使用Bind 9 的DNS-views实现IP地址分区域解析
一、简介在实际的网络应用中,我们有时希望对于同一个Domain Name能够根据不同的请求IP地址/区域,解析到不同的对应IP地址,比如:有时对于企业内部网络和外部网络希望对同一域名解析到不同的IP地址以达到安全目的或者应用目的,又比如为了解决中国南北方电信/网通互访速度差异问题,您也会希望电信用户解析到的域名IP是位于电信网络中的服务器,网通用户亦然,使用户能够访问到临近的最快的服务器。而这些应用都可以通过对DNS的简单配置达到,使用DNS达到这一目的有以下的优点:原文来自http://zqli.cublog.cn1.低成本-无需添加任何专用设备,只需通过简单配置即可;2.灵活性强-可随时增加/删除解析规则;3.有一定的可扩展能力-如果搭配Round Robin DNS可无缝快速的配置简单的负载均衡。二、DNS-views配置1、原理使用DNS提供的view指令可以实现根据不同的IP范围来对同一个域名进行解析。 注意:view指令只在BIND9存在,以前的BIND8是没有view指令的!2、配置示例(1)环境假想操作系统:Red Hat Enterprise Linux Server release 5 (Tikanga)BIND版本:BIND 9.3.3rc2主DNS服务器:192.168.0.2从DNS服务器:192.168.0.3域名:leotest.com我们希望CN的IP列表所解析到www.leotest.com的IP地址为:192.168.0.100,非CN的IP列表内的IP则解析到:192.168.0.200原文来自http://zqli.cublog.cn 安装Bind:# rpm -ivh bind-9.3.3-7.el5.i386.rpm # cat named.confinclude "/var/named/acl.conf";options{ query-source port 53; query-source-v6 port 53; directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt";};logging{ channel default_debug { file "data/named.run"; severity dynamic; };}; view "internal"{ match-clients { CN; }; recursion yes; include "/etc/named.root.hints"; zone "my.internal.zone" { type master; file "my.internal.zone.db"; }; zone "my.slave.internal.zone" { type slave; file "slaves/my.slave.internal.zone.db"; masters { /* put master nameserver IPs here */ 127.0.0.1; } ; }; zone "my.ddns.internal.zone" { type master; allow-update { key ddns_key; }; file "slaves/my.ddns.internal.zone.db"; };zone "leotest.com" { type master; file "leotest.com.zone"; allow-transfer { 192.168.0.3; }; };};key ddns_key{ algorithm hmac-md5; secret "ZQFSVQ9sMquZsdb3Twg9q231SwF1f1KBhG74JMlaiPaumD6NeOA626FQ1DOa";};view "external"{ match-clients { any; }; recursion yes; include "/etc/named.root.hints"; zone "my.external.zone" { type master; file "my.external.zone.db"; };zone "leotest.com" { type master; file "leotest.com.zone.ext"; allow-transfer { 192.168.0.3; }; };}; # cat acl.confacl "CN" {58.248.0.0/13;210.52.0.0/16;};可以在这个文件里添加更多的IP地址段,上面只是做为例子。 # cat leotest.com.zone$ttl 38400@ IN SOA ns.leotest.com.root.ns.leotest.com.( 2007072600 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; default_ttl )@ NS ns.leotest.com.@ MX5mail.leotest.com. IN A192.168.0.100www IN A192.168.0.100mail IN A192.168.0.100 # cat leotest.com.zone.ext$ttl 38400@ IN SOA ns.leotest.com.root.ns.leotest.com.( 2007072600 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; default_ttl )@ NS ns.leotest.com.@ MX5mail.leotest.com. IN A192.168.0.200www IN A192.168.0.200mail IN A192.168.0.200 下面是从DNS(192.168.0.3)的设置# cat /etc/named.confinclude "/var/named/acl.conf";options{ query-source port 53; query-source-v6 port 53; directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt";};logging{ channel default_debug { file "data/named.run"; severity dynamic; };}; view "internal"{ match-clients { CN; }; recursion yes; include "/etc/named.root.hints"; include "/var/named/internal.conf";};key ddns_key{ algorithm hmac-md5; secret "COD951PjWgXORWEdLNbN1xAzuZ5eRrdzXmhCZp09ykYoczacYxPe27sImK49";};view "external"{ match-clients { any; }; recursion yes; include "/etc/named.root.hints"; include "/var/named/external.conf";}; # cat internal.confzone "leotest.com" { type slave; file "slaves/leotest.com.zone"; masters {192.168.0.2;}; }; # cat external.confzone "leotest.com" { type slave; file "slaves/leotest.com.zone.b"; masters {192.168.0.2;}; }; acl.conf与主DNS服务器上的配置文件一样。
页:
[1]