Use DNS-views to resolve IP addresses in different regions-Linux Enterprise Application-Linux server application information. For more information, see the following section.
I. Introduction
In actual network applications, we sometimes hope that the same Domain Name can be resolved to different corresponding IP addresses based on different request IP addresses/regions, for example: sometimes, the internal and external networks of an enterprise want to resolve different IP addresses to the same domain name for security purposes or application purposes. For example, in order to solve the issue of speed differences between China Southern and Northern China Telecom and China Netcom, you also want the domain name IP address resolved by the telecom user to be a server located in the telecom network, and the Netcom user to access the nearest fastest server.
These applications can be achieved through simple DNS configuration. Using DNS has the following advantages:
Low Cost-no need to add any dedicated devices, simply by simple configuration;
Strong flexibility-resolution rules can be added or deleted at any time;
Have certain scalability-with Round Robin DNS, You can seamlessly and quickly configure simple load balancing;
Ii. DNS-views Configuration
1. Principle
You can use the view Command provided by DNS to resolve the same domain name based on different IP ranges.
Note: The view command only exists in BIND9, and the previous BIND8 has no view command!
2. Configuration example
(1) hypothetical Environment
Operating System: CentOS 3.6
Bind version: BIND 9.2.4-5
DNS server: 123.213.111.222 (eht0), 10.0.0.1 (eth1)
Internal Enterprise IP address segment: 10.0.0.0/24
Enterprise external IP segment: All IP segments except 10.0.0.0/24
Domain Name: testdns.org
We want the internal IP address of the enterprise to be resolved to www.testdns.org: 12.34.56.78, and the external IP address segment to: 87.65.43.21
(2) configuration example
Named. conf
CODE :// // Named. conf for Red Hat caching-nameserver // Options { Directory "/var/named "; Dump-file "/var/named/data/cache_dump.db "; Statistics-file "/var/named/data/named_stats.txt "; /** If there is a firewall between you and nameservers you want * To talk to, you might need to uncomment the query-source * Directive below. Previous versions of BIND always asked * Questions using port 53, but BIND 8.1 uses an unprivileged * Port by default. */ // Query-source address * port 53; }; // // A caching only nameserver config // Controls { Inet 127.0.0.1 allow {localhost;} keys {rndckey ;}; }; View "internal "{ Match-clients {10.0.0.0/24 ;}; Zone "." IN { Type hint; File "named. ca "; }; Zone "testdns.org "{ Type master; File "db. internal "; }; Zone "0.0.127.in-addr. arpa" IN { Type master; File "named. local "; Allow-update {none ;}; }; }; View "other "{ Match-clients {any ;}; Zone "." IN { Type hint; File "named. ca "; }; Zone "testdns.org "{ Type master; File "db. other "; }; Zone "0.0.127.in-addr. arpa" IN { Type master; File "named. local "; Allow-update {none ;}; }; }; Include "/etc/rndc. key "; |