最新下载
热门教程
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Centos使用Bind配置智能DNS(2)
时间:2022-06-30 20:52:10 编辑:袖梨 来源:一聚教程网
MASTER服务器(TRANSFER-SOURCE):
[root@MASTER /]# mkdir /var/named/zones/{local,cmcc,cucc,ctcc,cecc,others}
[root@MASTER /]# chown -R named.named /var/named/zones/{local,cmcc,cucc,ctcc,cecc,others} #移动、联通、电信、教育
[root@MASTER /]# route add -net 172.28.0.0/16 dev eth0 #-net不支持子网划分
[root@MASTER named]# cat *.cfg
acl CMCC { 1.1.1.1; };
acl CTCC { 1.1.1.11; };
acl CUCC { 1.1.1.18; };
acl LOCAL {
10.0.0.0/8;
};
acl OTHERS { any; };
[root@MASTER named]# cat /usr/local/named/etc/named.conf
// named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
bindkeys-file "/usr/local/named/etc/bind.keys";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel gsquery {
file "data/query.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category queries { gsquery; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "ovH1P5Jg42kGLBWJYifXRQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
include "/var/named/named.rfc1912.zones";
[root@MASTER named]# cat /var/named/named.rfc1912.zones
view "LOCAL" {
match-clients { 172.28.1.1; LOCAL; }; #可以使用!172.28.1.2; !1.1.1.20; 屏蔽对应IP
recursion yes;
allow-update { none; };
allow-transfer { 172.28.1.1; }; #对应的LOCAL的IP
also-notify { 172.28.1.1; }; #额外主机(slave以外的主机,当slave配置的时候亦可以通知其他主机),可以不配置,不配置可以提高效率
notify yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" {
type master;
file "zones/local/local.111com.net.zone";
};
};
view "CTCC" {
match-clients { 172.28.1.2; CTCC; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone"111com.net" {
type master;
file "zones/ctcc/ctcc.111com.net.zone";
also-notify { 172.28.1.2; };
notify yes;
allow-update { none; };
allow-transfer { 172.28.1.2; };
};
};
view "CUCC" {
match-clients { 172.28.1.3; CUCC; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone"111com.net" {
type master;
file "zones/cucc/cucc.111com.net.zone";
also-notify { 172.28.1.3; };
notify yes;
allow-update { none; };
allow-transfer { 172.28.1.3; };
};
};
view "CMCC" {
match-clients { 172.28.1.4; CMCC; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone"111com.net" {
type master;
file "zones/cmcc/cmcc.111com.net.zone";
also-notify { 172.28.1.4; };
notify yes;
allow-update { none; };
allow-transfer { 172.28.1.4; };
};
};
view "OTHERS" {
match-clients { 172.28.1.5; OTHERS; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone"111com.net" {
type master;
file "zones/others/others.111com.net.zone";
also-notify { 172.28.1.5; };
notify yes;
allow-update { none; };
allow-transfer { 172.28.1.5; };
};
};
include "ctcc.cfg";
include "cucc.cfg";
include "cmcc.cfg";
include "local.cfg";
include "others.cfg";
[root@MASTER named]# cat zones/others/others.111com.net.zone
$TTL 60
@ IN SOA ns1.111com.net. admin.111com.net. (
2015050500 ; serial
120 ; refresh
600 ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
IN NS ns2
IN A 1.1.1.19
ns1 IN A 1.1.1.19
ns2 IN A 172.28.1.5
www IN A 5.5.5.5
MASTER服务器(TSIG KEY):
[root@MASTER /]# mkdir /var/named/keys
[root@MASTER /]# /usr/local/named/sbin/rndc-confgen -r /dev/urandom -a -c /var/named/keys/cucc.keys -k cucc
[root@MASTER /]# /usr/local/named/sbin/rndc-confgen -r /dev/urandom -a -c /var/named/keys/ctcc.keys -k ctcc
[root@MASTER /]# /usr/local/named/sbin/rndc-confgen -r /dev/urandom -a -c /var/named/keys/others.keys -k others
[root@MASTER /]# chown -R named.named /var/named/keys
[root@MASTER named]# cat named.rfc1912.zones
view "LOCAL" {
match-clients { key local; LOCAL; };
server 1.1.1.20 { keys local; };
recursion yes;
allow-update { none; };
allow-transfer { key local; };
also-notify { 1.1.1.20; };
notify yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" {
type master;
file "zones/local/local.111com.net.zone";
};
};
view "CTCC" {
match-clients { key ctcc; CTCC; };
server 1.1.1.20 { keys ctcc; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone"111com.net" {
type master;
file "zones/ctcc/ctcc.111com.net.zone";
also-notify { 1.1.1.20; };
notify yes;
allow-update { none; };
allow-transfer { key ctcc; };
};
};
view "CUCC" {
match-clients { key cucc; CUCC; };
