DNS中view的配置:
View简介:
view这个东西功能是zone的一个集合,方便管理zone,如果你一个view都没有的话,那么他们是属于一个view的,基本可以这么理解。他可以分割DNS,正是这个功能才能让我们方便的实现入站和出站的不同管理。
看看他要实现的功能:
可以对本机所在的所有机器发出的请求进行解析,另外,本机的主机可以进行逆向解析。
拓扑图:
[root@server etc]# vim named.conf
acl lan { 192.168.101.0/24; };
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view internal {
match-clients { lan; };
zone "a.com" IN {
type master;
file "a.com.db";
};
recursion yes;
include "/etc/named.rfc1912.zones";
};
view external {
match-clients { any; };
zone "a.com" IN {
type master;
file "a.com.db1";
};
};
vim a.com.db 内部视图的区域文件配置:
$TTL 86400
@ IN SOA ns.a.com root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.a.com.
ns IN A 192.168.101.253
www IN A 192.168.101.253
ftp IN A 192.168.101.253
[root@server named]# vim a.com.db1外部视图的区域配置:
$TTL 86400
@ IN SOA ns.a.com root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.a.com.
ns IN A 192.168.101.253
www IN A 192.168.100.1
ftp IN A 192.168.101.1
~在一台防火墙上配置
eth0 接口ip:192.168.101.251
eth1 ip:192.168.100.1
然后service network restart
IPTABLES 配置:
iptables -t nat -A PREROUTING -d 192.168.100.1 -p udp --dport 53 -j DNAT --to 192.168.101.253
然后使用下面命令查看配置情况:
[root@server5 ~]# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- any any anywhere 192.168.100.1 udp dpt:domain to:192.168.101.253
Chain POSTROUTING (policy ACCEPT 1 packets, 108 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 108 bytes)
pkts bytes target prot opt in out source destination
内部网路测试:
外部网络测试:
首先需要在dns服务器上:[root@server ~]# route add default gw 192.168.101.251
转载于:https://blog.51cto.com/xiaogang6/798617