一、简介 在实际的网络应用中,我们有时希望对于同一个Domain Name能够根据不同的请求IP地址/区域,解析到不同的对应IP地址,比如:有时对于企业内部网络和外部网络希望对同一域名解析到不同的IP地址以达到安全目的或者应用目的,又比如为了解决中国南北方电信/网通互访速度差异问题,您也会希望电信用户解析到的域名IP是位于电信网络中的服务器,网通用户亦然,使用户能够访问到临近的最快的服务器。而这些应用都可以通过对DNS的简单配置达到,使用DNS达到这一目的有以下的优点: 1.低成本-无需添加任何专用设备,只需通过简单配置即可; 2.灵活性强-可随时增加/删除解析规则; 3.有一定的可扩展能力-如果搭配Round Robin DNS可无缝快速的配置简单的负载均衡。
二、DNS-views配置 1、原理 使用DNS提供的view指令可以实现根据不同的IP范围来对同一个域名进行解析。 注意:view指令只在BIND9存在,以前的BIND8是没有view指令的! 2、配置示例 (1)环境假想 操作系统:Red Hat Enterprise Linux Server release 5 (Tikanga) BIND版本:BIND 9.3.3rc2 主DNS服务器:192.168.0.2 从DNS服务器:192.168.0.3 域名:leotest.com 我们希望CN的IP列表所解析到 www.leotest.com的IP地址为:192.168.0.100,非CN的IP列表内的IP则解析到:192.168.0.200 安装Bind: # rpm -ivh bind-9.3.3-7.el5.i386.rpm [root@rhel5 etc]# cat named.conf include "/var/named/acl.conf"; options { query-source port 53; query-source-v6 port 53; directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view "internal" { match-clients { CN; }; recursion yes; include "/etc/named.root.hints"; zone "my.internal.zone" { type master; file "my.internal.zone.db"; }; zone "my.slave.internal.zone" { type slave; file "slaves/my.slave.internal.zone.db"; masters { /* put master nameserver IPs here */ 127.0.0.1; } ; }; zone "my.ddns.internal.zone" { type master; allow-update { key ddns_key; }; file "slaves/my.ddns.internal.zone.db"; }; zone "leotest.com" { type master; file "leotest.com.zone"; allow-transfer { 192.168.0.3; }; }; }; key ddns_key { algorithm hmac-md5; secret "ZQFSVQ9sMquZsdb3Twg9q231SwF1f1KBhG74JMlaiPaumD6NeOA626FQ1DOa"; }; view "external" { match-clients { any; }; recursion yes; include "/etc/named.root.hints"; zone "my.external.zone" { type master; file "my.external.zone.db"; }; zone "leotest.com" { type master; file "leotest.com.zone.ext"; allow-transfer { 192.168.0.3; }; }; }; [root@rhel5 named]# cat acl.conf acl "CN" { 58.248.0.0/13; 210.52.0.0/16; }; 可以在这个文件里添加更多的IP地址段,上面只是做为例子。 [root@rhel5 named]# cat leotest.com.zone $ttl 38400 @ IN SOA ns.leotest.com. root.ns.leotest.com.( 2007072600 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; default_ttl ) @ NS ns.leotest.com. @ MX 5 mail.leotest.com. IN A 192.168.0.100 www IN A 192.168.0.100 mail IN A 192.168.0.100 [root@rhel5 named]# cat leotest.com.zone.ext $ttl 38400 @ IN SOA ns.leotest.com. root.ns.leotest.com.( 2007072600 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; default_ttl ) @ NS ns.leotest.com. @ MX 5 mail.leotest.com. IN A 192.168.0.200 www IN A 192.168.0.200 mail IN A 192.168.0.200 下面是从DNS(192.168.0.3)的设置 [root@mail named]# cat /etc/named.conf include "/var/named/acl.conf"; options { query-source port 53; query-source-v6 port 53; directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view "internal" { match-clients { CN; }; recursion yes; include "/etc/named.root.hints"; include "/var/named/internal.conf"; }; key ddns_key { algorithm hmac-md5; secret "COD951PjWgXORWEdLNbN1xAzuZ5eRrdzXmhCZp09ykYoczacYxPe27sImK49"; }; view "external" { match-clients { any; }; recursion yes; include "/etc/named.root.hints"; include "/var/named/external.conf"; }; [root@mail named]# cat internal.conf zone "leotest.com" { type slave; file "slaves/leotest.com.zone"; masters {192.168.0.2;}; }; [root@mail named]# cat external.conf zone "leotest.com" { type slave; file "slaves/leotest.com.zone.b"; masters {192.168.0.2;}; }; acl.conf与主DNS服务器上的配置文件一样。
|