智能DNS:自动判断访问者的IP地址并解析出对应的IP地址,使网通用户会访问到网通服务器,电信用户会访问到电信服务器。
1. Bind软件包安装。
yum install -y bind
2. 修改Bind主配置文件。
vim /etc/named.conf
13 listen-on port 53 { 192.168.200.100; };
19 allow-query { any; };
删除52-56行
52 zone "." IN {
53 type hint;
54 file "named.ca";
55 };
vim /etc/named.rfc1912.zones
view "dianxin" { #设置面向电信用户的视图
match-clients { dianxin_acl; }; #匹配来自电信的客户端地址
zone "." IN {
type hint;
file "named.ca";
};
zone "a.com" IN {
type master;
file "a.com.dianxin"; #指向面向电信用户的数据库文件
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "192.168.200.dianxin";
#指向面向电信用户的数据库文件
};
};
view "wangtong" {
match-clients{ wangtong_acl; };
zone "." IN {
type hint;
file "named.ca";
};
zone "a.com" IN {
type master;
file "a.com.wangtong";
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "192.168.200.wangtong";
};
};
view "other" {
match-clients{ any; };
zone "." IN {
type hint;
file "named.ca";
};
zone "a.com" IN {
type master;
file "a.com.other";
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "192.168.200.other";
};
};
include "dianxin.acl";
include "wangtong.acl";
3. 配置ACL。
vim /var/named/dianxin.acl
acl "dianxin_acl" {
192.168.200.11/32; #写入电信IP地址
};
vim /var/named/wangtong.acl
acl "wangtong_acl" {
192.168.200.22/32; #写入网通IP地址
};
4. 建立区域文件。
cd /var/named/
cp -p named.localhost a.com.dianxin
cp -p named.localhost a.com.wangtong
cp -p named.localhost a.com.other
cp -p named.empty 192.168.200.dianxin
cp -p named.empty 192.168.200.wangtong
cp -p named.empty 192.168.200.other
正向解析:
vim /var/named/a.com.dianxin
$TTL 1D
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
ns A 192.168.200.100
www A 192.168.200.101
vim /var/named/a.com.wangtong
$TTL 1D
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
ns A 192.168.200.100
www A 192.168.200.102
vim /var/named/a.com.other
$TTL 1D
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
ns A 192.168.200.100
www A 192.168.200.103
反向解析:
vim /var/named/192.168.200.dianxin
$TTL 3H
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
100 PTR ns.a.com.
101 PTR www.a.com.
vim /var/named/192.168.200.wangtong
$TTL 3H
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
100 PTR ns.a.com.
102 PTR www.a.com.
vim /var/named/192.168.200.other
$TTL 3H
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.a.com.
100 PTR ns.a.com.
103 PTR www.a.com.
ls -l
5. 语法测试、启动Bind服务。
named-checkconf /etc/named.conf
named-checkzone a.com /var/named/a.com.dianxin
named-checkzone a.com /var/named/a.com.wangtong
named-checkzone a.com /var/named/a.com.other
named-checkzone 200.168.192.in-addr.arpa /var/named/192.168.200.dianxin
named-checkzone 200.168.192.in-addr.arpa /var/named/192.168.200.wangtong
named-checkzone 200.168.192.in-addr.arpa /var/named/192.168.200.other
systemctl restart named
systemctl enable named
ss -ntlu | grep 53
udp UNCONN 0 0 192.168.200.100:53 *:*
客户端测试。
客户端IP:
dianxin:192.168.200.11/24
wangtong:192.168.200.22/24
other:192.168.200.3/24
DNS设置为:192.168.200.100
客户端域名解析。
dianxin:
wangtong:
other:
