Current status: internal DNS server 192.168.100.68, now the selected level of the domain name locala.net, unified use outside the company's existing network client 192.168.99.99 DNS server, now the company operations staff will have access to * locala.net request (ns record) all point to 192.168.100.68, phenomenon is the ping, locala.net, a.locala.net and b.locala.net all return 192.168.100.68, if visit a.locala.net/help can successfully display content (like 192.168.100.68/help),
Problem: due to the frequent during testing may need to create/delete secondary domain name, such as a.locala.net, b.locala.net, and resolve to make the client visit a.locala.net Intranet server such as 192.168.100.1, b.locala.net parsing to 100.2, and so on, I added the role of on 192.168.100.68 DNS server, but no matter how the configuration, the end result is still *. Locala.net 192.168.100.68 request all orientation, and only when the client will not happen when using internal DNS I need of that kind of distribution, excuse me each expert, if must use the company network of DNS (192.168.99.99), should be how to configure the DNS service on the 192.168.100.68, can realize arbitrary secondary DNS to network with other servers,
CodePudding user response:
Outside the net match main domain DNS, forwarded to the network to match the secondary domain name?CodePudding user response:
Yesterday, you will see this problem, too much trouble to explain, there has been no answer, now just a little time, probably the way,First of all, DNS service must need a DNS server to provide, accept client parse domain name request, to return to the corresponding IP (also have a reverse DNS),
Suppose I bought a top level domain name locala.net in nets, this represents a, I can modify the domain records, such as a.locala.net to parse 192.168.100.1,
1. Is the most widely approach, self-built DNS server, I don't directly in the nets of domain name management background maintenance resolution records (censored) increasing, the DNS service is provided by the server nets, DNS resolution records stored in nets on the server;
2. I can also build a DNS server (meet two conditions: I have a fixed IP networks outside, such as 111.222.33.44, and release DNS service port can let other people to access), to the registrar to change the management of the domain name server IP to my own this 111.222.33.44 , I the self-built became the authority of the locala.net server, parse no longer provided by nets, nets only when everyone else parsing to conduct the request to the server, I
The two is the situation of the public (users in the Internet), in addition to a situation, I can take a DNS server (as an authority on the server, or pretend to be authoritative server), only for fixed a few records for the client, the rest of the let the client to public DNS server parse (this is called forward DNS), the application is available in the public can also be used in the private network, such as I want to be in local area network (LAN) build a web site, with a domain name is www.baidu.com, you can use this method implementation), so, of course, you may also see, this scheme is one of the purposes of DNS hijacking,
Generally need to connected to the client, one in the TCP/IP Settings is a DNS server address (such as common 8.8.8.8 114.114.114.114), the client during moments of domain name request parse results to the DNS server, DNS server found himself no record, step by step to the root server (root domain to top-level domain to the direction of the secondary domain) analytical results and returned to the client request (this is called recursive analysis); There is another model, called iterative parsing, when the DNS server found no record, directly to return to the client another DNS server address, let the client to contact, all the way down until the final parse out,
When you say, your test problems: in fact is not the problem you met, the result is you should have normal results under the current configuration, your confusion is the DNS server and DNS as a result, resolve the DNS IP, is the end result, the whole analytical process is over, will not continue to parse,
Analysis: the DNS server is 192.168.99.99, record is a.locala.net, parsed into 192.168.100.68;
Client when using TCP port 5000 to the abc.com (real business, website, socket), as long as the DNS server is A, will return to normal 192.168.100.68, at this time the client after getting the result of parsing is happily directly access 192.168.100.68 port 5000, in short, you ask 192.168.99.99 for a.locala.net, it also tells you 192.168.100.68, that's all, although you built on 192.168.100.68 DNS service, if you careful recall the whole process will find that the DNS service on the 192.168.100.68 don't have A chance,
So
1. Either on 192.168.99.99 locala.net request for forward DNS , turn on 192.168.100.68 (need to be able to be accessed by 192.168.99.99 DNS port)
2. Either directly to your client's DNS server show 192.168.100.68
3. Either directly on the 192.168.99.99 maintaining locala.net domain DNS records,
Finally, the test advice I give is this:
1. Directly to the test in the end HOSTS file (C: \ Windows \ system32 \ drivers \ etc \ HOSTS or/etc/HOSTS) to add the corresponding analytical record, this is the most convenient and the quickest method, simple maintenance, and there won't be cached interference, maintain the machine HOSTS records can even write a program to do, it is more convenient,
2. A little time, if the client in the network, can also be trying to build the DNS server parse locala.net, all requests are forwarded to the normal left the DNS server, will test the DNS is set to build the DNS server (many routers take hijacked the function of the domain name directly, recommend you to read the instruction if there is a name similar to DNS mapping, the function of the custom DNS records), the plan, need to modify the DNS records later, the client to clear your own DNS cache (ipconfig/flushdns), before you test fails,
Other at sixes and sevens scheme without consideration,