1、前言
前面学习了DNS服务器的相关原理及相关配置文件的编辑创建,接着我们来学习下如何搭建DNS主从服务器,并实现智能DNS。
2、环境准备
Master Server:Centos 7.2,192.168.0.188
Slave Server1:Centos 7.2,192.168.0.189
上述服务器通过yum install -y bind命令安装相应的named服务,随后确保主从服务器的时区时间一致,可通过安装ntpdate命令进行同步网络时间。
[root@localhost ~]# ntpdate -u ntp.api.bz
21 Apr 15:02:36 ntpdate[11193]: step time server 120.25.108.11 offset 9211633.960683 sec
最后检查关闭iptables。
3、相关测试工具及命令
与DNS服务相关的测试工具有:dig、host、nslookup及rndc命令。
-
dig命令
用于测试DNS系统,其不会查询hosts文件,使用格式:
dig [-t RR_TYPE] name [@SERVER] [query options]
常用的查询选项包括:
+[no]trace:跟踪解析过程;
+[no]recurse:进行递归解析;
其常用用法包括:
反向解析测试:dig -x IP
测试区域传送:dig -t [axfr|ixfr] DOMAIN [@server]
-
host命令
其用法类似于dig命令,使用格式为:
host [-t RR_TYPE] name SERVER_IP
-
nslookup命令
nslookup命令有两种使用模式,一种是命令模式,另一个交互模式。其命令模式的使用格式为:
nslookup [-options] [name] [server]
而交互模式的使用格式为:
nslookup>
server IP:以指定的IP为DNS服务器进行查询;
set q=RR_TYPE:要查询的资源记录类型;
name:要查询的名称;
-
rndc命令
rndc命令为named服务的控制命令,其常用的用法有以下:
rndc status:显示服务器状态
rndc reload:在不停止DNS服务器工作的情况下,重新加载配置文件和区域文件
rndc flush:清理DNS缓存
4、搭建DNS主从服务器
1)搭建DNS主服务器
编辑修改/etc/named.conf文件:
[root@Master ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.0.188; }; #监听本机IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.0.0/24; }; #允许来自192.168.0.0/24网段的的解析请求;
recursion yes; #开启递归查询
forward only; #启用转发域功能,对于本域无法解析的请求,只做转发处理;
forwarders { 114.114.114.114; }; #指定转发的DNS服务器;
dnssec-enable no; #关闭DNS安全扩展功能;
dnssec-validation no; #关闭DNS安全验证;
};
.....
编辑修改/etc/named.rfc1912.zones:
[root@Master ~]# vim /etc/named.rfc1912.zones
zone "magedu.com." IN { #创建正向解析域
type master;
file "magedu.com.zone";
allow-update { none; };
allow-transfer { 192.168.0.189;192.168.0.190; }; #允许同步DNS的辅助服务器IP;
notify yes; #启用变更通告,当主服务器DNS区域文件发生变更后,通知从服务器进行比较同步;
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
allow-update { none; };
allow-transfer { 192.168.0.189;192.168.0.190;};
notify yes;
};
新建/var/named/magedu.com.zone文件:
$TTL 3600
@ IN SOA ns1.magedu.com. 1XXXXXX3.qq.com. (
2018042101
1D
1H
1W
3H
)
magedu.com. IN NS ns1.magedu.com.
magedu.com. IN NS ns2.magedu.com.
magedu.com. IN NS ns3.magedu.com.
magedu.com. IN MX 10 mx1.magedu.com.
magedu.com. IN MX 20 mx2.magedu.com.
mx1 IN A 192.168.0.1
mx2 IN A 192.168.0.2
ns1 IN A 192.168.0.188
ns2 IN A 192.168.0.189
ns3 IN A 192.168.0.190
www IN A 199.247.21.135
web IN CNAME www
qq IN A 59.37.96.63
master IN A 192.168.0.188
slave1 IN A 192.168.0.189
slave2 IN A 192.168.0.190
新建/var/named/192.168.0.zone文件:
$TTL 3600
@ IN SOA ns1.magedu.com. 1XXXXXXX3.qq.com. (
2018042101
1D
1H
1W
3H
)
@ IN NS ns1.magedu.com.
@ IN NS ns2.magedu.com. #对于反向区域文件来说,从服务器的NS记录是必须得,否则区域文件的同步会有问题,这此我亲身跳坑体验过了。。。
@ IN NS ns3.magedu.com.
