1. Network topology:
Requirements: Intranet All to the public network DNS traffic, are forwarded to the intranet of a DNS server.
SOURCE Demand post: http://bbs.51cto.com/thread-939762-1.html
----Linux testing, this is also a kind of DNS spoofing technology
2. Configuration steps:
A.linux Gateway Configuration:
① Turn on routing forwarding function:
echo "1" >/proc/sys/net/ipv4/ip_forward
② Configuration Pat:
Iptables-t nat-a postrouting-o eth0-s 10.1.1.0/24-j Masquerade
③ Configure Port redirection:
More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/DNS/
Iptables-t nat-a prerouting-p UDP--dport 53-j dnat--to 10.1.1.10
B.R2 configuration:
① configured as a DNS server:
IP DNS Server
② Configuration Resolution Entries:
IP host www.baidu.com 10.1.1.1
C.R1 configuration:
Specify that the DNS server is a public network
IP name-server 202.1.1.2
3. Test:
A.R1 can be on the public network:
R1#ping 202.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.1.1.2, timeout is 2 seconds:
!!!!! Success rate is percent (5/5), round-trip Min/avg/max = 12/22/32 ms
B.R1 find public network server resolution domain name:
R1#ping www.baidu.com
Translating "www.baidu.com" ... domain server (202.1.1.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is percent (5/5), round-trip Min/avg/max = 12/20/32 ms
----www.baidu.com for R2 the address 10.1.1.1 above set, below for grab screenshot
This article comes from "Httpyuntianjxxll.spac" blog, please be sure to keep this source http://333234.blog.51cto.com/323234/947227