智能DNS的配置主要修改named.conf文件,利用view和acl来实现。

acl文件内容,这里只列出一部分,具体详细的可以参考这个网址

纯真IP库,给出了十分详细的IP地址,下载安装后,打开软件,点击解压就可以获取到txt文本格式的IP地址

http://www.crsky.com/soft/2611.html

IP转换为acl工具下载地址
http://blog.lishixin.net/linux/468.html/attachment/dnstool

按照下面博客中的步骤将IP转换为acl格式

http://blog.lishixin.net/archives/468#more-468

注意事项:

只要配置了view的时候,所有的zone都必须包含到view中。

包括下面的这两行

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

下面是本配置中需要的,只列出部分IP的acl文件,这个不影响正常使用

mkdir -p /var/named/acl/srcip/
vim /var/named/acl/srcip/AnHui.acl

acl "AnHui.cnc"{

36.32.0.0/;

36.32.1.0/;

36.32.2.0/;

};

acl "AnHui.telcom"{

36.4.0.0/;

36.4.1.0/;

36.4.2.0/;

};

acl "AnHui.tietong"{

61.235.36.0/;

61.235.37.0/;

61.235.38.0/;

};

acl "AnHui.mobile"{

101.36.128.0/;

101.36.129.0/;

101.36.130.0/;

};

acl "AnHui.cernet"{

1.51.64.0/;

1.51.65.0/;

1.51.100.0/;

};

vim /var/named/acl/srcip/BeiJing.acl

acl "BeiJing.cnc"{

1.25.36.67;

1.25.36.68;

1.25.36.69;

};

acl "BeiJing.telcom"{

1.92.0.0/;

1.93.0.0;

1.93.0.1;

};

acl "BeiJing.tietong"{

36.192.0.0/;

36.192.1.0/;

36.192.2.0/;

};

acl "BeiJing.mobile"{

36.128.0.0/;

36.129.0.0/;

36.130.0.0/;

};

acl "BeiJing.cernet"{

42.247.0.128;

42.247.0.129;

42.247.0.130;

};

主DNS服务器配置,named.conf,修改后需要重启service named restart

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

include "/var/named/acl/srcip/AnHui.acl";

include "/var/named/acl/srcip/BeiJing.acl";

//include "/var/named/include_acl";

options {

listen-on port  { 127.0.0.1; 192.168.1.100; }; //主DNS服务器

listen-on-v6 port  { ::; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; 192.168.1.0/; };

allow-transfer { localhost; 192.168.1.101; };    //从DNS服务器

allow-query-cache { any; };                        //注意没有这个将无法访问网页

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

//电信

view "telcom-view" {

match-clients {

AnHui.telcom;

BeiJing.telcom;

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type master;

file "forward.unixmen"; //正向解析文件名

allow-update { none; };

};

zone"1.168.192.in-addr.arpa" IN {

type master;

file "reverse.unixmen";//反向解析文件名

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

//联通

view "cnc-view" {

match-clients {

AnHui.cnc;

BeiJing.cnc;

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type master;

file "forward.unixmen"; //正向解析文件名

allow-update { none; };

};

zone"1.168.192.in-addr.arpa" IN {

type master;

file "reverse.unixmen";//反向解析文件名

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

//移动

view "mobile-view" {

match-clients {

AnHui.mobile;

BeiJing.mobile;

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type master;

file "forward.unixmen"; //正向解析文件名

allow-update { none; };

};

zone"1.168.192.in-addr.arpa" IN {

type master;

file "reverse.unixmen";//反向解析文件名

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

//中国教育与科研网

view "cernet-view" {

match-clients {

AnHui.cernet;

BeiJing.cernet;

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type master;

file "forward.unixmen"; //正向解析文件名

allow-update { none; };

