CentOS7.0下智能DNS服务配置
智能DNS简介
智能DNS是域名服务在业界首创的智能解析服务。能自动判断访问者的IP地址并解析出对应的IP地址,使网通用户会访问到网通服务器,电信用户会访问到电信服务器。
实验环境:Centos7.0最小化四台,XP三台。
Bind Server:192.168.9.203
Apache Server(电信): 192.168.9.204
Apache Server(网通): 192.168.9.205
Apache Server(any): 192.168.9.206
Bind服务器配置(203)
配置Bind服务器的IP地址
[root@server01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736TYPE=EthernetBOOTPROTO=staticDEFROUTE=yesPEERDNS=yesPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=eno16777736UUID=1c8237c2-f173-40e8-8f8a-ba22e2e5ffdfDEVICE=eno16777736ONBOOT=yesIPADDR0=192.168.9.203GATEWAY0=192.168.9.1PREFIX0=24DNS1=114.114.114.114安装bind软件以及环境
[root@server01 ~]# yum install -y bind bind-devel bind-chroot已加载插件:fastestmirrorbase | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 Loading mirror speeds from cached hostfile * base: mirrors.cn99.com * extras: centos.ustc.edu.cn * updates: centos.ustc.edu.cn正在解决依赖关系--> 正在检查事务---> 软件包 bind.x86_64.32.9.9.4-38.el7_3.2 将被 安装--> 正在处理依赖关系 bind-libs = 32:9.9.4-38.el7_3.2,它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要--> 正在处理依赖关系 liblwres.so.90()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要--> 正在处理依赖关系 libisccfg.so.90()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要--> 正在处理依赖关系 libisccc.so.90()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要--> 正在处理依赖关系 libisc.so.95()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要--> 正在处理依赖关系 libdns.so.100()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要--> 正在处理依赖关系 libbind9.so.90()(64bit),它被软件包 32:bind-9.9.4-38.el7_3.2.x86_64 需要已安装: bind.x86_64 32:9.9.4-38.el7_3.2 bind-chroot.x86_64 32:9.9.4-38.el7_3.2 bind-devel.x86_64 32:9.9.4-38.el7_3.2
作为依赖被安装: GeoIP.x86_64 0:1.5.0-11.el7 bind-libs.x86_64 32:9.9.4-38.el7_3.2
作为依赖被升级: bind-libs-lite.x86_64 32:9.9.4-38.el7_3.2 bind-license.noarch 32:9.9.4-38.el7_3.2
完毕!安装完成
修改Bind主配置文件
[root@server01 ~]# vim /etc/named.confoptions { listen-on port 53 { 192.168.9.203; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; };[root@server01 ~]# vim /etc/named.rfc1912.zones// named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1 : localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c)2007 R W Franks//// See /usr/share/doc/bind*/sample/ for example named configuration files.//
view "dianxin" { #设置面向电信用户的视图 match-clients {dianxin_acl;}; #匹配来自电信的客户端地址 zone "." IN { type hint; file "named.ca"; }; zone "abc.com" IN { type master; file "abc.com.dianxin"; #指向面向电信用户的数据库文件 }; zone "9.168.192.in-addr.arpa" IN { type master; file "192.168.9.dianxin"; #指向面向电信用户的数据库文件 };
};
view "wangtong" { #设置面向网通用户的视图 match-clients {wangtong_acl;}; #匹配来自网通的客户端地址 zone "." IN { type hint; file "named.ca"; }; zone "abc.com" IN { type master; file "abc.com.wangtong"; #指向面向网通用户的数据库文件
}; zone "9.168.192.in-addr.arpa" IN { type master; file "192.168.9.wangtong"; #指向面向网通用户的数据库文件
};
};
view "any" { match-clients {any;}; zone "." IN { type hint; file "named.ca"; }; zone "abc.com" IN { type master; file "abc.com.any"; }; zone "9.168.192.in-addr.arpa" IN { type master; file "192.168.9.any"; };
};
include "dianxin.acl";include "wangtong.acl"; 配置ACL访问控制列表
[root@server01 ~]# vim /var/named/dianxin.aclacl "dianxin_acl" {192.168.9.11/32; #写入电信地址};[root@server01 ~]# vim /var/named/wangtong.aclacl "wangtong_acl" {192.168.9.21/32; #写入网通地址};建立数据库文件(正向解析)
电信
[root@server01 ~]# vim /var/named/abc.com.dianxin$TTL 86400@ IN SOA server01.abc.com. root@abc.com. ( 2013042710 1M 1H 1W 3H )@ IN NS server01.abc.com.server01.abc.com. IN A 192.168.9.203server02.abc.com. IN A 192.168.9.204www.abc.com. IN CNAME server02.abc.com.网通
[root@server01 ~]# vim /var/named/abc.com.wangtong$TTL 86400@ IN SOA server01.abc.com. root@abc.com. ( 2013042710 1M 1H 1W 3H )@ IN NS server01.abc.com.server01.abc.com. IN A 192.168.9.203server03.abc.com. IN A 192.168.9.205www.abc.com. IN CNAME server03.abc.com.Any
