实现智能CDN 的DNS服务

注意

  1. acl 规则一定是在options前面的
  2. 有了view,就不能再单独使用zone

修改主配置文件

vim /etc/named.conf 

#acl 规则一定是在options前面的
acl beijinacl {
	192.168.3.0/24;			#根据ip地址不同,分成不同的规则
};
acl shanghaiacl {
	192.168.2.0/24;
};
acl otheracl {
	any;
};

options {
//	listen-on port 53 { 127.0.0.1; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };
	allow-transfer  {none;};

	dnssec-enable no;
	dnssec-validation no;
#新建view 将区域文件和规则绑定起来  所有区域都应该放在view中
view beijinview {
	match-clients { beijinacl; };
	include "/etc/named.rfc1912.zones.beijin";
};
view shanghaiview {
  match-clients { shanghaiacl; };
  include "/etc/named.rfc1912.zones.shanghai";
};
view otherview {
  match-clients { otheracl; };
  include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";

修改区域配置文件

#做相应的三份区域配置文件
$ cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.beijin
$ cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.shanghai
$ cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.other

vim /etc/named.rfc1912.zones.beijin

zone "." IN {
        type hint;
        file "named.ca";
};
#将区域数据库和区域配置文件绑定
zone "hxg.com" IN {
        type master;
        file "hxg.com.zone.beijin";
};

vim /etc/named.rfc1912.zones.shanghai

zone "." IN {
        type hint;
        file "named.ca";
};
zone "hxg.com" IN {
        type master;
        file "hxg.com.zone.shanghai";
};

$ vim /etc/named.rfc1912.zones.other

zone "." IN {
        type hint;
        file "named.ca";
};
zone "hxg.com" IN {
        type master;
        file "hxg.com.zone.other";
};

新建区域数据库文件

#复制修改文件
$ cp -p /var/named/hxg.com.zone /var/named/hxg.com.zone.beijin
$ cp -p /var/named/hxg.com.zone /var/named/hxg.com.zone.shanghai
$ cp -p /var/named/hxg.com.zone /var/named/hxg.com.zone.other

vim /var/named/hxg.com.zone.beijin

$TTL 1D
@   IN  SOA  master admin ( 51 2H 10M 1W 1D )
        NS   master
master  A   192.168.3.102
ap      A   1.1.1.1
www     CNAME  ap

$ vim /var/named/hxg.com.zone.shanghai

$TTL 1D
@   IN  SOA  master admin ( 51 2H 10M 1W 1D )
        NS   master
master  A   192.168.3.102
ap      A   2.2.2.2
www     CNAME  ap

$ vim /var/named/hxg.com.zone.other

$TTL 1D
@   IN  SOA  master admin ( 51 2H 10M 1W 1D )
        NS   master
master  A   192.168.3.102
ap      A   3.3.3.3
www     CNAME  ap

检查配置文件语法

$ named-checkconf

检测区域数据库文件语法

$ named-checkzone hxg.com /var/named/hxg.com.zone.beijin
zone hxg.com/IN: loaded serial 51
OK
$ named-checkzone hxg.com /var/named/hxg.com.zone.shanghai
zone hxg.com/IN: loaded serial 51
OK
$ named-checkzone hxg.com /var/named/hxg.com.zone.other 
zone hxg.com/IN: loaded serial 51
OK

测试

先在两台不同的主机上配置ip

ip a a 192.168.2.102/24 dev ens32

ip a a 192.168.2.101/24 dev ens32

然后测试

$ dig www.hxg.com @192.168.3.102

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> www.hxg.com @192.168.3.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64966
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.hxg.com.			IN	A

;; ANSWER SECTION:
www.hxg.com.		86400	IN	CNAME	ap.hxg.com.
ap.hxg.com.		86400	IN	A	1.1.1.1

;; AUTHORITY SECTION:
hxg.com.		86400	IN	NS	master.hxg.com.

;; ADDITIONAL SECTION:
master.hxg.com.		86400	IN	A	192.168.3.102

;; Query time: 0 msec
;; SERVER: 192.168.3.102#53(192.168.3.102)
;; WHEN: 一 6月 08 14:38:18 CST 2020
;; MSG SIZE  rcvd: 110


$ dig www.hxg.com @192.168.2.102



; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> www.hxg.com @192.168.2.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65135
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.hxg.com.			IN	A

;; ANSWER SECTION:
www.hxg.com.		86400	IN	CNAME	ap.hxg.com.
ap.hxg.com.		86400	IN	A	2.2.2.2

;; AUTHORITY SECTION:
hxg.com.		86400	IN	NS	master.hxg.com.

;; ADDITIONAL SECTION:
master.hxg.com.		86400	IN	A	192.168.3.102

;; Query time: 0 msec
;; SERVER: 192.168.2.102#53(192.168.2.102)
;; WHEN: 一 6月 08 14:45:05 CST 2020
;; MSG SIZE  rcvd: 110


$ dig www.hxg.com @127.0.0.1

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7 <<>> www.hxg.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27899
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.hxg.com.			IN	A

;; ANSWER SECTION:
www.hxg.com.		86400	IN	CNAME	ap.hxg.com.
ap.hxg.com.		86400	IN	A	3.3.3.3

;; AUTHORITY SECTION:
hxg.com.		86400	IN	NS	master.hxg.com.

;; ADDITIONAL SECTION:
master.hxg.com.		86400	IN	A	192.168.3.102

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 一 6月 08 14:37:57 CST 2020
;; MSG SIZE  rcvd: 110
posted @ 2023-04-09 19:46  厚礼蝎  阅读(14)  评论(0编辑  收藏  举报