};

zone"1.168.192.in-addr.arpa" IN {

type master;

file "reverse.unixmen";//反向解析文件名

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

view "external-view" {

match-clients { any; };

recursion yes; //需要递归,要不然上不了网。。。

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type master;

file "forward.unixmen"; //正向解析文件名

allow-update { none; };

};

zone"1.168.192.in-addr.arpa" IN {

type master;

file "reverse.unixmen";//反向解析文件名

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

key "rndc-key" {

algorithm hmac-md5;

secret "VcL5wC2GHCzCU7ju+ajC1Q==";

};

controls {

inet 0.0.0.0 port

allow { localhost; 192.168.1.101; } keys { "rndc-key"; };

};

从DNS服务器named.conf配置,修改后需要重启service named restart

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

include "/var/named/acl/srcip/AnHui.acl";

include "/var/named/acl/srcip/BeiJing.acl";

options {

listen-on port  { 127.0.0.1;192.168.1.101; };

listen-on-v6 port  { ::; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; };

allow-query-cache { any; };//注意没有这个将无法访问网页

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

//电信

view "telcom-view" {

match-clients {

AnHui.telcom;

BeiJing.telcom;

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type slave;

file "slaves/unixmen.fwd";

masters { 192.168.1.100; };#主DNS

};

zone"1.168.192.in-addr.arpa" IN {

type slave;

file "slaves/unixmen.rev";

masters { 192.168.1.100; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

//联通

view "cnc-view" {

match-clients {

AnHui.cnc;

BeiJing.cnc;

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type slave;

file "slaves/unixmen.fwd";

masters { 192.168.1.100; };#主DNS

};

zone"1.168.192.in-addr.arpa" IN {

type slave;

file "slaves/unixmen.rev";

masters { 192.168.1.100; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

//移动

view "mobile-view" {

match-clients {

AnHui.mobile;

BeiJing.mobile;

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type slave;

file "slaves/unixmen.fwd";

masters { 192.168.1.100; };#主DNS

};

zone"1.168.192.in-addr.arpa" IN {

type slave;

file "slaves/unixmen.rev";

masters { 192.168.1.100; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

//中国教育与科研网

view "cernet-view" {

match-clients {

AnHui.cernet;

BeiJing.cernet;

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type slave;

file "slaves/unixmen.fwd";

masters { 192.168.1.100; };#主DNS

};

zone"1.168.192.in-addr.arpa" IN {

type slave;

file "slaves/unixmen.rev";

masters { 192.168.1.100; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

view "external-view" {

match-clients { any; };

recursion yes; //需要递归,要不然上不了网。。。

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type slave;

file "slaves/unixmen.fwd";

masters { 192.168.1.100; };#主DNS

};

zone"1.168.192.in-addr.arpa" IN {

type slave;

file "slaves/unixmen.rev";

masters { 192.168.1.100; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

key "rndc-key" {

algorithm hmac-md5;

secret "VcL5wC2GHCzCU7ju+ajC1Q==";

};

controls {

inet * port

allow { 127.0.0.1;192.168.1.100; } keys { "rndc-key"; };

};

使用BIND安装智能DNS服务器(三)---添加view和acl配置的更多相关文章

  1. 使用BIND安装智能DNS服务器(一)---基本的主从DNS服务器搭建

    参考网址:http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/ DNS(Domain Name S ...

  2. 使用BIND安装智能DNS服务器(二)---配置rndc远程控制

    首先两个BIND DNS服务器要正常运行.       主DNS服务器IP:192.168.1.100 客户机DNS服务器IP:192.168.1.101 1 主DNS端配置: cd /etc/ 生成 ...

  3. 使用bind实现主从DNS服务器数据同步

    一.bind简介 Linux中通常使用bind来实现DNS服务器的架设,bind软件由isc(www.isc.org)维护.在yum仓库中可以找到软件,配置好yum源,直接使用命令yum instal ...

  4. Bind 远程连接DNS服务器时出现 rndc: connection to remote host closed

    使用命令:rndc -s 192.168.1.2 status 连接远程的bind 搭建的DNS服务器时出现下面的错误:   rndc: connection to remote host close ...