[root@server01 ~]# vim /var/named/abc.com.any$TTL 86400@ IN SOA server01.abc.com. root@abc.com. ( 2013042710 1M 1H 1W 3H )@ IN NS server01.abc.com.server01.abc.com. IN A 192.168.9.203server04.abc.com. IN A 192.168.9.206www.abc.com. IN CNAME server04.abc.com.配置反向解析
电信
[root@server01 ~]# vim /var/named/192.168.9.dianxin$TTL 86400@ IN SOA server01.abc.com. root@abc.com. ( 2013042710 1M 1H 1W 3H )@ IN NS server01.abc.com.203.9.168.192.in-addr.arpa. IN PTR server01.abc.com.204.9.168.192.in-addr.arpa. IN PTR server02.abc.com.网通
[root@server01 ~]# vim /var/named/192.168.9.wangtong$TTL 86400@ IN SOA server01.abc.com. root@abc.com. ( 2013042710 1M 1H 1W 3H )@ IN NS server01.abc.com.203.9.168.192.in-addr.arpa. IN PTR server01.abc.com.205.9.168.192.in-addr.arpa. IN PTR server03.abc.com.Any
[root@server01 ~]# vim /var/named/192.168.9.any$TTL 86400@ IN SOA server01.abc.com. root@abc.com. ( 2013042710 1M 1H 1W 3H )@ IN NS server01.abc.com.203.9.168.192.in-addr.arpa. IN PTR server01.abc.com.206.9.168.192.in-addr.arpa. IN PTR server04.abc.com.查看/var/named/目录下的8个配置文件
[root@server01 ~]# cd /var/named/[root@server01 named]# ll总用量 52-rw-r--r-- 1 root root 300 3月 15 07:09 192.168.9.any-rw-r--r-- 1 root root 295 3月 15 07:08 192.168.9.dianxin-rw-r--r-- 1 root root 300 3月 15 07:09 192.168.9.wangtong-rw-r--r-- 1 root root 352 3月 15 06:50 abc.com.any-rw-r--r-- 1 root root 338 3月 15 08:15 abc.com.dianxin-rw-r--r-- 1 root root 352 3月 15 06:46 abc.com.wangtongdrwxr-x--- 7 root named 56 3月 15 06:25 chrootdrwxrwx--- 2 named named 22 3月 15 07:12 data-rw-r--r-- 1 root root 40 3月 15 07:04 dianxin.acldrwxrwx--- 2 named named 4096 3月 15 08:13 dynamic-rw-r----- 1 root named 2076 1月 28 2013 named.ca-rw-r----- 1 root named 152 12月 15 2009 named.empty-rw-r----- 1 root named 152 6月 21 2007 named.localhost-rw-r----- 1 root named 168 12月 15 2009 named.loopbackdrwxrwx--- 2 named named 6 2月 15 21:16 slaves-rw-r--r-- 1 root root 41 3月 15 06:41 wangtong.acl[root@server01 named]# 语法测试并启动Bind服务
[root@server01 ~]# named-checkzone abc.com /var/named/abc.com.dianxin zone abc.com/IN: loaded serial 2013042710OK[root@server01 ~]# named-checkzone abc.com /var/named/abc.com.wangtong zone abc.com/IN: loaded serial 2013042710OK[root@server01 ~]# named-checkzone abc.com /var/named/abc.com.any zone abc.com/IN: loaded serial 2013042710OK[root@server01 ~]# named-checkzone 9.168.192.in-addr.arpa /var/named/192.168.9.dianxin zone 9.168.192.in-addr.arpa/IN: loaded serial 2013042710OK[root@server01 ~]# named-checkzone 9.168.192.in-addr.arpa /var/named/192.168.9.wangtong zone 9.168.192.in-addr.arpa/IN: loaded serial 2013042710OK[root@server01 ~]# named-checkzone 9.168.192.in-addr.arpa /var/named/192.168.9.any zone 9.168.192.in-addr.arpa/IN: loaded serial 2013042710OK[root@server01 ~]# named-checkconf /etc/named.conf [root@server01 named]# named-checkconf /etc/named.rfc1912.zones
注:如果测试遇到问题,见下:
①
[root@server01 ~]# named-checkconf /etc/named.conf /etc/named.conf:52: when using 'view' statements, all zones must be in views这表示在/etc/named.conf目录下的所有的zones必须都在views视图下,所以去/etc/named.conf 目录下将第52行zone区域删除即可。②再测试
[root@server01 ~]# named-checkconf /etc/named.conf /etc/named.rfc1912.zones:13: when using 'view' statements, all zones must be in views这表示在/etc/named.rfc1912.zones目录下的所有的zones必须都在views视图下,所以去/etc/named.rfc1912.zones 目录下将第13到42行zone区域删除即可。③
[root@server01 ~]# named-checkzone 9.168.192.in-addr.arpa /var/named/192.168.9.dianxin /var/named/192.168.9.dianxin:2: ignoring out-of-zone data (abc.com)/var/named/192.168.9.dianxin:8: ignoring out-of-zone data (abc.com)zone 9.168.192.in-addr.arpa/IN: has 0 SOA recordszone 9.168.192.in-addr.arpa/IN: has no NS recordszone 9.168.192.in-addr.arpa/IN: not loaded due to errors.这表示/var/named/192.168.9.dianxin目录中的第2行和第8行的abc.com.应该改为@④
