设置正反向解析区域:
进入/var/named:
[root@appsrv ~]#cd /var/named/
[root@appsrv named]# cp -a named.localhost named.in
[root@appsrv named]# cp -a named.localhost named.out
[root@appsrv named]# cd /etc
[root@appsrv etc]# touch named.zones
[root@appsrv etc]# vim named.conf
#修改
192.168.100.100
listen-on port 53 { any; };
forwardres { 81.6.63.100; };
dnssec-enable no; #改为no
dnssec-validation no; #改为no
#zone以下注释
include "/etc/named.zones";
配置acl:
#进入配置acl
[root@appsrv etc]# vi /etc/named.zones
acl in {
localhost;
192.168.100.0/24;
192.168.0.0/24;
};
view in {
match-clients { in; };
zone "chinaskills.cn" IN {
type master;
file "named.in.chinaskills";
allow-update { none; };
};
};
view out {
match-clients { any; };
zone "chinaskills.cn" IN {
type master;
file "named.out.chinaskills";
allow-update { none; };
};
};
正向区域:
[root@appsrv ~]# cd /var/named/
[root@appsrv named]# vim named.in.chinaskills
[root@appsrv named]# cat named.in.chinaskills
$TTL 1D
@ IN SOA chianskills.cn. rname.invalib. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS www.chinaskills.cn.
@ MX 10 mail.chinaskills.cn.
www IN A 192.168.100.100
mail IN A 192.168.100.100
download IN A 192.168.100.100
ispweb IN A 81.6.63.100
web IN A 192.168.100.254
storagesrv IN A 192.168.100.254
反向区域:
[root@appsrv named]# vim named.out.chinaskills
[root@appsrv named]# cat named.out.chinaskills
$TTL 1D
@ IN SOA chinaskills.cn. rname.invalib. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS www.chinaskills.cn.
@ MX 10 mail.chinaskills.cn.
www IN A 81.6.63.254
mail IN A 81.6.63.254
download IN A 81.6.63.254
* IN A 81.6.63.254
[root@appsrv named]#
进行重启设置开机自启:
[root@appsrv ~]# systemctl restart named
[root@appsrv ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@appsrv ~]#
客户端:
[root@Client ~]# vim /etc/resolv.conf
nameserver 192.168.100.100