CentOS7智能DNS
智能DNS:自動判斷訪問者的IP地址並解析出對應的IP地址,使網通用戶會訪問到網通服務器,電信用戶會訪問到電信服務器。
1. Bind軟件包安裝。
yum install -y bind
2. 修改Bind主配置文件。
vim /etc/named.conf
13 listen-on port 53 { 192.168.200.100; };
19 allow-query { any; };
刪除52-56行
52 zone "." IN {
53 type hint;
54 file "named.ca";
55 };
vim /etc/named.rfc1912.zones
view "dianxin" { #設置面向電信用戶的視圖
match-clients { dianxin_acl; }; #匹配來自電信的客戶端地址
zone "." IN {
type hint;
file "named.ca";
};
zone "a.com" IN {
type master;
file "a.com.dianxin"; #指向面向電信用戶的數據庫文件
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "192.168.200.dianxin";
#指向面向電信用戶的數據庫文件
};
};
view "wangtong" {
match-clients{ wangtong_acl; };
zone "." IN {
type hint;
file "named.ca";
};
zone "a.com" IN {
type master;
file "a.com.wangtong";
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "192.168.200.wangtong";
};
};
view "other" {
match-clients{ any; };
zone "." IN {
type hint;
file "named.ca";
};
zone "a.com" IN {
type master;
file "a.com.other";
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "192.168.200.other";
};
};
include "dianxin.acl";
include "wangtong.acl";
3. 配置ACL。
vim /var/named/dianxin.acl
acl "dianxin_acl" {
192.168.200.11/32; #寫入電信IP地址
};
vim /var/named/wangtong.acl
acl "wangtong_acl" {
192.168.200.22/32; #寫入網通IP地址
};
4. 建立區域文件。
cd /var/named/
cp -p named.localhost a.com.dianxin
cp -p named.localhost a.com.wangtong
cp -p named.localhost a.com.other
cp -p named.empty 192.168.200.dianxin
cp -p named.empty 192.168.200.wangtong
cp -p named.empty 192.168.200.other
正向解析:
vim /var/named/a.com.dianxin
$TTL 1D
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
ns A 192.168.200.100
www A 192.168.200.101
vim /var/named/a.com.wangtong
$TTL 1D
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
ns A 192.168.200.100
www A 192.168.200.102
vim /var/named/a.com.other
$TTL 1D
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
ns A 192.168.200.100
www A 192.168.200.103
反向解析:
vim /var/named/192.168.200.dianxin
$TTL 3H
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
100 PTR ns.a.com.
101 PTR www.a.com.
vim /var/named/192.168.200.wangtong
$TTL 3H
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
100 PTR ns.a.com.
102 PTR www.a.com.
vim /var/named/192.168.200.other
$TTL 3H
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
100 PTR ns.a.com.
103 PTR www.a.com.
ls -l
5. 語法測試、啟動Bind服務。
named-checkconf /etc/named.conf
named-checkzone a.com /var/named/a.com.dianxin
named-checkzone a.com /var/named/a.com.wangtong
named-checkzone a.com /var/named/a.com.other
named-checkzone 200.168.192.in-addr.arpa /var/named/192.168.200.dianxin
named-checkzone 200.168.192.in-addr.arpa /var/named/192.168.200.wangtong
named-checkzone 200.168.192.in-addr.arpa /var/named/192.168.200.other
systemctl restart named
systemctl enable named
ss -ntlu | grep 53
udp UNCONN 0 0 192.168.200.100:53 *:*
客戶端測試。
客戶端IP:
dianxin:192.168.200.11/24
wangtong:192.168.200.22/24
other:192.168.200.3/24
DNS設置為:192.168.200.100
客戶端域名解析。
dianxin:
wangtong:
other:
CentOS7智能DNS