view视图作用
Bind view根据客户端来源的不同,将同一个同一区域名称解析至不同的Ip地址。
Bind View工作过程
网络环境
内网网段 : 172.16.0.0/16
外网用户 : 192.168.0.0/24
域名 : www.hao123.com
DNS服务器(双IP地址): IP1 172.16.6.61/16 ;IP2192.16.0.61/24
需求:
配置一个bindview ,要求内网访用户 172.16.0.0/16 对www.hao123.com解析的结果为内网iP地址,并提供对内网用户递归查询,外网192.168.0.0/24 这个网络返回另一组解析结果
内网用户解析www.hao123.com 为172.16.6.65 ; 172.16.6.66
外网用户解析www.hao123.com 为192.168.0.66; 192.168.0.67
1. 剪切/etc/named.conf对根区域的定义zone 到/etc/named.rfc1912.zones中
##/etc/named.conf
...
zone "." IN {
type hint;
file "named.ca";
};
....
###/etc/named.rfc1912.zones
...
zone "." IN {
type hint;
file "named.ca";
};
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
2 .在/etc/named.conf文件中的options前面定义一个名叫mynet 的acl
#/etc/named.conf
...
acl mynet {
172.16.0.0/16;
127.0.0.1;
};
...
3. 在/etc/named.rfc1912.zones创建内网用户使用的view localwork 外网用户使用的viewexterwork
view localwork {
match-clients { mynet; };
allow-recursion { mynet; };
zone "." IN {
type hint;
file "named.ca";
};
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN{
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "hao123.com"IN {
type master;
file "hao123.com.zone";
allow-query { any; };
allow-transfer { slave; };
};
zone"16.172.in-addr.arpa" IN {
type master;
file "16.172.in-addr.arpa.zone";};
};
view exterwork {
match-clients { any; };
zone "hao123.com" IN {
type master;
file "hao123.com_exter.zone";
allow-query { any; };
allow-transfer { slave; };
allow-update { none; };
};
};
4,分别创建区域解析库文件hao123.com.zonehao123.com_exter.zone 的正向区域解析库文件
[root@dns1 ~]# cat/var/named/hao123.com.zone
$TTL 1D
$ORIGIN hao123.com.
@ IN SOA ns1.hao123.com. admin.hao123.com.(
201504042403
1h
5m
5h
1w )
IN NS ns1
IN NS ns2
ns1 IN A 172.16.6.61
ns2 IN A 172.16.6.62
www IN A 172.16.6.65
www IN A 172.16.6.66
[root@dns1 ~]# cat/var/named/hao123.com_exter.zone
$TTL 1D
$ORIGIN hao123.com.
@ IN SOA ns1.hao123.com. admin.hao123.com.(
201504042403
1h
5m
5h
1w )
IN NS ns1
IN NS ns2
ns1 IN A 172.16.6.61
ns2 IN A 172.16.6.62
www IN A 192.168.0.66
www IN A 192.168.0.67
5. 修改hao123.com.zone hao123.com_exter.zone 的权限为640 和属组
[root@dns1 ~]# chmod 640 /var/named/{hao123.com_exter.zone,hao123.com.zone}
[root@dns1 ~]# chown:named /var/named/{hao123.com_exter.zone,hao123.com.zone}
[root@dns1 ~]# ll/var/named/{hao123.com_exter.zone,hao123.com.zone}
-rw-r----- 1 root named 497 4月 26 20:28/var/named/hao123.com_exter.zone
-rw-r----- 1 root named 497 4月 26 15:24/var/named/hao123.com.zone
6.使用内网客户端测试解析结果
[root@dns1 ~]# host -t a www.hao123.com172.16.6.61
Using domain server:
Name: 172.16.6.61
Address: 172.16.6.61#53
Aliases:
www.hao123.com has address172.16.6.66
www.hao123.com has address172.16.6.65
7.使用外网客户端测试解析结果
[root@localhost ~]# host -t awww.hao123.com 192.168.0.61
Using domain server:
Name: 192.168.0.61
Address: 192.168.0.61#53
Aliases:
www.hao123.com has address192.168.0.66
www.hao123.com has address192.168.0.67
转载于:https://blog.51cto.com/1066875821/1638800
245
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
