免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 7710 | 回复: 4

[DNS] 求助:内网搭建DNS服务器解析外网域名问题 [复制链接]

论坛徽章:
0
发表于 2008-03-11 10:24 |显示全部楼层
我们单位的局域网 网关是192.168.1.1,网站服务器在内网ip是192.168.1.2通过网关NAT成外网ip:221.7.23.41,对外申请了一级域名www.abc.com指向221.7.23.41,在局域网以外的电脑可以通过www.abc.com正常访问我们单位的网站。

但是局域网内电脑使用,无法通过www.abc.com访问网站,因为网通的DNS服务器221.7.34.10
,把www.abc.com解析成了外网ip,

所以我用bind在能网搭建了一个DNS服务器,ip是192.168.1.3,用来在局域网内解析www.abc.com为它的内网ip地址:192.168.1.2,这样外网用户可以访问www.abc.com的同时,内网用户也可以使用www.abc.com访问单位网站了,

现在的问题是,内网用户如果使用内网DNS192.168.1.3,就无法解析其他外部域名了,比如www.163.com

查了一些资料,说可以做DNS转发,修改内网DNS配置named.conf


forward First;


forwarders {
221.7.34.10;
};


现在内网用户可以通过内网DNS解析外部域名了,问题是有时候解析www.abc.com为外网ip,

怎么设置才能让局域网内用户只使用内网DNS(192.168.1.3)既可以在内网解析www.abc.com为内网ip(192.168.1.2)又可以解析外网域名,

也就是说让内网DNS(192.168.1.3)先解析域名,解析不了的域名,再转发到外网DNS上解析。

[ 本帖最后由 北回归客 于 2008-3-11 10:27 编辑 ]

论坛徽章:
0
发表于 2008-03-11 10:38 |显示全部楼层
请将192.168.1.3上named的配置贴出来。

论坛徽章:
0
发表于 2008-03-11 10:45 |显示全部楼层

named的配置

// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27 dougb Exp $
//
// Refer to the named.conf(5) and named( man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works.  Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.

options {
        directory       "/etc/namedb";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
        listen-on       { 192.168.1.3; };

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver.  To give access to the network, specify
// an IPv6 address, or the keyword "any".
//      listen-on-v6    { ::1; };

// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
      forward First;

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
        forwarders {
                221.7.23.41;
        };
*/
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND versions 8 and later
         * use a pseudo-random unprivileged UDP port by default.
         */
        // query-source address * port 53;
};

// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "master/localhost.rev";
};

// RFC 3152
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
        type master;
        file "master/localhost-v6.rev";
};

// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example slave zone config entries.  It can be convenient to become
// a slave at least for the zone your own domain is in.  Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to set up a primary zone, make sure you fully
// understand how DNS and BIND works.  There are sometimes
// non-obvious pitfalls.  Setting up a slave zone is simpler.
//
// NB: Don't blindly enable the examples below.   Use actual names
// and addresses instead.

/* An example master zone
zone "example.net" {
        type master;
        file "master/example.net";
};
*/


zone "abc.com"{
        type master;
        file "master/abc.com";
};




/* An example dynamic zone
key "exampleorgkey" {
        algorithm hmac-md5;
        secret "sf87HJqjkqh8ac87a02lla==";
};
zone "example.org" {
        type master;
        allow-update {
                key "exampleorgkey";
        };
        file "dynamic/example.org";
};
*/

/* Examples of forward and reverse slave zones
zone "example.com" {
        type slave;
        file "slave/example.com";
        masters {
                192.168.1.1;
        };
};
zone "1.168.192.in-addr.arpa" {
        type slave;
        file "slave/1.168.192.in-addr.arpa";
        masters {
                192.168.1.1;
        };
};
*/

论坛徽章:
0
发表于 2008-03-11 12:02 |显示全部楼层

回复 #1 北回归客 的帖子

试试:

  1. zone "abc.com"{
  2.         type master;
  3.         file "master/abc.com";
  4.         forwarders {};
  5. };
复制代码

论坛徽章:
1
IT运维版块每日发帖之星
日期:2016-06-03 06:20:00
发表于 2016-05-23 23:48 |显示全部楼层
有做成功了没?求教啊 。qq1873006653
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

SACC2019中国系统架构师大会

【数字转型 架构演进】SACC2019中国系统架构师大会,8.5折限时优惠重磅来袭!
2019年10月31日~11月2日第11届中国系统架构师大会(SACC2019)将在北京隆重召开。四大主线并行的演讲模式,1个主会场、20个技术专场、超千人参与的会议规模,100+来自互联网、金融、制造业、电商等领域的嘉宾阵容,将为广大参会者提供一场最具价值的技术交流盛会。

限时8.5折扣期:2019年9月30日前


----------------------------------------

大会官网>>
  

北京盛拓优讯信息技术有限公司. 版权所有 16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122
中国互联网协会会员  联系我们:huangweiwei@it168.com
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP