低成本-无需添加任何专用设备,只需通过简单配置即可; 灵活性强-可随时增加/删除解析规则; 有一定的可扩展能力-如果搭配Round Robin DNS可无缝快速的配置简单的负载均衡;
二、DNS-views配置
1、原理
使用DNS提供的view指令可以实现根据不同的IP范围来对同一个域名进行解析。
注意:view指令只在BIND9存在,以前的BIND8是没有view指令的!
2、配置示例
(1)环境假想
操作系统:CentOS 3.6 BIND版本:BIND 9.2.4-5 DNS 服务器:123.213.111.222(eht0)、10.0.0.1(eth1) 企业内部IP段:10.0.0.0/24 企业外部IP段:除10.0.0.0/24之外的所有 域名:testdns.org 我们希望企业内部IP所解析到的IP地址为:12.34.56.78,外部IP段则解析到:87.65.43.21
(2)配置示例
named.conf
// // named.conf for Red Hat caching-nameserver //
options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /** If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; };
zone "." IN { type hint; file "named.ca"; }; zone "testdns.org" { type master; file "db.internal"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; };
view "other" { match-clients { any; };
zone "." IN { type hint; file "named.ca"; }; zone "testdns.org" { type master; file "db.other"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; };
include "/etc/rndc.key";
db.internal
$TTL 86400 $ORIGIN testdns.org. @ IN SOA ns1.testdns.org. webmaster.ns1.testdns.org. ( 200512264 60 60 36000 86400 ) IN NS ns1.testdns.org. @ IN A 10.0.0.1 ns1 IN A 10.0.0.1 www IN A 12.34.56.78
db.other
$TTL 86400 $ORIGIN testdns.org. @ IN SOA ns1.testdns.org. webmaster.ns1.testdns.org. ( 200512264 60 60 36000 86400 ) IN NS ns1.testdns.org. @ IN A 10.0.0.1 ns1 IN A 10.0.0.1 www IN A 87.65.43.21
