地址规划:

213334223.png

配置DNS服务器通过视图实现智能解析_第1张图片

一、安装bind和bind-utils
[root@ns1 ~]# yum -y install bind bind-utils


二、修改配置文件

[root@ns1 ~]# cat /etc/named.rfc1912.zones
//定义内网、电信网络、联通网络所在网段
acl innet {
        172.16.0.0/16;
        127.0.0.0/8;
};
acl telecom {
        202.111.0.0/16;
};
acl unicom {
        202.110.0.0/16;
};
// 内网视图
view innet {
        match-clients { innet; };
        zone "." IN {
                type hint;
                file "named.ca";
        };
        zone "localhost.localdomain" IN {
                type master;
                file "named.localhost";
                allow-update { none; };
        };
        zone "localhost" IN {
                type master;
                file "named.localhost";
                allow-update { none; };
        };
        zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
                type master;
                file "named.loopback";
                allow-update { none; };
        };
        zone "1.0.0.127.in-addr.arpa" IN {
                type master;
                file "named.loopback";
                allow-update { none; };
        };
        zone "0.in-addr.arpa" IN {
                type master;
                file "named.empty";
                allow-update { none; };
        };
        zone "sanyu.com" IN {
                type master;
                file "innet.sanyu.com.zone";
        };
        zone "100.1.202.in-addr.arpa" IN {
                type master;
                file "innet.100.16.172.in-addr.arpa";
        };
};
// 电信视图
view telecom {
        match-clients { telecom; };
        zone "sanyu.com" IN {
                type master;
                file "telecom.sanyu.com.zone";
        };
        zone "100.111.202.in-addr.arpa" IN {
                type master;
                file "telecom.100.111.202.in-addr.arpa";
        };
};
// 联通视图
view unicom {
        match-clients { unicom; };
        zone "sanyu.com" IN {
                type master;
                file "unicom.sanyu.com.zone";
        };
        zone "100.110.202.in-addr.arpa" IN {
                type master;
                file "unicom.100.110.202.in-addr.arpa";
        };
};
三、修改主配置文件
[root@ns1 ~]# vim /etc/named.conf

删除第11,12,17行

配置DNS服务器通过视图实现智能解析_第2张图片

由于使用了视图里, 主配置文件应删除关于根域的定义

214000635.png

四、书写 区域文件
[root@ns1 named]# vim innet.sanyu.com.zone

配置DNS服务器通过视图实现智能解析_第3张图片

[root@ns1 named]# vim innet.100.16.172.in-addr.arpa

配置DNS服务器通过视图实现智能解析_第4张图片

[root@ns1 named]# vim telecom.sanyu.com.zone

配置DNS服务器通过视图实现智能解析_第5张图片

[root@ns1 named]# vim unicom.sanyu.com.zone

配置DNS服务器通过视图实现智能解析_第6张图片

[root@ns1 named]# vim unicom.100.110.202.in-addr.arpa

配置DNS服务器通过视图实现智能解析_第7张图片

更改文件属组和权限
[root@ns1 ~]# chgrp named /var/named/*.sanyu.com.zone /var/named/*in-addr.arpa
[root@ns1 ~]# chmod 640 /var/named/*sanyu.com.zone /var/named/*in-addr.arpa
启动服务
[root@ns1 ~]# service named start
[root@ns1 ~]# chkconfig named on
五、测试:
先在防火墙上执行:
[root@R1 ~]# iptables -t -nat -F
[root@R1 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@R1 ~]# iptables -t nat -A PREROUTING -s 202.111.0.0/16 -d 202.111.100.100 -p tcp --dport 53 -j DNAT --to-destination 172.16.100.53
[root@R1 ~]# iptables -t nat -A PREROUTING -s 202.110.0.0/16 -d 202.110.100.100 -p tcp --dport 53 -j DNAT --to-destination 172.16.100.53
[root@R1 ~]# iptables -t nat -A PREROUTING -s 202.111.0.0/16 -d 202.111.100.100 -p udp --dport 53 -j DNAT --to-destination 172.16.100.53
[root@R1 ~]# iptables -t nat -A PREROUTING -s 202.110.0.0/16 -d 202.110.100.100 -p udp --dport 53 -j DNAT --to-destination 172.16.100.53
客户机DNS指向防火墙

配置DNS服务器通过视图实现智能解析_第8张图片

配置DNS服务器通过视图实现智能解析_第9张图片

配置DNS服务器通过视图实现智能解析_第10张图片


上述过程脚本化实现:

#!/bin/bash
yum -y install bind bind-utils
cat >/etc/named.rfc1912.zones </var/named/innet.sanyu.com.zone </var/named/innet.100.16.172.in-addr.arpa<> /var/named/telecom.sanyu.com.zone
sed 's/^[0-9].\{1,3\}/100/g' /var/named/innet.100.16.172.in-addr.arpa >> /var/named/telecom.100.111.202.in-addr.arpa
sed s/172.16.100.[0-9].*/202.110.100.100/g /var/named/innet.sanyu.com.zone >> /var/named/unicom.sanyu.com.zone
sed 's/^[0-9].\{1,3\}/100/g'  /var/named/innet.100.16.172.in-addr.arpa >> /var/named/unicom.100.110.202.in-addr.arpa
chgrp named /var/named/*.sanyu.com.zone /var/named/*in-addr.arpa
chmod 640 /var/named/*sanyu.com.zone /var/named/*in-addr.arpa
sed  -i /listen-on/d /etc/named.conf
sed  -i '/zone "." IN/,/^$/d' /etc/named.conf
sed -i /allow-query/d /etc/named.conf
service named start
chkconfig named on