DNS的view設置【轉載】
在實際的網絡應用中,咱們有時但願對於同一個Domain Name可以根據不一樣的請求IPhtml
地址/區域,解析到不一樣的對應IP地址,好比:有時對於企業內部網絡和外部網絡但願對同一域名解析到不一樣的IP地址以達到安全目的或者應用目的,又好比爲了解決中國南北方電信/網通互訪速度差別問題,您也會但願電信用戶解析到的域名IP是位於電信網絡中的服務器,網通用戶亦然,使用戶可以訪問到臨近的最快的服務器。web
而這些應用均可以經過對DNS的簡單配置達到,使用DNS達到這一目的有如下的優勢:centos
l 低成本-無需添加任何專用設備,只需經過簡單配置便可; 安全
l 靈活性強-可隨時增長/刪除解析規則; 服務器
l 有必定的可擴展能力-若是搭配Round Robin DNS可無縫快速的配置簡單的負載均衡;網絡
下面,咱們藉助Bind 9(Bind 8沒有這個功能哦)的這一特殊功能來實現域名的分離解析。在此例中,咱們繼續沿用x.centos.org做爲域名,讓局域網192.168.0.0/24內的機器除了192.168.0.40外都能解析到192.168.0.38,而192.168.0.40這臺機器只能解析到192.169.0.39這個地址。負載均衡
首先,須要修改named.conf文件,對view 「internal」和view 「external」這兩個視圖區域進行分別設置。咱們將view 「localhost_resolver」這個視圖、key ddns key以及view視圖內的slave這個區域都註釋掉。而後,修改internal和external兩個視圖。dom
//測試
// Sample named.conf BIND DNS server 'named' configuration filethis
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
// Those options should be used carefully because they disable port
// randomization
query-source port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
#view "localhost_resolver"
#{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
# match-clients { localhost; };
# match-destinations { localhost; };
# recursion yes;
# all views must contain the root hints zone:
# include "/etc/named.root.hints";
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
# include "/etc/named.rfc1912.zones";
#};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { 192.168.0.40; }; //設置internal區域由192.168.0.40這個地址解析。
# match-destinations { localnets; };
recursion yes;
// all views must contain the root hints zone:
include "/etc/named.root.hints";
include "/etc/named.rfc1912.zones"; //將internal視圖的區域定義文件包含進來。
// you should not serve your rfc1912 names to non-localhost clients.
// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :
zone "my.internal.zone" {
type master;
file "my.internal.zone.db";
};
# zone "my.slave.internal.zone" {
# type slave;
# file "slaves/my.slave.internal.zone.db";
# masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
# };
# zone "my.ddns.internal.zone" {
# type master;
# allow-update { key ddns_key; };
# file "slaves/my.ddns.internal.zone.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
# };
};
#key ddns_key
#{
# algorithm hmac-md5;
# secret "use /usr/sbin/dns-keygen to generate TSIG keys";
#};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { !192.168.0.40;192.168.0.0/24; }; //設置external視圖由192.168.0.0
這個網段的機器解析,但
192.168.0.40這臺主機不能解析。
# match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
// all views must contain the root hints zone:
include "/etc/named.root.hints";
include 「/etc/named.other.zones」; //添加external的區域定義文件,文件名隨意。
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "my.external.zone" {
type master;
file "my.external.zone.db";
};
};
接下來,修改internal和external視圖的區域定義文件。首先,修改internal區域定義文件named.rfc1912.zones,根據須要添加正向和反響解析區域。
zone "centos.org" IN {
type master;
file "centos.org.zone";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.zone";
allow-update { none; };
};
下面,將named.rfc1912.zones文件複製一份,並改名爲named.other.zones(這個文件名要和named.conf裏相應視圖內的文件定義要一致哦!)。而後,對named.other.zones文件進行修改。
zone "centos.org" IN {
type master;
file "centos.org1.zone"; //這裏修改external的正向解析文件爲centos.org1.zone。
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.1921.zone"; //這裏修改external的反向解析文件爲0.168.1921.zone。
allow-update { none; };
};
下面,對區域定義中定義的文件進行配置。下面是internal的區域解析文件:
$TTL 86400
@ IN SOA x.centos.org. root.x.centos.org. (
2009101901 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS x.centos.org.
IN MX mail.centos.org.
X IN A 192.168.0.39
www IN CNAME x.centos.org. //此爲正向解析文件
———————————————————————————————————————
$TTL 86400
@ IN SOA x.centos.org. root.x.centos.org. (
2009101901 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS x.centos.org.
39 IN PTR x.centos.org. //此爲逆向解析文件
這裏,internal的正向解析文件爲centos.org.zone,逆向解析文件爲0.168.192.zone;external的正向解析文件爲centos.org1.zone,逆向解析文件爲0.168.1921.zone。兩個視圖的解析文件配置方法同樣,只是IP地址不一樣。能夠先將internal的解析文件配置好,而後複製一份並改名,而後稍做修改便可。
一切修改完畢後,重啓DNS服務器,而後進行測試便可。
- 1. IPv6的DNS,設置DNS
- 2. Linux-DNS(主DNS+輔助DNS)配置圖文速覽 (轉載)
- 3. 轉載 NLS_LANG設置
- 4. linux 設置 dns
- 5. openwrt設置DNS
- 6. DNS設置
- 7. View-Administrator設置
- 8. DNS配置:設置Host文件或DNS
- 9. DNS轉發配置
- 10. DNS的view視圖功能
- 更多相關文章...
- • MySQL AS:設置別名 - MySQL教程
- • Hibernate的級聯與反轉 - Hibernate教程
- • IntelliJ IDEA代碼格式化設置
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Duang!超快Wi-Fi來襲
- 2. 機器學習-補充03 神經網絡之**函數(Activation Function)
- 3. git上開源maven項目部署 多module maven項目(多module maven+redis+tomcat+mysql)後臺部署流程學習記錄
- 4. ecliple-tomcat部署maven項目方式之一
- 5. eclipse新導入的項目經常可以看到「XX cannot be resolved to a type」的報錯信息
- 6. Spark RDD的依賴於DAG的工作原理
- 7. VMware安裝CentOS-8教程詳解
- 8. YDOOK:Java 項目 Spring 項目導入基本四大 jar 包 導入依賴,怎樣在 IDEA 的項目結構中導入 jar 包 導入依賴
- 9. 簡單方法使得putty(windows10上)可以免密登錄樹莓派
- 10. idea怎麼用本地maven
- 1. IPv6的DNS,設置DNS
- 2. Linux-DNS(主DNS+輔助DNS)配置圖文速覽 (轉載)
- 3. 轉載 NLS_LANG設置
- 4. linux 設置 dns
- 5. openwrt設置DNS
- 6. DNS設置
- 7. View-Administrator設置
- 8. DNS配置:設置Host文件或DNS
- 9. DNS轉發配置
- 10. DNS的view視圖功能