DNS视图
bind view:
视图,脑裂(split-brain)双线接入。如:电信和联通双线接入
根据客户端来源的不同,将同一个名称解析至不同的地址;
案例:我们接下来配置内外网双向解析DNS服务器:同一个名称解析,分配给不同的IP地址
实验条件:我们这里为了方便理解操作直接在服务器上添加了两块网卡,(实际操作中只要能和DNS服务器能通信即可)实际操作如下!!
我们是讲解的方法:方便操作设置以下地址(你懂得。)
主配置:主配置文件主要设置,把根域复制到辅配置文件中,看配置文件即可!!
#vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
//dump-file "/var/named/data/cache_dump.db";
//statistics-file "/var/named/data/named_stats.txt";
//memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
// recursion yes;------------------------主配置这里注释掉,我们在view单独指定
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.iscdlv.key";
//managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
//include "/etc/named.root.key";
辅配置文件:
[root@localhost ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
view ning {--------------------------------------------------指定分裂区域名字可以自己随意定义
match-clients { 172.16.3.0/16; 127.0.0.1; };------指定内网来访问的地址范围
recursion yes;--------------------------支持递归查询。
zone "hong.com" IN {------------------指定区域:
type master;
file "hong.com.zone1";--------------指定内网库文件并要在/var/named/下创建的文件名字
};
zone "." IN {-----------------从/etc/named.conf把根解析复制到/etc/named.rfc1912.zones这里
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
//zone "ning.com." IN {
// type master;
// file "ning.com.zone";
// allow-update { none; };
//};
//zone "3.16.172.in-addr.arpa." IN {
// type master;
// file "172.16.3.zone";
//};
};
view liang {-------------------------指定分裂区域
match-clients { any; };--------------指定除上面这些库中,所有的都来这个解析。
recursion no;------------------不支持递归查询(外网访问)
zone "hong.com" IN {----------指定区域
type master;
file "hong.com.zone2";---------------指定除内网的访问的解析库文件名字。
};
};
下面我们说下,,库中的配置:
[root@localhost ~]# vim /var/named/hong.com.zone1
$TTL 3600
$ORIGIN hong.com.
@ IN SOA ns.hong.com ning.qq.com (
20140860
1H
3M
3D
1D )
IN NS ns
ns IN A 172.16.3.1
www IN A 172.16.3.2-----内网解析址
[root@localhost ~]# vim /var/named/hong.com.zone2
$TTL 3600
$ORIGIN hong.com.
@ IN SOA ns.hong.com ning.qq.com (
20140860
1H
3M
3D
1D )
IN NS ns
ns IN A 172.16.3.1
www IN A 192.168.1.2----外网的解析地址
测试:
#dig -t A www.hong.com @127.0.0.1
在xp中的测试命令:
本文出自 “奋斗的人” 博客,请务必保留此出处http://wodemeng.blog.51cto.com/1384120/1536671
Linux DNS视图脑裂的实例操作(四),布布扣,bubuko.com
原文:http://wodemeng.blog.51cto.com/1384120/1536671