|
第一、实现智能DNS
安装模板配置文件软件
# yum install caching-nameserver -y
基本准备:
hostname
hosts
同步时间
1、安装一个工具包:
ripe-dbase-client-v3.tar.gz
[root@dns whois-3.1]# whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP > /var/named/chroot/var/named/cnc
[root@dns whois-3.1]# whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET > /var/named/chroot/var/named/china
我们只能模拟这些IP数据
[root@dns chroot]# vim /var/named/chroot/var/named/cnc_acl
acl cnc {
10.1.1.1;
10.1.1.2;
192.168.1/24;
10.1.1.21;
10.1.1.93;
10.1.1.42;
10.1.1.84;
10.1.1.142;
10.1.1.56;
10.1.1.72;
};
[root@dns chroot]# vim /var/named/chroot/var/named/china_acl
acl china {
10.1.1.151;
10.1.1.152;
10.1.1.158;
10.1.1.191;
10.1.1.196;
10.1.1.213;
10.1.1.231;
10.1.1.241;
};
2、配置模板文件
# mv /var/named/chroot/etc/named.conf /var/named/chroot/etc/named.conf.bk
视图view
# vim /var/named/chroot/etc/named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1;10.1.1.20; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
include "cnc_acl";
include "china_acl";
view cnc_resolver {
match-clients { cnc; };
zone "upl.com" IN {
type master;
file "data/cnc.master.upl.com.zone";
};
};
view china_resolver {
match-clients { china; }; # 写acl的名字
zone "upl.com" IN {
type master;
file "data/china.master.upl.com.zone";
};
};
view other_resolver {
match-clients { any; };
zone "upl.com" IN {
type master;
file "data/other.master.upl.com.zone";
};
};
if [ 网通的客户 ];then
返回网通机房的IP
elif [ 电信的客户 ];then
返回电信机房的IP
fi
......
3、配置区域文件
# vim var/named/data/cnc.master.upl.com.zone
$TTL 86400
@ IN SOA upl.com. root. (
01
15M
10M
1D
1H
)
@ IN NS dns.upl.com.
dns IN A 10.1.1.20
web IN A 10.1.1.10
www IN CNAME web
# vim china.master.upl.com.zone
$TTL 86400
@ IN SOA upl.com. root. (
01
15M
10M
1D
1H
)
@ IN NS dns.upl.com.
dns IN A 10.1.1.20
web IN A 10.1.1.11
www IN CNAME web
# vim other.master.upl.com.zone
$TTL 86400
@ IN SOA upl.com. root. (
01
15M
10M
1D
1H
)
@ IN NS dns.upl.com.
dns IN A 10.1.1.20
web IN A 10.1.1.12
www IN CNAME web
注意修改所有数据文件包括acl文件的权限,属主等 660
测试:
找一台客户端,把nameserver执行自己的 DNS服务器,然后测试
第二、实现子域服务器
1、分别修改主域名DNS服务器的区域文件,进行子域授权
upl.com ---授权子域--> sz.upl.com
[root@dns chroot]# cat var/named/data
|
