dns-view （分网段智能解析）(未成)

dns-view （分网段智能解析）

对传统dns而言，添加了acl和view，可使不同的ip或网段解析同一域名得出不同的结果，在安全上和负载均衡上能起到一定的作用

# mount /dev/cdrom /media/cdrom
# cd /media/cdrom/Server
# rpm -ivh bind-9.3.6-4.p1.el5_4.2.i386.rpm
# rpm -ivh bind-utils-9.3.6-4.p1.el5_4.2.i386.rpm
# rpm -ivh bind-chroot-9.3.6-4.p1.el5_4.2.i386.rpm
# rpm -ivh caching-nameserver-9.3.6-4.p1.el5_4.2.i386.rpm

# vi /var/named/chroot/etc/named.conf

acl internal {
       192.168.1.0/24;
};

acl external {
        172.16.0.0/24
};

options {
       directory  "/var/named";

       forwarders {192.168.1.1;};
};

view internal {
       match-clients {192.168.1.10;};
       zone "yang.com" IN {
                    type master;
                    file "yang.com.zone";
                   
};
     zone "10.1.168.192.in-addr.arpa" IN {
                    type master;
                    file "192.168.1.10.arpa";
                   
};

};

view external {
       matchclients {!192.168.1.10;192.168.1.12;};            (不用1.10解析，用1.12解析)
      zone "yang.com" IN {
                    type master;
                    file "ming.com.zone";
                   
};

  zone "12.1.168.192.in-addr.arpa" IN {
                    type master;
                    file "192.168.1.12.arpa";
                   
};

};

:wq

# chown named /var/named/chroot/etc/named.conf
# vi  /var/named/chroot/var/named/yang.com.zone

$TTL 86400
@ IN SOA yang.com.    ns1.yang.com. (
                      2009022001
                      4H
                      30M
                      12H
                      1D
)

@     IN          NS             ns1.yang.com.

      IN          NS             192.168.1.10

mail     IN          MX     10      mail.yang.com.

ns1   IN          A              192.168.1.10
mail  IN          A              192.168.1.10
www   IN          A              192.168.1.10
study  IN         A              192.168.1.10
*      IN         A              192.168.1.10

:wq

# chown named /var/named/chroot/var/named/yang.com.zone

# vi /var/named/chroot/var/named/192.168.1.10.arpa

$TTL 86400
@ IN SOA yang.com.   ns1.yang.com. (
                    2009022002
                    4H
                    30M
                    12H
                    1D
)

          IN     NS      ns1.yang.com.

          IN     A        192.168.1.10
        IN     PTR     www.yang.com.

:wq

# chown named  /var/named/chroot/var/named/192.168.1.10.arpa

# vi  /var/named/chroot/var/named/ming.com.zone

$TTL 86400
@ IN SOA yang.com.    ns1.yang.com. (
                      2009022001
                      4H
                      30M
                      12H
                      1D
)

@     IN          NS             ns1.yang.com.

      IN          NS             192.168.1.12

mail     IN          MX     10      mail.yang.com.

ns1   IN          A              192.168.1.12
mail  IN          A              192.168.1.12
www   IN          A              192.168.1.12
study  IN         A              192.168.1.12
*      IN         A              192.168.1.12

:wq

# chown named /var/named/chroot/var/named/yang.com.zone

# vi /var/named/chroot/var/named/192.168.1.10.arpa

$TTL 86400
@ IN SOA yang.com.   ns1.yang.com. (
                    2009022002
                    4H
                    30M
                    12H
                    1D
)

          IN     NS      ns1.yang.com.

          IN     A        192.168.1.12
        IN     PTR     www.yang.com.

:wq

# chown named  /var/named/chroot/var/named/192.168.1.12.arpa

# service named restart

 
注：192.168.1.12上也要做dns的，传统dns即可。

本文转自linux博客51CTO博客，原文链接http://blog.51cto.com/yangzhiming/863882如需转载请自行联系原作者

yangzhimingg