server 1.1.1.20 { keys cucc; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone"111com.net" {
type master;
file "zones/cucc/cucc.111com.net.zone";
also-notify { 1.1.1.20; };
notify yes;
allow-update { none; };
allow-transfer { key cucc; };
};
};
view "CMCC" {
match-clients { key cmcc; CMCC; };
server 1.1.1.20 { keys cmcc; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone"111com.net" {
type master;
file "zones/cmcc/cmcc.111com.net.zone";
also-notify { 1.1.1.20; };
notify yes;
allow-update { none; };
allow-transfer { key cmcc; };
};
};
view "OTHERS" {
match-clients { key others; OTHERS; };
server 1.1.1.20 { keys others; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone"111com.net" {
type master;
file "zones/others/others.111com.net.zone";
also-notify { 1.1.1.20; };
notify yes;
allow-update { none; };
allow-transfer { key others; };
};
};
include "ctcc.cfg";
include "cucc.cfg";
include "cmcc.cfg";
include "local.cfg";
include "others.cfg";
include "keys/cmcc.key";
include "keys/ctcc.key";
include "keys/cucc.key";
include "keys/local.key";
include "keys/others.key";
[root@MASTER named]# cat zones/ctcc/ctcc.111com.net.zone
$TTL 60
@ IN SOA ns1.111com.net. admin.111com.net. (
2015050209 ; serial
120 ; refresh
600 ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
IN NS ns2
IN A 1.1.1.19
ns1 IN A 1.1.1.19
ns2 IN A 1.1.1.20
www IN A 209.202.204.209
bbs IN A 208.202.204.202
SLAVE服务器(TRANSFER-SOURCE):
[root@Slave /]# /sbin/ifconfig eth0:0 172.28.1.1 netmask 255.255.240.0
[root@Slave /]# /sbin/ifconfig eth0:1 172.28.1.2 netmask 255.255.240.0
[root@Slave /]# /sbin/ifconfig eth0:2 172.28.1.3 netmask 255.255.240.0
[root@Slave /]# /sbin/ifconfig eth0:3 172.28.1.4 netmask 255.255.240.0
[root@Slave /]# cp /var/named/named.rfc1912.zones /var/named/named.rfc1912.zones.bk
[root@Slave /]# mkdir /var/named/slaves/{local,cmcc,cucc,ctcc,cecc,others}
[root@Slave /]# chown -R named.named /var/named/slaves/{local,cmcc,cucc,ctcc,cecc,others}
[root@Slave named]# cat /usr/local/named/etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
bindkeys-file "/usr/local/named/etc/bind.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel gsquery {
file "data/query.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category queries { gsquery; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "IZMC23sEaNM1nkSQ+1qQxA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
include "/var/named/named.rfc1912.zones";
[root@Slave named]# cat /var/named/named.rfc1912.zones
view "LOCAL" {
match-clients { 172.28.1.1; LOCAL; }; #LOCAL就可以
transfer-source 172.28.1.1;
allow-notify { 172.28.1.1; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/local/local.111com.net.zone";
masters { 1.1.1.19; };
};
};
view "CTCC" {
match-clients { 172.28.1.2; CTCC; };
transfer-source 172.28.1.2;
allow-notify { 172.28.1.2; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/ctcc/ctcc.111com.net.zone";
masters { 1.1.1.19; };
};
};
view "CUCC" {
match-clients { 172.28.1.3; CUCC; };
transfer-source 172.28.1.3;
allow-notify { 172.28.1.3; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/cucc/cucc.111com.net.zone";
masters { 1.1.1.19; };
};
};
view "CMCC" {
match-clients { 172.28.1.4; CMCC; };
transfer-source 172.28.1.4;
allow-notify { 172.28.1.4; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/cmcc/cmcc.111com.net.zone";
masters { 1.1.1.19; };
};
};
view "OTHERS" {
match-clients { 172.28.1.5; OTHERS; };
transfer-source 172.28.1.5;
allow-notify { 172.28.1.5; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/others/others.111com.net.zone";
masters { 1.1.1.19; };
};
};
include "ctcc.cfg";
include "cucc.cfg";
include "cmcc.cfg";
include "local.cfg";
include "others.cfg";
[root@Slave named]# /usr/local/named/sbin/named-compilezone -f raw -F text -o /tmp/111com.net.txt 111com.net /var/named/slaves/local/local.111com.net.zone
zone 111com.net/IN: loaded serial 2015050101
dump zone to /tmp/111com.net.txt...done
OK
[root@Slave named]# cat /tmp/111com.net.txt
111com.net. 60 IN SOA ns1.111com.net. admin.111com.net. 2015050101 120 600 604800 10800
111com.net. 60 IN NS ns1.111com.net.
111com.net. 60 IN NS ns2.111com.net.
