配置DNS服务器通过视图实现智能解析

地址规划:

213334223.png

213334976.png

一、安装bind和bind-utils
[root@ns1 ~]# yum -y install bind bind-utils


二、修改配置文件

[root@ns1 ~]# cat /etc/named.rfc1912.zones
//定义内网、电信网络、联通网络所在网段
acl innet {
        172.16.0.0/16;
        127.0.0.0/8;
};
acl telecom {
        202.111.0.0/16;
};
acl unicom {
        202.110.0.0/16;
};
// 内网视图
view innet {
        match-clients { innet; };
        zone "." IN {
                type hint;
                file "named.ca";
        };
        zone "localhost.localdomain" IN {
                type master;
                file "named.localhost";
                allow-update { none; };
        };
        zone "localhost" IN {
                type master;
                file "named.localhost";
                allow-update { none; };
        };
        zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
                type master;
                file "named.loopback";
                allow-update { none; };
        };
        zone "1.0.0.127.in-addr.arpa" IN {
                type master;
                file "named.loopback";
                allow-update { none; };
        };
        zone "0.in-addr.arpa" IN {
                type master;
                file "named.empty";
                allow-update { none; };
        };
        zone "sanyu.com" IN {
                type master;
                file "innet.sanyu.com.zone";
        };
        zone "100.1.202.in-addr.arpa" IN {
                type master;
                file "innet.100.16.172.in-addr.arpa";
        };
};
// 电信视图
view telecom {
        match-clients { telecom; };
        zone "sanyu.com" IN {
                type master;
                file "telecom.sanyu.com.zone";
        };
        zone "100.111.202.in-addr.arpa" IN {
                type master;
                file "telecom.100.111.202.in-addr.arpa";
        };
};
// 联通视图
view unicom {
        match-clients { unicom; };
        zone "sanyu.com" IN {
                type master;
                file "unicom.sanyu.com.zone";
        };
        zone "100.110.202.in-addr.arpa" IN {
                type master;
                file "unicom.100.110.202.in-addr.arpa";
        };
};
三、修改主配置文件
[root@ns1 ~]# vim /etc/named.conf

删除第11,12,17行

214000303.png

由于使用了视图里, 主配置文件应删除关于根域的定义

214000635.png

四、书写 区域文件
[root@ns1 named]# vim innet.sanyu.com.zone

214001689.png

[root@ns1 named]# vim innet.100.16.172.in-addr.arpa

214002905.png

[root@ns1 named]# vim telecom.sanyu.com.zone

214003982.png

[root@ns1 named]# vim unicom.sanyu.com.zone

214219957.png

[root@ns1 named]# vim unicom.100.110.202.in-addr.arpa

214219446.png

更改文件属组和权限
[root@ns1 ~]# chgrp named /var/named/*.sanyu.com.zone /var/named/*in-addr.arpa
[root@ns1 ~]# chmod 640 /var/named/*sanyu.com.zone /var/named/*in-addr.arpa
启动服务
[root@ns1 ~]# service named start
[root@ns1 ~]# chkconfig named on
五、测试:
先在防火墙上执行:
[root@R1 ~]# iptables -t -nat -F
[root@R1 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@R1 ~]# iptables -t nat -A PREROUTING -s 202.111.0.0/16 -d 202.111.100.100 -p tcp --dport 53 -j DNAT --to-destination 172.16.100.53
[root@R1 ~]# iptables -t nat -A PREROUTING -s 202.110.0.0/16 -d 202.110.100.100 -p tcp --dport 53 -j DNAT --to-destination 172.16.100.53
[root@R1 ~]# iptables -t nat -A PREROUTING -s 202.111.0.0/16 -d 202.111.100.100 -p udp --dport 53 -j DNAT --to-destination 172.16.100.53
[root@R1 ~]# iptables -t nat -A PREROUTING -s 202.110.0.0/16 -d 202.110.100.100 -p udp --dport 53 -j DNAT --to-destination 172.16.100.53
客户机DNS指向防火墙

214220462.png

214221587.png

214221888.png

上述过程脚本化实现:

#!/bin/bash
yum -y install bind bind-utils
cat >/etc/named.rfc1912.zones <<END
acl innet {
    172.16.0.0/16;
    127.0.0.0/8;
};
acl telecom {
    202.111.0.0/16;
      
};
acl unicom {
    202.110.0.0/16;
       
};
view innet {
    match-clients { innet; };
    zone "." IN {
        type hint;
        file "named.ca";
    };
    zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
    };
    zone "localhost" IN {
        type master;
        file "named.localhost";
            allow-update { none; };
    };
    zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
    };
    zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
    };
    zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
    };
    zone "sanyu.com" IN {
        type master;
        file "innet.sanyu.com.zone";
    };
    zone "100.1.202.in-addr.arpa" IN {
        type master;
        file "innet.100.16.172.in-addr.arpa";
    };
};
view telecom {
    match-clients { telecom; };
    zone "sanyu.com" IN {
        type master;
        file "telecom.sanyu.com.zone";
    };
    zone "100.111.202.in-addr.arpa" IN {
        type master;
        file "telecom.100.111.202.in-addr.arpa";
    };
};
view unicom {
    match-clients { unicom; };
    zone "sanyu.com" IN {
        type master;
        file "unicom.sanyu.com.zone";
    };
    zone "100.110.202.in-addr.arpa" IN {
        type master;
        file "unicom.100.110.202.in-addr.arpa";
    };
};
END
cat >/var/named/innet.sanyu.com.zone <<END
\$TTL 600
@       IN      SOA     ns1.sanyu.com.      admin.sanyu.com. (
                        2013080808
                        2H
                        10M
                        3D
                        1D )
            IN      NS      ns1
            IN      MX 10       mail
ns1         IN      A       172.16.100.53
mail            IN      A       172.16.100.53
bbs         IN      A       172.16.100.81
shop            IN      A       172.16.100.43
END
cat >/var/named/innet.100.16.172.in-addr.arpa<<END
\$TTL 600
@       IN      SOA     ns1.sanyu.com.      admin.sanyu.com. (
                        2013080808
                        2H
                        10M
                        3D
                        1D )
            IN      NS      ns1.sanyu.com.
53          IN      PTR     ns1.sanyu.com.
53          IN      PTR     mail.sanyu.com.
81          IN      PTR     bbs.sanyu.com.
43          IN      PTR     shop.sanyu.com.
END
sed s/172.16.100.[0-9].*/202.111.100.100/g  /var/named/innet.sanyu.com.zone >> /var/named/telecom.sanyu.com.zone
sed 's/^[0-9].\{1,3\}/100/g' /var/named/innet.100.16.172.in-addr.arpa >> /var/named/telecom.100.111.202.in-addr.arpa
sed s/172.16.100.[0-9].*/202.110.100.100/g /var/named/innet.sanyu.com.zone >> /var/named/unicom.sanyu.com.zone
sed 's/^[0-9].\{1,3\}/100/g'  /var/named/innet.100.16.172.in-addr.arpa >> /var/named/unicom.100.110.202.in-addr.arpa
chgrp named /var/named/*.sanyu.com.zone /var/named/*in-addr.arpa
chmod 640 /var/named/*sanyu.com.zone /var/named/*in-addr.arpa
sed  -i /listen-on/d /etc/named.conf
sed  -i '/zone "." IN/,/^$/d' /etc/named.conf
sed -i /allow-query/d /etc/named.conf
service named start
chkconfig named on


你可能感兴趣的:(view,dns,电信,智能,Unicom)