实验目的:假设有magedu.com的网站,我们希望北京的用户访问时,IP是192.168.141.254 来自上海的用户访问时,IP是172.20.0.7,(注:此两个IP均是centos7的仅主机与桥接),只要是客户端的地址是192.168.141.0,就认为是来自北京,只要是客户端地址是172.20.0,就认为是来自上海。
首先要搭建一个magedu.com的域,也就是搭建一个主DNS服务器。
1、[root@centos7 ~]# rpm -q bind
bind-9.9.4-72.el7.x86_64
[root@centos7 ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; };
// allow-query { localhost; };
我们把 listen-on port 53 { 127.0.0.1; };allow-query { localhost; }; 两项给注释掉。
2、[root@centos7 ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// See /usr/share/doc/bind*/sample/ for example named configuration files.
zone "magedu.com" {
type master;
file "magedu.com.zone";
};
zone "localhost" IN {
file "named.localhost";
allow-update { none; };
我们把zone "magedu.com" {
} 填入。
3、[root@centos7 ~]# cd /var/named/
[root@centos7 /var/named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback
[root@centos7 /var/named]# vim magedu.com.zone
$TTL 1D
@ IN SOA master admin.magedu.com (1 1D 1H 1W 3H)
NS master
master A 192.168.141.254
www A 192.168.141.254
此文件是空的,我们手动写入以上内容。
4、为了安全起见,我们把named设置为640.和named.ca一样,所属组也更改一下。
[root@centos7 /var/named]# ll
total 20
drwxrwx--- 2 named named 6 Oct 31 08:29 data
drwxrwx--- 2 named named 6 Oct 31 08:29 dynamic
-rw-r--r-- 1 root root 142 Feb 13 20:26 magedu.com.zone
-rw-r----- 1 root named 2281 May 22 2017 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Oct 31 08:29 slaves
[root@centos7 /var/named]# chmod 640 magedu.com.zone
[root@centos7 /var/named]# chgrp named magedu.com.zone
5、启动:[root@centos7 /var/named]# systemctl start named
[root@centos7 /var/named]#
6、我们在另一台主机上测一下:
[root@Centos6 ~]# dig www.magedu.com @192.168.141.254
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.141.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51906
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.141.254
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS master.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.141.254
;; Query time: 27 msec
;; SERVER: 192.168.141.254#53(192.168.141.254)
;; WHEN: Thu Feb 7 20:11:40 2019
;; MSG SIZE rcvd: 85
首先,要实现该功能,我们要用acl区分出,访问者是来自北京还是上海。要先定义acl:
7、使用acl命令在 options { 的上面增加三条acl,acl是客户端的集合
[root@centos7 /var/named]# vim /etc/named.conf
// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
acl beijingnet { 192.168.141.0/24;};
acl shanghainet { 172.20.0.0/16;};
acl othernet {any;};
"/etc/named.conf" 63L, 1903C
我们要实现的目的是来自北京的客户得到的IP与来自上海的,和来自其他城市的都不一样。因为此时,/etc/named.rfc1912.zones只有一套数据,所以来自各地的客户访问得到的结果都是一样的,我们只有修改/etc/named.rfc1912.zones才能把访问的数据库给区分开来,才会达到上述目的,这时,我们就需要用到view技术了,它就是把客户端,也就是acl,以及与数据库的对应关系组合起来,它的实现原理如下:
格式:
view VIEW_NAME {
match-clients { testacl; };
zone “magedu.com” {
file “magedu.com.zone”;
include “/etc/named.rfc1912.zones”;
8、[root@centos7 /var/named]# pwd
/var/named
data magedu.com.zone named.empty named.loopback
dynamic named.ca named.localhost slaves
[root@centos7 /var/named]# cp -p magedu.com.zone magedu.com.shanghai.zone
[root@centos7 /var/named]# cp -p magedu.com.zone magedu.com.beijing.zone
total 28
drwxrwx--- 2 named named 23 Feb 13 20:33 data
drwxrwx--- 2 named named 60 Feb 13 21:33 dynamic
-rw-r----- 1 root named 142 Feb 13 21:10 magedu.com.beijing.zone
