智能DNS
对域名进行智能解析,能够根据客户端的IP的特点对相同域名解析为不同的IP。
用到DNS里的视图(view)功能:
类似于编程语言的if语句
if [ IP == "中国电信的IP" ];then
把域名解析电信机房的服务器的IP
elif [ IP == "网通IP" ];then
把域名解析网通机房的服务器的IP
else
默认返回电信机房的IP
fi
DNS视图:
view
准备:
静态IP
FQDN的主机名
绑定hosts文件
安装:
# yum install bind bind-chroot -y
一、建立IP列表
# vim /var/named/chroot/var/named/chinanet
acl chinanet {
10.1.1.101;
10.1.1.233;
10.1.1.110;
10.1.1.156;
10.1.1.123;
};
# vim /var/named/chroot/var/named/cnc
acl cnc {
10.1.1.1;
10.1.1.21;
10.1.1.22;
10.1.1.60;
10.1.1.175
10.1.1.50;
172.16.196.1;
172.16.196.2;
};
二、建立配置文件
# vim /var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named"; <---锁定之后,chroot之后的“/”
allow-query { any; };
};
include "cnc";<----访问列表: IP列表
include "chinanet";
view china_net {
match-clients { chinanet; }; <--- "chinanet" 是acl的名字
zone "upl.com." IN {
type master;
file "data/chinanet.upl.com.zone";
};
};
view china_cnc {
match-clients { cnc; };
zone "upl.com." IN {
type master;
file "data/cnc.upl.com.zone";
};
};
view other {
match-clients { any; };
zone "upl.com." IN {
type master;
file "data/other.upl.com.zone";
};
};
三、分别建立三个视图对应的区的定于文件
# vim /var/named/chroot/var/named/data/chinanet.upl.com.zone
$TTL 86400
@ IN SOA upl.com. root. (
2013022201
2M
1M
1D
1H )
@ IN NS www.upl.com.
www IN A 10.1.1.21
bbs IN A 10.1.1.10
# vim /var/named/chroot/var/named/data/cnc.upl.com.zone
$TTL 86400
@ IN SOA upl.com. root. (
2013022201
2M
1M
1D
1H )
@ IN NS www.upl.com.
www IN A 10.1.1.21
bbs IN A 10.1.1.11
# vim /var/named/chroot/var/named/data/other.upl.com.zone
$TTL 86400
@ IN SOA upl.com. root. (
2013022201
2M
1M
1D
1H )
@ IN NS www.upl.com.
www IN A 10.1.1.21
bbs IN A 10.1.1.12
# service named start
客户端去测试:
客户端的DNS必须指向我们自己配置的DNS服务器的IP
# vim /etc/resolv.conf
nameserver 10.1.1.21
# nslookup bbs.upl.com 《---- 不同网段的客户端解析bbs.upl.com返回不同的IP
例子:如何在视图的配置下增加一个DNS从服务器
一、在主DNS服务器上生成一个key
# rndc-confgen -a -c /etc/rndc.key
# cat /etc/rndc.key
# cat /var/named/chroot/etc/rndc.key 保证两个文件内容都一样
key "rndc-key" {
algorithm hmac-md5;
secret "PIeY8PMHKStmytRUnk2GCw==";
};
# vim /var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
allow-query { any; };
};
include "/etc/rndc.key";
include "cnc";
include "chinanet";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
view china_net {
match-clients { chinanet;10.1.1.17; };
zone "upl.com." IN {
type master;
file "data/chinanet.upl.com.zone";
allow-transfer { key "rndc-key"; }; <--只要是能够提供正确密钥,都能下载区域文件成为从DNS服务器
};
};
view china_cnc {
match-clients { cnc;10.1.1.18; };
zone "upl.com." IN {
type master;
file "data/cnc.upl.com.zone";
allow-transfer { key "rndc-key"; };
};
};
view other {
match-clients { any; };
zone "upl.com." IN {
type master;
file "data/other.upl.com.zone";
allow-transfer { key "rndc-key"; };
};
};
二、配置从DNS
IP、FQDN、hosts
必须给从DNS安排3个IP
10.1.1.17模拟成电信IP
10.1.1.18模拟网通的IP
10.1.1.19模拟其他网络的IP
主、从之间时间要同步
# ntpdate 10.1.1.21
# ifconfig eth0 10.1.1.17 netmask 255.255.255.0
# ifconfig eth0:1 10.1.1.18 netmask 255.255.255.0
# ifconfig eth0:2 10.1.1.19 netmask 255.255.255.0
1、安装软件包 bind , bind-chroot
2、在Master(主DNS)上下载key文件/etc/rndc.key
# rsync -alvR 10.1.1.21:/var/named/chroot/etc/rndc.key /
# rsync -alvR 10.1.1.21:/etc/rndc.key /
# vim /var/named/chroot/etc/named.conf
如果不下载,可以直接把这个key文件的内容写在主配置中
3、下载IP列表文件,应该和master一样
# rsync -alvR 10.1.1.21:/var/named/chroot/var/named/chinanet /
# rsync -alvR 10.1.1.21:/var/named/chroot/var/named/cnc /
4、配置从DNS的配置文件
# vim /var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
allow-query { any; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "PIeY8PMHKStmytRUnk2GCw==";
};
include "cnc";
include "chinanet";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
view china_net {
match-clients { chinanet;};
transfer-source 10.1.1.17;
zone "upl.com." IN {
type slave;
file "slave/chinanet.upl.com.zone";
masters { 10.1.1.21 key "rndc-key"; };
};
};
view china_cnc {
match-clients { cnc; };
transfer-source 10.1.1.18;
zone "upl.com." IN {
type slave;
file "slave/cnc.upl.com.zone";
masters { 10.1.1.21 key "rndc-key"; };
};
};
view other {
match-clients { any; };
transfer-source 10.1.1.19;
zone "upl.com." IN {
type slave;
file "slave/other.upl.com.zone";
masters { 10.1.1.21 key "rndc-key"; };
};
};
# mkdir /var/named/chroot/var/named/slave
# chown named:named /var/named/chroot/var/named/slave