分类: LINUX
2011-08-04 17:00:34
智能DNS安装测试
1、 测试硬件环境:dell 4600 1C/1G
2、 测试应用平台:RHEL 5.4/BIND 9.7.3,区域名:test.com
3、 测试目的:用内网段19.200.2.0/24 19.200.57.0/24模拟联通客户端,来自该两个网段的IP,访问时,解析到19.200.2.3,来自其它网段的IP访问则解析到19.200.2.6
4、 测试结果
来自19.200.2.0/24网段测试结果
来自19.200.48.0/24网段测试结果
5、
BIND详细配置
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* dns.guangzhou.gd.cn:202.96.128.68
* ns.guangzhou.gd.cn:202.96.128.143
* cache-a.guangzhou.gd.cn:202.96.128.86
* cache-b.guangzhou.gd.cn:202.96.128.86
* dns.shunde.gd.cn:202.103.188.28
* data.shunde.net202.103.188.53
* ns.gd.gov.cn:210.76.65.18
*/
forwarders {202.96.134.133;61.142.131.3;202.96.128.143; 202.96.128.68; 61.142.131.2; };
// forwarders { 202.103.188.28;202.96.128.68;210.76.65.18; };
// forwarders { 202.96.128.143;202.96.128.68;210.76.65.18; };
forward first;//default value
// forward only;
recursion yes;//default value
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching&master nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/var/named/cnc_acl.conf";
include "/etc/rndc.key";
view "view_cnc" {
match-clients { CNC; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "test.com" IN {
type master;
file "cnc.test.com";
allow-update { none; };
allow-transfer {any;};
};
};
view "view_any" {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "test.com" IN {
type master;
file "telecom.test.com";
allow-update { none; };
allow-transfer {any;};
};
};
6、 区域文件详细配置
A、cnc.test.com
$ORIGIN test.com.
$TTL 86400 ; 1 day
@ IN SOA ns.test.com. admin.test.com. (
2011072703 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
@ IN NS ns.test.com
@ IN A 19.200.2.3
www IN A 19.200.2.3
B、telecom.test.com
$ORIGIN test.com.
$TTL 86400 ; 1 day
@ IN SOA ns.test.com. admin.test.com. (
2011072703 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
@ IN NS ns.test.com.
@ IN A 19.200.2.6
www IN A 19.200.2.6
7、 客户端IP详细信息
acl "CNC" {
19.200.57.0/24;
19.200.2.0/24;
};
