![nixsky[www.nixsky.com]](/templets/images/toplogo.gif)
用bind9构架自动根据来源ip动态解析的智能主、辅DNS
来源:
作者:
时间:2007-03-24
点击:
然后,我们需要在主DNS的named.conf中设置view,以及添加区域,如下
named.conf
//
// named.conf for Red Hat caching-nameserver
//
options {
directory \\\"/var/named\\\"; //设置工作目录
dump-file \\\"/var/named/data/cache_dump.db\\\";
statistics-file \\\"/var/named/data/named_stats.txt\\\";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
directory \\\"/var/named\\\"; //设置工作目录
dump-file \\\"/var/named/data/cache_dump.db\\\";
statistics-file \\\"/var/named/data/named_stats.txt\\\";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone \\\"localdomain\\\" IN {
type master;
file \\\"localdomain.zone\\\";
allow-update { none; };
};
type master;
file \\\"localdomain.zone\\\";
allow-update { none; };
};
zone \\\"0.0.127.in-addr.arpa\\\" IN {
type master;
file \\\"named.local\\\";
allow-update { none; };
};
type master;
file \\\"named.local\\\";
allow-update { none; };
};
zone \\\"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\\\" IN {
type master;
file \\\"named.ip6.local\\\";
allow-update { none; };
};
type master;
file \\\"named.ip6.local\\\";
allow-update { none; };
};
zone \\\"255.in-addr.arpa\\\" IN {
type master;
file \\\"named.broadcast\\\";
allow-update { none; };
};
type master;
file \\\"named.broadcast\\\";
allow-update { none; };
};
include \\\"/etc/rndc.key\\\";
include \\\"/var/named/acl.conf\\\"; //包含acl.conf
view \\\"view_cnc\\\" {
match-clients { CNC;202.194.15.3; }; //view cnc使用202.194.15.3来传输
zone \\\"sdada.edu.cn\\\" {
type master;
file \\\"/var/named/cnc.sdada.edu.cn.hosts\\\";
allow-transfer { 202.194.15.3; };
};
};
view \\\"view_any\\\" { //view any使用202.194.15.2来传输
match-clients { any; };
zone \\\"sdada.edu.cn\\\" {
type master;
file \\\"/var/named/edu.sdada.edu.cn.hosts\\\";
allow-transfer { 202.194.15.2; };
};
};
include \\\"/var/named/acl.conf\\\"; //包含acl.conf
view \\\"view_cnc\\\" {
match-clients { CNC;202.194.15.3; }; //view cnc使用202.194.15.3来传输
zone \\\"sdada.edu.cn\\\" {
type master;
file \\\"/var/named/cnc.sdada.edu.cn.hosts\\\";
allow-transfer { 202.194.15.3; };
};
};
view \\\"view_any\\\" { //view any使用202.194.15.2来传输
match-clients { any; };
zone \\\"sdada.edu.cn\\\" {
type master;
file \\\"/var/named/edu.sdada.edu.cn.hosts\\\";
allow-transfer { 202.194.15.2; };
};
};
然后我们分别设置cnc.sdada.edu.cn.hosts和edu.sdada.edu.cn.hosts这两个记录文件。
cnc.sdada.edu.cn.hosts
cnc.sdada.edu.cn.hosts
$ttl 38400
sdada.edu.cn. IN SOA dns1.sdada.edu.cn. admin.sdada.edu.cn. (
1160617933
10800
3600
604800
38400 )
sdada.edu.cn. IN NS dns1.sdada.edu.cn.
sdada.edu.cn. IN NS dns2.sdada.edu.cn.
sdada.edu.cn. IN SOA dns1.sdada.edu.cn. admin.sdada.edu.cn. (
1160617933
10800
3600
604800
38400 )
sdada.edu.cn. IN NS dns1.sdada.edu.cn.
sdada.edu.cn. IN NS dns2.sdada.edu.cn.
@ A 218.56.57.125
@ MX 10 mail.sdada.edu.cn.
mail A 192.168.0.11
www A 218.56.57.125
@ MX 10 mail.sdada.edu.cn.
mail A 192.168.0.11
www A 218.56.57.125
edu.sdada.edu.cn.hosts
$ttl 38400
sdada.edu.cn. IN SOA dns1.sdada.edu.cn. admin.sdada.edu.cn. (
1160561482
10800
3600
604800
38400 )
sdada.edu.cn. IN NS dns1.sdada.edu.cn.
sdada.edu.cn. IN NS dns2.sdada.edu.cn.
sdada.edu.cn. IN SOA dns1.sdada.edu.cn. admin.sdada.edu.cn. (
1160561482
10800
3600
604800
38400 )
sdada.edu.cn. IN NS dns1.sdada.edu.cn.
sdada.edu.cn. IN NS dns2.sdada.edu.cn.
