使用bind软件搭建智能DNS文档配置/etc/named.conf配置文件内容:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
acl CN {
10.0.0.0
/16
;
127.0.0.1
/8
;
};
acl US {
10.1.0.0
/16
;
};
acl RU {
10.2.0.0
/16
;
};
options {
listen-on port 53 { 127.0.0.1; 10.0.0.200; };
#listen-on-v6 { none; };
directory
"/var/named"
;
dump-
file
"/var/named/data/cache_dump.db"
;
statistics-
file
"/var/named/data/named_stats.txt"
;
memstatistics-
file
"/var/named/data/named_mem_stats.txt"
;
allow-query { 127.0.0.1; 10.0.0.0
/8
; };
#allow-transfer { 10.0.0.200; };
forward first;
forwarders {
8.8.8.8;
8.8.4.4;
};
interface-interval 30;
recursion
yes
;
dnssec-
enable
no;
dnssec-validation no;
dnssec-lookaside auto;
bindkeys-
file
"/etc/named.iscdlv.key"
;
managed-keys-directory
"/var/named/dynamic"
;
pid-
file
"/run/named/named.pid"
;
session-keyfile
"/run/named/session.key"
;
};
logging {
# channel default_debug {
# file "data/named.run";
# severity dynamic;
# };
channel default-log {
file
"/var/log/named/named_default.log"
versions 10 size 200m;
severity info;
print-
time
yes
;
};
channel lamer-log {
file
"/var/log/named/named_lamer.log"
versions 3 size 100m;
severity info;
print-severity
yes
;
print-
time
yes
;
print-category
yes
;
};
channel query-log {
file
"/var/log/named/named_query.log"
versions 10 size 1000m;
severity info;
print-
time
yes
;
};
channel security-log {
file
"/var/log/named/named_security.log"
versions 3 size 100m;
severity info;
print-severity
yes
;
print-
time
yes
;
print-category
yes
;
};
category lame-servers { lamer-log; };
category security{ security-log;}; category queries { query-log;};
category default { default-log;};
};
#view "." {
# match-clients { CN;US;RU };
# zone "." IN {
# type hint;
# file "named.ca";
# };
#};
include
"/etc/named.rfc1912.zones"
;
include
"/etc/named.root.key"
;
|
文件/etc/named.rfc1912.zones内容:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
zone
"localhost"
IN {
type
master;
file
"named.localhost"
;
allow-update { none; };
};
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type
master;
file
"named.loopback"
;
allow-update { none; };
};
zone
"1.0.0.127.in-addr.arpa"
IN {
type
master;
file
"named.loopback"
;
allow-update { none; };
};
zone
"0.in-addr.arpa"
IN {
type
master;
file
"named.empty"
;
allow-update { none; };
};
zone
"domain.com"
IN {
type
master;
file
"domain.com.zone"
;
};
#zone "0.0.10.in-addr.arpa" IN {
# type master;
# file "10.0.0.zone";
#};
};
view CN {
match-clients { 10.0.0.0
/16
; 127.0.0.1
/8
; };
zone
"localhost.localdomain"
IN {
type
master;
file
"named.localhost"
;
allow-update { none; };
};
view US {
match-clients { 10.0.1.0
/16
};
zone
"domain.com"
IN {
type
master;
file
"domain.com.us"
;
};
};
view RU {
match-clients { 10.2.0.0.
/16
; };
zone
"domain.com"
IN {
type
master;
file
"domain.com.ru"
;
};
};
|
在配置智能DNS的时候主要的配置区域是view,配置对应于相同的acl即可。
然后在/var/named/目录下新建各个区域的DNS解析文件。
配置各个区域的文件DNS的时候和配置DNS文件一致。
配置一个主DNS,然后在各个区域配置一个从DNS。master-slaver的形式同步更能达到效果。
本文转自ting2junshui51CTO博客,原文链接: http://blog.51cto.com/ting2junshui/1945287,如需转载请自行联系原作者
