使用BIND安装智能DNS服务器(三)---添加view和acl配置
智能DNS的配置主要修改named.conf文件,利用view和acl来实现。
acl文件内容,这里只列出一部分,具体详细的可以参考这个网址
纯真IP库,给出了十分详细的IP地址,下载安装后,打开软件,点击解压就可以获取到txt文本格式的IP地址
http://www.crsky.com/soft/2611.html
IP转换为acl工具下载地址
http://blog.lishixin.net/linux/468.html/attachment/dnstool
按照下面博客中的步骤将IP转换为acl格式
http://blog.lishixin.net/archives/468#more-468
注意事项:
只要配置了view的时候,所有的zone都必须包含到view中。
包括下面的这两行
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
下面是本配置中需要的,只列出部分IP的acl文件,这个不影响正常使用
mkdir -p /var/named/acl/srcip/
vim /var/named/acl/srcip/AnHui.acl
acl "AnHui.cnc"{
36.32.0.0/;
36.32.1.0/;
36.32.2.0/;
};
acl "AnHui.telcom"{
36.4.0.0/;
36.4.1.0/;
36.4.2.0/;
};
acl "AnHui.tietong"{
61.235.36.0/;
61.235.37.0/;
61.235.38.0/;
};
acl "AnHui.mobile"{
101.36.128.0/;
101.36.129.0/;
101.36.130.0/;
};
acl "AnHui.cernet"{
1.51.64.0/;
1.51.65.0/;
1.51.100.0/;
};
vim /var/named/acl/srcip/BeiJing.acl
acl "BeiJing.cnc"{
1.25.36.67;
1.25.36.68;
1.25.36.69;
};
acl "BeiJing.telcom"{
1.92.0.0/;
1.93.0.0;
1.93.0.1;
};
acl "BeiJing.tietong"{
36.192.0.0/;
36.192.1.0/;
36.192.2.0/;
};
acl "BeiJing.mobile"{
36.128.0.0/;
36.129.0.0/;
36.130.0.0/;
};
acl "BeiJing.cernet"{
42.247.0.128;
42.247.0.129;
42.247.0.130;
};
主DNS服务器配置,named.conf,修改后需要重启service named restart
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// include "/var/named/acl/srcip/AnHui.acl";
include "/var/named/acl/srcip/BeiJing.acl"; //include "/var/named/include_acl"; options {
listen-on port { 127.0.0.1; 192.168.1.100; }; //主DNS服务器
listen-on-v6 port { ::; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/; };
allow-transfer { localhost; 192.168.1.101; }; //从DNS服务器
allow-query-cache { any; }; //注意没有这个将无法访问网页
recursion yes; dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto; /* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic";
}; logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
}; //电信
view "telcom-view" {
match-clients {
AnHui.telcom;
BeiJing.telcom;
}; zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type master;
file "forward.unixmen"; //正向解析文件名
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";//反向解析文件名
allow-update { none; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; //联通
view "cnc-view" {
match-clients {
AnHui.cnc;
BeiJing.cnc;
}; zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type master;
file "forward.unixmen"; //正向解析文件名
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";//反向解析文件名
allow-update { none; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; //移动
view "mobile-view" {
match-clients {
AnHui.mobile;
BeiJing.mobile;
}; zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type master;
file "forward.unixmen"; //正向解析文件名
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";//反向解析文件名
allow-update { none; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; //中国教育与科研网
view "cernet-view" {
match-clients {
AnHui.cernet;
BeiJing.cernet;
}; zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type master;
file "forward.unixmen"; //正向解析文件名
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";//反向解析文件名
allow-update { none; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; view "external-view" {
match-clients { any; };
recursion yes; //需要递归,要不然上不了网。。。 zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type master;
file "forward.unixmen"; //正向解析文件名
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";//反向解析文件名
allow-update { none; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; key "rndc-key" {
algorithm hmac-md5;
secret "VcL5wC2GHCzCU7ju+ajC1Q==";
}; controls {
inet 0.0.0.0 port
allow { localhost; 192.168.1.101; } keys { "rndc-key"; };
};
从DNS服务器named.conf配置,修改后需要重启service named restart
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// include "/var/named/acl/srcip/AnHui.acl";
include "/var/named/acl/srcip/BeiJing.acl"; options {
listen-on port { 127.0.0.1;192.168.1.101; };
listen-on-v6 port { ::; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
allow-query-cache { any; };//注意没有这个将无法访问网页
recursion yes; dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto; /* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic";
}; logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
}; //电信
view "telcom-view" {
match-clients {
AnHui.telcom;
BeiJing.telcom;
}; zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.100; };#主DNS
}; zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.100; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; //联通
view "cnc-view" {
match-clients {
AnHui.cnc;
BeiJing.cnc;
}; zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.100; };#主DNS
}; zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.100; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; //移动
view "mobile-view" {
match-clients {
AnHui.mobile;
BeiJing.mobile;
}; zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.100; };#主DNS
}; zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.100; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; //中国教育与科研网
view "cernet-view" {
match-clients {
AnHui.cernet;
BeiJing.cernet;
}; zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.100; };#主DNS
}; zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.100; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; view "external-view" {
match-clients { any; };
recursion yes; //需要递归,要不然上不了网。。。 zone "." IN {
type hint;
file "named.ca";
}; zone"unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.100; };#主DNS
}; zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.100; };
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
}; key "rndc-key" {
algorithm hmac-md5;
secret "VcL5wC2GHCzCU7ju+ajC1Q==";
}; controls {
inet * port
allow { 127.0.0.1;192.168.1.100; } keys { "rndc-key"; };
};
使用BIND安装智能DNS服务器(三)---添加view和acl配置的更多相关文章
- 使用BIND安装智能DNS服务器(一)---基本的主从DNS服务器搭建
参考网址:http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/ DNS(Domain Name S ...