1 IN PTR mx1.magdu.com.
2 IN PTR mx2.magdu.com.
188 IN PTR ns1.magedu.com.
189 IN PTR ns2.magedu.com.
190 IN PTR ns3.magedu.com.
188 IN PTR master.magedu.com.
189 IN PTR slave1.magedu.com.
190 IN PTR slave2.magedu.com.
检查相关的配置文件:
[root@Master ~]# named-checkconf /etc/named.conf
[root@Master ~]# named-checkzone magedu.com /var/named/magedu.com.zone
zone magedu.com/IN: loaded serial 2018042101
OK
[root@Master ~]# named-checkzone 0.168.192.ip-addr.arpa /var/named/192.168.0.zone
zone 0.168.192.ip-addr.arpa/IN: loaded serial 2018042101
OK
如没有错误则启动named服务:
[root@Master ~]# systemctl status named
2)搭建DNS从服务器
在Slave server 1上编辑/etc/named.conf文件:
[root@Slave1 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.0.189; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.0.0/24; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
....
};
.....
随后编辑/etc/named.rfc1912.zones:
[root@Slave1 ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave; #指定类型为slave ;
file "slaves/magedu.com.zone"; #指定同步文件的存放路径及名称;
masters { 192.168.0.188; }; #指定主服务器的IP;
masterfile-format text; #指定区域文件的格式为text,不指定有可能会为乱码(没错,这坑我又踩过);
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.0.zone";
masters { 192.168.0.188; };
masterfile-format text;
};
编辑完成后检查相应的配置文件:
[root@Slave1 ~]# named-checkconf /etc/named.conf
如无报错,则启动named服务:
[root@Slave1 ~]# systemctl start named
[root@localhost ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2018-04-21 18:05:47 CST; 5s ago
Process: 11084 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 11081 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 11087 (named)
CGroup: /system.slice/named.service
└─11087 /usr/sbin/named -u named -c /etc/named.conf
4月 21 18:05:47 localhost.localdomain named[11087]: zone 0.168.192.in-addr.arpa/IN: Transfer started.
4月 21 18:05:47 localhost.localdomain named[11087]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.188#53: conn...42852
4月 21 18:05:47 localhost.localdomain named[11087]: zone 0.168.192.in-addr.arpa/IN: transferred serial 2018042101
4月 21 18:05:47 localhost.localdomain named[11087]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.188#53: Tran.../sec)
4月 21 18:05:47 localhost.localdomain named[11087]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 2018042101)
4月 21 18:05:47 localhost.localdomain named[11087]: zone magedu.com/IN: Transfer started.
4月 21 18:05:47 localhost.localdomain named[11087]: transfer of 'magedu.com/IN' from 192.168.0.188#53: connected using ...41953
4月 21 18:05:47 localhost.localdomain named[11087]: zone magedu.com/IN: transferred serial 2018042101
4月 21 18:05:47 localhost.localdomain named[11087]: transfer of 'magedu.com/IN' from 192.168.0.188#53: Transfer complet.../sec)
4月 21 18:05:47 localhost.localdomain named[11087]: zone magedu.com/IN: sending notifies (serial 2018042101)
Hint: Some lines were ellipsized, use -l to show in full.
如上述过程所示,从服务器能正常同步主服务器的正向和反向解析区域文件。
3)测试DNS主从服务器的解析结果
主服务器正向解析:
[root@Slave2 ~]# dig -t A www.magedu.com @192.168.188
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.magedu.com @192.168.188
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55749
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION: #成功获取正向解析结果
www.magedu.com. 3600 IN A 199.247.21.135
;; AUTHORITY SECTION:
magedu.com. 3600 IN NS ns1.magedu.com.
magedu.com. 3600 IN NS ns2.magedu.com.
magedu.com. 3600 IN NS ns3.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.0.188
ns2.magedu.com. 3600 IN A 192.168.0.189
ns3.magedu.com. 3600 IN A 192.168.0.190
;; Query time: 2 msec
;; SERVER: 192.168.0.188#53(192.168.0.188)
;; WHEN: Sat Apr 21 05:13:05 EDT 2018
;; MSG SIZE rcvd: 161
从服务器正向解析:
[root@Slave2 ~]# dig -t A www.magedu.com @192.168.189
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -t A www.magedu.com @192.168.189
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36011
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION: #成功获取正向解析结果
www.magedu.com. 3600 IN A 199.247.21.135
;; AUTHORITY SECTION:
magedu.com. 3600 IN NS ns1.magedu.com.
