DNS中view的配置:

View简介:

 

 view这个东西功能是zone的一个集合,方便管理zone,如果你一个view都没有的话,那么他们是属于一个view的,基本可以这么理解。他可以分割DNS,正是这个功能才能让我们方便的实现入站和出站的不同管理。
看看他要实现的功能:
可以对本机所在的所有机器发出的请求进行解析,另外,本机的主机可以进行逆向解析。

 

拓扑图:

 

[root@server etc]# vim named.conf

acl lan { 192.168.101.0/24; };

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

 

        // Those options should be used carefully because they disable port

        // randomization

        // query-source    port 53;    

        // query-source-v6 port 53;

 

        allow-query     { any; };

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

view internal {

        match-clients      { lan; };

        zone "a.com" IN {

         type master;

file "a.com.db";

 };

        recursion yes;

        include "/etc/named.rfc1912.zones";

};

view external {

        match-clients      { any; };

        zone "a.com" IN {

         type master;

file "a.com.db1";

 };

 

};

 

 vim a.com.db  内部视图的区域文件配置:

 

$TTL    86400

@               IN SOA  ns.a.com       root (

                                        42              ; serial (d. adams)

                                        3H              ; refresh

                                        15M             ; retry

                                        1W              ; expiry

                                        1D )            ; minimum

 

@               IN NS           ns.a.com.

ns              IN A            192.168.101.253

www             IN A            192.168.101.253

ftp             IN A            192.168.101.253

 

[root@server named]# vim a.com.db1外部视图的区域配置:

 

$TTL    86400

@               IN SOA  ns.a.com       root (

                                        42              ; serial (d. adams)

                                        3H              ; refresh

                                        15M             ; retry

                                        1W              ; expiry

                                        1D )            ; minimum

 

@               IN NS           ns.a.com.

ns              IN A            192.168.101.253

www             IN A            192.168.100.1

ftp             IN A            192.168.101.1

~在一台防火墙上配置

eth0 接口ip192.168.101.251 

eth1 ip192.168.100.1

然后service  network  restart                                                                  

IPTABLES 配置:

iptables -t nat -A PREROUTING -d 192.168.100.1 -p udp --dport 53 -j DNAT --to 192.168.101.253

然后使用下面命令查看配置情况:

[root@server5 ~]# iptables -t nat -L -v

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination        

    0     0 DNAT       udp  --  any    any     anywhere             192.168.100.1       udp dpt:domain to:192.168.101.253

 

Chain POSTROUTING (policy ACCEPT 1 packets, 108 bytes)

 pkts bytes target     prot opt in     out     source               destination        

 

Chain OUTPUT (policy ACCEPT 1 packets, 108 bytes)

 pkts bytes target     prot opt in     out     source               destination     

内部网路测试:

 

 

 

外部网络测试:

首先需要在dns服务器上:[root@server ~]# route add default gw 192.168.101.251