- 使用BIND安装智能DNS服务器(二)---配置rndc远程控制
首先两个BIND DNS服务器要正常运行. 主DNS服务器IP:192.168.1.100 客户机DNS服务器IP:192.168.1.101 1 主DNS端配置: cd /etc/ 生成 ...
- 使用bind实现主从DNS服务器数据同步
一.bind简介 Linux中通常使用bind来实现DNS服务器的架设,bind软件由isc(www.isc.org)维护.在yum仓库中可以找到软件,配置好yum源,直接使用命令yum instal ...
- Bind 远程连接DNS服务器时出现 rndc: connection to remote host closed
使用命令:rndc -s 192.168.1.2 status 连接远程的bind 搭建的DNS服务器时出现下面的错误: rndc: connection to remote host close ...
- Linux DNS分离解析与构建智能DNS服务器
一 构建DNS分离解析 方法一 : [root@localhost ~]# vim /etc/named.conf [root@localhost ~]# cd /var/named/ [root@l ...
- linux下DNS服务器搭建,正反向解析配置
dns服务器之前自己搭建玩过,一段时间不搞,加上当时没写文档,基本忘光光了,这次老实了,写个文档记下来,方便以后查阅. 1.服务器准备 为了避免不必要的问题,关闭防火墙,关闭selinux,hosts ...
- 在 CentOS7.0 上搭建 Chroot 的 Bind DNS 服务器
BIND(Berkeley internet Name Daemon)也叫做NAMED,是现今互联网上使用最为广泛的DNS 服务器程序.这篇文章将要讲述如何在 chroot 监牢中运行 BIND,这样 ...
- 【转】在CentOS 8 / RHEL 8上配置主/从BIND DNS服务器
转自: https://zh.codepre.com/centos-2700.html 前言 本指南描述了在CentOS 8 / RHEL 8 Linux上配置BIND DNS服务器所需的步骤.在Ce ...
- 2-7-搭建DNS服务器实现域名解析
学习服务的方法: 了解服务的作用:名称,功能,特点 安装服务 配置文件的位置,端口 服务开启和关闭的脚本 修改配置文件(实战举例) 排错(从上到下,从内到外) -------------------- ...
随机推荐
- 利用Docker Compose快速搭建本地测试环境
前言 Compose是一个定义和运行多个Docker应用的工具,用一个YAML(dockder-compose.yml)文件就能配置我们的应用.然后用一个简单命令就能启动所有的服务.Compose编排 ...
- 【BZOJ4052】[Cerc2013]Magical GCD 乱搞
[BZOJ4052][Cerc2013]Magical GCD Description 给出一个长度在 100 000 以内的正整数序列,大小不超过 10^12. 求一个连续子序列,使得在所有的连续 ...
- 【BZOJ1499】[NOI2005]瑰丽华尔兹 单调队列+DP
[BZOJ1499][NOI2005]瑰丽华尔兹 Description 你跳过华尔兹吗?当音乐响起,当你随着旋律滑动舞步,是不是有一种漫步仙境的惬意?众所周知,跳华尔兹时,最重要的是有好的音乐.但是 ...
- android菜鸟学习笔记4----android项目结构
src: 应用程序源代码存放目录 gen: 自动生成的目录,目录中存放所有由Android开发工具自动生成的文件. 目录中最重要的就是R.java文件. 这个文件由Android开发工具自动产生的.A ...
- android菜鸟学习笔记3----关于AndroidMainfest.xml
每个android项目都包含一个AndroidMainfest.xml文件,它包含了组成应用程序的每一个Acitivity.Service.Content Provider和Broadcast Rec ...
- 九度OJ 1172:哈夫曼树 (贪心)
时间限制:1 秒 内存限制:32 兆 特殊判题:否 提交:6701 解决:2954 题目描述: 哈夫曼树,第一行输入一个数n,表示叶结点的个数.需要用这些叶结点生成哈夫曼树,根据哈夫曼树的概念,这些结 ...
- Netty入门 - 秒懂
目录 Netty 入门 前言: 建立项目 编写一个Discard Handler 处理器 编写一个Discard 服务器 线程组 启动帮助类 设置Channel 通道的选项 测试:发送消息到Disca ...
- Java for LeetCode 096 Unique Binary Search Trees
Given n, how many structurally unique BST's (binary search trees) that store values 1...n? For examp ...
- IOS 十六进制字符串转换成UIColor
/** * 十六进制转换成UIColor * * @param stringToConvert 十六进制字符串 * * @return UIColor */ +(UIColor *) hexStrin ...
- LightOJ - 1265 Island of Survival —— 概率
题目链接:https://vjudge.net/problem/LightOJ-1265 1265 - Island of Survival PDF (English) Statistics F ...