DNS域名解析基本过程
DNS主从模式下实现VIEW智能寻线
网络拓扑图如下:
实现步骤如下:
1、主DNS
主配置文件 /etc/named.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
acl innet {
192.168.1.0
/24
;
127.0.0.0
/8
;
};
options {
directory
"/var/named"
;
allow-recursion { innet; };
notify
yes
;
querylog
yes
;
};
logging {
channel query_log {
file
"/var/log/named/bind_query.log"
versions 5 size 10M;
severity dynamic;
print-category
yes
;
print-
time
yes
;
print-severity
yes
;
};
channel xfer_log {
file
"/var/log/named/transfer.log"
versions 3 size 10k;
severity debug 3;
print-
time
yes
;
};
category queries { query_log; };
category xfer-out { xfer_log; };
};
view telecomsync {
match-clients { 192.168.1.111; };
allow-transfer { 192.168.1.111; };
zone
"soulboy.com"
IN {
type
master;
file
"telecom.soulboy.com.zone"
;
};
};
view unicomsync {
match-clients { 192.168.1.112; };
allow-transfer { 192.168.1.112; };
zone
"soulboy.com"
IN {
type
master;
file
"unicom.soulboy.com.zone"
;
};
};
view telecom {
match-clients { innet; };
zone
"soulboy.com"
IN {
type
master;
file
"telecom.soulboy.com.zone"
;
};
};
view unicom {
match-clients { any; };
zone
"soulboy.com"
IN {
type
master;
file
"unicom.soulboy.com.zone"
;
};
};
|
正向区域文件/var/named/telecom.soulboy.com.zone
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
$TTL 43200
@ IN SOA ns1.soulboy.com. admin.soulboy.com. (
2013040202
1H
10M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 192.168.1.104
ns2 IN A 192.168.1.110
mail IN A 192.168.1.105
www IN A 192.168.1.106
ftp
IN CNAME www
*.soulboy.com. IN A 192.168.1.140
fin IN NS ns1.fin
ns1.fin IN A 192.168.1.160
|
正向区域文件/var/named/unicom.soulboy.com.zone
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
$TTL
43200
@ IN SOA ns1.soulboy.com. admin.soulboy.com. (
2013040202
1H
10M
7D
1D )
IN NS ns1
IN NS ns2
IN MX
10
mail
ns1 IN A
192.168
.
1.104
ns2 IN A
192.168
.
1.110
mail IN A
192.168
.
1.115
www IN A
192.168
.
1.116
ftp IN CNAME www
*.soulboy.com. IN A
192.168
.
1.140
fin IN NS ns1.fin
ns1.fin IN A
192.168
.
1.160
|
2、辅助DNS(区域文件自动同步)
主配置文件 /etc/named.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
acl innet {
192.168.1.0
/24
;
127.0.0.0
/8
;
};
options {
directory
"/var/named"
;
allow-recursion { innet; };
notify
yes
;
querylog
yes
;
};
logging {
channel query_log {
file
"/var/log/named/bind_query.log"
versions 5 size 10M;
severity dynamic;
print-category
yes
;
print-
time
yes
;
print-severity
yes
;
};
channel xfer_log {
file
"/var/log/named/transfer.log"
versions 3 size 10k;
severity debug 3;
print-
time
yes
;
};
category queries { query_log; };
category xfer-out { xfer_log; };
};
view telecom {
match-clients { innet; };
transfer-
source
192.168.1.111;
zone
"soulboy.com"
IN {
type
slave;
file
"slaves/telecom.soulboy.com.zone"
;
masters { 192.168.1.104; };
allow-transfer { none; };
};
};
view unicom {
match-clients { any; };
transfer-
source
192.168.1.112;
zone
"soulboy.com"
IN {
type
slave;
file
"slaves/unicom.soulboy.com.zone"
;
masters { 192.168.1.104; };
allow-transfer { none; };
};
};
|
3、子域(fin.soulboy.com)
主配置文件 /etc/named.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
options {
directory
"/var/named"
;
};
zone
"."
IN {
type
hint;
file
"named.ca"
;
};
zone
"localhost"
IN {
type
master;
file
"named.localhost"
;
allow-transfer { none; };
};
zone
"0.0.127.in-addr.arpa"
IN {
type
master;
file
"named.loopback"
;
allow-transfer { none; };
};
zone
"fin.soulboy.com"
IN {
type
master;
file
"fin.soulboy.com.zone"
;
};
zone
"soulboy.com"
IN {
type
forward;
forward first;
forwarders { 192.168.1.104; };
};
|
正向区域配置文件/var/named/fin.soulboy.com.zone
1
2
3
4
5
6
7
8
9
10
11
12
|
$TTL 600
@ IN SOA ns1.fin.soulboy.com. admin.fin.soulboy.com. (
2013050105
1H
5M
2D
6H )
IN NS ns1
IN MX 10 mail
ns1 IN A 192.168.1.160
mail IN A 192.168.1.166
www IN A 192.168.1.160
|
4、测试
客户端使用辅助DNS解析:
View会根据客户端IP(172.168.1.10)智能的为其选择匹配的区域文件unicom.soulboy.com.zone(解析地址应为192.168.1.116),结果如下图:
路由器使用辅助DNS解析:
View会根据路由器IP(192.168.1.254)智能的为其选择匹配的区域文件telecom.soulboy.com.zone(解析地址应为192.168.1.106),结果如下图:
至此足可证明主从DNS工作正常,没有问题。
客户端使用辅助DNS解析子域(fin.soulboy.com),结果如下图:
路由器使用复制DNS解析子域(www.fin.soulboy.com),结果如下图:
至此足以证明主从DNS和子域(fin.soulboy.com)工作正常,没有问题。
本文转自 ftmoonfans 51CThttp://blog.51cto.com/soulboy/1281127O博客,原文链接:http://blog.51cto.com/soulboy/1281127