我们来准备两台主机,A主机的有两个网卡,一个IP地址是192.168.34.101,第二个网卡地址是172.18.0.7:让其都能访问网络。
B主机上也有两个网卡,将IP地址分别设置为192.168.34.105h和172.18.0.6
在A主机上制作三个区域库文件,分别为北京、上海、深圳,复制过程中,注意保留属性
[root@ansiblenamed]#vim baidu.com.zone.bj
$TTL 1D
@ IN SOA dns1 admin.baidu.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1
NS dns2
shenzhen NS dns3
dns1 A 192.168.34.101
dns2 A 192.168.34.103
dns3 A 192.168.34.102
www CNAME webs
webs A 6.6.6.6
复制过程中注意保留文件原有属性:
[root@ansiblenamed]#cp -p baidu.com.zone.bj baidu.com.zone.sh
制作上海数据库文件:
[root@ansiblenamed]#vim baidu.com.zone.sh
$TTL 1D
@ IN SOA dns1 admin.baidu.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1
NS dns2
shenzhen NS dns3
dns1 A 192.168.34.101
dns2 A 192.168.34.103
dns3 A 192.168.34.102
www CNAME webs
webs A 7.7.7.7
制作深圳数据库文件:
[root@ansiblenamed]#cp -p baidu.com.zone.sh baidu.com.zone.sz
[root@ansiblenamed]#vim baidu.com.zone.sz
$TTL 1D
@ IN SOA dns1 admin.baidu.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1
NS dns2
shenzhen NS dns3
dns1 A 192.168.34.101
dns2 A 192.168.34.103
dns3 A 192.168.34.102
www CNAME webs
webs A 8.8.8.8
定义ACL
[root@ansiblenamed]#vim /etc/named.conf
acl beijingnet {
192.168.34.0/24; 北京访问网段
};
acl shanghainet {
172.18.0.0/16; 上海访问网段
};
acl shenzhennet {
any; 含义是剩余其他的网段都可以访问
};
启用view,关联ACL和zone:
方法一:直接调用配置文件/etc/named.rfc1912.zones,并将默认的zone配置文件写入此view配置内:
[root@ansiblenamed]#vim /etc/named.conf
view view_beijing {
math_clients {beijingnet;};
include "/etc/named.rfc1912.zones";
zone "." IN {
type hint;
file "named.ca";
};
在配置文件中将之前的规划baidu.com.zone.bj配置文件写入:
vim /etc/named/rfc1912.zones
zone "baidu.com" {
type master;
file "baidu.com.zone.bj";
};
方法二:将默认的/etc/named.conf下面的zone配置文件写入到/etc/named.rfc1912.zones配置文件中,起到包含作用:
将zone的配置文件包含在include "/etc/named.rfc1912.zones"
下来,我们定义三个/etc/named.rfc1912.zones配置文件:
(1)将第一个定义好的配置文件复制一份,用来定义beijing和shenzhen的配置文件,复制时,注意属性:
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.shanghai
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.shenzhen
然后修改shanghai的配置文件:
[root@ansiblenamed]#vim /etc/named.rfc1912.zones.shanghai
zone "baidu.com" {
type master;
file "baidu.com.zone.sh";
};
编写shenzhen的配置文件:
[root@ansiblenamed]#vim /etc/named.rfc1912.zones.shenzhen
zone "baidu.com" {
type master;
file "baidu.com.zone.sz";
};
(2)我们接着来修改/etc/named.conf主配置文件内容:
[root@ansiblenamed]#vim /etc/named.conf
view view_beijing {
match-clients {beijingnet;};
include "/etc/named.rfc1912.zones";
};
view view_shanghai {
match-clients {shanghainet;};
include "/etc/named.rfc1912.zones.shanghai";
};
view view_shenzhen {
match-clients {shenzhennet;};
include "/etc/named.rfc1912.zones.shenzhen";
};
(3)定义完之后就加载DNS服务器:
[root@ansiblenamed]#rndc reload server reload successful
(4)开始验证不同网址对应的不同区域:
192.168.34.0/24网段是北京区域
127.18.0.0/16是上海区域
其他地址是属于深圳区域
验证一:在主机B上dig,获取的的结果是6.6.6.6,返回的就是北京的IP地址信息
[root@centos6~]#dig www.baidu.com #在B主机上dig,此时B主机上的IP地址默认是192.168.34.105,是北京的网址 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26005 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 86400 IN CNAME webs.baidu.com. webs.baidu.com. 86400 IN A 6.6.6.6 ;; AUTHORITY SECTION: baidu.com. 86400 IN NS dns1.baidu.com. baidu.com. 86400 IN NS dns2.baidu.com. ;; ADDITIONAL SECTION: dns1.baidu.com. 86400 IN A 192.168.34.101 dns2.baidu.com. 86400 IN A 192.168.34.103 ;; Query time: 1 msec ;; SERVER: 192.168.34.101#53(192.168.34.101) ;; WHEN: Thu Nov 7 23:33:05 2019 ;; MSG SIZE rcvd: 136
验证二:在主机B上dig www.baidu.com @172.18.0.7,输入对方的IP地址,会从本机去访问对方,从而获取当前的区域信息:
得知 7.7.7.7,返回上海区域信息
[root@centos6network-scripts]#dig www.baidu.com @172.18.0.7 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.baidu.com @172.18.0.7 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31631 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 86400 IN CNAME webs.baidu.com. webs.baidu.com. 86400 IN A 7.7.7.7 ;; AUTHORITY SECTION: baidu.com. 86400 IN NS dns1.baidu.com. baidu.com. 86400 IN NS dns2.baidu.com. ;; ADDITIONAL SECTION: dns1.baidu.com. 86400 IN A 192.168.34.101 dns2.baidu.com. 86400 IN A 192.168.34.103 ;; Query time: 3 msec ;; SERVER: 172.18.0.7#53(172.18.0.7) ;; WHEN: Thu Nov 7 23:41:20 2019 ;; MSG SIZE rcvd: 136
验证三:
在配置相关数据的主机A上dig一个其他的IP地址,得到最终得到8.8.8.8的IP地址,返回的的是深圳的地址
[root@ansiblenetwork-scripts]#dig www.baidu.com @127.0.0.1 ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.baidu.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22706 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 86400 IN CNAME webs.baidu.com. webs.baidu.com. 86400 IN A 8.8.8.8 ;; AUTHORITY SECTION: baidu.com. 86400 IN NS dns2.baidu.com. baidu.com. 86400 IN NS dns1.baidu.com. ;; ADDITIONAL SECTION: dns1.baidu.com. 86400 IN A 192.168.34.101 dns2.baidu.com. 86400 IN A 192.168.34.103 ;; Query time: 2 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Nov 07 23:46:12 CST 2019 ;; MSG SIZE rcvd: 147
原文:https://www.cnblogs.com/struggle-1216/p/12582297.html