CentOS7智能DNS

智能DNS:自动判断访问者的IP地址并解析出对应的IP地址,使网通用户会访问到网通服务器,电信用户会访问到电信服务器。

CentOS7智能DNS

1. Bind软件包安装。

yum install -y bind

2. 修改Bind主配置文件。

vim/etc/named.conf

13 listen-on port 53 { 192.168.200.100; };

19 allow-query { any; };

删除52-56行

52 zone "." IN {

53 type hint;

54 file "named.ca";

55 };

vim /etc/named.rfc1912.zones

view "dianxin" {#设置面向电信用户的视图

match-clients { dianxin_acl; };#匹配来自电信的客户端地址

zone "." IN {

type hint;

file "named.ca";

};

zone "a.com" IN {

type master;

file "a.com.dianxin";#指向面向电信用户的数据库文件

};

zone "200.168.192.in-addr.arpa" IN {

type master;

file "192.168.200.dianxin";

#指向面向电信用户的数据库文件

};

};

view "wangtong" {

match-clients{ wangtong_acl; };

zone "." IN {

type hint;

file "named.ca";

};

zone "a.com" IN {

type master;

file "a.com.wangtong";

};

zone "200.168.192.in-addr.arpa" IN {

type master;

file "192.168.200.wangtong";

};

};

view "other" {

match-clients{ any; };

zone "." IN {

type hint;

file "named.ca";

};

zone "a.com" IN {

type master;

file "a.com.other";

};

zone "200.168.192.in-addr.arpa" IN {

type master;

file "192.168.200.other";

};

};

include "dianxin.acl";

include "wangtong.acl";

3. 配置ACL。

vim /var/named/dianxin.acl

acl "dianxin_acl" {

192.168.200.11/32;#写入电信IP地址

};

vim /var/named/wangtong.acl

acl "wangtong_acl" {

192.168.200.22/32;#写入网通IP地址

};

4. 建立区域文件。

cd /var/named/

cp -p named.localhost a.com.dianxin

cp -p named.localhost a.com.wangtong

cp -p named.localhost a.com.other

cp -p named.empty 192.168.200.dianxin

cp -p named.empty 192.168.200.wangtong

cp -p named.empty 192.168.200.other

正向解析:

vim /var/named/a.com.dianxin

$TTL 1D

@ IN SOA a.com. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS ns.a.com.

ns A 192.168.200.100

www A 192.168.200.101

vim /var/named/a.com.wangtong

$TTL 1D

@ IN SOA a.com. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS ns.a.com.

ns A 192.168.200.100

www A 192.168.200.102

vim /var/named/a.com.other

$TTL 1D

@ IN SOA a.com. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS ns.a.com.

ns A 192.168.200.100

www A 192.168.200.103

反向解析:

vim /var/named/192.168.200.dianxin

$TTL 3H

@ IN SOA a.com. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS ns.a.com.

100 PTR ns.a.com.

101 PTR www.a.com.

vim /var/named/192.168.200.wangtong

$TTL 3H

@ IN SOA a.com. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS ns.a.com.

100 PTR ns.a.com.

102 PTR www.a.com.

vim /var/named/192.168.200.other

$TTL 3H

@ IN SOA a.com. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS ns.a.com.

100 PTR ns.a.com.

103 PTR www.a.com.

ls -l

CentOS7智能DNS

5. 语法测试、启动Bind服务。

named-checkconf /etc/named.conf

named-checkzone a.com /var/named/a.com.dianxin

named-checkzone a.com /var/named/a.com.wangtong

named-checkzone a.com /var/named/a.com.other

named-checkzone 200.168.192.in-addr.arpa/var/named/192.168.200.dianxin

named-checkzone 200.168.192.in-addr.arpa/var/named/192.168.200.wangtong

named-checkzone 200.168.192.in-addr.arpa/var/named/192.168.200.other

systemctl restart named

systemctl enable named

ss -ntlu | grep 53

udp UNCONN 0 0 192.168.200.100:53 *:*

客户端测试。

客户端IP:

dianxin:192.168.200.11/24

wangtong:192.168.200.22/24

other:192.168.200.3/24

DNS设置为:192.168.200.100

客户端域名解析。

dianxin:

CentOS7智能DNS

wangtong:

CentOS7智能DNS

other:

CentOS7智能DNS