Configure the DNS server to implement smart resolution through the view

Last Update:2013-12-28 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Address planning:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426211312-0.png "style =" float: none; "title =" 1.png" alt = "2017334223.png"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426215118-1.png "style =" float: none; "title =" 2.png" alt = "2017334976.png"/>

1. Install bind and bind-utils [root @ ns1 ~] # Yum-y install bind-utils

Ii. modify the configuration file

[Root @ ns1 ~] # Cat/etc/named. rfc1912.zones // defines the Intranet, telecom network, and China Unicom network segment acl innet {172.16.0.0/16; 127.0.0.0/8 ;}; acl telecom {202.111.0.0/16 ;}; acl unicom {202.110.0.0/16;}; // intranet view innet {match-clients {innet ;}; zone ". "IN {type hint; file" named. ca ";}; zone" localhost. localdomain "IN {type master; file" named. localhost "; allow-update {none ;}; zone" localhost "IN {type master; file" named. localhost "; allow-update {none ;};}; zone" 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa "IN {type master; file" named. loopback "; allow-update {none ;};}; zone" 1.0.0.127.in-addr. arpa "IN {type master; file" named. loopback "; allow-update {none ;}; zone" 0. in-addr.arpa "IN {type master; file" named. empty "; allow-update {none ;};}; zone" sanyu.com "IN {type master; file" innet.sanyu.com. zone ";}; zone" 100.1.202.in-addr. arpa "IN {type master; file" innet.100.16.172.in-addr. arpa ";};}; // telecom view telecom {match-clients {telecom ;}; zone" sanyu.com "IN {type master; file" telecom.sanyu.com. zone ";}; zone" 100.111.202.in-addr. arpa "IN {type master; file" telecom.100.111.202.in-addr. arpa ";};}; // China unicom view unicom {match-clients {unicom ;}; zone" sanyu.com "IN {type master; file" unicom.sanyu.com. zone ";}; zone" 100.110.202.in-addr. arpa "IN {type master; file" unicom.100.110.202.in-addr. arpa ";};};

3. Modify the main configuration file [root @ ns1 ~] # Vim/etc/named. conf

Delete rows 11,12, 17

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/04262150T-2.png "style =" float: none; "title =" 3.png" alt = "214000303.png"/>

Because the view is used, the main configuration file should delete the definition of the root domain.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426213101-3.png "style =" float: none; "title =" 4.png" alt = "214000635.png"/>

4. Write the region file [root @ ns1 named] # vim innet.sanyu.com. zone

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/04262141H-4.png "style =" float: none; "title =" 5.png" alt = "214001689.png"/>

[Root @ ns1 named] # vim innet.100.16.172.in-addr. arpa

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/042621G60-5.png "style =" float: none; "title =" 6.png" alt = "214002905.png"/>

[Root @ ns1 named] # vim telecom.sanyu.com. zone

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426213005-6.png "style =" float: none; "title =" 7.png" alt = "214003982.png"/>

[Root @ ns1 named] # vim unicom.sanyu.com. zone

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/042621C60-7.png "style =" float: none; "title =" 8.png" alt = "214219957.png"/>

[Root @ ns1 named] # vim unicom.100.110.202.in-addr. arpa

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426213226-8.png "style =" float: none; "title =" 9.png" alt = "214219446.png"/>

Change the file group and permissions [root @ ns1 ~] # Chgrp named/var/named/* .sanyu.com. zone/var/named/* in-addr.arpa [root @ ns1 ~] # Chmod 640/var/named/* sanyu.com. zone/var/named/* in-addr.arpa startup service [root @ ns1 ~] # Service named start [root @ ns1 ~] # Chkconfig named on 5. Test: run the following command on the firewall: [root @ R1 ~] # Iptables-t-nat-F [root @ R1 ~] # Echo 1>/proc/sys/net/ipv4/ip_forward [root @ R1 ~] # Iptables-t nat-a prerouting-s 202.111.0.0/16-d 202.111.100.100-p tcp -- dport 53-j DNAT -- to-destination 172.16.100.53 [root @ R1 ~] # Iptables-t nat-a prerouting-s 202.110.0.0/16-d 202.110.100.100-p tcp -- dport 53-j DNAT -- to-destination 172.16.100.53 [root @ R1 ~] # Iptables-t nat-a prerouting-s 202.111.0.0/16-d 202.111.100.100-p udp -- dport 53-j DNAT -- to-destination 172.16.100.53 [root @ R1 ~] # Iptables-t nat-a prerouting-s 202.110.0.0/16-d 202.110.100.100-p udp -- dport 53-j DNAT -- to-destination 172.16.100.53 the client DNS directs to the firewall