magedu.com. 3600 IN NS ns3.magedu.com.
magedu.com. 3600 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.0.188
ns2.magedu.com. 3600 IN A 192.168.0.189
ns3.magedu.com. 3600 IN A 192.168.0.190
;; Query time: 1 msec
;; SERVER: 192.168.0.189#53(192.168.0.189)
;; WHEN: Sat Apr 21 05:13:02 EDT 2018
;; MSG SIZE rcvd: 161
主服务器反向解析:
[root@Slave2 ~]# dig -x 192.168.0.1 @192.168.0.188
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -x 192.168.0.1 @192.168.0.188
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64876
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION: #成功获取反向解析结果
1.0.168.192.in-addr.arpa. 3600 IN PTR mx1.magdu.com.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 3600 IN NS ns2.magedu.com.
0.168.192.in-addr.arpa. 3600 IN NS ns3.magedu.com.
0.168.192.in-addr.arpa. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.0.188
ns2.magedu.com. 3600 IN A 192.168.0.189
ns3.magedu.com. 3600 IN A 192.168.0.190
;; Query time: 2 msec
;; SERVER: 192.168.0.188#53(192.168.0.188)
;; WHEN: Sat Apr 21 05:19:32 EDT 2018
;; MSG SIZE rcvd: 189
从服务器反向解析:
[root@Slave2 ~]# dig -x 192.168.0.188 @192.168.0.189
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -x 192.168.0.188 @192.168.0.189
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58662
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;188.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION: #成功获取反向解析结果
188.0.168.192.in-addr.arpa. 3600 IN PTR ns1.magedu.com.
188.0.168.192.in-addr.arpa. 3600 IN PTR master.magedu.com.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 3600 IN NS ns2.magedu.com.
0.168.192.in-addr.arpa. 3600 IN NS ns3.magedu.com.
0.168.192.in-addr.arpa. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.0.188
ns2.magedu.com. 3600 IN A 192.168.0.189
ns3.magedu.com. 3600 IN A 192.168.0.190
;; Query time: 2 msec
;; SERVER: 192.168.0.189#53(192.168.0.189)
;; WHEN: Sat Apr 21 05:20:18 EDT 2018
;; MSG SIZE rcvd: 202
4)DNS主从服务器的域维护
DNS主从服务器的域维护是指通过DNS协议来在主域名服务器和从域名服务器之间维护同一个区域文件的操作。
DNS支持两种域维护的方式:全量传输(AXFR)和增量传输(IXFR)
-
全量传输AXFR
全量传输时,DNS从服务器会从DNS主服务器上请求区域文件,其间隔时间由SOA记录中的refresh标签所定义。请求区域文件的过程是DNS从服务器向DNS主服务器发送查询来实现的,如果DNS主服务器中SOA记录中的序列号(serial)大于DNS从服务器SOA记录的序列号,DNS从服务器就会向DNS主服务器发送全量传输请求。全量传输使用TCP的53端口进行传输。 -
增量传输IXFR
传递非常大的区域文件是非常耗资源的(时间、带宽等),尤其是只有区域中的一个记录改变的时候,没有必要传递整个区域文件,增量传输是允许DNS主服务器和DNS从服务器之间只传输那些改变的记录。 -
通告notify
DNS从服务器会每隔SOA记录中的设置refresh时间值来向DNS主服务器主服务器发送请求,只有在主服务器的serial大于从服务器的serial时才进行传输,但是倘若refresh值设置得比较大,那么有可能在这段时间中就会积累大量的更新,此时DNS的时效性就会很差。
此时notify通告就提供了这样的功能:DNS主服务器的zone文件发生改变后,它立即向从服务器发送一个NOTIFY消息,告诉从服务器我的zone文件发生改变了,接着从服务器马上对比两者的序列号,再采用上面介绍的全量传输或者增量传输的方法请求zone文件。BIND本身支持通告,通告的配置是在named.conf中的zone中的option中配置,配置指令是notify, also-notify和notify-source。
上述在配置DNS主服务器的/etc/named.rfc1912.zones文件中,我启动了其notify的选项,因此在DNS主服务器上对区域文件作出的修改,在重启服务或重载服务后均应该能立即同步到相应的从服务器上,因此我们来测试下。
修改DNS主服务器上的正反区域文件:
[root@Master ~]# vim /var/named/magedu.com.zone
$TTL 3600
@ IN SOA ns1.magedu.com. 1XXXXXX83.qq.com. (
2018042112 #修改序列号
1D
1H
1W
3H
)
.....
