BIND可根据请求查询的源IP分配到不同的域规则,即智能DNS服务器。
下载运营商IP地址库,定义ACL,由于条目太多,可分别存为独立文件调用。
示例主DNS为:1.1.1.1,从DNS为2.2.2.2。
1 2 3 4 |
生成key,用于同步时验证并解决不能全部同步的问题,
1 2 3 | dnssec-keygen -a hmac-md5 -b 128 -n HOST onednssec-keygen -a hmac-md5 -b 128 -n HOST twodnssec-keygen -a hmac-md5 -b 128 -n HOST three |
主DNS配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | key one{ algorithm hmac-md5; secret "hxCQkylFHbhzbPYo+CRWLA==";};key two{ algorithm hmac-md5; secret "T4Gf+E0+3Y+5uL3ylkQBSA==";};key three{ algorithm hmac-md5; secret "8q22D8M1c9QQKJLteC2bQQ==";};view "dianxin" {server 2.2.2.2 { keys { one; };};match-clients { dianxin; key one; !key two; !key three};zone "." IN { type hint; file "named.ca";};zone "www.haiyun.me" IN { type master; file "dianxin.www.haiyun.me"; allow-query { any; }; notify yes; allow-transfer { key one; }; };};view "liantong" {server 2.2.2.2 { keys { two; };};match-clients { liantong; key two; !key one; !key three; };zone "." IN { type hint; file "named.ca";};zone "www.haiyun.me" IN { type master; file "liantong.www.haiyun.me"; allow-query { any; }; notify yes; allow-transfer { key two; }; };};view "other" {server 2.2.2.2 { keys { three; };};match-clients { any; key three; !key one; !key two; };zone "." IN { type hint; file "named.ca";};zone "www.haiyun.me" IN { type master; file "other.www.haiyun.me"; allow-query { any; }; notify yes; allow-transfer { key three; }; };};include "/var/named/dianxin.acl";include "/var/named/liantong.acl"; |
从DNS配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | key one{ algorithm hmac-md5; secret "hxCQkylFHbhzbPYo+CRWLA==";};key two{ algorithm hmac-md5; secret "T4Gf+E0+3Y+5uL3ylkQBSA==";};key three{ algorithm hmac-md5; secret "8q22D8M1c9QQKJLteC2bQQ==";};view "dianxin" {server 1.1.1.1 { keys { one; };};match-clients { dianxin; key one; !key two; !key three; };zone "." IN { type hint; file "named.ca";};zone "www.haiyun.me" IN { type master; file "dianxin.www.haiyun.me"; allow-query { any; }; masters {1.1.1.1;}; };};view "liantong" {server 1.1.1.1 { keys { two; };};match-clients { liantong; key two; !key one; !key three; };zone "." IN { type hint; file "named.ca";};zone "www.haiyun.me" IN { type master; file "liantong.www.haiyun.me"; allow-query { any; }; masters {1.1.1.1;}; };};view "other" {server 1.1.1.1 { keys { three; };};match-clients { any; key three; !key one; !key two; };zone "." IN { type hint; file "named.ca";};zone "www.haiyun.me" IN { type master; file "other.www.haiyun.me"; allow-query { any; }; masters {1.1.1.1;}; };};include "/var/named/dianxin.acl";include "/var/named/liantong.acl"; |
定义多个域规则,分别转向不同的IP:
1 2 3 4 5 6 7 8 9 10 | $TTL 600@ IN SOA ns1.www.haiyun.me. domain.mail.www.haiyun.me. ( 2012070401; 3H; 10M; 1W; 1H );@ IN NS ns1.www.haiyun.me.ns1 IN A 184.164.141.188www IN A 184.164.141.188 |
