Linux-DNS利用view实现智能DNS
环境需求
需要五台主机 DNS主服务器和web服务器1:10.0.0.88/24,172.16.0.88/16 web服务器2:10.0.0.7/24 web服务器3:172.16.0.7/16 DNS客户端1:10.0.0.77/24 DNS客户端2:172.16.0.77/16
前提准备
关闭SElinux
关闭防火墙
时间同步
实现步骤
主DNS服务器安装
yum -y install bind bind-utils bind-devel httpd
IP地址修改。另外添加一张网卡,配置IP地址 172.16.0.88/16
我从配置文件修改
[root@centos8-liyj ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth1 [root@centos8-liyj ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE="eth1" NAME="eth1" BOOTPROTO="static" IPADDR=172.16.0.88 PREFIX=16 ONBOOT="yes" [root@centos8-liyj ~]#ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:50:56:33:29:8d brd ff:ff:ff:ff:ff:ff inet 10.0.0.88/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe33:298d/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:bd:f1:80 brd ff:ff:ff:ff:ff:ff inet 172.16.0.88/16 brd 172.16.255.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:febd:f180/64 scope link valid_lft forever preferred_lft forever
主NDS服务器配置文件实现view
[root@centos8-liyj ~]#vim /etc/named.conf acl jiangsunet { #配置问价开头添加 10.0.0.0/24; }; acl shanghainet { #配置问价你开头添加 172.16.0.0/16; };
acl othernet {
any;
};
options { // listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { localhost; }; recursion yes; dnssec-enable no; #改为no dnssec-validation no; #改为no managed-keys-directory "/var/named/dynamic"; /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; //zone "." IN { #注释,转移到/etc/named.rfc1912.zones // type hint; // file "named.ca"; //};
#注释或删除zone后,添加以下内容 view jiangsuview { match-clients { jiangsunet;}; include "/etc/named.rfc1912.zones.js"; }; view shanghaiview { match-clients { shanghainet;}; include "/etc/named.rfc1912.zones.sh"; };
view otherview {
match-clients { othernet;};
include "/etc/named.rfc1912.zones.other";
};
include "/etc/named.root.key";
主DSN服务器:实现区域文件配置文件
复制js,sh,other三个地区,各一份配置文件
[root@centos8-liyj ~]#cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.js [root@centos8-liyj ~]#cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.sh [root@centos8-liyj ~]#cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.other [root@centos8-liyj ~]#ll /etc/named.rfc1912.zones* -rw-r----- 1 root named 1094 May 2 17:02 /etc/named.rfc1912.zones -rw-r----- 1 root named 1094 May 2 17:02 /etc/named.rfc1912.zones.js -rw-r----- 1 root named 1094 May 2 17:02 /etc/named.rfc1912.zones.sh
-rw-r----- 1 root named 1094 May 2 17:02 /etc/named.rfc1912.zones.other
编辑 /etc/named.rfc1912.zones.{js,sh,other}。前面添加内容如下
#vim /etc/named.rfc1912.zones.js zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" { type master; file "magedu.org.zone.js"; };
#vim /etc/named.rfc1912.zones.sh zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" { type master; file "magedu.org.zone.sh"; };
#vim /etc/named.rfc1912.zones.other zone "." IN { type hint; file "named.ca"; }; zone "magedu.org" { type master; file "magedu.org.zone.other"; };
[root@centos8-liyj ~]#ll /etc/named.rfc1912.zones* -rw-r----- 1 root named 1094 May 2 17:02 /etc/named.rfc1912.zones -rw-r----- 1 root named 1094 May 2 17:02 /etc/named.rfc1912.zones.js -rw-r----- 1 root named 1094 May 2 17:02 /etc/named.rfc1912.zones.sh -rw-r----- 1 root named 1094 May 2 17:02 /etc/named.rfc1912.zones.other 确认以上的文件的属组是named ,不是则以下命令修改 chgrp named /etc/named.rfc1912.zones.bj chgrp named /etc/named.rfc1912.zones.sh chgrp named /etc/named.rfc1912.zones.other
创建区域数据库文件
复制js,sh,other 各一份区域数据库文件
[root@centos8-liyj ~]#cp -p /var/named/named.localhost /var/named/magedu.org.zone.js [root@centos8-liyj ~]#cp -p /var/named/magedu.org.zone.js /var/named/magedu.org.zone.sh [root@centos8-liyj ~]#cp -p /var/named/magedu.org.zone.js /var/named/magedu.org.zone.other [root@centos8-liyj ~]# [root@centos8-liyj ~]#ll /var/named/magedu.org.zone* -rw-r----- 1 root named 190 May 2 17:20 /var/named/magedu.org.zone -rw-r----- 1 root named 190 May 2 17:20 /var/named/magedu.org.zone.js -rw-r----- 1 root named 190 May 2 17:20 /var/named/magedu.org.zone.other -rw-r----- 1 root named 190 May 2 17:20 /var/named/magedu.org.zone.sh
[root@centos8-liyj ~]#cat /var/named/magedu.org.zone.js $TTL 1D @ IN SOA ns1 admin.magedu.org. ( 2 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1 ns1 A 10.0.0.88 websrv A 10.0.0.7 #指向访问的web服务器 httpd 服务 www CNAME websrv [root@centos8-liyj ~]#cat /var/named/magedu.org.zone.sh $TTL 1D @ IN SOA ns1 admin.magedu.org. ( 2 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1 ns1 A 10.0.0.88 websrv A 172.16.0.7 www CNAME websrv [root@centos8-liyj ~]#cat /var/named/magedu.org.zone.other $TTL 1D @ IN SOA ns1 admin.magedu.org. ( 2 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1 ns1 A 10.0.0.88 websrv A 127.0.0.1 www CNAME websrv
systemctl start named #第一次启动服务
rndc reload #不是第一次启动服务
实现位于不同区域的三个WEB服务器
#分别在三台主机上安装http服务
#在web服务器1:10.0.0.88/24实现 yum install httpd echo www.magedu.org in Other > /var/www/html/index.html systemctl start httpd
#在web服务器2:10.0.0.7/16 echo www.magedu.org in Beijing > /var/www/html/index.html systemctl start httpd
#在web服务器3:172.16.0.7/16 yum install httpd echo www.magedu.org in Shanghai > /var/www/html/index.html systemctl start httpd
客户端测试
Client:10.0.0.77
确认DNS指向10.0.0.88
[root@centos7-liyj ~]#cat /etc/resolv.conf # Generated by NetworkManager nameserver 10.0.0.88
[root@centos7-liyj ~]#curl www.magedu.org www.magedu.org in JiangSu
Client:10.0.0.77
确认IP地址指向172.16.0.88
root@ubuntu-lyj:~# cat /etc/netplan/01-netcfg.yaml # This file describes the network interfaces available on your system # For more information, see netplan(5). network: version: 2 renderer: networkd ethernets: ens33: addresses: [172.16.0.77/16] gateway4: 172.16.0.2 nameservers: addresses: [ 172.16.0.88] root@ubuntu-lyj:~# curl www.magedu.org www.magedu.org in shanghai
DNS服务器做WEB测试
确认DNS指向127.0.0.1
[root@centos8-liyj ~]#curl www.magedu.org www.magedu.org in Other [root@centos8-liyj ~]#cat /etc/resolv.conf # Generated by NetworkManager nameserver 127.0.0.1
