智能DNS
對域名進行智能解析,能夠根據用戶端的IP的特點對相同域名解析為不同的IP。
用到DNS裡的視圖(view)功能:
類似于程式設計語言的if語句
if [ IP == "中國電信的IP" ];then
把域名解析電信機房的伺服器的IP
elif [ IP == "網通IP" ];then
把域名解析網通機房的伺服器的IP
else
預設傳回電信機房的IP
fi
DNS視圖:
view
準備:
靜态IP
FQDN的主機名
綁定hosts檔案
安裝:
# yum install bind bind-chroot -y
一、建立IP清單
# vim /var/named/chroot/var/named/chinanet
acl chinanet {
10.1.1.101;
10.1.1.233;
10.1.1.110;
10.1.1.156;
10.1.1.123;
};
# vim /var/named/chroot/var/named/cnc
acl cnc {
10.1.1.1;
10.1.1.21;
10.1.1.22;
10.1.1.60;
10.1.1.175
10.1.1.50;
172.16.196.1;
172.16.196.2;
二、建立配置檔案
# vim /var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named"; <---鎖定之後,chroot之後的“/”
allow-query { any; };
include "cnc";<----通路清單: IP清單
include "chinanet";
view china_net {
match-clients { chinanet; }; <--- "chinanet" 是acl的名字
zone "upl.com." IN {
type master;
file "data/chinanet.upl.com.zone";
view china_cnc {
match-clients { cnc; };
file "data/cnc.upl.com.zone";
view other {
match-clients { any; };
file "data/other.upl.com.zone";
三、分别建立三個視圖對應的區的定于檔案
# vim /var/named/chroot/var/named/data/chinanet.upl.com.zone
$TTL 86400
@ IN SOA upl.com. root. (
2013022201
2M
1M
1D
1H )
@ IN NS www.upl.com.
www IN A 10.1.1.21
bbs IN A 10.1.1.10
# vim /var/named/chroot/var/named/data/cnc.upl.com.zone
bbs IN A 10.1.1.11
# vim /var/named/chroot/var/named/data/other.upl.com.zone
bbs IN A 10.1.1.12
# service named start
用戶端去測試:
用戶端的DNS必須指向我們自己配置的DNS伺服器的IP
# vim /etc/resolv.conf
nameserver 10.1.1.21
# nslookup bbs.upl.com 《---- 不同網段的用戶端解析bbs.upl.com傳回不同的IP
例子:如何在視圖的配置下增加一個DNS從伺服器
一、在主DNS伺服器上生成一個key
# rndc-confgen -a -c /etc/rndc.key
# cat /etc/rndc.key
# cat /var/named/chroot/etc/rndc.key 保證兩個檔案内容都一樣
key "rndc-key" {
algorithm hmac-md5;
secret "PIeY8PMHKStmytRUnk2GCw==";
listen-on-v6 port 53 { any; };
directory "/var/named";
include "/etc/rndc.key";
include "cnc";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
match-clients { chinanet;10.1.1.17; };
allow-transfer { key "rndc-key"; }; <--隻要是能夠提供正确密鑰,都能下載下傳區域檔案成為從DNS伺服器
match-clients { cnc;10.1.1.18; };
allow-transfer { key "rndc-key"; };
二、配置從DNS
IP、FQDN、hosts
必須給從DNS安排3個IP
10.1.1.17模拟成電信IP
10.1.1.18模拟網通的IP
10.1.1.19模拟其他網絡的IP
主、從之間時間要同步
# ntpdate 10.1.1.21
# ifconfig eth0 10.1.1.17 netmask 255.255.255.0
# ifconfig eth0:1 10.1.1.18 netmask 255.255.255.0
# ifconfig eth0:2 10.1.1.19 netmask 255.255.255.0
1、安裝軟體包 bind , bind-chroot
2、在Master(主DNS)上下載下傳key檔案/etc/rndc.key
# rsync -alvR 10.1.1.21:/var/named/chroot/etc/rndc.key /
# rsync -alvR 10.1.1.21:/etc/rndc.key /
如果不下載下傳,可以直接把這個key檔案的内容寫在主配置中
3、下載下傳IP清單檔案,應該和master一樣
# rsync -alvR 10.1.1.21:/var/named/chroot/var/named/chinanet /
# rsync -alvR 10.1.1.21:/var/named/chroot/var/named/cnc /
4、配置從DNS的配置檔案
match-clients { chinanet;};
transfer-source 10.1.1.17;
type slave;
file "slave/chinanet.upl.com.zone";
masters { 10.1.1.21 key "rndc-key"; };
transfer-source 10.1.1.18;
file "slave/cnc.upl.com.zone";
transfer-source 10.1.1.19;
file "slave/other.upl.com.zone";
# mkdir /var/named/chroot/var/named/slave
# chown named:named /var/named/chroot/var/named/slave
本文轉自crazy_charles 51CTO部落格,原文連結:http://blog.51cto.com/douya/1243780,如需轉載請自行聯系原作者