test2 IN A 192.168.0.49 #新增test2的A记录
[root@Master ~]# vim /var/named/192.168.0.zone
$TTL 3600
@ IN SOA ns1.magedu.com 1XXXXX3.qq.com (
08 #修改序列号
3600
1H
1W
3H
)
@ IN NS ns1.magedu.com.
@ IN NS ns2.magedu.com.
@ IN NS ns3.magedu.com.
....
195 IN PTR test2.magedu.com. #新增test2的PTR记录
修改完成后,重载named服务,并查看/var/log/messages:
[root@Master ~]# systemctl reload named
[root@Master ~]# tail -30 /var/log/messages
Apr 22 10:53:42 localhost named[22338]: reloading configuration succeeded
Apr 22 10:53:42 localhost named[22338]: reloading zones succeeded
Apr 22 10:53:42 localhost named[22338]: all zones loaded
Apr 22 10:53:42 localhost named[22338]: running
Apr 22 10:53:42 localhost named[22338]: zone 0.168.192.in-addr.arpa/IN: loaded serial 7
Apr 22 10:53:42 localhost named[22338]: zone magedu.com/IN: loaded serial 2018042111
Apr 22 10:53:42 localhost systemd: Reloaded Berkeley Internet Name Domain (DNS).
Apr 22 10:53:42 localhost named[22338]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 7)
Apr 22 10:53:42 localhost named[22338]: zone magedu.com/IN: sending notifies (serial 2018042111)
Apr 22 10:53:42 localhost named[22338]: client 192.168.0.189#43104 (0.168.192.in-addr.arpa): transfer of '0.168.192.in-addr.arpa/IN': AXFR-style IXFR started
Apr 22 10:53:42 localhost named[22338]: client 192.168.0.189#43104 (0.168.192.in-addr.arpa): transfer of '0.168.192.in-addr.arpa/IN': AXFR-style IXFR ended
Apr 22 10:53:42 localhost named[22338]: client 192.168.0.189#64119: received notify for zone '0.168.192.in-addr.arpa'
Apr 22 10:53:42 localhost named[22338]: client 192.168.0.189#46313 (magedu.com): transfer of 'magedu.com/IN': AXFR-style IXFR started
Apr 22 10:53:42 localhost named[22338]: client 192.168.0.189#46313 (magedu.com): transfer of 'magedu.com/IN': AXFR-style IXFR ended
Apr 22 10:53:42 localhost named[22338]: client 192.168.0.190#34009 (0.168.192.in-addr.arpa): transfer of '0.168.192.in-addr.arpa/IN': AXFR-style IXFR started
Apr 22 10:53:42 localhost named[22338]: client 192.168.0.190#34009 (0.168.192.in-addr.arpa): transfer of '0.168.192.in-addr.arpa/IN': AXFR-style IXFR ended
Apr 22 10:53:43 localhost named[22338]: client 192.168.0.190#14847: received notify for zone '0.168.192.in-addr.arpa'
Apr 22 10:53:43 localhost named[22338]: client 192.168.0.190#50416 (magedu.com): transfer of 'magedu.com/IN': AXFR-style IXFR started
Apr 22 10:53:43 localhost named[22338]: client 192.168.0.190#50416 (magedu.com): transfer of 'magedu.com/IN': AXFR-style IXFR ended
从上述日志中可看出,相应的正反区域文件以及成功发送到从服务器上,在从服务器上验证结果:
[root@slave1 ~]# nslookup
> server 192.168.0.189
Default server: 192.168.0.189
Address: 192.168.0.189#53
> set q=A
> test2.magedu.com
Server: 192.168.0.189
Address: 192.168.0.189#53
Name: test2.magedu.com
Address: 192.168.0.49
> set q=NS
> 192.168.0.195
Server: 192.168.0.189
Address: 192.168.0.189#53
195.0.168.192.in-addr.arpa name = test2.magedu.com.
测试成功,说明已同步成功。
5、实现智能DNS
要实现DNS服务器的智能DNS解析,首先需要了解view的概念:view就是将不同IP地址段发来的查询响应到不同的DNS解析。如需要对两个不同的IP地址段进行配置,就需要明确这些IP地址段的范围,这样view才能生效。需要注意的是,一旦使用了view,所有域都必须定义在view中。
我这里以192.168.0.189/32代表电信网络,192.168.0.190/32代表联通网络,进行模拟测试:
配置修改此前实例DNS主服务器的named.conf:
acl "telecom"{
192.168.0.189;
};
acl "unicom"{
192.168.0.190;
};
options{
...
};
logging{
...
};
view telecom {
match-clients { telecom;};
zone "." IN {
type hint;
file "named.ca";
};
zone "charlie.com" IN {
type master;
file "charlie.com.zone.telecom";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view unicom {
match-clients { unicom;};
zone "." IN {
type hint;
file "named.ca";
};
zone "charlie.com" IN {
type master;
file "charlie.com.zone.unicom";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view others {
match-clients { any;};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
新建charlie.com.zone.telecom:
[root@Master ~]# vim /var/named/charlie.com.zone.telecom
$TTL 3600
@ IN SOA ns.charlie.com. 1XXXXXX3.qq.com (
00
1D
1H
1W
3H
)
@ IN NS ns.charlie.com.
ns IN A 192.168.0.188
@ IN MX 10 mx.charlie.com.
mx IN A 192.168.0.188
www IN A 1.1.1.1
blog IN A 1.1.1.2
新建charlie.com.zone.unicom:
[root@Master ~]# vim /var/named/charlie.com.zone.unicom
$TTL 3600
@ IN SOA ns.charlie.com. 1XXXXX3.qq.com. (
00
1D
1H
1W
3H
)
@ IN NS ns.charlie.com.
ns IN A 192.168.0.188
@ IN MX 10 mx.charlie.com.
mx IN A 192.168.0.188
www IN A 2.2.2.1
blog IN A 2.2.2.2
检查相应的配置文件:
[root@Master ~]# named-checkconf /etc/named.conf
[root@Master ~]# named-checkzone charlie.com /var/named/charlie.com.zone.telecom
zone charlie.com/IN: loaded serial 0
OK
[root@Master ~]# named-checkzone charlie.com /var/named/charlie.com.zone.unicom
zone charlie.com/IN: loaded serial 0
OK
重启或重载named服务:
[root@Master ~]# systemctl restart named
在192.168.0.189从服务器上验证解析结果:
[root@slave1 ~]# nslookup
> server 192.168.0.188
Default server: 192.168.0.188
Address: 192.168.0.188#53
> set q=A
> www.charlie.com
Server: 192.168.0.188
Address: 192.168.0.188#53
Name: www.charlie.com
Address: 1.1.1.1 #能正确解析出指定的telecomIP;
> blog.charlie.com
Server: 192.168.0.188
Address: 192.168.0.188#53
Name: blog.charlie.com
Address: 1.1.1.2 #能正确解析出指定的telecomIP;
> ns1.magedu.com
Server: 192.168.0.188
Address: 192.168.0.188#53
Name: ns1.magedu.com
Address: 192.168.0.188
在192.168.0.190从服务器上验证解析结果:
[root@slave2 ~]# nslookup
> server 192.168.0.188
Default server: 192.168.0.188
Address: 192.168.0.188#53
> set q=A
> www.charlie.com
Server: 192.168.0.188
Address: 192.168.0.188#53
Name: www.charlie.com
Address: 2.2.2.1 #能正确解析出指定的unicomIP;
> blog.charlie.com
Server: 192.168.0.188
Address: 192.168.0.188#53
Name: blog.charlie.com
Address: 2.2.2.2 #能正确解析出指定的unicomIP;
> ns1.magedu.com
Server: 192.168.0.188
Address: 192.168.0.188#53
Name: ns1.magedu.com
Address: 192.168.0.188
>
到此一个智能DNS解析便搭建完成了,如果能将公网上的电信和联通IP分别写入ACL列表中,并且将此服务器接入了多个运营商线路,使得其能够在公网上提供DNS解析,那么此服务器就能为来自不同运行商的客户端IP提供智能DNS解析了。
网友评论