Configure the DNS server to implement smart resolution through the view

Source: Internet
Author: User

Address planning:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426211312-0.png "style =" float: none; "title =" 1.png" alt = "2017334223.png"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426215118-1.png "style =" float: none; "title =" 2.png" alt = "2017334976.png"/>

1. Install bind and bind-utils [root @ ns1 ~] # Yum-y install bind-utils


Ii. modify the configuration file

[Root @ ns1 ~] # Cat/etc/named. rfc1912.zones // defines the Intranet, telecom network, and China Unicom network segment acl innet {172.16.0.0/16; 127.0.0.0/8 ;}; acl telecom {202.111.0.0/16 ;}; acl unicom {202.110.0.0/16;}; // intranet view innet {match-clients {innet ;}; zone ". "IN {type hint; file" named. ca ";}; zone" localhost. localdomain "IN {type master; file" named. localhost "; allow-update {none ;}; zone" localhost "IN {type master; file" named. localhost "; allow-update {none ;};}; zone" 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa "IN {type master; file" named. loopback "; allow-update {none ;};}; zone" 1.0.0.127.in-addr. arpa "IN {type master; file" named. loopback "; allow-update {none ;}; zone" 0. in-addr.arpa "IN {type master; file" named. empty "; allow-update {none ;};}; zone" sanyu.com "IN {type master; file" innet.sanyu.com. zone ";}; zone" 100.1.202.in-addr. arpa "IN {type master; file" innet.100.16.172.in-addr. arpa ";};}; // telecom view telecom {match-clients {telecom ;}; zone" sanyu.com "IN {type master; file" telecom.sanyu.com. zone ";}; zone" 100.111.202.in-addr. arpa "IN {type master; file" telecom.100.111.202.in-addr. arpa ";};}; // China unicom view unicom {match-clients {unicom ;}; zone" sanyu.com "IN {type master; file" unicom.sanyu.com. zone ";}; zone" 100.110.202.in-addr. arpa "IN {type master; file" unicom.100.110.202.in-addr. arpa ";};};
3. Modify the main configuration file [root @ ns1 ~] # Vim/etc/named. conf

Delete rows 11,12, 17

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/04262150T-2.png "style =" float: none; "title =" 3.png" alt = "214000303.png"/>

Because the view is used, the main configuration file should delete the definition of the root domain.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426213101-3.png "style =" float: none; "title =" 4.png" alt = "214000635.png"/>

4. Write the region file [root @ ns1 named] # vim innet.sanyu.com. zone

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/04262141H-4.png "style =" float: none; "title =" 5.png" alt = "214001689.png"/>

[Root @ ns1 named] # vim innet.100.16.172.in-addr. arpa

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/042621G60-5.png "style =" float: none; "title =" 6.png" alt = "214002905.png"/>

[Root @ ns1 named] # vim telecom.sanyu.com. zone

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426213005-6.png "style =" float: none; "title =" 7.png" alt = "214003982.png"/>

[Root @ ns1 named] # vim unicom.sanyu.com. zone

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/042621C60-7.png "style =" float: none; "title =" 8.png" alt = "214219957.png"/>

[Root @ ns1 named] # vim unicom.100.110.202.in-addr. arpa

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426213226-8.png "style =" float: none; "title =" 9.png" alt = "214219446.png"/>

Change the file group and permissions [root @ ns1 ~] # Chgrp named/var/named/* .sanyu.com. zone/var/named/* in-addr.arpa [root @ ns1 ~] # Chmod 640/var/named/* sanyu.com. zone/var/named/* in-addr.arpa startup service [root @ ns1 ~] # Service named start [root @ ns1 ~] # Chkconfig named on 5. Test: run the following command on the firewall: [root @ R1 ~] # Iptables-t-nat-F [root @ R1 ~] # Echo 1>/proc/sys/net/ipv4/ip_forward [root @ R1 ~] # Iptables-t nat-a prerouting-s 202.111.0.0/16-d 202.111.100.100-p tcp -- dport 53-j DNAT -- to-destination 172.16.100.53 [root @ R1 ~] # Iptables-t nat-a prerouting-s 202.110.0.0/16-d 202.110.100.100-p tcp -- dport 53-j DNAT -- to-destination 172.16.100.53 [root @ R1 ~] # Iptables-t nat-a prerouting-s 202.111.0.0/16-d 202.111.100.100-p udp -- dport 53-j DNAT -- to-destination 172.16.100.53 [root @ R1 ~] # Iptables-t nat-a prerouting-s 202.110.0.0/16-d 202.110.100.100-p udp -- dport 53-j DNAT -- to-destination 172.16.100.53 the client DNS directs to the firewall

