DNS域名解析基本過程
DNS主從模式下實現VIEW智能尋線
網絡拓撲圖如下:
實現步驟如下:
1、主DNS
主配置文件 /etc/named.conf
acl innet {
192.168.1.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { innet; };
notify yes;
querylog yes;
};
logging {
channel query_log {
file "/var/log/named/bind_query.log" versions 5 size 10M;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel xfer_log {
file "/var/log/named/transfer.log" versions 3 size 10k;
severity debug 3;
print-time yes;
};
category queries { query_log; };
category xfer-out { xfer_log; };
};
view telecomsync {
match-clients { 192.168.1.111; };
allow-transfer { 192.168.1.111; };
zone "soulboy.com" IN {
type master;
file "telecom.soulboy.com.zone";
};
};
view unicomsync {
match-clients { 192.168.1.112; };
allow-transfer { 192.168.1.112; };
zone "soulboy.com" IN {
type master;
file "unicom.soulboy.com.zone";
};
};
view telecom {
match-clients { innet; };
zone "soulboy.com" IN {
type master;
file "telecom.soulboy.com.zone";
};
};
view unicom {
match-clients { any; };
zone "soulboy.com" IN {
type master;
file "unicom.soulboy.com.zone";
};
};正向區域文件/var/named/telecom.soulboy.com.zone
$TTL 43200
@ IN SOA ns1.soulboy.com. admin.soulboy.com. (
2013040202
1H
10M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 192.168.1.104
ns2 IN A 192.168.1.110
mail IN A 192.168.1.105
www IN A 192.168.1.106
ftp IN CNAME www
*.soulboy.com. IN A 192.168.1.140
fin IN NS ns1.fin
ns1.fin IN A 192.168.1.160正向區域文件/var/named/unicom.soulboy.com.zone
$TTL 43200
@ IN SOA ns1.soulboy.com. admin.soulboy.com. (
2013040202
1H
10M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 192.168.1.104
ns2 IN A 192.168.1.110
mail IN A 192.168.1.115
www IN A 192.168.1.116
ftp IN CNAME www
*.soulboy.com. IN A 192.168.1.140
fin IN NS ns1.fin
ns1.fin IN A 192.168.1.1602、輔助DNS(區域文件自動同步)
主配置文件 /etc/named.conf
acl innet {
192.168.1.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion { innet; };
notify yes;
querylog yes;
};
logging {
channel query_log {
file "/var/log/named/bind_query.log" versions 5 size 10M;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel xfer_log {
file "/var/log/named/transfer.log" versions 3 size 10k;
severity debug 3;
print-time yes;
};
category queries { query_log; };
category xfer-out { xfer_log; };
};
view telecom {
match-clients { innet; };
transfer-source 192.168.1.111;
zone "soulboy.com" IN {
type slave;
file "slaves/telecom.soulboy.com.zone";
masters { 192.168.1.104; };
allow-transfer { none; };
};
};
view unicom {
match-clients { any; };
transfer-source 192.168.1.112;
zone "soulboy.com" IN {
type slave;
file "slaves/unicom.soulboy.com.zone";
masters { 192.168.1.104; };
allow-transfer { none; };
};
};3、子域(fin.soulboy.com)
主配置文件 /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};
zone "fin.soulboy.com" IN {
type master;
file "fin.soulboy.com.zone";
};
zone "soulboy.com" IN {
type forward;
forward first;
forwarders { 192.168.1.104; };
};正向區域配置文件/var/named/fin.soulboy.com.zone
$TTL 600
@ IN SOA ns1.fin.soulboy.com. admin.fin.soulboy.com. (
2013050105
1H
5M
2D
6H )
IN NS ns1
IN MX 10 mail
ns1 IN A 192.168.1.160
mail IN A 192.168.1.166
www IN A 192.168.1.1604、測試
客戶端使用輔助DNS解析:
View會根據客戶端IP(172.168.1.10)智能的爲其選擇匹配的區域文件unicom.soulboy.com.zone(解析地址應爲192.168.1.116),結果如下圖:
路由器使用輔助DNS解析:
View會根據路由器IP(192.168.1.254)智能的爲其選擇匹配的區域文件telecom.soulboy.com.zone(解析地址應爲192.168.1.106),結果如下圖:
至此足可證明主從DNS工作正常,沒有問題。
客戶端使用輔助DNS解析子域(fin.soulboy.com),結果如下圖:
路由器使用複製DNS解析子域(www.fin.soulboy.com),結果如下圖:
至此足以證明主從DNS和子域(fin.soulboy.com)工作正常,沒有問題。