[收藏本方案]

防火墙环境中DNS的配置[2]

[入库:2005年9月21日] [更新:2007年3月24日]

本文简介:
首页 尾页 [1] [2]

  2) /etc/named.conf中的内容为:
 

options {
  directory "/var/named";
   sortlist {
 #这一段表示当在本地执行查询时
  #将按照202.93.22.13,210.21.30.90,211.99.13.47的顺序返回地址
     { localhost;
       { localnets;
         202.93.22.13;
         { 210.21.30.90; 211.99.13.47; };
       };
     };
#这一段表示当在202/8地址段进行DNS查询时
#将按照202.93.22.13,210.21.30.90,211.99.13.47的顺序返回地址
     { 202/8;
       { 202.93.22.13;
         { 210.21.30.90; 211.99.13.47; };
       };
     };
#这一段表示当在211/8地址段进行DNS查询时
#将按照211.99.13.47,202.93.22.13,210.21.30.90的顺序返回地址,
#也就是211.99.13.47是最靠近查询地点的节点
     { 211/8;
       { 211.99.13.47;
         { 202.93.22.13; 210.21.30.90; };
       };
     };
     { 61/8;
       { 202.93.22.13;
         { 210.21.30.90; 211.99.13.47; };
       };
     };
   };
};
  zone "." {
     type hint;
     file "root.cache";
  };
  zone "localhost" {
    type master;
    file "localhost";
  };
  zone "cdn.com" {
     type master;
     file "cdn.com";
  };

  三、设内外DNS
 
  外部DNS就是一般的设置,关键在于内部的DNS的设置上

## named.conf - configuration for bind
#
# Generated automatically by redhat-config-bind, alchemist et al.
# Any changes not supported by redhat-config-bind should be put
# in /etc/named.custom
#
controls {
    inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/named.custom";
include "/etc/rndc.key";
options {
    directory "/var/named/";
    forwarders { 192.168.22.9; };  //转向到外部的DNS
};
zone "0.0.127.in-addr.arpa" {
    type master;
    file "0.0.127.in-addr.arpa.zone";
};
zone "22.168.192.in-addr.arpa" {
    type master;
    file "22.168.192.in-addr.arpa.zone";
};
zone "7.20.172.in-addr.arpa" {
    type master;
    file "7.20.172.in-addr.arpa.zone";
};

zone "localhost" {
    type master;
    file "localhost.zone";
};
zone "hutc.zj.cn" {
    type master;
    file "hutc.zj.cn.zone";
    forwarders { };  //除了内部的本域解析,其余都放到外部的DNS上
};


  四、利用bind9的view功能

options {
directory "/var/named";
};

acl "fx_subnet" {192.253.254/24; };
view "internal" { //我们区的内部视图
match-clients { "fx-subnet"; };
zone "fx.movie.edu" {
type master;
 file 'db.fx.moive.edu";
 };
 zone "254.253.192.in-addr.arpa" {
 type master;
 file "db.192.253.254";
 };
};

view "external" { //相应于世界的其余部分,我们区的视图
match-clients { any; }; //隐式地
rescursion no; //我们的子网外面,它们不应该请求递归查询
 zone "fx.movie.edu" {
 type master;
 file "db.fx.movie.edu.external"; //外部区数据文件
 };
 zone "254.254.192.in.arpa" {
  type master;
  file "db.192.253.254.external";//外部区数据文件
  };
  };

首页 尾页 [1] [2]
本文关键:暂无
  相关方案
Google
 

本站最佳浏览方式为 分辨率 1024x768 IE 6.0(或更高版本的 IE浏览器)

go top