111com.net. 60 IN A 1.1.1.19
ns1.111com.net. 60 IN A 1.1.1.19
ns2.111com.net. 60 IN A 172.28.1.1
www.111com.net. 60 IN A 101.1.1.1
SLAVE服务器(TSIG KEY):
[root@Slave named]# cat named.rfc1912.zones
view "LOCAL" {
match-clients { key local; LOCAL; };
server 1.1.1.19 { keys local; };
transfer-source 1.1.1.20;
allow-notify { 1.1.1.20; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/local/local.111com.net.zone";
masters { 1.1.1.19; };
};
};
view "CTCC" {
match-clients { key ctcc; CTCC; };
server 1.1.1.19 { keys ctcc; };
transfer-source 1.1.1.20;
allow-notify { 1.1.1.20; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/ctcc/ctcc.111com.net.zone";
masters { 1.1.1.19; };
};
};
view "CUCC" {
match-clients { key cucc; CUCC; };
server 1.1.1.19 { keys cucc; };
transfer-source 1.1.1.20;
allow-notify { 1.1.1.20; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/cucc/cucc.111com.net.zone";
masters { 1.1.1.19; };
};
};
view "CMCC" {
match-clients { key cmcc; CMCC; };
server 1.1.1.19 { keys cmcc; };
transfer-source 1.1.1.20;
allow-notify { 1.1.1.20; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/cmcc/cmcc.111com.net.zone";
masters { 1.1.1.19; };
};
};
view "OTHERS" {
match-clients { key others; OTHERS; };
server 1.1.1.19 { keys others; };
transfer-source 1.1.1.20;
allow-notify { 1.1.1.20; };
recursion yes;
zone "." IN {
type hint;
file "named.root";
};
zone "111com.net" IN {
type slave;
file "slaves/others/others.111com.net.zone";
masters { 1.1.1.19; };
};
};
include "ctcc.cfg";
include "cucc.cfg";
include "cmcc.cfg";
include "local.cfg";
include "others.cfg";
include "keys/cmcc.key";
include "keys/ctcc.key";
include "keys/cucc.key";
include "keys/local.key";
include "keys/others.key";
Mastr日志:
[root@MASTER named]# /usr/local/named/sbin/rndc reload
MASTER named[15783]: zone 111com.net/IN/CMCC: loaded serial 2015050401
MASTER named[15783]: zone 111com.net/IN/CMCC: sending notifies (serial 2015050401)
MASTER named[15783]: client 1.1.1.19#38731: view OTHERS: received notify for zone '111com.net'
MASTER named[15783]: client 172.28.1.4#46615 (111com.net): view CMCC: transfer of '111com.net/IN': AXFR-style IXFR started
MASTER named[15783]: client 172.28.1.4#46615 (111com.net): view CMCC: transfer of '111com.net/IN': AXFR-style IXFR ended
MASTER named[15783]: client 1.1.1.20#32818: view OTHERS: received notify for zone '111com.net'
Slave日志:
Slave named[2464]: zone 111com.net/IN/CUCC: sending notifies (serial 2015050303)
Slave named[2464]: client 1.1.1.20#39845: view OTHERS: received notify for zone '111com.net'
Slave named[2464]: zone 111com.net/IN/OTHERS: refused notify from non-master: 1.1.1.20#39845
Slave named[2464]: client 1.1.1.19#47047: view OTHERS: received notify for zone '111com.net'
Slave named[2464]: zone 111com.net/IN/OTHERS: notify from 1.1.1.19#47047: zone is up to date
Slave named[2464]: zone 111com.net/IN/CMCC: Transfer started.
Slave named[2464]: transfer of '111com.net/IN/CMCC' from 1.1.1.19#53: connected using 172.28.1.4#46615
Slave named[2464]: zone 111com.net/IN/CMCC: transferred serial 2015050401
Slave named[2464]: transfer of '111com.net/IN/CMCC' from 1.1.1.19#53: Transfer status: success
Slave named[2464]: transfer of '111com.net/IN/CMCC' from 1.1.1.19#53: Transfer completed: 1 messages, 8 records, 219 bytes, 0.002 secs (109500 bytes/sec)
Slave named[2464]: zone 111com.net/IN/CMCC: sending notifies (serial 2015050401)
Slave服务器dig测试:
queries: info: client 1.1.1.11#49076 (www.111com.net): view CTCC: query: www.111com.net IN A + (1.1.1.20)
queries: info: client 1.1.1.18#35667 (www.111com.net): view CUCC: query: www.111com.net IN A + (1.1.1.20)
queries: info: client 1.1.1.1#64052 (www.111com.net): view CMCC: query: www.111com.net IN A + (1.1.1.20)
queries: info: client 1.1.1.20#40230 (www.111com.net): view OTHERS: query: www.111com.net IN A +E (1.1.1.20)
注意事项:当多个VIEW的使用配置必须选择多IP方式或者采用TGIS方式才可以!
注意事项:notify并不表示已经更新,只是表示通知到slave服务器而已!
0
NOTIFY does not indicate that the zone data has changed, but rather that the zone data may have changed. The receiver of the NOTIFY message should query the zone SOA directly from the IP(s) defined in the zone's masters statement.
测试环境下载:http://pan.baidu.com/s/1nuC4csx 密码: dwch
申明:本地测试,未经过生产环境实际测试,可能存在bug、或者其他未知问题请见谅!(若配置中有什么问题不当之处,请指正!)