DNS-07-视图
实验环境
ns1.magedu.com eth0:172.18.71.101/24 eth1:192.168.1.101/24 CentOS-6.7-x86_64 telecom 172.18.71.102/24 CentOS-7.2-x86_64 测试机 unicom 192.168.1.102/24 CentOS-7.2-x86_64 测试机
iptables与SELinux均处于关闭状态。
安装bind
[[email protected] ~]# yum install -y bind bind-libs bind-utils
首先,修改主配置文件/etc/named.conf,注释掉仅允许本机查询请求和dnssec(可能影响实验结果),并在监听地址列表中增加各自向外部提供服务的IP地址。
options {
listen-on port 53 { 127.0.0.1; 172.18.71.101; 192.168.1.101; };
...
//allow-query { localhost; };
...
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
...
};
配置视图
配置一个正向区域magedu.com,但此区域分为两个视图telecom和unicom。即内部网络客户端的解析请求对应视图telecom,外部网络客户端的解析请求对应视图unicom。
注意:when using ‘view‘ statements, all zones must be in views。即使用视图时,所有的区域都必要包含在视图中。所以首先要禁用掉/etc/named.rfc1912.zones文件中定义的区域,然后在各视图中都要加入根区域定义(非视图中定义区域的解析请求要找根区域去迭代查询)。
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 172.18.71.101; 192.168.1.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
acl telecom {
172.18.71.0/24;
};
acl unicom {
172.18.71.0/24;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "telecom" {
match-clients { telecom; };
zone "magedu.com" IN {
type master;
file "magedu.com/telecom";
allow-update { none; };
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "unicom" {
match-clients { unicom; };
zone "magedu.com" IN {
type master;
file "magedu.com/unicom";
allow-update { none; };
};
zone "." IN {
type hint;
file "named.ca";
};
};
//include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
通过测试机telecom测试的结果是
[[email protected] ~]# dig -t A www.magedu.com @172.18.71.101 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A www.magedu.com @172.18.71.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44948 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.com. IN A ;; ANSWER SECTION: www.magedu.com. 86400 IN A 172.18.71.101 ;; AUTHORITY SECTION: magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 172.18.71.101 ;; Query time: 1 msec ;; SERVER: 172.18.71.101#53(172.18.71.101) ;; WHEN: Sat Apr 09 22:31:36 CST 2016 ;; MSG SIZE rcvd: 93
通过测试机unicom测试的结果是
[[email protected] ~]# dig -t A www.magedu.com @192.168.1.101 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A www.magedu.com @192.168.1.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46636 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.magedu.com. IN A ;; ANSWER SECTION: www.magedu.com. 86400 IN A 192.168.1.101 ;; AUTHORITY SECTION: magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.1.101 ;; Query time: 0 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Apr 09 22:35:35 CST 2016 ;; MSG SIZE rcvd: 93
结论
所以视图的作用是可以根据客户端来源的不同给出不同的解析结果,这样便可以实现将用户解析到响应速度最快的服务器上去提供服务,这便是智能解析。
时间: 2024-11-15 06:35:58