1.通过dns分离技术解析www.qq.com主机ip地址,实现通过内网主机解析为内网服务主机,外网主机解析到外网主机。
博主只用两台Linux主机,有条件的用三台Linux主机
#服务端(ip:192.168.164.128)
1.在服务端主机安装服务包并启动dns,关闭防火墙和selinux(博主的上一个博客有教程)
2.更改配置自定义解析域(删完配置,添加以下几行代码)
[root@localhost ~]
options {
listen-on port 53 { 192.168.164.128; };
directory "/var/named";
allow-query { any; };
};
acl"外网"{ 192.168.164.129; }; //可写某个网段
acl"内网"{ 192.168.164.128; }; //同上
view"内网"{
match-clients{"内网";};
zone "qq.com" IN {
type master;
file "named.qq.com";
notify yes;
};
};
view"外网"{
match-clients{"外网";};
zone "qq.com" IN {
type master;
file "named.qq1.com";
};
};
正向解析文件(区域数据文件)资源记录包含的元素:
[root@localhost ~]
;主机名 TTL Class Type(SOA) 数据
$TTL 1D
@ IN SOA @ admin.admin.com. (
2021071501 ;版本号
1D ;检查时间
3D ;重试时间
1D ;过期时间
3D ) ;否定答案的缓存时长
IN NS dns.qq.com.
dns IN A 192.168.164.128
www IN A 192.168.164.111 //内网所解析的IP
wwww IN CNAME www //别名:wwww也能访问www
[root@localhost ~]
;lass Type(SOA) 数据
$TTL 1D
@ IN SOA @ admin.admin.com. (
2021071501 ;版本号
1D ;检查时间
3D ;重试时间
1D ;过期时间
3D ) ;否定答案的缓存时长
IN NS dns.qq.com.
dns IN A 192.168.164.128
www IN A 192.168.164.222 //外网所解析的IP
wwww IN CNAME www
3.重启dns服务
[root@localhost ~]
#客户端
1.关闭防火墙和selinux(博主的上一个博客有教程)
#测试
ip:192.168.164.128(内网网段或者内网所指定的ip)的Linux主机
[root@localhost ~]
> server 192.168.164.128
Default server: 192.168.164.128
Address: 192.168.164.128
> www.qq.com
Server: 192.168.164.128
Address: 192.168.164.128
Name: www.qq.com
Address: 192.168.164.111 //同配置中的IP一致
>
ip:192.168.164.129(外网网段或者外网所指定的ip)的Linux主机
[root@localhost ~]
> server 192.168.164.128
Default server: 192.168.164.128
Address: 192.168.164.128
> www.qq.com
Server: 192.168.164.128
Address: 192.168.164.128
Name: www.qq.com
Address: 192.168.164.222 //同配置中的IP一致
>
2.配置A和B主机实现免密登录
#A主机(持有私有密钥)
创建密钥对
[root@localhost ~]
Generating public/private RSA key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7gAJ5L+X5JlS0M4YjATqpOcaRy84izl/wr6LSIFUyFM root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|o.=E |
|.B.o . |
|.o= + . |
|* o B |
|ooo = = S |
| =.. * = |
|+o+ + B . |
|=Oo..o o |
|B+== . |
+----[SHA256]-----+
查看密钥对
[root@localhost ~]
[root@localhost .ssh]
total 8
-rw-------. 1 root root 2610 Jul 15 08:13 id_rsa
-rw-r--r--. 1 root root 580 Jul 15 08:13 id_rsa.pub
将第二种公钥发给B主机(执行下面语句未成功则在B主机创建 /root/.ssh文件目录)
[root@localhost .ssh]
The authenticity of host '192.168.164.129 (192.168.164.129)' can't be established.
ECDSA key fingerprint is SHA256:ofC5setqG73YZCORhueuI3kvptG14OsdmwRx0cKpsOc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.164.129' (ECDSA) to the list of known hosts.
root@192.168.164.129's password:
id_rsa.pub 100% 580 801.2KB/s 00:00
[root@localhost .ssh]
#B主机(持有公有密钥)
查看A主机所发的公钥
[root@localhost ~]
total 4
-rw-r--r--. 1 root root 580 Jul 15 08:20 authorized_keys
#测试
[root@localhost .ssh]
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Thu Jul 15 06:58:04 2021 from 192.168.164.1
|