centos7 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
centos6 关闭防火墙
service iptables stop
chkconfig iptables off
关闭selinux安全机制
sed -i '7 s/enforcing/disabled' /etc/selinux/config
setenforce 0
iptables -F
配置两个网卡 一个为lan 一个为wan
[root@localhost named]# ip a
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a3:e3:d1 brd ff:ff:ff:ff:ff:ff
inet 192.168.12.14/24 brd 192.168.12.255 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::2072:f9a5:943f:b8f9/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a3:e3:db brd ff:ff:ff:ff:ff:ff
inet 172.16.1.1/24 brd 172.16.1.255 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::2b6e:26fb:e6ed:95cd/64 scope link
valid_lft forever preferred_lft forever
安装named
修改主配置文件
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
options {
directory "/var/named";
};
include "/var/named/lan.txt";
include "/var/named/wan.txt";
view "lan" {
match-clients { lan; };
zone "chenyu.com" IN {
type master;
file "chenyu.zheng.lan";
};
};
view "wan" {
match-clients { wan; };
zone "chenyu.com" IN {
type master;
file "chenyu.zheng.wan";
};
};
创建lan网 和wan网的文件
[root@localhost ~]# cd /var/named/
[root@localhost named]# cat lan.txt
acl lan {
192.168.12.0/24;
};
[root@localhost named]# cat wan.txt
acl wan {
172.16.1.0/24;
};
[root@localhost named]# cat chenyu.zheng.lan
[root@localhost named]# cat chenyu.zheng.wan
修改属组
[root@localhost named]# chgrp named lan.txt wan.txt chenyu.zheng.lan chenyu.zheng.wan
[root@localhost named]# ll
总用量 36
-rw-r--r--. 1 root named 205 8月 22 09:33 chenyu.zheng
-rw-r--r--. 1 root named 205 8月 22 10:50 chenyu.zheng.lan
-rw-r--r--. 1 root named 205 8月 22 10:49 chenyu.zheng.wan
drwxrwx---. 2 named named 6 8月 4 2017 data
drwxrwx---. 2 named named 6 8月 4 2017 dynamic
-rw-r--r--. 1 root named 49 8月 22 10:44 lan.txt
-rw-r-----. 1 root named 2281 5月 22 2017 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 6 8月 4 2017 slaves
-rw-r--r--. 1 root named 28 8月 22 10:52 wan.txt
重启服务
[root@localhost named]# systemctl restart named
客户机测试 lan网
解析结果为30.100
wan网
解析结果为50.114
附:
DNS view的多种应用方式
1、match-clients直接指定地址
[root@localhost ~]# vim /etc/named.conf
options {
directory "/var/named";
};
view "LAN" {
match-clients { 192.168.200.0/24; }; //匹配局域网的客户端
zone "crushlinux.com" IN {
type master;
file "chenyu.zheng.lan";
};
};
view "WAN" {
match-clients { any; }; //匹配互联网的客户端
zone "crushlinux.com" IN {
type master;
file "chenyu.zheng.wan";
};
};
2、基于acl访问控制列表
[root@localhost ~]# vim /etc/named.conf
options {
directory "/var/named";
};
acl lan { 192.168.200.0/24; }; //定义访问控制列表
acl wan { any; };
view "LAN" {
match-clients { lan; }; //匹配局域网的客户端
zone "crushlinux.com" IN {
type master;
file "crushlinux.zheng.lan";
};
};
view "WAN" {
match-clients { wan; }; //匹配互联网的客户端
zone "crushlinux.com" IN {
type master;
file "crushlinux.zheng.wan";
};
};
3.基于访问控制文件(同例子)
[root@localhost ~]# cat /var/named/lan.txt
acl lan {
192.168.12.0/24;
};
[root@localhost ~]# cat /var/named/wan.txt
acl wan {
172.16.1.0/24;
};
[root@localhost ~]# vim /etc/named.conf
options {
directory "/var/named";
};
include "/var/named/lan.txt";
include "/var/named/wan.txt";
view "LAN" {
match-clients { lan; };
zone "crushlinux.com" IN {
type master;
file "crushlinux.zheng.lan";
};
};
view "WAN" {
match-clients { wan; };
zone "crushlinux.com" IN {
type master;
file "crushlinux.zheng.wan";
};
};