Because the company's internal network needs to be tested, domain names are used to access the company's internal server. However, the vro does not have the domain name forwarding function. Therefore, the DNS method is used.
Background:
One internal server:
System: CentOS6.5 _ x64
Hostname: server. andy. local
IP: 192.168.10.10
1. Install the bind service
Yum-y install bind *
2. Configure the DNS Server. All the following settings are modified in blue.
Vim/etc/named. conf
//
// Named. conf
//
// Provided by Red Hat bind package to configure the isc bind named (8) DNS
// Server as a caching only nameserver (as a localhost DNS resolver only ).
//
// See/usr/share/doc/bind */sample/for example named configuration files.
//
Options {
// Listen-on port 53 {127.0.0.1 ;};
Listen-on port 53 {any ;};
Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named ";
Dump-file "/var/named/data/cache_dump.db ";
Statistics-file "/var/named/data/named_stats.txt ";
Memstatistics-file "/var/named/data/named_mem_stats.txt ";
// Allow-query {localhost ;};
Allow-query {any ;};
Recursion yes;
Dnssec-enable yes;
Dnssec-validation yes;
Dnssec-lookaside auto;
/* Path to isc dlv key */
Bindkeys-file "/etc/named. iscdlv. key ";
Managed-keys-directory "/var/named/dynamic ";
};
Logging {
Channel default_debug {
File "data/named. run ";
Severity dynamic;
};
};
Zone "." IN {
Type hint;
File "named. ca ";
};
Include "/etc/named. rfc1912.zones ";
Include "/etc/named. root. key ";
------------
Vim/etc/named. rfc1912.zones
// Named. rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// Isc bind named zone configuration for zones recommended
// RFC 1912 section 4.1: localhost TLDs and address zones
// And http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (C) 2007 r w Franks
//
// See/usr/share/doc/bind */sample/for example named configuration files.
//
Zone "localhost. localdomain" IN {
Type master;
File "named. localhost ";
Allow-update {none ;};
};
Zone "localhost" IN {
Type master;
File "named. localhost ";
Allow-update {none ;};
};
Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
Type master;
File "named. loopback ";
Allow-update {none ;};
};
Zone "1.0.0.127.in-addr. arpa" IN {
Type master;
File "named. loopback ";
Allow-update {none ;};
};
Zone "0. In-addr.arpa" IN {
Type master;
File "named. empty ";
Allow-update {none ;};
};
Zone "andy. local" IN {
Type master;
File "named. andy. local ";
Allow-update {none ;};
};
Zone "xxxx.com" IN {
Type master;
File "named.xxxx.com ";
Allow-update {none ;};
};
Note that each sentence is followed by a semicolon;
3. Add a forward DNS file
Vim/var/named. andy. local
$ TTL 86400
@ In soa server. andy. local. root. andy. local .(
2015080700; (serial number) + 1 for each update
3600; (update frequency) requests the update time from the server to the master server
1800; (failed retry time) is usually half of the update frequency
604800; (Expiration Time) duration of failed attempts
86400; (cache time) can be understood as the default TTL time
)
@ In ns server. andy. local.
@ In a 192.168.10.10
Server in a 192.168.10.10
Ns in a 192.168.10.10
Add xxxx domain name resolution file
Vim/var/named/named.xxxx.com
$ TTL 86400
@ In soa ns. andy. local. root. andy. local .(
2015080700; (serial number) + 1 for each update
3600; (update frequency) requests the update time from the server to the master server
1800; (failed retry time) is usually half of the update frequency
604800; (Expiration Time) duration of failed attempts
86400; (cache time) can be understood as the default TTL time
)
@ In ns ns. andy. local.
@ In a 192.168.10.10
Www in a 192.168.10.10
User in a 192.168.10.10
Admin in a 192.168.10.10
Then start the dns server
/Etc/init. d/named start
// Start upon startup
Chkconfig named on
Then configure the first DNS address on the vro as 192.168.10.10.
The second DNS address is the normal DNS address.
In this way, the company's internal access to a specific xxxx.com domain name will be resolved to the internal server. You can also access the Internet.
Dig xxxx.com
; <> DiG 9.8.3-P1 <> xxxx.com
; Global options: + cmd
; Got answer:
;-> HEADER <-opcode: QUERY, status: NOERROR, id: 61174
; Flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
; Question section:
; Xxxx.com. IN
; Answer section:
Xxxx.com. 86400 in a 192.168.10.10
; Authority section:
Xxxx.com. 86400 in ns ns. andy. local.
; Additional section:
Ns. andy. local. 86400 in a 192.168.10.10
; Query time: 30 msec
; SERVER: 192.168.10.10 #53 (192.168.10.10)
; WHEN: Thu Sep 3 18:04:09 2015
; Msg size rcvd: 86
Generally, the DNS server performs a master/slave mode and also needs to parse the file. Here, the main company's internal testing is used, so there is no more to do. You can search by yourself...