  5. Linux DNS分离解析与构建智能DNS服务器

    一 构建DNS分离解析 方法一 : [root@localhost ~]# vim /etc/named.conf [root@localhost ~]# cd /var/named/ [root@l ...

  6. linux下DNS服务器搭建,正反向解析配置

    dns服务器之前自己搭建玩过,一段时间不搞,加上当时没写文档,基本忘光光了,这次老实了,写个文档记下来,方便以后查阅. 1.服务器准备 为了避免不必要的问题,关闭防火墙,关闭selinux,hosts ...

  7. 在 CentOS7.0 上搭建 Chroot 的 Bind DNS 服务器

    BIND(Berkeley internet Name Daemon)也叫做NAMED,是现今互联网上使用最为广泛的DNS 服务器程序.这篇文章将要讲述如何在 chroot 监牢中运行 BIND,这样 ...

  8. 【转】在CentOS 8 / RHEL 8上配置主/从BIND DNS服务器

    转自: https://zh.codepre.com/centos-2700.html 前言 本指南描述了在CentOS 8 / RHEL 8 Linux上配置BIND DNS服务器所需的步骤.在Ce ...

  9. 2-7-搭建DNS服务器实现域名解析

    学习服务的方法: 了解服务的作用:名称,功能,特点 安装服务 配置文件的位置,端口 服务开启和关闭的脚本 修改配置文件(实战举例) 排错(从上到下,从内到外) -------------------- ...

随机推荐

  1. Windows操作系统远程Linux服务器传输文件方法(以EasyDSS云平台、EasyNVR上传部署为例)

    本文转自博客:https://blog.csdn.net/black_3717/article/details/79769406 问题背景: 之前给客户部署我们一款EasyDSS云平台(配合EasyN ...

  2. restlet验证

    1 restlet有无认证对比 无认证: 客户端发起请求 -----> 服务器路由 -----> 访问服务端资源 有认证: 客户端发起请求 -----> 认证 ----->服务 ...

  3. cmake使用第三方库

    1 link_directories和target_link_libraries 1.1 link_directories 告诉linker去这些目录去找library. 1.2 target_lin ...

  4. 我的Java开发学习之旅------>Java NIO 报java.nio.charset.MalformedInputException: Input length = 1异常

    今天在使用Java NIO的Channel和Buffer进行文件操作时候,报了java.nio.charset.MalformedInputException: Input length = 1异常, ...

  5. while 循环中的break continue pass 的用法

    while break:跳出最近的循环 continue:跳到最近所在循环的开头处 pass:什么也不做,只是空占位语句,它本身与循环没什么关系,但属于简单的单个单词语句的范畴: pass 语句是无运 ...

  6. Queue Explorer过期处理

    Queue Explorer是收费软件,用一段时间后会显示过期界面无法使用, 我们可以删除注册表 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Cogin\Queue ...

  7. mac laravel 环境变量设置bash_profile

    mac laravel 环境变量设置bash_profile >>>vim ~/.bash_profile '''text export PATH=$PATH:~/.composer ...

  8. 「LuoguP4995」「洛谷11月月赛」 跳跳!(贪心

    题目描述 你是一只小跳蛙,你特别擅长在各种地方跳来跳去. 这一天,你和朋友小 F 一起出去玩耍的时候,遇到了一堆高矮不同的石头,其中第 ii 块的石头高度为 h_ihi​,地面的高度是 h_0 = 0 ...

  9. 【LeetCode】053. Maximum Subarray

    题目: Find the contiguous subarray within an array (containing at least one number) which has the larg ...

  10. 1130 host is not allowed to connect to

    mysql 远程访问不行解决方法 Host is not allowed to connect to this MySQL server 如果你想连接你的mysql的时候发生这个错误: ERROR 1 ...