您的位置：首页 > 其它

BIND（二）—— dns管理，acl，forward，子域授权，view

2014-06-04 15:59 477 查看

<div style="font-family: 'Chalkboard SE'; font-size: 14px; margin: 8px; line-height: 1.6; padding: 0px; word-wrap: break-word; cursor: text; height: 1224px;">
<h2 id="bind-dns-acl-forward-view" style="font-size: 24px; margin: 0px 0px 5px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">BIND（二）-- dns管理，acl，forward，子域授权，view</h2>
<h3 id="1-rndc" style="font-size: 18px; margin: 5px 0px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">1、rndc</h3>
<blockquote style="margin: 5px 0px; border-left-color: #dddddd; padding: 0px 15px; color: #777777;">
rndc（remote name domain controller）是BIND安装包提供的一种控制域名服务运行的工具，它可以运行在其他计算机上，通过网络与DNS服务器进行连接，然后根据管理员的指令对named进程进行远程控制，此时，管理员不需要DNS服务器的根用户权限。使用rndc可以在不停止DNS服务器工作的情况进行数据的更新，使修改后的配置文件生效。在实际情况下，DNS服务器是非常繁忙的，任何短时间的停顿都会给用户的使用带来影响。因此，使用rndc工具可以使DNS服务器更好地为用户提供服务。
rndc与DNS服务器实行连接时，需要通过数字证书进行认证，而不是传统的用户名/密码方式。在当前版本下，rndc和named都只支持HMAC-MD5认证算法，在通信两端使用共享密钥。rndc在连接通道中发送命令时，必须使用经过服务器认可的密钥加密。为了生成双方都认可的密钥，可以使用rndc-confgen命令产生密钥和相应的配置，再把这些配置分别放入named.conf和rndc的配置文件rndc.conf中
</blockquote>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">//配置rndc.conf rndc-confgen > /etc/bind/rndc.conf 自动生成rndc.conf，内容如下： key "rndc-key" { algorithm hmac-md5; secret "oYV+NSAXam5nY1xa++tElQ=="; }; [root@node128 ~]# cat /etc/rndc.key //rndc联系服务器时候的密钥 key "rndc-key" { algorithm hmac-md5; secret "aNAICkyq0s4EIxnhj92ntQ=="; }; //使用密钥 options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; [root@node128 ~]# cat /etc/named.root.key //named服务器连接根节点的时候通信密钥 managed-keys { # DNSKEY for the root zone. # Updates are published on root-dnssec-announce@icann.org . initial-<spa
3ff0
n class="comment" style="color: #888888;">key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0="; }; </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">rndc：953/tcp 默认工作在本机 </code></pre>
<h3 id="2-bind" style="font-size: 18px; margin: 5px 0px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">2、管理bind</h3>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">//查看状态 [root@node128 ~]# rndc status version: 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 CPUs found: 1 worker threads: 1 number of zones: 21 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">//调试级别，0,1,2,3，如果没有特殊必要，则不要打开查询日志 [root@node128 ~]# rndc trace [root@node128 ~]# rndc status version: 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 CPUs found: 1 worker threads: 1 number of zones: 21 debug level: 2 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">//关闭trace [root@node128 ~]# rndc notrace </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">rndc //查看帮助信息 rndc flush <domain-name> //清空缓存或者清空某个域的缓存 rndc reload //重新加载配置文件，也重新加载区域配置文件 rndc reconfig //只重新加载配置文件 </code></pre>
<h2 id="3-bind-" style="font-size: 24px; margin: 5px 0px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">3、bind访问控制列表</h2>
//常见bind控制指令
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">allow-tranfer {}; allow-query {}; allow-recursion {}; //允许递归查询 allow-update {}; //动态DNS，ddns，一般不开启 </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-
3ff0
radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">//先定义，后使用 [root@node128 ~]# vim /etc/named.conf acl fulltransfer { 172.16.213.129; }; [root@node128 ~]# vim /etc/named.rfc1912.zones zone "test.com" IN { type master; notify yes; file "test.com.zone"; allow-transfer { fulltransfer; }; also-notify { 172.16.213.129; }; }; </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">//此时因不匹配ACL而查询失败 [root@node128 ~]# rndc reload server reload successful [root@node128 ~]# dig -t axfr test.com @172.16.213.128 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t axfr test.com @172.16.213.128 ;; global options: +cmd ; Transfer failed. </code></pre>
<h2 id="4-dns" style="font-size: 24px; margin: 5px 0px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">4、转发DNS</h2>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">//基本语法 forward only | first only：只做转发 first：先转发，如果转发之后没有结果，才进行迭代 转发的前提：接受转发的服务器必须能为请求者做递归查询 全局转发和区域转发都定义的时候，优先级不同 </code></pre>
