CentOS 6.5下DNS分离解析

实验要求：

1.为区域linux.com配置分离解析，针对www.linux.com的A记录做分离测试。

2．当客户机来自内部用户192.168.100.0/24时，将www.linux.com解析为192.168.100.250。

3．当客户机来自外部用户其他网络时，将www.linux.com解析为100.100.100.100。

实现：为了简化实验网络结构，提供分离解析的DNS服务器配置有2个IP地址192.168.100.1/24(对内）和10.10.10.8/24（对外），以便模拟内部用户和外部用户连接。

一.安装软件包

# yum -y install bind bind-chroot

二.修改主配置文件

# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query    { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

acl "lan" { 192.168.100.0/24; };          //定义内网acl

acl "wan" { ! 192.168.100.0/24; any;};    //定义外网acl

view lan {                                  //定义视图lan

match-clients { lan; };            //适用于lan定义的客户机地址

zone "." IN {                      //一定要写在VIEW里面

type hint;

file "named.ca";                

};

zone "linux.com" {

type master;

file "lan.zone";                //视图lan的数据文件

};

};

view wan {

match-clients { wan; };

zone "." IN {

type hint;

file "named.ca";

};

zone "linux.com" {

type master;

file "wan.zone";

};

};

include "/etc/named.root.key";

三.创建区域数据库文件

# vim /var/named/lan.zone

$TTL 3H

@ IN SOA linux.com. root.linux.com. (

2014050101; serial

1D; refresh

1H; retry

1W; expire

3H ); minimum

NS dns1.linux.com.

dns1 IN A 192.168.100.1

www IN A 192.168.100.250

# vim /var/named/lan.zone

$TTL 3H

@ IN SOA linux.com. root.linux.com. (

2014050101; serial

1D; refresh

1H; retry

1W; expire

3H ); minimum

NS dns1.linux.com.

dns1 IN A 10.10.10.8

www IN A 100.100.100.100

四.启动服务

# service named start

# chkconfig named on

五.本机测试

指定192.168.100.1作为DNS服务器，这样相当于来自内网。则查询www.linux.com时，适用于lan视图，结果是192.168.100.250：

# nslookup www.linux.com 192.168.100.1

Server: 192.168.100.1

Address: 192.168.100.250#53

Name: www.linux.com

Address: 192.168.100.250

指定10.10.10.8作为DNS服务器，这样相当于来自外网。则查询www.linux.com时，适用于wan视图，结果是100.100.100.100：

# nslookup www.linux.com 10.10.10.8

Server: 10.10.10.8

Address: 100.100.100.100#53

Name: www.linux.com

Address: 100.100.100.100