使用bind软件搭建智能DNS文档配置/etc/named.conf配置文件内容:
acl CN {
10.0.0.0/16;
127.0.0.1/8;
};
acl US {
10.1.0.0/16;
};
acl RU {
10.2.0.0/16;
};
options {
listen-on port 53 { 127.0.0.1; 10.0.0.200; };
#listen-on-v6 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 127.0.0.1; 10.0.0.0/8; };
#allow-transfer { 10.0.0.200; };
forward first;
forwarders {
8.8.8.8;
8.8.4.4;
};
interface-interval 30;
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
# channel default_debug {
# file "data/named.run";
# severity dynamic;
# };
channel default-log {
file "/var/log/named/named_default.log" versions 10 size 200m;
severity info;
print-time yes;
};
channel lamer-log {
file"/var/log/named/named_lamer.log" versions 3 size 100m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
channel query-log {
file "/var/log/named/named_query.log" versions 10 size 1000m;
severity info;
print-time yes;
};
channel security-log {
file"/var/log/named/named_security.log" versions 3 size 100m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category lame-servers { lamer-log; };
category security{ security-log;}; category queries { query-log;};
category default { default-log;};
};
#view "." {
# match-clients { CN;US;RU };
# zone "." IN {
# type hint;
# file "named.ca";
# };
#};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";文件/etc/named.rfc1912.zones内容:
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "domain.com" IN {
type master;
file "domain.com.zone";
};
#zone "0.0.10.in-addr.arpa" IN {
# type master;
# file "10.0.0.zone";
#};
};
view CN {
match-clients { 10.0.0.0/16; 127.0.0.1/8; };
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
view US {
match-clients { 10.0.1.0/16 };
zone "domain.com" IN {
type master;
file "domain.com.us";
};
};
view RU {
match-clients { 10.2.0.0./16; };
zone "domain.com" IN {
type master;
file "domain.com.ru";
};
};在配置智能DNS的时候主要的配置区域是view,配置对应于相同的acl即可。
然后在/var/named/目录下新建各个区域的DNS解析文件。
配置各个区域的文件DNS的时候和配置DNS文件一致。
配置一个主DNS,然后在各个区域配置一个从DNS。master-slaver的形式同步更能达到效果。
原文:http://ting2junshui.blog.51cto.com/975290/1945287