bind-DNS服务器实现测试域名走本地内网，其他域名访问走公网测试

[root@master-DNS ~]# cat /etc/named.conf
options {
	listen-on port 53 { localhost; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	secroots-file	"/var/named/data/named.secroots";
	recursing-file	"/var/named/data/named.recursing";
	allow-query     { any; };
#公网的访问请求转发给223.5.5.5和119.29.29.29处理
	forwarders { 223.5.5.5;119.29.29.29;};

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;
#2个DNS安全策略设置为no
	dnssec-enable no;
	dnssec-validation no;

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";

	/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
	include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

#在/etc/named.rfc1912.zones指定内网测试域名读取/var/named/wang.org.zone 的配置
[root@master-DNS ~]# cat /etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
	type master;
	file "named.localhost";
	allow-update { none; };
};

zone "localhost" IN {
	type master;
	file "named.localhost";
	allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
	type master;
	file "named.loopback";
	allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
	type master;
	file "named.loopback";
	allow-update { none; };
};

zone "0.in-addr.arpa" IN {
	type master;
	file "named.empty";
	allow-update { none; };
};
#这里配置内网的测试域名wang.org
zone "wang.org" IN {
    type master;
    file  "wang.org.zone";
};

#内网域名数据库配置
[root@master-DNS ~]# cat /var/named/wang.org.zone 
$TTL 1D
@	IN SOA	master admin (
					3	; seria      #版本编号
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
                NS    dns1
                NS    dns2
dns1            A     192.168.100.139 #主DNS服务器节点
dns2            A     192.168.100.140 #备用DNS服务器节点
www     	    A    192.168.100.137
dd.sh     	    A    1.1.1.1


#检查语法，清除缓存，重载配置文件
[root@master-DNS ~]# named-checkconf
[root@master-DNS ~]# rndc flush
[root@master-DNS ~]# rndc reload
server reload successful

#客户端DNS配置
[root@m8 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.100.139
nameserver 192.168.100.140

#客户端访问内网域名测试www.wang.org,dd.sh.wang.org
#测试www.wang.org
[root@m8 ~]# dig www.wang.org

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> www.wang.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25240
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.wang.org.			IN	A

;; ANSWER SECTION:
www.wang.org.		86400	IN	A	192.168.100.137

;; AUTHORITY SECTION:
wang.org.		86400	IN	NS	dns1.wang.org.
wang.org.		86400	IN	NS	dns2.wang.org.

;; ADDITIONAL SECTION:
dns1.wang.org.		86400	IN	A	192.168.100.139
dns2.wang.org.		86400	IN	A	192.168.100.140

;; Query time: 0 msec
;; SERVER: 192.168.100.139#53(192.168.100.139)
;; WHEN: Sat Apr 22 07:48:19 CST 2023
;; MSG SIZE  rcvd: 127
#测试dd.sh.wang.org
[root@m8 ~]# dig dd.sh.wang.org

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> dd.sh.wang.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65272
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dd.sh.wang.org.			IN	A

;; ANSWER SECTION:
dd.sh.wang.org.		86400	IN	A	1.1.1.1

;; AUTHORITY SECTION:
wang.org.		86400	IN	NS	dns1.wang.org.
wang.org.		86400	IN	NS	dns2.wang.org.

;; ADDITIONAL SECTION:
dns1.wang.org.		86400	IN	A	192.168.100.139
dns2.wang.org.		86400	IN	A	192.168.100.140

;; Query time: 0 msec
;; SERVER: 192.168.100.139#53(192.168.100.139)
;; WHEN: Sat Apr 22 07:48:25 CST 2023
;; MSG SIZE  rcvd: 129

#host命令测试
[root@m8 ~]# host dd.sh.wang.org
dd.sh.wang.org has address 1.1.1.1
[root@m8 ~]# host www.wang.org
www.wang.org has address 192.168.100.137

#客户端host马路测试公网域名
[root@m8 ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 120.232.145.144
www.a.shifen.com has address 120.232.145.185
#dig命令测试公网
[root@m8 ~]# dig www.baidu.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35771
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.baidu.com.			IN	A