<h4 id="-" style="font-size: 16px; margin: 5px 0px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">- 转发所有非本机解析的请求</h4>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; recursion yes; // dnssec-enable yes; // dnssec-validation yes; // dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; // managed-keys-directory "/var/named/dynamic"; //将非自己解析的区域的请求转发到Google的DNS上解析，仅作转发 forward only; forwarders { 8.8.8.8; }; };</code></pre>
<h4 id="-" style="font-size: 16px; margin: 5px 0px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">- 只针对某个域做转发</h4>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">zone "google.com" IN { type forward; forward only; forwarders { 8.8.8.8; }; }; </code></pre>
<h2 id="5-dns-" style="font-size: 24px; margin: 5px 0px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">5、DNS子域授权</h2>
域内：划分出小子域 授权：委派
test.com dev.test.com dev.test.com. IN NS dns.dev.test.com. dns.dev.test.com. IN A 172.16.213.129
ops.test.com 
 ops.test.com. IN NS dns.ops.test.com.
 dns.ops.test.com. IN A 172.16.213.129 
结构： node128：父域 node130：子域
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">1、首先父域上进行子域授权 [root@node128 named]# vim /var/named/test.com.zone 增加 dev IN NS dns.dev dns.dev IN A 172.16.213.130 </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">2、子域上进行配置 [root@node130 named]# vim /etc/named.rfc1912.zones zone "dev.test.com" IN { type master; file "dev.test.com.zone"; }; </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">[root@node130 named]# vim /var/named/dev.test.com.zone $TTL 1200 @ IN SOA dns.dev.test.com. admin.dev.test.com. ( 20140601 </code> 1H 10M 3D 2H ) IN NS dns IN MX 10 mail dns IN A 172.16.213.130 mail IN A 192.168.1.100 www IN A 192.168.1.101 www IN A 192.168.1.102 www IN A 192.168<
3ff0
/span>.1.103</pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">[root@node130 named]# dig -t A www.dev.test.com @172.16.213.130 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.dev.test.com. IN A ;; ANSWER SECTION: www.dev.test.com. 1200 IN A 192.168.1.103 www.dev.test.com. 1200 IN A 192.168.1.101 www.dev.test.com. 1200 IN A 192.168.1.102 ;; AUTHORITY SECTION: dev.test.com. 1200 IN NS dns.dev.test.com. ;; ADDITIONAL SECTION: dns.dev.test.com. 1200 IN A 172.16.213.130 </code></pre>
<h2 id="6-view" style="font-size: 24px; margin: 5px 0px; padding: 0px; -webkit-font-smoothing: antialiased; cursor: text; position: relative;">6、view</h2>
<blockquote style="margin: 5px 0px; border-left-color: #dddddd; padding: 0px 15px; color: #777777;">
实现不同来源解析同一个域名返回不同的结果
</blockquote>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">view internal { match-clients { 172.16.213.128; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type master; notify yes; file "test.com.zone"; allow-transfer { fulltransfer; }; also-notify { 172.16.213.129; }; }; zone "test2.com" IN { type master; file "test2.com.zone"; }; }; </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">view external { match-clients { 172.16.213.130; }; zone "test.com" IN { type master; file "external.test.com.zone"; }; zone "test2.com" IN { type master; file "external.test2.com.zone"; }; }; //external 中www解析地址为192.168.1.0/24,130解析出来是192.168.1.0/24的地址 //internal 中www解析地址为172.16.213.0/24，内网地址解析出来是172.16.213.0/24的地址 </code></pre>
<pre style="margin-top: 5px; margin-right: 0px; margin-bottom: 0px !important; margin-left: 0px; background-color: #f8f8f8; font-size: 13px; line-height: 19px; overflow-x: auto; overflow-y: auto; padding-top: 6px; padding-right: 10px; padding-bottom: 6px; padding-left: 10px; border-top-left-radius: 3px 3px; border-top-right-radius: 3px 3px; border-bottom-right-radius: 3px 3px; border-bottom-left-radius: 3px 3px; word-wrap: break-word; border-width: 1px; border-color: #cccccc; border-style: solid;"><code style="margin: 0px; padding: 0px; border: none; background-color: transparent; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-wrap: break-word; max-width: 100%;">//测试 [root@node128 named]# dig -t A www.test.com @172.16.213.128 ;; ANSWER SECTION: www.test.com. 600 IN A 172.16.213.131 www.test.com. 600 IN A 172.16.213.130 [root@node130 named]# dig -t A www.test.com @172.16.213.128 ;; ANSWER SECTION: www.test.com. 600 IN A 192.168.1.130 www.test.com. 600 IN A 192.168.1.131</code></pre>
</div>

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签： bind acl forward 子域授权 view

相关文章推荐

新的分享

章节导航