Linux的DNS配置3-多域

---

1、實驗目的

　　現要求在兩個局域網中分別搭建各自的DNS服務器，並通過相關設置，使得兩個DNS服務器能相互解析

---

2、實驗拓撲

---

3、實驗分析

　　要使兩個不同網絡的DNS服務器能相互訪問，需要額外假設一台DNS服務器，同時作為網關

---

4、實驗步驟

（1）搭建如圖所示基礎網絡

　　使得alice能訪問bob（參考Linux基礎網絡搭建實驗）

（2）在alice（192.168.0.253）上

1）安裝DNS服務器（參考：配置Yum源）

[root@lyy yum.repos.d]# yum install bind -y

2）配置主配置文件

[root@lyy yum.repos.d]# gedit /etc/named.conf 

options {
    listen-on port 53 { any; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    forward only;  //即使有根服務器，也不詢問，轉發給上層DNS服務器
    forwarders {192.168.0.254;}; //轉發對象（上層DNS）的地址    
};
zone "alice.com"    IN {
    type master;
    file "named.alice.com";
    
};
zone "0.168.192.in-addr.arpa" IN {
    type master;
    file "named.192.168.0";   
};

3）正解文件

[root@lyy yum.repos.d]# cd /var/named/
[root@lyy named]# touch named.alice.com
[root@lyy named]# gedit named.alice.com 

$TTL 3H
@    IN SOA    master.alice.com. admin.mail.alice.com. (
                    0    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
@                 IN     NS        master.alice.com.
master.alice.com.        IN    A        192.168.0.253
@                IN    MX    10    mail.alice.com.
mail.alice.com.        IN    A        192.168.0.253
ftp.alice.com.        IN    CNAME        master.alice.com.
www.alice.com.        IN    CNAME        master.alice.com.
client.alice.com.        IN    A        192.168.0.10    
nfs.alice.com.        IN    A        192.168.0.11

4）反解文件

[root@lyy named]# touch named.192.168.0
[root@lyy named]# gedit named.192.168.0

$TTL 3H
@    IN SOA    master.alice.com. admin.mail.alice.com. (
                    0    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
@         IN     NS        master.alice.com.
253        IN    PTR        master.alice.com.    
253        IN    PTR        mail.alice.com.
10        IN    PTR        client.alice.com.    
11        IN    PTR        nfs.alice.com.

5）防火牆設置

[root@lyy named]# iptables -I INPUT -i eth0 -p udp --dport 53 -j ACCEPT
[root@lyy named]# iptables -I INPUT -i eth0 -p tcp --dport 53 -j ACCEPT

6）啟動DNS服務

[root@lyy named]# service named start

（3）在bob（202.3.4.253）上

1）安裝DNS服務器

2）主配置文件

options {
    listen-on port 53 { any; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    forward only; //即使有根服務器，也不詢問，轉發給上層DNS服務器
    forwarders {202.3.4.254;}; //轉發對象（上層DNS）的地址
};

zone "bob.com"    IN {
    type master;
    file "named.bob.com";
    };

zone "4.3.202.in-addr.arpa" IN {
    type master;
    file "named.202.3.4";
    
};

3）正解文件（參考alice）

$TTL 3H
@    IN SOA    master.bob.com. admin.mail.bob.com. (
                    0    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
@                 IN     NS        master.bob.com.
master.bob.com.        IN    A        202.3.4.253
@                IN    MX    10    mail.bob.com.
mail.bob.com.        IN    A        202.3.4.253
ftp.bob.com.        IN    CNAME        master.bob.com.
www.bob.com.        IN    CNAME        master.bob.com.
client.bob.com.        IN    A        202.3.4.10    
nfs.bob.com.        IN    A        202.3.4.11

4）反解文件

$TTL 3H
@    IN SOA    master.bob.com. admin.mail.bob.com. (
                    0    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
@         IN     NS        master.bob.com.
253        IN    PTR        master.bob.com.    
253        IN    PTR        mail.bob.com.
10        IN    PTR        client.bob.com.    
11        IN    PTR        nfs.bob.com.

5）防火牆設置

[root@lyy named]# iptables -I INPUT -i eth0 -p udp --dport 53 -j ACCEPT
[root@lyy named]# iptables -I INPUT -i eth0 -p tcp --dport 53 -j ACCEPT

6）啟動DNS服務

[root@lyy named]# service named start

（4）在網關（com）上

1）安裝DNS服務

2）主配置文件

options {
    listen-on port 53 { any; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    allow-transfer {none; };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "com"    IN {
    type master;
    file "named.com";
};

3）正解文件

[root@lyy yum.repos.d]# cd /var/named/
[root@lyy named]# touch named.com
[root@lyy named]# gedit named.com

$TTL 3H
@    IN SOA    master.com. admin.mail.com. (
                    0    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
@                 IN     NS        master.com.
master.com.            IN    A        192.168.0.254
alice.com.            IN    NS        master.alice.com.
master.alice.com.        IN    A        192.168.0.253
bob.com.            IN    NS        master.bob.com.
master.bob.com.        IN    A        202.3.4.253

注意：（com）不需要反解文件

4）防火牆設置

[root@lyy named]# iptables -I INPUT  -p udp --dport 53 -j ACCEPT
[root@lyy named]# iptables -I INPUT  -p tcp --dport 53 -j ACCEPT

5）啟動DNS服務

---

5、結果測試

（1）在alice.com的DNS Server上測試

[root@lyy named]# dig -t mx bob.com

（2）在bob.com的DNS Server上測試

[root@lyy named]# dig -t mx alice.com

可以看到，alice和bob的郵件記錄能相互解析，實驗成功！

---

【版權所有，轉載請注明原文出處：http://www.cnblogs.com/liaoyuanyang/p/6902481.html 】