实现目标:来自电信的ip访问电信线路上的服务器,来自网通的ip访问网通线路上的服务器,来自其它区的ip还是访问电信线路上的服务器。
bind-9.7.0-5.P2.el6.i686
bind-utils-9.7.0-5.P2.el6.i686
bind-chroot-9.7.0-5.P2.el6.i686
2.创建主配置文件
cd /var/named/chroot/
//我这里根目录是虚拟根目录/var/named/chroot/
vim etc/named.conf
include "/etc/cnc.acl";
include "/etc/ctc.acl";
options
{
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
listen-on port 53 { 192.168.10.8; };
//这个是我的dns服务器的ip
listen-on-v6 port 53 { ::1; };
};
logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "cnc"
//网通
{
match-clients { cnc; };
//这个cnc是在下面那个cnc.acl文件中定义的
zone "." IN {
type hint;
file "named.ca";
};
zone "qikangwei.com" {
type master;
file "wt/qikangwei.com.zone";
};
};
view "ctc"
//电信
{
match-clients { ctc; };
zone "." IN {
type hint;
file "named.ca";
};
zone "qikangwei.com" {
type master;
file "dx/qikangwei.com.zone";
};
};
view "other"
{
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
zone "qikangwei.com" {
type master;
file "dx/qikangwei.com.zone";
};
};
保存退出
3.创建网通和电信的ip文件
vim etc/cnc.acl
acl cnc{192.168.10.1;};
//这里为了测试,我就随便写了一个ip,实际应该填写真实的网通ip
vim etc/ctc.acl
acl ctc{192.168.10.100;};
//这里为了测试,我就随便写了一个ip,实际应该填写真实的电信ip
4.创建区域数据文件
cd var/named/
mkdir wt
mkdir dx
cp /var/named/named.ca ./
chmod 644 named.ca
vim wt/qikangwei.com.zone
@ IN SOA qikangwei.com. admin.qikangwei.com. (
20111021
3H
15M
1W
1D
)
@ IN NS nginx.com.
www IN A 192.168.10.8
vim dx/qikangwei.com.zone
$TTL 86400
@ IN SOA qikangwei.com. admin.qikangwei.com. (
20111021
3H
15M
1W
1D
)
@ IN NS nginx.com.
www IN A 192.168.10.9
5.启动named服务
service named start
(注:检查主配置文件是否正确,可输入
named-checkconf -t /var/named/chroot/ /etc/named.conf
检查区域数据文件是否配置正确,可输入
named-checkzone qikangwei.com /var/named/chroot/var/named/wt/qikangwei.com.zone)
转载于:https://blog.51cto.com/qikangwei/694243