view視圖作用
Bind view根據客戶端來源的不同,將同一個同一區域名稱解析至不同的Ip地址。
Bind View工作過程
網絡環境
內網網段 : 172.16.0.0/16
外網用戶 : 192.168.0.0/24
域名 : www.hao123.com
DNS服務器(雙IP地址): IP1 172.16.6.61/16 ;IP2192.16.0.61/24
需求:
配置一個bindview ,要求內網訪用戶 172.16.0.0/16 對www.hao123.com解析的結果爲內網iP地址,並提供對內網用戶遞歸查詢,外網192.168.0.0/24 這個網絡返回另一組解析結果
內網用戶解析www.hao123.com 爲172.16.6.65 ; 172.16.6.66
外網用戶解析www.hao123.com 爲192.168.0.66; 192.168.0.67
1. 剪切/etc/named.conf對根區域的定義zone 到/etc/named.rfc1912.zones中
##/etc/named.conf
...
zone "." IN {
type hint;
file "named.ca";
};
....
###/etc/named.rfc1912.zones
...
zone "." IN {
type hint;
file "named.ca";
};
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
2 .在/etc/named.conf文件中的options前面定義一個名叫mynet 的acl
#/etc/named.conf
...
acl mynet {
172.16.0.0/16;
127.0.0.1;
};
...
3. 在/etc/named.rfc1912.zones創建內網用戶使用的view localwork 外網用戶使用的viewexterwork
view localwork {
match-clients { mynet; };
allow-recursion { mynet; };
zone "." IN {
type hint;
file "named.ca";
};
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN{
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "hao123.com"IN {
type master;
file "hao123.com.zone";
allow-query { any; };
allow-transfer { slave; };
};
zone"16.172.in-addr.arpa" IN {
type master;
file "16.172.in-addr.arpa.zone";};
};
view exterwork {
match-clients { any; };
zone "hao123.com" IN {
type master;
file "hao123.com_exter.zone";
allow-query { any; };
allow-transfer { slave; };
allow-update { none; };
};
};
4,分別創建區域解析庫文件hao123.com.zonehao123.com_exter.zone 的正向區域解析庫文件
[root@dns1 ~]# cat/var/named/hao123.com.zone
$TTL 1D
$ORIGIN hao123.com.
@ IN SOA ns1.hao123.com. admin.hao123.com.(
201504042403
1h
5m
5h
1w )
IN NS ns1
IN NS ns2
ns1 IN A 172.16.6.61
ns2 IN A 172.16.6.62
www IN A 172.16.6.65
www IN A 172.16.6.66
[root@dns1 ~]# cat/var/named/hao123.com_exter.zone
$TTL 1D
$ORIGIN hao123.com.
@ IN SOA ns1.hao123.com. admin.hao123.com.(
201504042403
1h
5m
5h
1w )
IN NS ns1
IN NS ns2
ns1 IN A 172.16.6.61
ns2 IN A 172.16.6.62
www IN A 192.168.0.66
www IN A 192.168.0.67
5. 修改hao123.com.zone hao123.com_exter.zone 的權限爲640 和屬組
[root@dns1 ~]# chmod 640 /var/named/{hao123.com_exter.zone,hao123.com.zone}
[root@dns1 ~]# chown:named /var/named/{hao123.com_exter.zone,hao123.com.zone}
[root@dns1 ~]# ll/var/named/{hao123.com_exter.zone,hao123.com.zone}
-rw-r----- 1 root named 497 4月 26 20:28/var/named/hao123.com_exter.zone
-rw-r----- 1 root named 497 4月 26 15:24/var/named/hao123.com.zone
6.使用內網客戶端測試解析結果
[root@dns1 ~]# host -t a www.hao123.com172.16.6.61
Using domain server:
Name: 172.16.6.61
Address: 172.16.6.61#53
Aliases:
www.hao123.com has address172.16.6.66
www.hao123.com has address172.16.6.65
7.使用外網客戶端測試解析結果
[root@localhost ~]# host -t awww.hao123.com 192.168.0.61
Using domain server:
Name: 192.168.0.61
Address: 192.168.0.61#53
Aliases:
www.hao123.com has address192.168.0.66
www.hao123.com has address192.168.0.67