[root@Web1 ~]# named-checkconf /etc/named.rfc1912.zones /etc/named.rfc1912.zones:66: open: dianxin.acl: file not found你可能会遇见这一个问题,你进入到/var/named/目录下,在测试一下,就行了。启动named服务
[root@server01 named]# systemctl restart named[root@server01 named]# systemctl enable namedCreated symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.配置Apache服务器(电信204)
[root@server02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 TYPE=EthernetBOOTPROTO=staticDEFROUTE=yesPEERDNS=yesPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=eno16777736UUID=1c8237c2-f173-40e8-8f8a-ba22e2e5ffdfDEVICE=eno16777736ONBOOT=yesIPADDR0=192.168.9.204GATEWAY0=192.168.9.1PREFIX0=24DNS1=114.114.114.114安装Apache软件包
[root@server02 ~]# yum install -y httpd httpd-devel已加载插件:fastestmirrorbase | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/2): extras/7/x86_64/primary_db | 139 kB 00:00:00 (2/2): updates/7/x86_64/primary_db | 3.8 MB 00:00:02 Loading mirror speeds from cached hostfile * base: mirrors.cn99.com * extras: mirrors.zju.edu.cn * updates: mirrors.cn99.com软件包 httpd-2.4.6-45.el7.centos.x86_64 已安装并且是最新版本软件包 httpd-devel-2.4.6-45.el7.centos.x86_64 已安装并且是最新版本无须任何处理修改apache配置文件
[root@server02 ~]# vim /etc/httpd/conf/httpd.conf只要将95行的ServerName改为www.abc.com即可
85 # 86 ServerAdmin root@localhost 87 88 # 89 # ServerName gives the name and port that the server uses to identify itself. 90 # This can often be determined automatically, but we recommend you specify 91 # it explicitly to prevent problems during startup. 92 # 93 # If your host doesn't have a registered DNS name, enter its IP address here. 94 # 95 ServerName www.abc.com:80 96 97 # 98 # Deny access to the entirety of your server's filesystem. You must 99 # explicitly permit access to web content directories in other 100 # <Directory> blocks below.101 #102 <Directory />103 AllowOverride none104 Require all denied105 </Directory>106
修改apache默认文档
[root@server02 ~]# vim /var/www/html/index.htmldianxin11111111111111111111111111111111111111111111111111111
启动apache服务
[root@server02 ~]# systemctl restart httpd[root@server02 ~]# systemctl enable httpdCreated symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
配置Apache服务器(网通205)
配置通电信
网页内容改为wangtong222222222222222222222222222222222
配置Apache服务器(Any206)
配置通电信
网页内容改为Any33333333333333333333333333333333333333
分别配置防火墙和SELinux(关闭)
Bind服务器
[root@server01 ~]# firewall-cmd --permanent --add-service=dnssuccess[root@server01 ~]# firewall-cmd --reloadsuccess
电信Apache
[root@server02 ~]# firewall-cmd --permanent --add-service=httpsuccess[root@server02 ~]# firewall-cmd --reloadsuccess网通Apache
[root@server03 ~]# firewall-cmd --permanent --add-service=httpsuccess[root@server03 ~]# firewall-cmd --reloadsuccessAny Apache
[root@server04 ~]# firewall-cmd --permanent --add-service=httpsuccess[root@server04 ~]# firewall-cmd --reloadsuccess客户端测试
电信
IP:192.168.9.11/24
DNS:192.168.9.203
Windows+r,执行cmd。C:\Documents and Settings\Administrator>cd \C:\>nslookup www.abc.comServer: server01.abc.comAddress: 192.168.9.203
Name: server02.abc.comAddress: 192.168.9.204Aliases: www.abc.com查看网页文件
打开IE浏览器,输入www.abc.comdianxin11111111111111111111111111111111111111111网通
IP:192.168.9.21/24
DNS:192.168.9.203
Windows+r,执行cmd。C:\Documents and Settings\Administrator>cd \C:\>nslookup www.abc.comServer: server01.abc.comAddress: 192.168.9.203
Name: server03.abc.comAddress: 192.168.9.205Aliases: www.abc.com查看网页文件
打开IE浏览器,输入www.abc.comwangtong2222222222222222222222222222222222222222Any
IP:192.168.9.31/24
DNS:192.168.9.203
Windows+r,执行cmd。C:\Documents and Settings\Administrator>cd \C:\>nslookup www.abc.comServer: server01.abc.comAddress: 192.168.9.203
Name: server04.abc.comAddress: 192.168.9.206Aliases: www.abc.com查看网页文件
打开IE浏览器,输入www.abc.comAny3333333333333333333333333333333333333333333333时间: 2024-10-07 01:49:08