bind之view

view視圖作用

    Bind view根據客戶端來源的不同，將同一個同一區域名稱解析至不同的Ip地址。

Bind View工作過程

網絡環境

內網網段 : 172.16.0.0/16

外網用戶 : 192.168.0.0/24

域名 : www.hao123.com

DNS服務器(雙IP地址): IP1 172.16.6.61/16 ;IP2192.16.0.61/24

需求:

配置一個bindview ，要求內網訪用戶 172.16.0.0/16 對www.hao123.com解析的結果爲內網iP地址,並提供對內網用戶遞歸查詢,外網192.168.0.0/24 這個網絡返回另一組解析結果

內網用戶解析www.hao123.com 爲172.16.6.65 ; 172.16.6.66

外網用戶解析www.hao123.com 爲192.168.0.66; 192.168.0.67

1. 剪切/etc/named.conf對根區域的定義zone 到/etc/named.rfc1912.zones中

##/etc/named.conf

...

zone "." IN {

    type hint;

    file "named.ca";

};

....

 

###/etc/named.rfc1912.zones

...

zone "." IN {

    type hint;

    file "named.ca";

};

 

zone"localhost.localdomain" IN {

    type master;

    file "named.localhost";

    allow-update { none; };

};

2 .在/etc/named.conf文件中的options前面定義一個名叫mynet 的acl

#/etc/named.conf

...

acl mynet {

        172.16.0.0/16;

        127.0.0.1;

};

...

3. 在/etc/named.rfc1912.zones創建內網用戶使用的view localwork 外網用戶使用的viewexterwork

view localwork {

    match-clients { mynet; };

    allow-recursion { mynet; };

 

zone "." IN {

    type hint;

    file "named.ca";

};

 

zone"localhost.localdomain" IN {

    type master;

    file "named.localhost";

    allow-update { none; };

};

 

zone "localhost" IN{

    type master;

    file "named.localhost";

    allow-update { none; };

};

 

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

    type master;

    file "named.loopback";

    allow-update { none; };

};

 

zone"1.0.0.127.in-addr.arpa" IN {

    type master;

    file "named.loopback";

    allow-update { none; };

};

 

zone"0.in-addr.arpa" IN {

    type master;

    file "named.empty";

    allow-update { none; };

};

 

zone "hao123.com"IN {

    type master;

    file "hao123.com.zone";

    allow-query { any; };

    allow-transfer { slave; };

};

 

zone"16.172.in-addr.arpa" IN {

    type master;

    file "16.172.in-addr.arpa.zone";};

};

 

view exterwork {

    match-clients { any; };

 

    zone "hao123.com" IN {

        type master;

        file "hao123.com_exter.zone";

        allow-query { any; };

        allow-transfer { slave; };

    allow-update { none; };

    };

};

 

4,分別創建區域解析庫文件hao123.com.zonehao123.com_exter.zone 的正向區域解析庫文件

 

[root@dns1 ~]# cat/var/named/hao123.com.zone

$TTL 1D

$ORIGIN hao123.com.

@   IN  SOA ns1.hao123.com. admin.hao123.com.(

        201504042403

        1h

        5m

        5h

        1w )

 

    IN  NS  ns1

    IN  NS  ns2

ns1 IN  A   172.16.6.61

ns2 IN  A   172.16.6.62

www IN  A   172.16.6.65

www IN  A   172.16.6.66

    

[root@dns1 ~]# cat/var/named/hao123.com_exter.zone

$TTL 1D

$ORIGIN hao123.com.

@   IN  SOA ns1.hao123.com. admin.hao123.com.(

        201504042403

        1h

        5m

        5h

        1w )

 

    IN  NS  ns1

    IN  NS  ns2

ns1 IN  A   172.16.6.61

ns2 IN  A   172.16.6.62

www IN  A   192.168.0.66

www IN  A   192.168.0.67

 

5. 修改hao123.com.zone hao123.com_exter.zone 的權限爲640 和屬組

 

[root@dns1 ~]# chmod 640 /var/named/{hao123.com_exter.zone,hao123.com.zone}

[root@dns1 ~]# chown:named /var/named/{hao123.com_exter.zone,hao123.com.zone}

[root@dns1 ~]# ll/var/named/{hao123.com_exter.zone,hao123.com.zone}

-rw-r----- 1 root named 497 4月  26 20:28/var/named/hao123.com_exter.zone

-rw-r----- 1 root named 497 4月  26 15:24/var/named/hao123.com.zone

6.使用內網客戶端測試解析結果

[root@dns1 ~]# host -t a www.hao123.com172.16.6.61

Using domain server:

Name: 172.16.6.61

Address: 172.16.6.61#53

Aliases:

 

www.hao123.com has address172.16.6.66

www.hao123.com has address172.16.6.65

 

7.使用外網客戶端測試解析結果

[root@localhost ~]# host -t awww.hao123.com 192.168.0.61

Using domain server:

Name: 192.168.0.61

Address: 192.168.0.61#53

Aliases:

 

www.hao123.com has address192.168.0.66

www.hao123.com has address192.168.0.67