15、DNS视图学习笔记-阿里云开发者社区

15、DNS视图学习笔记

2017-11-10 851

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介：

view 视图，逻辑的DNS服务器，不一样的请求有意返回不一样的值

目标：120段解析返回120段的IP，其他解析返回130段IP

1、安装bind

[root@localhost ~]# yum -y install bind

2、配置主配置文件

[root@localhost ~]# sed "/^\//d" /etc/named.conf

options {

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { 192.168.0.0/16; };

recursion yes;

/* Path to ISC DLV key */

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

include "/etc/named.rfc1912.zones";

3、配置区域数据文件

[root@localhost ~]# sed "/^\//d" /etc/named.rfc1912.zones

view net120 {

match-clients { 192.168.120.0/24; };

zone "." IN {

type hint;

file "named.ca";

};

zone "localhost.localdomain" IN {

type master;

file "named.localhost";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "named.localhost";

allow-update { none; };

};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

zone "1.0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.empty";

allow-update { none; };

};

zone "kaiyuandiantang.com" IN {

type master;

file "kaiyuandiantang.com.net120";

};

view net130 {

match-clients { any; };

zone "kaiyuandiantang.com" IN {

type master;

file "kaiyuandiantang.com.net130";

};

[root@localhost ~]#

4、配置数据库文件

[root@localhost named]# cat kaiyuandiantang.com.net120

$TTL 600

@ IN SOA ns1.kaiyuandiantang.com. admin.kaiyuandiantang.com. (

2017090801

12H

)

IN NS ns1

IN MX 10 mail

ns1 IN A 192.168.130.120

mail IN A 192.168.120.10

www IN A 192.168.120.20

[root@localhost named]#

[root@localhost named]# cat kaiyuandiantang.com.net130

$TTL 600

@ IN SOA ns1.kaiyuandiantang.com. admin.kaiyuandiantang.com. (

2017090801

12H

)

IN NS ns1

IN MX 10 mail

ns1 IN A 192.168.130.120

mail IN A 192.168.130.10

www IN A 192.168.130.20

[root@localhost named]#

5、修改权限启动服务

[root@localhost named]# chown root:named kaiyuandiantang.com.net1*

[root@localhost named]# chmod 640 kaiyuandiantang.com.net1*

[root@localhost named]# named-checkconf

[root@localhost named]# named-checkzone kaiyuandiantang.com kaiyuandiantang.com.net120

zone kaiyuandiantang.com/IN: loaded serial 2017090801

[root@localhost named]# named-checkzone kaiyuandiantang.com kaiyuandiantang.com.net130

zone kaiyuandiantang.com/IN: loaded serial 2017090801

[root@localhost named]# service named start

Generating /etc/rndc.key: [ OK ]

Starting named: [ OK ]

[root@localhost named]# tail /var/log/messages

Sep 8 16:41:44 localhost named[3202]: zone 0.in-addr.arpa/IN/net120: loaded serial 0

Sep 8 16:41:44 localhost named[3202]: zone 1.0.0.127.in-addr.arpa/IN/net120: loaded serial 0

Sep 8 16:41:44 localhost named[3202]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/net120: loaded serial 0

Sep 8 16:41:44 localhost named[3202]: zone kaiyuandiantang.com/IN/net120: loaded serial 2017090801

Sep 8 16:41:44 localhost named[3202]: zone localhost.localdomain/IN/net120: loaded serial 0

Sep 8 16:41:44 localhost named[3202]: zone localhost/IN/net120: loaded serial 0

Sep 8 16:41:44 localhost named[3202]: managed-keys-zone ./IN/net120: loaded serial 0

Sep 8 16:41:44 localhost named[3202]: zone kaiyuandiantang.com/IN/net130: loaded serial 2017090801

Sep 8 16:41:44 localhost named[3202]: managed-keys-zone ./IN/net130: loaded serial 0

Sep 8 16:41:44 localhost named[3202]: running

[root@localhost named]#

6、测试

在120段测试

[root@localhost ~]# dig -t A www.kaiyuandiantang.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -t A www.kaiyuandiantang.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7067

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;www.kaiyuandiantang.com. IN A

;; ANSWER SECTION:

www.kaiyuandiantang.com. 600 IN A 192.168.120.20

;; AUTHORITY SECTION:

kaiyuandiantang.com. 600 IN NS ns1.kaiyuandiantang.com.

;; ADDITIONAL SECTION:

ns1.kaiyuandiantang.com. 600 IN A 192.168.130.120

;; Query time: 8 msec

;; SERVER: 192.168.130.120#53(192.168.130.120)

;; WHEN: Fri Sep 8 16:44:23 2017

;; MSG SIZE rcvd: 91

[root@localhost ~]#

在130段测试

[root@localhost named]# dig -t A www.kaiyuandiantang.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.kaiyuandiantang.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32502

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.kaiyuandiantang.com. IN A

;; ANSWER SECTION:

www.kaiyuandiantang.com. 600 IN A 192.168.130.20

;; AUTHORITY SECTION:

kaiyuandiantang.com. 600 IN NS ns1.kaiyuandiantang.com.

;; ADDITIONAL SECTION:

ns1.kaiyuandiantang.com. 600 IN A 192.168.130.120

;; Query time: 0 msec

;; SERVER: 192.168.130.120#53(192.168.130.120)

;; WHEN: Fri Sep 8 16:43:37 2017

;; MSG SIZE rcvd: 91

[root@localhost named]#

本文转自开源殿堂 51CTO博客，原文链接：http://blog.51cto.com/kaiyuandiantang/1964393，如需转载请自行联系原作者

15、DNS视图学习笔记

DNS软件服务

热门文章

最新文章

相关产品

相关课程

相关电子书

相关实验场景

推荐镜像

15、DNS视图 学习笔记

DNS软件服务

热门文章

最新文章

相关产品

相关课程

相关电子书

相关实验场景

推荐镜像

15、DNS视图学习笔记