bind之view

view视图作用

    Bind view根据客户端来源的不同，将同一个同一区域名称解析至不同的Ip地址。

Bind View工作过程

网络环境

内网网段 : 172.16.0.0/16

外网用户 : 192.168.0.0/24

域名 : www.hao123.com

DNS服务器(双IP地址): IP1 172.16.6.61/16 ;IP2192.16.0.61/24

需求:

配置一个bindview ，要求内网访用户 172.16.0.0/16 对www.hao123.com解析的结果为内网iP地址,并提供对内网用户递归查询,外网192.168.0.0/24 这个网络返回另一组解析结果

内网用户解析www.hao123.com 为172.16.6.65 ; 172.16.6.66

外网用户解析www.hao123.com 为192.168.0.66; 192.168.0.67

1. 剪切/etc/named.conf对根区域的定义zone 到/etc/named.rfc1912.zones中

##/etc/named.conf

...

zone "." IN {

    type hint;

    file "named.ca";

};

....

 

###/etc/named.rfc1912.zones

...

zone "." IN {

    type hint;

    file "named.ca";

};

 

zone"localhost.localdomain" IN {

    type master;

    file "named.localhost";

    allow-update { none; };

};

2 .在/etc/named.conf文件中的options前面定义一个名叫mynet 的acl

#/etc/named.conf

...

acl mynet {

        172.16.0.0/16;

        127.0.0.1;

};

...

3. 在/etc/named.rfc1912.zones创建内网用户使用的view localwork 外网用户使用的viewexterwork

view localwork {

    match-clients { mynet; };

    allow-recursion { mynet; };

 

zone "." IN {

    type hint;

    file "named.ca";

};

 

zone"localhost.localdomain" IN {

    type master;

    file "named.localhost";

    allow-update { none; };

};

 

zone "localhost" IN{

    type master;

    file "named.localhost";

    allow-update { none; };

};

 

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

    type master;

    file "named.loopback";

    allow-update { none; };

};

 

zone"1.0.0.127.in-addr.arpa" IN {

    type master;

    file "named.loopback";

    allow-update { none; };

};

 

zone"0.in-addr.arpa" IN {

    type master;

    file "named.empty";

    allow-update { none; };

};

 

zone "hao123.com"IN {

    type master;

    file "hao123.com.zone";

    allow-query { any; };

    allow-transfer { slave; };

};

 

zone"16.172.in-addr.arpa" IN {

    type master;

    file "16.172.in-addr.arpa.zone";};

};

 

view exterwork {

    match-clients { any; };

 

    zone "hao123.com" IN {

        type master;

        file "hao123.com_exter.zone";

        allow-query { any; };

        allow-transfer { slave; };

    allow-update { none; };

    };

};

 

4,分别创建区域解析库文件hao123.com.zonehao123.com_exter.zone 的正向区域解析库文件

 

[root@dns1 ~]# cat/var/named/hao123.com.zone

$TTL 1D

$ORIGIN hao123.com.

@   IN  SOA ns1.hao123.com. admin.hao123.com.(

        201504042403

        1h

        5m

        5h

        1w )

 

    IN  NS  ns1

    IN  NS  ns2

ns1 IN  A   172.16.6.61

ns2 IN  A   172.16.6.62

www IN  A   172.16.6.65

www IN  A   172.16.6.66

    

[root@dns1 ~]# cat/var/named/hao123.com_exter.zone

$TTL 1D

$ORIGIN hao123.com.

@   IN  SOA ns1.hao123.com. admin.hao123.com.(

        201504042403

        1h

        5m

        5h

        1w )

 

    IN  NS  ns1

    IN  NS  ns2

ns1 IN  A   172.16.6.61

ns2 IN  A   172.16.6.62

www IN  A   192.168.0.66

www IN  A   192.168.0.67

 

5. 修改hao123.com.zone hao123.com_exter.zone 的权限为640 和属组

 

[root@dns1 ~]# chmod 640 /var/named/{hao123.com_exter.zone,hao123.com.zone}

[root@dns1 ~]# chown:named /var/named/{hao123.com_exter.zone,hao123.com.zone}

[root@dns1 ~]# ll/var/named/{hao123.com_exter.zone,hao123.com.zone}

-rw-r----- 1 root named 497 4月  26 20:28/var/named/hao123.com_exter.zone

-rw-r----- 1 root named 497 4月  26 15:24/var/named/hao123.com.zone

6.使用内网客户端测试解析结果

[root@dns1 ~]# host -t a www.hao123.com172.16.6.61

Using domain server:

Name: 172.16.6.61

Address: 172.16.6.61#53

Aliases:

 

www.hao123.com has address172.16.6.66

www.hao123.com has address172.16.6.65

 

7.使用外网客户端测试解析结果

[root@localhost ~]# host -t awww.hao123.com 192.168.0.61

Using domain server:

Name: 192.168.0.61

Address: 192.168.0.61#53

Aliases:

 

www.hao123.com has address192.168.0.66

www.hao123.com has address192.168.0.67