精解Linux RHEL 6.x DNS 服务器(6)

七、DNS的acl规则和view视图

###jie.com服务器的主配置文件######
options {
//  listen-on port 53 { 127.0.0.1; };
//  listen-on-v6 port 53 { ::1; };
    directory  "/var/named";
    dump-file  "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//  allow-query    { localhost; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
######区域配置文件######################
view LAN {
zone "." IN {  #把主配置文件的根域放到了区域配置文件中
    type hint;
    file "named.ca";
};
zone "localhost.localdomain" IN {
    type master;
    file "named.localhost";
    allow-update { none; };
};
zone "localhost" IN {
    type master;
    file "named.localhost";
    allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
    type master;
    file "named.loopback";
    allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
    type master;
    file "named.loopback";
    allow-update { none; };
};
zone "0.in-addr.arpa" IN {
    type master;
    file "named.empty";
    allow-update { none; };
};
match-clients { 172.16.22.0/16; };  #当匹配这个网段的IP访问jie.com服务器时，返回172.16.22.128
zone "jie.com" IN {
        type master;
        file "lan.jie.com";
 };
};
view WAN {
 match-clients {  any; };  #其他任何网段访问时返回1.1.1.128
 zone "jie.com" IN {
      type master;
      file "wan.jie.com";
};
};
#######区域解析库文件的内容#################
#############/var/named/lan.jie.com#####################
$TTL 1D
@  IN SOA  dns.jie.com. admin.jie.com. (
                    0  ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
    IN NS  dns.jie.com.
dns    IN A  172.16.22.128
www    IN A  172.16.22.128
ftp    IN A  172.16.22.128
mail    IN A  172.16.22.128
www    IN A  172.16.22.1
#############/var/named/wan.jie.com#####################
$TTL 1D
@  IN SOA  dns.jie.com. admin.jie.com. (
                    0  ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
    IN NS  dns.jie.com.
dns    IN A  1.1.1.128
www    IN A  1.1.1.128
ftp    IN A  1.1.1.128
mail    IN A  1.1.1.128
www    IN A  1.1.1.1

验证：
[root@LanPC ~]# ifconfig | grep -A 1 eth0
eth0      Link encap:Ethernet  HWaddr 00:0C:29:9C:14:36 
        inet addr:172.16.22.3  Bcast:172.16.255.255  Mask:255.255.0.0
[root@LanPC ~]# host -t A 172.16.22.2
Using domain server:
Name: 172.16.22.2
Address: 172.16.22.2#53
Aliases:

has address 172.16.22.128
has address 172.16.22.1

[root@WanPC ~]# ifconfig | grep -A 1 eth0
eth0      Link encap:Ethernet  HWaddr 00:0C:29:D1:6F:09 
        inet addr:192.168.0.4  Bcast:192.168.255.255  Mask:255.255.0.0
[root@WanPC ~]# host -t A 172.16.22.2
Using domain server:
Name: 172.16.22.2
Address: 172.16.22.2#53
Aliases:

has address 1.1.1.1
has address 1.1.1.128

八、DNS的日志系统的使用

####此实验是接着上面的实验内容####################
#######修改主配置文件####################
options {
//  listen-on port 53 { 127.0.0.1; };
//  listen-on-v6 port 53 { ::1; };
    directory  "/var/named";
    dump-file  "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//  allow-query    { localhost; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                  file "data/named.run";
                  severity  dynamic;
              };
          channel querylog {
                file "/var/log/bindquery.log" versions 3 size 10M;
                severity dynamic;
                print-time yes;
                print-category yes;
                print-severity  yes;
        };
          category  queries { querylog; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
##########其它文件不需要修改
touch /var/log/bindquery.log
chown named:named /var/log/bindquery.log

验证：
[root@LanPC ~]# host -t A ftp.jie.com 172.16.22.2
Using domain server:
Name: 172.16.22.2
Address: 172.16.22.2#53
Aliases:

ftp.jie.com has address 172.16.22.128
[root@LanPC ~]# host -t A 172.16.22.2
Using domain server:
Name: 172.16.22.2
Address: 172.16.22.2#53
Aliases:

has address 172.16.22.1
has address 172.16.22.128

[root@jie2 log]# cat /var/log/bindquery.log
08-Aug-2013 06:27:51.720 queries: info: client 172.16.22.3#36432: view LAN: query: ftp.jie.com IN A + (172.16.22.2)
08-Aug-2013 06:27:52.406 queries: info: client 172.16.22.3#34500: view LAN: query: ftp.jie.com IN A + (172.16.22.2)
08-Aug-2013 06:27:52.880 queries: info: client 172.16.22.3#34935: view LAN: query: ftp.jie.com IN A + (172.16.22.2)
08-Aug-2013 06:31:27.921 queries: info: client 172.16.22.3#38660: view LAN: query: ftp.jie.com IN A + (172.16.22.2)
08-Aug-2013 06:31:34.402 queries: info: client 172.16.22.3#52686: view LAN: query: IN A + (172.16.22.2)

可以生成日志

小结：DNS实现CDN会用到view，理清楚配置文件之间的关系。当服务开启不了时多查看日志(/var/log/messages),注意配置文件的语法格式。博客内容有点多，望各位博友能多多指点。