DNS(bind)添加ACNAMEMXPTR记录智能DNS(ACL)

Posted 一把纯钧

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了DNS(bind)添加ACNAMEMXPTR记录智能DNS(ACL)相关的知识,希望对你有一定的参考价值。

1、添加一条A记录(记得更改serial):

vim /var/named/chroot/etc/lnh.com.zone

重启一下:

rndc reload

 

查看从服务器:

测试结果:

master结果:

第一种方法:是用resolv.conf中定义的DNS服务器查出百度主机的IP。

第二种方法(上述方法):是用本地的DNS(127.0.0.1)来查cc.lnh.com主机的IP。

slave结果(在master上看的):

2、CNAME记录(如上)

cname		CNAME	a.lnh.com.

3、MX记录(如上)

mx		MX 5	192.168.123.123
mx		MX 10 	191.1.1.1

4、PTR记录(反向解析)

MASTER:

[root@localhost etc]# cat view.conf 
view "View" {
  zone "lnh.com" {
        type    master;
        file    "lnh.com.zone";
        allow-transfer {
                192.168.222.146;
        };
        notify  yes;
        also-notify {
                192.168.222.146;
        };
  };
  zone "168.192.in-addr.arpa" {
        type    master;
        file    "168.192.zone";
        allow-transfer {
                192.168.222.146;
        };
        notify  yes;
        also-notify {
                192.168.222.146;
        };
  };

};
”168.192.in-addr.arpa“固定格式,ip反过来了。
[root@localhost etc]# cat 168.192.zone 
$TTL 3600       ; 1 hour
@                  IN SOA  op.lnh.com. dns.lnh.com. (
                                2030       ; serial
                                900        ; refresh (15 minutes)
                                600        ; retry (10 minutes)
                                86400      ; expire (1 day)
                                3600       ; minimum (1 hour)
                                )
                        NS      op.lnh.com.
102.122		IN	PTR	a.lnh.com.
1.1		IN	PTR	B.lnh.com.

此时要看看权限:chown named.named 168.192.zone

Slave配置:
[root@localhost etc]# cat view.conf 
view "SlaveView" {
        zone "lnh.com" {
             type    slave;
             masters {192.168.222.145; };
             file    "slave.lnh.com.zone";
        };
        zone "168.192.in-addr.arpa" {
             type    slave;
             masters {192.168.222.145; };
             file    "slave.168.192.zone";
        };
 
};

 

这个是同步过来的:

[root@localhost etc]# cat slave.168.192.zone 
$ORIGIN .
$TTL 3600	; 1 hour
168.192.in-addr.arpa	IN SOA	op.lnh.com. dns.lnh.com. (
				2030       ; serial
				900        ; refresh (15 minutes)
				600        ; retry (10 minutes)
				86400      ; expire (1 day)
				3600       ; minimum (1 hour)
				)
			NS	op.lnh.com.
$ORIGIN 168.192.in-addr.arpa.
1.1			PTR	B.lnh.com.
102.122			PTR	a.lnh.com.

 

注意:a.lnh.com. 后面一定要有.

查看:

[root@localhost etc]# host 192.168.122.102 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases: 

102.122.168.192.in-addr.arpa domain name pointer a.lnh.com.

 

5、通过DNS实现负载均衡,,就是多加一条A记录,,这个有个问题,当这个后端服务器挂了,他也会解析,所以不建议用,,轮询的调度算法,没有健康监测。

[root@localhost etc]# host cc.lnh.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases: 

cc.lnh.com has address 123.123.123.124
cc.lnh.com has address 123.123.123.123

6、配置DNS视图(智能DNS),当DNS服务器接到请求时会匹配这两个组的ip,下面的加在include上,,此时就可以根据group来区分不用运营商分到不同的ip。

/var/named/chroot/etc
[root@localhost etc]# vim named.conf 
acl group1 {
  192.168.222.145;
};
acl group2 {
  192.168.222.146;
};
[root@localhost etc]# >view.conf
[root@localhost etc]# vim view.conf
[root@localhost etc]# pwd
/var/named/chroot/etc
[root@localhost etc]# cat view.conf
view "GROUP1" {
  match-clients { group1; };
  zone "viewlnh.com" {
     type master;
     file "group1.viewlnh.com.zone";
 };
};
view "GROUP2" {
  match-clients { group2; };
  zone "viewlnh.com" {
     type master;
     file "group2.viewlnh.com.zone";
 };
};
[root@localhost etc]# pwd
/var/named/chroot/etc
[root@localhost etc]# vim group1.viewlnh.com.zone

$ORIGIN .
$TTL 3600       ; 1 hour
viewlnh.com                     IN SOA  op.lnh.com. dns.lnh.com. (
                                2030       ; serial
                                900        ; refresh (15 minutes)
                                600        ; retry (10 minutes)
                                86400      ; expire (1 day)
                                3600       ; minimum (1 hour)
                                )
                        NS      op.lnh.com.
$ORIGIN viewlnh.com.
op              A       192.168.122.1
view            A       192.168.122.1
[root@localhost etc]# pwd
/var/named/chroot/etc
[root@localhost etc]# vim group2.viewlnh.com.zone

$ORIGIN .
$TTL 3600       ; 1 hour
viewlnh.com                     IN SOA  op.lnh.com. dns.lnh.com. (
                                2030       ; serial
                                900        ; refresh (15 minutes)
                                600        ; retry (10 minutes)
                                86400      ; expire (1 day)
                                3600       ; minimum (1 hour)
                                )
                        NS      op.lnh.com.
$ORIGIN viewlnh.com.
op              A       192.168.122.2
view            A       192.168.122.2

 

修改权限

[root@localhost etc]# chown named.named group*

 

查看,在192.168.222.145上看

[root@localhost etc]# dig @192.168.222.145 view.viewlnh.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> @192.168.222.145 view.viewlnh.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49593
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;view.viewlnh.com.		IN	A

;; ANSWER SECTION:
view.viewlnh.com.	3600	IN	A	192.168.122.1

;; AUTHORITY SECTION:
viewlnh.com.		3600	IN	NS	op.lnh.com.

;; Query time: 1 msec
;; SERVER: 192.168.222.145#53(192.168.222.145)
;; WHEN: Wed Mar 21 18:33:51 2018
;; MSG SIZE  rcvd: 71

 

在192.168.222.146上看

[root@localhost etc]# dig @192.168.222.145 view.viewlnh.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> @192.168.222.145 view.viewlnh.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11962
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;view.viewlnh.com.		IN	A

;; ANSWER SECTION:
view.viewlnh.com.	3600	IN	A	192.168.122.2

;; AUTHORITY SECTION:
viewlnh.com.		3600	IN	NS	op.lnh.com.

;; Query time: 3 msec
;; SERVER: 192.168.222.145#53(192.168.222.145)
;; WHEN: Wed Mar 21 18:36:16 2018
;; MSG SIZE  rcvd: 71

 

以上是关于DNS(bind)添加ACNAMEMXPTR记录智能DNS(ACL)的主要内容,如果未能解决你的问题,请参考以下文章

bind9 dns问题记录

主DNS服务配置,bind配置二

主DNS服务配置,bind配置二

DNS&BIND——DNS的子域授权和定义转发服务器

dns server 域名解析总结

DNS解析与Bind的使用