1、实验目的
现要求在两个局域网中分别搭建各自的DNS服务器,并通过相关设置,使得两个DNS服务器能相互解析
2、实验拓扑
3、实验分析
要使两个不同网络的DNS服务器能相互访问,需要额外假设一台DNS服务器,同时作为网关
4、实验步骤
(1)搭建如图所示基础网络
使得alice能访问bob(参考Linux基础网络搭建实验)
(2)在alice(192.168.0.253)上
1)安装DNS服务器(参考:配置Yum源)
[root@lyy yum.repos.d]# yum install bind -y
2)配置主配置文件
[root@lyy yum.repos.d]# gedit /etc/named.conf
options {
listen-on port { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
forward only; //即使有根服务器,也不询问,转发给上层DNS服务器
forwarders {192.168.0.254;}; //转发对象(上层DNS)的地址
};
zone "alice.com" IN {
type master;
file "named.alice.com";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.0";
};
3)正解文件
[root@lyy yum.repos.d]# cd /var/named/
[root@lyy named]# touch named.alice.com
[root@lyy named]# gedit named.alice.com
$TTL 3H
@ IN SOA master.alice.com. admin.mail.alice.com. (
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.alice.com.
master.alice.com. IN A 192.168.0.253
@ IN MX mail.alice.com.
mail.alice.com. IN A 192.168.0.253
ftp.alice.com. IN CNAME master.alice.com.
www.alice.com. IN CNAME master.alice.com.
client.alice.com. IN A 192.168.0.10
nfs.alice.com. IN A 192.168.0.11
4)反解文件
[root@lyy named]# touch named.192.168.
[root@lyy named]# gedit named.192.168.
$TTL 3H
@ IN SOA master.alice.com. admin.mail.alice.com. (
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.alice.com.
IN PTR master.alice.com.
IN PTR mail.alice.com.
IN PTR client.alice.com.
IN PTR nfs.alice.com.
5)防火墙设置
[root@lyy named]# iptables -I INPUT -i eth0 -p udp --dport -j ACCEPT
[root@lyy named]# iptables -I INPUT -i eth0 -p tcp --dport -j ACCEPT
6)启动DNS服务
[root@lyy named]# service named start
(3)在bob(202.3.4.253)上
1)安装DNS服务器
2)主配置文件
options {
listen-on port { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
forward only; //即使有根服务器,也不询问,转发给上层DNS服务器
forwarders {202.3.4.254;}; //转发对象(上层DNS)的地址
};
zone "bob.com" IN {
type master;
file "named.bob.com";
};
zone "4.3.202.in-addr.arpa" IN {
type master;
file "named.202.3.4";
};
3)正解文件(参考alice)
$TTL 3H
@ IN SOA master.bob.com. admin.mail.bob.com. (
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.bob.com.
master.bob.com. IN A 202.3.4.253
@ IN MX mail.bob.com.
mail.bob.com. IN A 202.3.4.253
ftp.bob.com. IN CNAME master.bob.com.
www.bob.com. IN CNAME master.bob.com.
client.bob.com. IN A 202.3.4.10
nfs.bob.com. IN A 202.3.4.11
4)反解文件
$TTL 3H
@ IN SOA master.bob.com. admin.mail.bob.com. (
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.bob.com.
IN PTR master.bob.com.
IN PTR mail.bob.com.
IN PTR client.bob.com.
IN PTR nfs.bob.com.
5)防火墙设置
[root@lyy named]# iptables -I INPUT -i eth0 -p udp --dport -j ACCEPT
[root@lyy named]# iptables -I INPUT -i eth0 -p tcp --dport -j ACCEPT
6)启动DNS服务
[root@lyy named]# service named start
(4)在网关(com)上
1)安装DNS服务
2)主配置文件
options {
listen-on port { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer {none; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "com" IN {
type master;
file "named.com";
};
3)正解文件
[root@lyy yum.repos.d]# cd /var/named/
[root@lyy named]# touch named.com
[root@lyy named]# gedit named.com
$TTL 3H
@ IN SOA master.com. admin.mail.com. (
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.com.
master.com. IN A 192.168.0.254
alice.com. IN NS master.alice.com.
master.alice.com. IN A 192.168.0.253
bob.com. IN NS master.bob.com.
master.bob.com. IN A 202.3.4.253
注意:(com)不需要反解文件
4)防火墙设置
[root@lyy named]# iptables -I INPUT -p udp --dport -j ACCEPT
[root@lyy named]# iptables -I INPUT -p tcp --dport -j ACCEPT
5)启动DNS服务
5、结果测试
(1)在alice.com的DNS Server上测试
[root@lyy named]# dig -t mx bob.com
(2)在bob.com的DNS Server上测试
[root@lyy named]# dig -t mx alice.com
可以看到,alice和bob的邮件记录能相互解析,实验成功!
【版权所有,转载请注明原文出处:http://www.cnblogs.com/liaoyuanyang/p/6902481.html 】