智能DNS服务器_第1张图片



智能DNS服务器_第2张图片

以下为本次试验配置步骤:
Setup-1:在DNS-Master上的配置如下
1.1   保证网络连通性
[root@localhost ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0C:29:FE:39:09 
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fefe:3909/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:23137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:85 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:26188328 (24.9 MiB)  TX bytes:12189 (11.9 KiB)
          Interrupt:59 Base address:0x2024
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
1.2   安装DNS所需软件
[root@localhost ~]# mount /dev/cdrom /media/
[root@localhost ~]# cd /media/Server/
[root@localhost Server]# rpm -ivh bind-*.rpm caching-nameserver-9.3.6-4.P1.el5_4.2.i386.rpm --nodeps --force
1.3   根据需求进行配置
1.3.1:对/var/named/chroot/etc/named.conf的配置
[root@localhost ~]# cd /var/named/chroot/etc/
[root@localhost etc]# cp -p named.caching-nameserver.conf named.conf
[root@localhost etc]# ln -sf /var/named/chroot/etc/named.conf /etc/named.conf
[root@localhost etc]# vi named.conf
options {
         listen-on port 53 { 192.168.0.2; };
         directory          "/var/named";
         dump-file         "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
         query-source    port 53;      
         forwarders       { 202.106.0.20; 202.106.148.1; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
acl lan {
192.168.0.0/24;
192.168.1.0/24;
192.168.2.0/24;
};
acl cnc {
203.18.17.0/24;
};
acl dx {
78.19.25.0/24;
};
view "LAN" {
match-clients {
localhost;
lan;
};
recursion yes;
include "/etc/lan.zone";
};
view "CNC" {
match-clients { cnc; };
include "/etc/cnc.zone";
};
view "DX" {
match-clients { dx; };
include "/etc/dx.zone";
};
view "other" {
match-clients { any; };
include "/etc/other.zone";
};
[root@localhost ~]# cd /var/named/chroot/etc/
[root@localhost etc]# touch lan.zone
[root@localhost etc]# vi lan.zone
zone "benet.com" IN {
         type master;
         file "benet.com.zone.lan";
};
[root@localhost etc]# touch cnc.zone
[root@localhost etc]# vi cnc.zone
zone "benet.com" IN {
         type master;
         file "benet.com.zone.cnc";
};
[root@localhost etc]# touch dx.zone
[root@localhost etc]# vi dx.zone
zone "benet.com" IN {
         type master;
         file "benet.com.zone.dx";
};
[root@localhost etc]# touch other.zone
[root@localhost etc]# vi other.zone
zone "benet.com" IN {
         type master;
         file "benet.com.zone.dx";
};
1.3.2: 对正向数据文件及反向数据文件的配置
[root@localhost etc]# cd /var/named/chroot/var/named/
[root@localhost named]# touch benet.com.zone.lan benet.com.zone.cnc benet.com.zone.dx
[root@localhost named]# vi benet.com.zone.lan
[root@localhost named]# cat benet.com.zone.lan
$TTL 1D
@     IN     SOA  benet.com.      admin.benet.com.   (
                            2014062401
                            3H
                            15M
                            1W
                            1D )
@     IN     NS    ns1.benet.com.
ns1   IN     A       192.168.0.2
www         IN     A       78.19.25.6
www         IN     A       203.18.17.6
[root@localhost named]# vi benet.com.zone.cnc
$TTL 1D
@     IN     SOA  benet.com.      admin.benet.com.   (
                            2014062401
                            3H
                            15M
                            1W
                            1D )
@     IN     NS    ns1.benet.com.
ns1   IN     A       203.18.17.2
www         IN     A       203.18.17.6
[root@localhost named]# vi benet.com.zone.dx
$TTL 1D
@     IN     SOA  benet.com.      admin.benet.com.   (
                            2014062401
                            3H
                            15M
                            1W
                            1D )
@     IN     NS    ns1.benet.com.
ns1   IN     A       78.19.25.2
www         IN     A       78.19.25.6
1.3.3: 解析测试
[root@localhost ~]# service named start
启动 named:                                               [确定]
[root@localhost ~]# chkconfig named on
[root@localhost ~]# vi /etc/resolv.conf
nameserver 192.168.0.2
search localdomain
[root@localhost ~]# host www.benet.com
www.benet.com has address 203.18.17.6
www.benet.com has address 78.19.25.6
[root@localhost ~]# host www.benet.com
www.benet.com has address 78.19.25.6
www.benet.com has address 203.18.17.6
Setup-2:在GateWay上的配置如下
2.1 保证网络连通性
[root@localhost ~]# ip addr show
1: lo: 
mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: 
mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0c:29:4e:07:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
    inet6 fe80::20c:29ff:fe4e:788/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: 
mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0c:29:4e:07:92 brd ff:ff:ff:ff:ff:ff
    inet 203.18.17.2/24 brd 203.18.17.255 scope global eth1
    inet6 fe80::20c:29ff:fe4e:792/64 scope link
       valid_lft forever preferred_lft forever
4: eth2: 
mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0c:29:4e:07:9c brd ff:ff:ff:ff:ff:ff
    inet 78.19.25.2/24 brd 78.19.25.255 scope global eth2
    inet6 fe80::20c:29ff:fe4e:79c/64 scope link
       valid_lft forever preferred_lft forever
5: sit0: 
mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
78.19.25.0      0.0.0.0         255.255.255.0   U     0      0        0 eth2
203.18.17.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth2
0.0.0.0         78.19.25.1      0.0.0.0         UG    0      0        0 eth2
2.2 启动内核路由转发功能
[root@localhost ~]# vi /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
2.3 配置iptables防火墙
[root@localhost ~]# iptables -t nat -A POSTROUTING -o eth2 -s 192.168.0.0/24 -j SNAT --to-source 78.19.25.2
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth1 -p udp -d 203.18.17.2 --dport 53 -j DNAT  --to-destination 192.168.0.2
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth2 -p udp -d 78.19.25.2 --dport 53 -j DNAT  --to-destination 192.168.0.2
2.4 解析测试
省略
本文来源:http://www.benet.wang/%E6%9C%8D%E5%8A%A1%E6%90%AD%E5%BB%BA/47.html
,multicast,up,lower_up>,multicast,up,lower_up>,multicast,up,lower_up>,up,lower_up>