@ A 202.194.15.22
@ MX 10 mail.sdada.edu.cn.
mail A 192.168.0.11
www A 202.194.15.22
@ MX 10 mail.sdada.edu.cn.
mail A 192.168.0.11
www A 202.194.15.22
这样,重新启动Bind后,主DNS就生效了,网通用户输入www.sdada.edu.cn会自动访问218.56.57.125,而其他用户会访问202.194.15.22,我们还可以根据需要添加反向解析区域,这里不再作介绍。
然后需要设置辅助DNS,
辅助DNS只需要设置named.conf指定master,无须设置记录文件,它会从master自动同步。
辅助DNS只需要设置named.conf指定master,无须设置记录文件,它会从master自动同步。
named.conf
//
// named.conf for Red Hat caching-nameserver
//
// named.conf for Red Hat caching-nameserver
//
options {
directory \"/var/named\";
dump-file \"/var/named/data/cache_dump.db\";
statistics-file \"/var/named/data/named_stats.txt\";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
directory \"/var/named\";
dump-file \"/var/named/data/cache_dump.db\";
statistics-file \"/var/named/data/named_stats.txt\";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone \".\" IN {
type hint;
file \"named.ca\";
};
type hint;
file \"named.ca\";
};
zone \"localdomain\" IN {
type master;
file \"localdomain.zone\";
allow-update { none; };
};
type master;
file \"localdomain.zone\";
allow-update { none; };
};
zone \"localhost\" IN {
type master;
file \"localhost.zone\";
allow-update { none; };
};
type master;
file \"localhost.zone\";
allow-update { none; };
};
zone \"0.0.127.in-addr.arpa\" IN {
type master;
file \"named.local\";
allow-update { none; };
};
type master;
file \"named.local\";
allow-update { none; };
};
zone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN {
type master;
file \"named.ip6.local\";
allow-update { none; };
};
type master;
file \"named.ip6.local\";
allow-update { none; };
};
zone \"255.in-addr.arpa\" IN {
type master;
file \"named.broadcast\";
allow-update { none; };
};
type master;
file \"named.broadcast\";
allow-update { none; };
};
zone \"0.in-addr.arpa\" IN {
type master;
file \"named.zero\";
allow-update { none; };
};
type master;
file \"named.zero\";
allow-update { none; };
};
include \"/etc/rndc.key\";
include \"/var/named/acl.conf\"; //包含acl.conf
server 202.194.15.1 {
};
view view_cnc {
match-clients {
cnc;
};
zone \"sdada.edu.cn\" {
type slave;
masters {
202.194.15.1;
};
file \"/var/named/slaves/sdada.edu.cn.view_cnc.hosts\";
transfer-source 202.194.15.3; //view cnc使用202.194.15.3同步
};
};
view view_any {
match-clients {
any;
};
zone \"sdada.edu.cn\" {
type slave;
masters {
202.194.15.1;
};
file \"/var/named/slaves/sdada.edu.cn.view_any.hosts\";
transfer-source 202.194.15.2; //view any使用202.194.15.2同步
};
};
include \"/var/named/acl.conf\"; //包含acl.conf
server 202.194.15.1 {
};
view view_cnc {
match-clients {
cnc;
};
zone \"sdada.edu.cn\" {
type slave;
masters {
202.194.15.1;
};
file \"/var/named/slaves/sdada.edu.cn.view_cnc.hosts\";
transfer-source 202.194.15.3; //view cnc使用202.194.15.3同步
};
};
view view_any {
match-clients {
any;
};
zone \"sdada.edu.cn\" {
type slave;
masters {
202.194.15.1;
};
file \"/var/named/slaves/sdada.edu.cn.view_any.hosts\";
transfer-source 202.194.15.2; //view any使用202.194.15.2同步
};
};
设置完成后重启辅dns的Bind,很快就可以看到辅助dns已经分别同步到不同View的内容了。
我们可以分别在网通网和教育网上使用nslookup - 202.194.15.1和nslookup - 202.194.15.2分别测试两个DNS服务器的工作情况。
0
上一篇:没有了
下一篇:基于DNS的多机均衡负载的实现
下一篇:基于DNS的多机均衡负载的实现
最新评论共有 0 位网友发表了评论
查看所有评论
发表评论
Power by nixsky Copyright 2004-2008