海运的博客

Centos下用BIND配置主从同步智能DNS

发布时间:July 6, 2012 // 分类:DNS // No Comments

BIND可根据请求查询的源IP分配到不同的域规则,即智能DNS服务器
下载运营商IP地址库,定义ACL,由于条目太多,可分别存为独立文件调用。
示例主DNS为:1.1.1.1,从DNS为2.2.2.2。

#https://www.haiyun.me
acl liantong{
    112.96.0.0/15;
};

生成key,用于同步时验证并解决不能全部同步的问题,

dnssec-keygen -a hmac-md5 -b 128 -n HOST one
dnssec-keygen -a hmac-md5 -b 128 -n HOST two
dnssec-keygen -a hmac-md5 -b 128 -n HOST three

主DNS配置:

key one
{
       algorithm hmac-md5;
       secret "hxCQkylFHbhzbPYo+CRWLA==";
};
key two
{
       algorithm hmac-md5;
       secret "T4Gf+E0+3Y+5uL3ylkQBSA==";
};

key three
{
       algorithm hmac-md5;
       secret "8q22D8M1c9QQKJLteC2bQQ==";
};
view "dianxin" {
server  2.2.2.2 { 
        keys { one; };
};
match-clients { dianxin; key one; !key two; !key three};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "dianxin.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key one; };
        };
};

view "liantong" {
server  2.2.2.2 {
        keys { two; };
};
match-clients { liantong; key two; !key one; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "liantong.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key two; };
        };
};

view "other" {
server  2.2.2.2 {
        keys { three; };
};
match-clients { any; key three; !key one; !key two; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "other.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key three; };
        };
};
include "/var/named/dianxin.acl";
include "/var/named/liantong.acl";

从DNS配置:

key one
{
       algorithm hmac-md5;
       secret "hxCQkylFHbhzbPYo+CRWLA==";
};
key two
{
       algorithm hmac-md5;
       secret "T4Gf+E0+3Y+5uL3ylkQBSA==";
};

key three
{
       algorithm hmac-md5;
       secret "8q22D8M1c9QQKJLteC2bQQ==";
};
view "dianxin" {
server  1.1.1.1 {
        keys { one; };
};
match-clients { dianxin; key one; !key two; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "dianxin.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};

view "liantong" {
server  1.1.1.1 {
        keys { two; };
};
match-clients { liantong; key two; !key one; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "liantong.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};

view "other" {
server  1.1.1.1 {
        keys { three; };
};
match-clients { any; key three; !key one; !key two; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "other.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};
include "/var/named/dianxin.acl";
include "/var/named/liantong.acl";

定义多个域规则,分别转向不同的IP:

$TTL 600
@                       IN SOA   ns1.www.haiyun.me. domain.mail.www.haiyun.me. (
                        2012070401;
                        3H;
                        10M;
                        1W;
                        1H );
@      IN     NS     ns1.www.haiyun.me.
ns1     IN     A     184.164.141.188
www     IN     A     184.164.141.188

标签:dns, bind, 智能dns架设, 智能dns配置, 主从同步智能DNS配置

发表评论

分类
最新文章
最近回复
  • crowjin: 你确定这能过滤??不是所有请求都返回空地址::?
  • : linux系统上单个网卡多条宽带拨号获取公网IP,外网可以访问这些IP,有偿! Q:25299...
  • 硅谷少年: 非常有用,感谢分享
  • spartan2: https://dashboard.hcaptcha.com/welcome_accessib...
  • 海运: 应该能,在购买页面先手工跳过cf机器验证,后续一定时间内不更换ip应该不会再次验证。
  • spartan: 大佬斯巴达开启了CF的机器识别验证,请问插件能自动跳过吗? 另外这个脚本有没有简单使用说明,新...
  • vincent: 膜拜大佬
  • 海运: proxy-header或proxy_protocol
  • liangjw: 如果是 内部调用 或者 中间存在 代理 而上一个代理又在内网 ,那怎么处理来自代理私有IP?
  • chainofhonor: 感谢,用dnsmasq设置自动判断BIOS和UEFI成功了