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0426211261-9.png "style =" float: none; "title =" 10.png" alt = "214220462.png"/>

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201310/214221587.png "style =" float: none; "title =" 11.png" alt = "214221587.png"/>

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201310/214221888.png "style =" float: none; "title =" 12.png" alt = "214221888.png"/>

The above process is scripted:

#!/bin/bashyum -y install bind bind-utilscat >/etc/named.rfc1912.zones <<ENDacl innet {    172.16.0.0/16;    127.0.0.0/8;};acl telecom {    202.111.0.0/16;      };acl unicom {    202.110.0.0/16;       };view innet {    match-clients { innet; };    zone "." IN {        type hint;        file "named.ca";    };    zone "localhost.localdomain" IN {        type master;        file "named.localhost";        allow-update { none; };    };    zone "localhost" IN {        type master;        file "named.localhost";            allow-update { none; };    };    zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {        type master;        file "named.loopback";        allow-update { none; };    };    zone "1.0.0.127.in-addr.arpa" IN {        type master;        file "named.loopback";        allow-update { none; };    };    zone "0.in-addr.arpa" IN {        type master;        file "named.empty";        allow-update { none; };    };    zone "sanyu.com" IN {        type master;        file "innet.sanyu.com.zone";    };    zone "100.1.202.in-addr.arpa" IN {        type master;        file "innet.100.16.172.in-addr.arpa";    };};view telecom {    match-clients { telecom; };    zone "sanyu.com" IN {        type master;        file "telecom.sanyu.com.zone";    };    zone "100.111.202.in-addr.arpa" IN {        type master;        file "telecom.100.111.202.in-addr.arpa";    };};view unicom {    match-clients { unicom; };    zone "sanyu.com" IN {        type master;        file "unicom.sanyu.com.zone";    };    zone "100.110.202.in-addr.arpa" IN {        type master;        file "unicom.100.110.202.in-addr.arpa";    };};ENDcat >/var/named/innet.sanyu.com.zone <<END\$TTL 600@       IN      SOA     ns1.sanyu.com.      admin.sanyu.com. (                        2013080808                        2H                        10M                        3D                        1D )            IN      NS      ns1            IN      MX 10       mailns1         IN      A       172.16.100.53mail            IN      A       172.16.100.53bbs         IN      A       172.16.100.81shop            IN      A       172.16.100.43ENDcat >/var/named/innet.100.16.172.in-addr.arpa<<END\$TTL 600@       IN      SOA     ns1.sanyu.com.      admin.sanyu.com. (                        2013080808                        2H                        10M                        3D                        1D )            IN      NS      ns1.sanyu.com.53          IN      PTR     ns1.sanyu.com.53          IN      PTR     mail.sanyu.com.81          IN      PTR     bbs.sanyu.com.43          IN      PTR     shop.sanyu.com.ENDsed s/172.16.100.[0-9].*/202.111.100.100/g  /var/named/innet.sanyu.com.zone >> /var/named/telecom.sanyu.com.zonesed 's/^[0-9].\{1,3\}/100/g' /var/named/innet.100.16.172.in-addr.arpa >> /var/named/telecom.100.111.202.in-addr.arpased s/172.16.100.[0-9].*/202.110.100.100/g /var/named/innet.sanyu.com.zone >> /var/named/unicom.sanyu.com.zonesed 's/^[0-9].\{1,3\}/100/g'  /var/named/innet.100.16.172.in-addr.arpa >> /var/named/unicom.100.110.202.in-addr.arpachgrp named /var/named/*.sanyu.com.zone /var/named/*in-addr.arpachmod 640 /var/named/*sanyu.com.zone /var/named/*in-addr.arpased  -i /listen-on/d /etc/named.confsed  -i '/zone "." IN/,/^$/d' /etc/named.confsed -i /allow-query/d /etc/named.confservice named startchkconfig named on

This article is from the non-Trojan dream blog, please be sure to keep this source http://wumengsheng.blog.51cto.com/7339300/1304062

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Configure the DNS server to implement smart resolution through the view

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

Configure the DNS server to implement smart resolution through the view

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support