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426211261-9.png "style =" float: none; "title =" 10.png" alt = "214220462.png"/>

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201310/214221587.png "style =" float: none; "title =" 11.png" alt = "214221587.png"/>

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201310/214221888.png "style =" float: none; "title =" 12.png" alt = "214221888.png"/>

The above process is scripted:

#!/bin/bashyum -y install bind bind-utilscat >/etc/named.rfc1912.zones <<ENDacl innet {    172.16.0.0/16;    127.0.0.0/8;};acl telecom {    202.111.0.0/16;      };acl unicom {    202.110.0.0/16;       };view innet {    match-clients { innet; };    zone "." IN {        type hint;        file "named.ca";    };    zone "localhost.localdomain" IN {        type master;        file "named.localhost";        allow-update { none; };    };    zone "localhost" IN {        type master;        file "named.localhost";            allow-update { none; };    };    zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {        type master;        file "named.loopback";        allow-update { none; };    };    zone "1.0.0.127.in-addr.arpa" IN {        type master;        file "named.loopback";        allow-update { none; };    };    zone "0.in-addr.arpa" IN {        type master;        file "named.empty";        allow-update { none; };    };    zone "sanyu.com" IN {        type master;        file "innet.sanyu.com.zone";    };    zone "100.1.202.in-addr.arpa" IN {        type master;        file "innet.100.16.172.in-addr.arpa";    };};view telecom {    match-clients { telecom; };    zone "sanyu.com" IN {        type master;        file "telecom.sanyu.com.zone";    };    zone "100.111.202.in-addr.arpa" IN {        type master;        file "telecom.100.111.202.in-addr.arpa";    };};view unicom {    match-clients { unicom; };    zone "sanyu.com" IN {        type master;        file "unicom.sanyu.com.zone";    };    zone "100.110.202.in-addr.arpa" IN {        type master;        file "unicom.100.110.202.in-addr.arpa";    };};ENDcat >/var/named/innet.sanyu.com.zone <<END\$TTL 600@       IN      SOA     ns1.sanyu.com.      admin.sanyu.com. (                        2013080808                        2H                        10M                        3D                        1D )            IN      NS      ns1            IN      MX 10       mailns1         IN      A       172.16.100.53mail            IN      A       172.16.100.53bbs         IN      A       172.16.100.81shop            IN      A       172.16.100.43ENDcat >/var/named/innet.100.16.172.in-addr.arpa<<END\$TTL 600@       IN      SOA     ns1.sanyu.com.      admin.sanyu.com. (                        2013080808                        2H                        10M                        3D                        1D )            IN      NS      ns1.sanyu.com.53          IN      PTR     ns1.sanyu.com.53          IN      PTR     mail.sanyu.com.81          IN      PTR     bbs.sanyu.com.43          IN      PTR     shop.sanyu.com.ENDsed s/172.16.100.[0-9].*/202.111.100.100/g  /var/named/innet.sanyu.com.zone >> /var/named/telecom.sanyu.com.zonesed 's/^[0-9].\{1,3\}/100/g' /var/named/innet.100.16.172.in-addr.arpa >> /var/named/telecom.100.111.202.in-addr.arpased s/172.16.100.[0-9].*/202.110.100.100/g /var/named/innet.sanyu.com.zone >> /var/named/unicom.sanyu.com.zonesed 's/^[0-9].\{1,3\}/100/g'  /var/named/innet.100.16.172.in-addr.arpa >> /var/named/unicom.100.110.202.in-addr.arpachgrp named /var/named/*.sanyu.com.zone /var/named/*in-addr.arpachmod 640 /var/named/*sanyu.com.zone /var/named/*in-addr.arpased  -i /listen-on/d /etc/named.confsed  -i '/zone "." IN/,/^$/d' /etc/named.confsed -i /allow-query/d /etc/named.confservice named startchkconfig named on


This article is from the non-Trojan dream blog, please be sure to keep this source http://wumengsheng.blog.51cto.com/7339300/1304062

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.