使用BIND安装智能DNS服务器(三)---添加view和acl配置
2015-03-13 16:48
621 查看
智能DNS的配置主要修改named.conf文件,利用view和acl来实现。
acl文件内容,这里只列出一部分,具体详细的可以参考这个网址
纯真IP库,给出了十分详细的IP地址,下载安装后,打开软件,点击解压就可以获取到txt文本格式的IP地址
http://www.crsky.com/soft/2611.html
IP转换为acl工具下载地址 http://blog.lishixin.net/linux/468.html/attachment/dnstool
按照下面博客中的步骤将IP转换为acl格式
http://blog.lishixin.net/archives/468#more-468
注意事项:
只要配置了view的时候,所有的zone都必须包含到view中。
包括下面的这两行
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
下面是本配置中需要的,只列出部分IP的acl文件,这个不影响正常使用
mkdir -p /var/named/acl/srcip/
vim /var/named/acl/srcip/AnHui.acl
vim /var/named/acl/srcip/BeiJing.acl
主DNS服务器配置,named.conf,修改后需要重启service named restart
从DNS服务器named.conf配置,修改后需要重启service named restart
acl文件内容,这里只列出一部分,具体详细的可以参考这个网址
纯真IP库,给出了十分详细的IP地址,下载安装后,打开软件,点击解压就可以获取到txt文本格式的IP地址
http://www.crsky.com/soft/2611.html
IP转换为acl工具下载地址 http://blog.lishixin.net/linux/468.html/attachment/dnstool
按照下面博客中的步骤将IP转换为acl格式
http://blog.lishixin.net/archives/468#more-468
注意事项:
只要配置了view的时候,所有的zone都必须包含到view中。
包括下面的这两行
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
下面是本配置中需要的,只列出部分IP的acl文件,这个不影响正常使用
mkdir -p /var/named/acl/srcip/
vim /var/named/acl/srcip/AnHui.acl
acl "AnHui.cnc"{ 36.32.0.0/24; 36.32.1.0/24; 36.32.2.0/24; }; acl "AnHui.telcom"{ 36.4.0.0/24; 36.4.1.0/24; 36.4.2.0/24; }; acl "AnHui.tietong"{ 61.235.36.0/24; 61.235.37.0/24; 61.235.38.0/24; }; acl "AnHui.mobile"{ 101.36.128.0/24; 101.36.129.0/24; 101.36.130.0/24; }; acl "AnHui.cernet"{ 1.51.64.0/24; 1.51.65.0/24; 1.51.100.0/24; };
vim /var/named/acl/srcip/BeiJing.acl
acl "BeiJing.cnc"{ 1.25.36.67; 1.25.36.68; 1.25.36.69; }; acl "BeiJing.telcom"{ 1.92.0.0/16; 1.93.0.0; 1.93.0.1; }; acl "BeiJing.tietong"{ 36.192.0.0/24; 36.192.1.0/24; 36.192.2.0/24; }; acl "BeiJing.mobile"{ 36.128.0.0/16; 36.129.0.0/16; 36.130.0.0/16; }; acl "BeiJing.cernet"{ 42.247.0.128; 42.247.0.129; 42.247.0.130; };
主DNS服务器配置,named.conf,修改后需要重启service named restart
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // include "/var/named/acl/srcip/AnHui.acl"; include "/var/named/acl/srcip/BeiJing.acl"; //include "/var/named/include_acl"; options { listen-on port 53 { 127.0.0.1; 192.168.1.100; }; //主DNS服务器 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24; }; allow-transfer { localhost; 192.168.1.101; }; //从DNS服务器 allow-query-cache { any; }; //注意没有这个将无法访问网页 recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; //电信 view "telcom-view" { match-clients { AnHui.telcom; BeiJing.telcom; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type master; file "forward.unixmen"; //正向解析文件名 allow-update { none; }; }; zone"1.168.192.in-addr.arpa" IN { type master; file "reverse.unixmen";//反向解析文件名 allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; //联通 view "cnc-view" { match-clients { AnHui.cnc; BeiJing.cnc; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type master; file "forward.unixmen"; //正向解析文件名 allow-update { none; }; }; zone"1.168.192.in-addr.arpa" IN { type master; file "reverse.unixmen";//反向解析文件名 allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; //移动 view "mobile-view" { match-clients { AnHui.mobile; BeiJing.mobile; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type master; file "forward.unixmen"; //正向解析文件名 allow-update { none; }; }; zone"1.168.192.in-addr.arpa" IN { type master; file "reverse.unixmen";//反向解析文件名 allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; //中国教育与科研网 view "cernet-view" { match-clients { AnHui.cernet; BeiJing.cernet; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type master; file "forward.unixmen"; //正向解析文件名 allow-update { none; }; }; zone"1.168.192.in-addr.arpa" IN { type master; file "reverse.unixmen";//反向解析文件名 allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; view "external-view" { match-clients { any; }; recursion yes; //需要递归,要不然上不了网。。。 zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type master; file "forward.unixmen"; //正向解析文件名 allow-update { none; }; }; zone"1.168.192.in-addr.arpa" IN { type master; file "reverse.unixmen";//反向解析文件名 allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; key "rndc-key" { algorithm hmac-md5; secret "VcL5wC2GHCzCU7ju+ajC1Q=="; }; controls { inet 0.0.0.0 port 953 allow { localhost; 192.168.1.101; } keys { "rndc-key"; }; };
从DNS服务器named.conf配置,修改后需要重启service named restart
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // include "/var/named/acl/srcip/AnHui.acl"; include "/var/named/acl/srcip/BeiJing.acl"; options { listen-on port 53 { 127.0.0.1;192.168.1.101; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; allow-query-cache { any; };//注意没有这个将无法访问网页 recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; //电信 view "telcom-view" { match-clients { AnHui.telcom; BeiJing.telcom; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type slave; file "slaves/unixmen.fwd"; masters { 192.168.1.100; };#主DNS }; zone"1.168.192.in-addr.arpa" IN { type slave; file "slaves/unixmen.rev"; masters { 192.168.1.100; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; //联通 view "cnc-view" { match-clients { AnHui.cnc; BeiJing.cnc; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type slave; file "slaves/unixmen.fwd"; masters { 192.168.1.100; };#主DNS }; zone"1.168.192.in-addr.arpa" IN { type slave; file "slaves/unixmen.rev"; masters { 192.168.1.100; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; //移动 view "mobile-view" { match-clients { AnHui.mobile; BeiJing.mobile; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type slave; file "slaves/unixmen.fwd"; masters { 192.168.1.100; };#主DNS }; zone"1.168.192.in-addr.arpa" IN { type slave; file "slaves/unixmen.rev"; masters { 192.168.1.100; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; //中国教育与科研网 view "cernet-view" { match-clients { AnHui.cernet; BeiJing.cernet; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type slave; file "slaves/unixmen.fwd"; masters { 192.168.1.100; };#主DNS }; zone"1.168.192.in-addr.arpa" IN { type slave; file "slaves/unixmen.rev"; masters { 192.168.1.100; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; view "external-view" { match-clients { any; }; recursion yes; //需要递归,要不然上不了网。。。 zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type slave; file "slaves/unixmen.fwd"; masters { 192.168.1.100; };#主DNS }; zone"1.168.192.in-addr.arpa" IN { type slave; file "slaves/unixmen.rev"; masters { 192.168.1.100; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; }; key "rndc-key" { algorithm hmac-md5; secret "VcL5wC2GHCzCU7ju+ajC1Q=="; }; controls { inet * port 953 allow { 127.0.0.1;192.168.1.100; } keys { "rndc-key"; }; };
相关文章推荐
- 使用BIND安装智能DNS服务器 添加view和acl配置
- 使用BIND安装智能DNS服务器(二)---配置rndc远程控制
- Linux系统下智能DNS服务器BIND9.7.2安装配置
- 使用BIND安装智能DNS服务器(一)---基本的主从DNS服务器搭建
- DNS(bind)服务器的安装与配置
- 使用bind实现DNS主服务器的配置以及正向解析、反向解析、主从复制
- DNS主辅服务器的搭建及acl和view的使用
- DNS服务器之一:DNS简介及BIND安装与基本配置
- linux源码包安装DNS服务器,并配置view视图,实现智能DNS。
- DNS(bind)服务器的安装与配置
- 使用bind-9.7.2-P2配置智能DNS时,发现的小问题!
- 使用bind构建高可用智能DNS服务器
- DNS2之bind安装、主从配置同步、子域创建、view配置
- bind实现智能DNS(ACL,view)3/3
- 模拟搭建智能dns , 使用了 acl 和 view
- DNS(bind)服务器安装和配置
- centos DNS服务搭建 DNS原理 使用bind搭建DNS服务器 配置DNS转发 配置主从 安装dig工具 DHCP dhclient 各种域名解析记录 mydns 第三十节课
- Linux运维实战之DNS(bind)服务器的安装与配置
- Linux运维实战之DNS(bind)服务器的安装与配置
- Linux 使用BIND配置DNS方法