智能DNS-根据不同环境解析-实战

DNS-学习目录

1、环境准备

1.1、需求

维护一个内网的主机域;根据不同IP请求,返回不同的解析结果;

1.2、主机准备

DNS服务:192.168.10.19
测试业务:192.168.87.142
生产业务:192.168.10.4192.168.10.22

2、/etc/named.conf 配置

2.1、增加acl规则

]# vi /etc/named.conf
...
//模拟测试业务地址段
acl "env-test" {
192.168.10.23;
};

//模拟生产业务地址段
acl "env-prod" {
192.168.10.4;192.168.10.22;
};
...

2.2、增加view和域

]# vi /etc/named.conf
...
//测试业务view
view "env-test-project" {
  match-clients { "env-test"; };
  recursion yes;
  zone "mg.com" {
    type master;
    file "env-test.mg.com.zone";
  };
};

//生产业务view
view "env-prod-project" {
  match-clients { "env-prod"; };
  recursion yes;
  zone "mg.com" {
    type master;
    file "env-prod.mg.com.zone";
  };
};

//默认的view
view "default" {
  match-clients { any; };
  recursion yes;
  zone "." IN {
    type hint;
    file "named.ca";
  };
include "/etc/named.rfc1912.zones";
};
#include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

3、zone数据库文件配置

3.1、准备测试环境的 zone 区域配置文件

cat << 'CAT_END' >/var/named/env-test.mg.com.zone
mg.com. 600 IN SOA ns.mg.com. sa.mg.com. (
2023051647 ;serial
10800
900
604800
86400)

;ns服务器配置
mg.com. IN NS ns1.mg.com.
ns1.mg.com. IN A 192.168.10.19

;域名A记录解析,末尾需要.结尾,不然解析不出来
www.mg.com. IN A 1.1.1.1
CAT_END

3.2、准备生产环境的 zone 区域配置文件

cat << 'CAT_END' >/var/named/env-prod.mg.com.zone
mg.com. 600 IN SOA ns.mg.com. sa.mg.com. (
2023051647 ;serial
10800
900
604800
86400)

;ns服务器配置
mg.com. IN NS ns1.mg.com.
ns1.mg.com. IN A 192.168.10.19

;域名A记录解析,末尾需要.结尾,不然解析不出来
www.mg.com. IN A 2.2.2.2
CAT_END

3.3、语法检查并且重新加载

]# named-checkzone mg.com /var/named/env-test.mg.com.zone 
/var/named/env-test.mg.com.zone:9: using RFC1035 TTL semantics
zone mg.com/IN: loaded serial 2023051647
OK

]# named-checkzone mg.com /var/named/env-prod.mg.com.zone 
/var/named/env-prod.mg.com.zone:9: using RFC1035 TTL semantics
zone mg.com/IN: loaded serial 2023051647
OK

rndc reload

4、测试解析

4.1、测试环境IP地址

test ~]# dig www.mg.com @192.168.10.19 +short
1.1.1.1

4.2、生产环境IP地址

prod ~]# dig www.mg.com @192.168.10.19 +short
2.2.2.2

5、智能DNS-伪代码-示例【扩展】

]# vi /etc/named.conf
...
//电信IP访问控制列表
acl "telecomip"{ telecom_IP; ... };

//联通IP访问控制列表
acl "netcomip"{ netcom_IP; ... };

view "telecom" {
  match-clients { "telecomip"; };
  zone "ZONE_NAME" IN {
    type master;
    file "ZONE_NAME.telecom.zone";
  };
};

view "netcom" {
  match-clients { "netcomip"; };
  zone "ZONE_NAME" IN {
    type master;
    file "ZONE_NAME.netcom.zone";
  };
};

view "default" {
  match-clients { any; };
  zone "ZONE_NAME" IN {
    type master;
    file "ZONE_NAME.zone";
  };
};

 

posted @ 2023-05-08 23:56  小粉优化大师  阅读(48)  评论(0编辑  收藏  举报