;; ANSWER SECTION:
www.baidu.com.		79	IN	CNAME	www.a.shifen.com.
www.a.shifen.com.	79	IN	A	120.232.145.144
www.a.shifen.com.	79	IN	A	120.232.145.185

;; AUTHORITY SECTION:
.			518235	IN	NS	a.root-servers.net.
.			518235	IN	NS	m.root-servers.net.
.			518235	IN	NS	e.root-servers.net.
.			518235	IN	NS	l.root-servers.net.
.			518235	IN	NS	h.root-servers.net.
.			518235	IN	NS	j.root-servers.net.
.			518235	IN	NS	g.root-servers.net.
.			518235	IN	NS	f.root-servers.net.
.			518235	IN	NS	d.root-servers.net.
.			518235	IN	NS	k.root-servers.net.
.			518235	IN	NS	c.root-servers.net.
.			518235	IN	NS	i.root-servers.net.
.			518235	IN	NS	b.root-servers.net.

;; ADDITIONAL SECTION:
f.root-servers.net.	518235	IN	A	192.5.5.241
m.root-servers.net.	518235	IN	A	202.12.27.33
g.root-servers.net.	518235	IN	A	192.112.36.4
b.root-servers.net.	518235	IN	A	199.9.14.201
j.root-servers.net.	518235	IN	A	192.58.128.30
i.root-servers.net.	518235	IN	A	192.36.148.17
c.root-servers.net.	518235	IN	A	192.33.4.12
d.root-servers.net.	518235	IN	A	199.7.91.13
h.root-servers.net.	518235	IN	A	198.97.190.53
a.root-servers.net.	518235	IN	A	198.41.0.4
e.root-servers.net.	518235	IN	A	192.203.230.10
k.root-servers.net.	518235	IN	A	193.0.14.129
l.root-servers.net.	518235	IN	A	199.7.83.42
f.root-servers.net.	518235	IN	AAAA	2001:500:2f::f
m.root-servers.net.	518235	IN	AAAA	2001:dc3::35
g.root-servers.net.	518235	IN	AAAA	2001:500:12::d0d
b.root-servers.net.	518235	IN	AAAA	2001:500:200::b
j.root-servers.net.	518235	IN	AAAA	2001:503:c27::2:30
i.root-servers.net.	518235	IN	AAAA	2001:7fe::53
c.root-servers.net.	518235	IN	AAAA	2001:500:2::c
d.root-servers.net.	518235	IN	AAAA	2001:500:2d::d
h.root-servers.net.	518235	IN	AAAA	2001:500:1::53
a.root-servers.net.	518235	IN	AAAA	2001:503:ba3e::2:30
e.root-servers.net.	518235	IN	AAAA	2001:500:a8::e
k.root-servers.net.	518235	IN	AAAA	2001:7fd::1
l.root-servers.net.	518235	IN	AAAA	2001:500:9f::42

;; Query time: 0 msec
;; SERVER: 192.168.100.139#53(192.168.100.139)
;; WHEN: Sat Apr 22 07:50:19 CST 2023
;; MSG SIZE  rcvd: 884
 

本栏目推荐文章
• .Net Core 系列： 集成 Consul 实现 服务注册与健康检查
• 字节微服务HTTP框架Hertz使用与源码分析｜拥抱开
• Kubernetes Headless服务
• Django客户端应用1向服务端应用2发送POST请求并接收解析数据
• python socket服务端
• nginx 一个域名区分pc和手机！
• 【JVM】记录一次线上服务频繁FGC的排查过程
• 函数计算域名调试web应用
• Ubantu部署DNS服务
• Windows 10 中，可以使用 PowerShell 添加打印和文件服务的角色功能组件，包括 Internet 打印客户端、LPD 打印服务和 LPR 端口监视器 PowerShell 添加打印机并创建新的 LPR 端口。以下是添加打印机和创建新端口的 PowerShell 命令在 Windows 10 中，可以使用 PowerShell 添加 LPR 兼容打印机。

域名 bind-DNS 服务器 bind DNS域名bind-dns服务器bind bind-dns 域名bind dns 服务器 域名linux dns 域名 服务器dns 域名dns bind9 mysql bind dns dns-lookup地址 域名lookup 顶级 域名bind 域名linux dns