首页 > 系统运维 > Bind智能DNS搭建
您的足迹
  • 你没有浏览过任何文章或者你没有开启cookies。

Bind智能DNS搭建

bind的view原理: view在bind中被称为视图功能,我们都知道DNS最基本的功能就是响应域名的查询,然后返回该域名的地址数据。
而view和常规的DNS不同,当用户访问某个域名时,智能DNS服务器上的view会先判断一下他的IP地址,然后和内部IP表做匹配,然后
再返回给用户查询请求(注:一个区域会有多个view,每个view的配置均不相同,当用户访问一个域名时,view会根据用户IP判断此
用户IP属于哪个view,然后某个view再给用户返回查询请求)
废话不多说,直接上配置步骤:
1.安装基本bind软件,直接用yum安装省事,也可以用光盘相应软件,命令如下:
#yum -y install bind bind-devel bind-libbind bind-libs bind-sdb bind-utils
2.生成key,用于主从view同步验证
每个视图使用一个key,用于主从直接数据传输的认证、数据加密
#dnssec-keygen -a hmac-md5 -b 128 -n HOST liantong
#dnssec-keygen -a hmac-md5-b 128 -n HOST dianxin
#dnssec-keygen -a hmac-md5-b 128 -n HOST any
3.查看一下key的具体内容,其中红色部分是需要添加到bind的主配置文件
#morecatrivate-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 3ZVlHsAwi8ZRoyHt/g+F+Q==
Bits: AAA=
4.新建acl
-- -- -- -- -- -- -- --
dianxin.conf:

acl dianxin {

202.96.209.133;

};
-- -- -- -- -- -- -- --
liantong.conf

acl liantong {

202.102.152.3;

}; 
-- -- -- -- -- -- -- --
5.设置主配置文件

6、设置主配置文件named.conf

我们共新建了三个view,分别是liantongdianxinany。其中liantong负责为联通用户处理查询请求,dianxin负责为电信用户处理查询请求,any负责处理既不是联通用也不是电信用户的查询请求

//
// named.conf for Red Hat caching-nameserver 
//

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
        #recursion no;
    notify yes; 
        listen-on {  58.90.26.21;};
        version "who knows? ";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.     
         query-source address * port 53;
        allow-transfer { 1.2.82.229; localhost;};
        notify yes; 
        */
        allow-transfer { 1.2.82.229; localhost;};
};
logging {
              channel query_log {
                      file "query.log";
                      severity        info;
                      print-time        yes;
                      print-category  yes;
              };
              category queries {
                      query_log;
              };
              category lame-servers { null; };
      };
// 
// 
// a caching only nameserver config
// 
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/rndc.conf";
include "/etc/liantong.conf";
include "/etc/cianxin.conf";
#include "/etc/yd.conf";

key liantong-key {
algorithm hmac-md5;
secret "sUdjqo2iWnd44IJbKR8Mvg==";
};

key dianxin-key {
algorithm hmac-md5;
secret "j4Hk3JEJwCVxYOckQEHPMg==";
};

key any-key {
algorithm hmac-md5;
secret "FkLP4qIWRe+9iQd5rYhUxw==";
};

##################################this is for Liantong's IPs####################################################
view "view_liantong"
{
match-clients { LT; };

        zone "." IN {
                type hint;
                file "named.ca";
        };

        zone "localhost" IN {
                type master;
                file "localhost.zone";
                allow-update { none; };
        };

        zone "0.0.127.in-addr.arpa" IN {
                type master;
                file "named.local";
                allow-update { none; };
        };

zone "sheriy.com" {
        type    master;
        file    "184/lt.sheriy.com.db";
        also-notify { 218.104.82.229; };
        notify  YES;
};

};
###############################This is for Dianxin's IPS#######################################################
view "view_dianxin"
{
match-clients { DX; };

        zone "." IN {
                type hint;
                file "named.ca";
        };

        zone "localhost" IN {
                type master;
                file "localhost.zone";
                allow-update { none; };
        };

        zone "0.0.127.in-addr.arpa" IN {
                type master;
                file "named.local";
                allow-update { none; };
        };

zone "sheriy.com" {
        type    master;
        file    "184/dx.sheriy.com.db";
        also-notify { 218.104.82.229; };
        notify  YES;
};

};

#############################This is for others IP###############################################
view "view_any"
{
match-clients { any; };

        zone "." IN {
                type hint;
                file "named.ca";
        };

        zone "localhost" IN {
                type master;
                file "localhost.zone";
                allow-update { none; };
        };

        zone "0.0.127.in-addr.arpa" IN {
                type master;
                file "named.local";
                allow-update { none; };
        };
                zone "sheriy.com" {
        type    master;
        file    "184/sheriy.com.db";
        notify  YES;
        also-notify { 1.2.82.229; };

};
}
6.复制原来DNS服务name目录数据文件,直接放在/var/下面,修改相应权限,测试正常。
  1. 还没有评论
评论提交中, 请稍候...

留言

可以使用的标签: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackbacks & Pingbacks ( 0 )
  1. 还没有 trackbacks
Feed