-rw-r----- 1 root named 142 Feb 13 21:10 magedu.com.shanghai.zone
-rw-r----- 1 root named 142 Feb 13 21:10 magedu.com.zone
此时我们看到,/var/named中只有一套数据,我们复制两份做成上海和北京,并且修改其数据库内容,
9、来自上海的用户将会得到:
[root@centos7 /var/named]# vim magedu.com.shanghai.zone
@ IN SOA master admin.magedu.com ( 1 1D 1H 1W 3H )
www A 172.20.0.7
来自北京的用户将会得到:
[root@centos7 /var/named]# vim magedu.com.beijing.zone
来自其他城市的用户将会得到:
www A 127.0.0.7
10、[root@centos7 /var/named]# vim /etc/named.conf
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
view beijingview {
match-clients {beijingnet;};
include "/etc/named.rfc1912.zones.beijing";
view shanghaiview {
match-clients {shanghainet;};
include "/etc/named.rfc1912.zones.shanghai";
view otherview {
match-clients {othernet;};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
"/etc/named.conf" 68L, 2122C
我们用view做了以上操作,因为 include "/etc/named.rfc1912.zones.beijing";
它本身就包含“magedu.com.zone”所以,在该配置文件中,用它代替。并且将 zone "." IN {
type hint;
file "named.ca"; 剪切到 /etc/named.rfc1912.zones 中,因为当用到view技术时,该区域信息是必须放在view里的,若放在view外边,将来会失效。
11、我们看下面的文件,该文件要生成三个文件才对:
[root@centos7 ~]# ll /etc/named.rfc1912.zones
-rw-r----- 1 root named 953 Feb 13 22:21 /etc/named.rfc1912.zones
[root@centos7 ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.beijing
[root@centos7 ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.shanghai
此时,我们修改北京、上海的配置文件。
[root@centos7 ~]# vim /etc/named.rfc1912.zones.beijing
zone "." IN {
file "named.ca";
file "magedu.com.beijing.zone";
"/etc/named.rfc1912.zones.beijing" 44L, 961C 18,6
在zone "magedu.com" {
file "magedu.com.zone"; 处 com. 后加上 beijing 即可。上海的同理。
[root@centos7 ~]# ll /var/named
-rw-r----- 1 root named 142 Feb 13 21:45 magedu.com.beijing.zone
-rw-r----- 1 root named 138 Feb 13 21:44 magedu.com.shanghai.zone
-rw-r----- 1 root named 137 Feb 13 21:45 magedu.com.zone
此时,我们可以看到三套数据库已然生成。
root@centos7 ~]# rndc reload
server reload successful
12、此时可以看到:
[root@centos7 ~]# cat /var/named/magedu.com.beijing.zone
[root@centos7 ~]# cat /var/named/magedu.com.shanghai.zone
[root@centos7 ~]# cat /var/named/magedu.com.zone
13、我们在centos6上去dig查看:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3495
;; Query time: 1 msec
;; SERVER: 192.168.75.254#53(192.168.141.254)
;; WHEN: Thu Feb 7 21:41:02 2019
可以清楚的看到:www.magedu.com. 86400 IN A 192.168.141.254
[root@Centos6 network-scripts]# dig www.magedu.com @172.20.0.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @172.20.0.7
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15235
www.magedu.com. 86400 IN A 172.20.0.7
;; Query time: 2 msec
;; SERVER: 172.20.0.7#53(172.20.0.7)
;; WHEN: Thu Feb 7 23:01:24 2019
可以清楚看到www.magedu.com. 86400 IN A 172.20.0.7
[root@centos7 /var/named]# dig www.magedu.com @127.0.0.1
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.magedu.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32872
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
www.magedu.com. 86400 IN A 127.0.0.7
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 13 23:01:44 CST 2019
;; MSG SIZE rcvd: 96
我们在centos7本机上dig 可以清楚看到:www.magedu.com. 86400 IN A 127.0.0.7
![linux-svn卸载与安装[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)