DNS域名解析基本过程
DNS主从模式下实现VIEW智能寻线
网络拓扑图如下:
实现步骤如下:
1、主DNS
主配置文件 /etc/named.conf
acl innet {
192.168.1.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { innet; };
notify yes;
querylog yes;
};
logging {
channel query_log {
file "/var/log/named/bind_query.log" versions 5 size 10M;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel xfer_log {
file "/var/log/named/transfer.log" versions 3 size 10k;
severity debug 3;
print-time yes;
};
category queries { query_log; };
category xfer-out { xfer_log; };
};
view telecomsync {
match-clients { 192.168.1.111; };
allow-transfer { 192.168.1.111; };
zone "soulboy.com" IN {
type master;
file "telecom.soulboy.com.zone";
};
};
view unicomsync {
match-clients { 192.168.1.112; };
allow-transfer { 192.168.1.112; };
zone "soulboy.com" IN {
type master;
file "unicom.soulboy.com.zone";
};
};
view telecom {
match-clients { innet; };
zone "soulboy.com" IN {
type master;
file "telecom.soulboy.com.zone";
};
};
view unicom {
match-clients { any; };
zone "soulboy.com" IN {
type master;
file "unicom.soulboy.com.zone";
};
};
正向区域文件/var/named/telecom.soulboy.com.zone
$TTL 43200
@ IN SOA ns1.soulboy.com. admin.soulboy.com. (
2013040202
1H
10M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 192.168.1.104
ns2 IN A 192.168.1.110
mail IN A 192.168.1.105
www IN A 192.168.1.106
ftp IN CNAME www
*.soulboy.com. IN A 192.168.1.140
fin IN NS ns1.fin
ns1.fin IN A 192.168.1.160
正向区域文件/var/named/unicom.soulboy.com.zone
$TTL 43200
@ IN SOA ns1.soulboy.com. admin.soulboy.com. (
2013040202
1H
10M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 192.168.1.104
ns2 IN A 192.168.1.110
mail IN A 192.168.1.115
www IN A 192.168.1.116
ftp IN CNAME www
*.soulboy.com. IN A 192.168.1.140
fin IN NS ns1.fin
ns1.fin IN A 192.168.1.160
2、辅助DNS(区域文件自动同步)
主配置文件 /etc/named.conf
acl innet {
192.168.1.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { innet; };
notify yes;
querylog yes;
};
logging {
channel query_log {
file "/var/log/named/bind_query.log" versions 5 size 10M;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel xfer_log {
file "/var/log/named/transfer.log" versions 3 size 10k;
severity debug 3;
print-time yes;
};
category queries { query_log; };
category xfer-out { xfer_log; };
};
view telecom {
match-clients { innet; };
transfer-source 192.168.1.111;
zone "soulboy.com" IN {
type slave;
file "slaves/telecom.soulboy.com.zone";
masters { 192.168.1.104; };
allow-transfer { none; };
};
};
view unicom {
match-clients { any; };
transfer-source 192.168.1.112;
zone "soulboy.com" IN {
type slave;
file "slaves/unicom.soulboy.com.zone";
masters { 192.168.1.104; };
allow-transfer { none; };
};
};
3、子域(fin.soulboy.com)
主配置文件 /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "fin.soulboy.com" IN {
type master;
file "fin.soulboy.com.zone";
};
zone "soulboy.com" IN {
type forward;
forward first;
forwarders { 192.168.1.104; };
};
正向区域配置文件/var/named/fin.soulboy.com.zone
$TTL 600
@ IN SOA ns1.fin.soulboy.com. admin.fin.soulboy.com. (
2013050105
1H
5M
2D
6H )
IN NS ns1
IN MX 10 mail
ns1 IN A 192.168.1.160
mail IN A 192.168.1.166
www IN A 192.168.1.160
4、测试
客户端使用辅助DNS解析:
View会根据客户端IP(172.168.1.10)智能的为其选择匹配的区域文件unicom.soulboy.com.zone(解析地址应为192.168.1.116),结果如下图:
路由器使用辅助DNS解析:
View会根据路由器IP(192.168.1.254)智能的为其选择匹配的区域文件telecom.soulboy.com.zone(解析地址应为192.168.1.106),结果如下图:
至此足可证明主从DNS工作正常,没有问题。
客户端使用辅助DNS解析子域(fin.soulboy.com),结果如下图:
路由器使用复制DNS解析子域(www.fin.soulboy.com),结果如下图:
至此足以证明主从DNS和子域(fin.soulboy.com)工作正常,没有问题。