海运的博客

BIND可根据请求查询的源IP分配到不同的域规则，即智能DNS服务器。
下载运营商IP地址库，定义ACL，由于条目太多，可分别存为独立文件调用。
示例主DNS为：1.1.1.1，从DNS为2.2.2.2。

#https://www.haiyun.me
acl liantong{
    112.96.0.0/15;
};

生成key，用于同步时验证并解决不能全部同步的问题，

dnssec-keygen -a hmac-md5 -b 128 -n HOST one
dnssec-keygen -a hmac-md5 -b 128 -n HOST two
dnssec-keygen -a hmac-md5 -b 128 -n HOST three

主DNS配置：

key one
{
       algorithm hmac-md5;
       secret "hxCQkylFHbhzbPYo+CRWLA==";
};
key two
{
       algorithm hmac-md5;
       secret "T4Gf+E0+3Y+5uL3ylkQBSA==";
};

key three
{
       algorithm hmac-md5;
       secret "8q22D8M1c9QQKJLteC2bQQ==";
};
view "dianxin" {
server  2.2.2.2 { 
        keys { one; };
};
match-clients { dianxin; key one; !key two; !key three};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "dianxin.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key one; };
        };
};

view "liantong" {
server  2.2.2.2 {
        keys { two; };
};
match-clients { liantong; key two; !key one; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "liantong.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key two; };
        };
};

view "other" {
server  2.2.2.2 {
        keys { three; };
};
match-clients { any; key three; !key one; !key two; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "other.www.haiyun.me";
        allow-query { any; };
        notify yes;
        allow-transfer { key three; };
        };
};
include "/var/named/dianxin.acl";
include "/var/named/liantong.acl";

从DNS配置：

key one
{
       algorithm hmac-md5;
       secret "hxCQkylFHbhzbPYo+CRWLA==";
};
key two
{
       algorithm hmac-md5;
       secret "T4Gf+E0+3Y+5uL3ylkQBSA==";
};

key three
{
       algorithm hmac-md5;
       secret "8q22D8M1c9QQKJLteC2bQQ==";
};
view "dianxin" {
server  1.1.1.1 {
        keys { one; };
};
match-clients { dianxin; key one; !key two; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "dianxin.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};

view "liantong" {
server  1.1.1.1 {
        keys { two; };
};
match-clients { liantong; key two; !key one; !key three; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "liantong.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};

view "other" {
server  1.1.1.1 {
        keys { three; };
};
match-clients { any; key three; !key one; !key two; };
zone "." IN {
        type hint;
        file "named.ca";
};
zone "www.haiyun.me" IN {
        type master;
        file "other.www.haiyun.me";
        allow-query { any; };
        masters {1.1.1.1;};
        };
};
include "/var/named/dianxin.acl";
include "/var/named/liantong.acl";

定义多个域规则，分别转向不同的IP：

$TTL 600
@                       IN SOA   ns1.www.haiyun.me. domain.mail.www.haiyun.me. (
                        2012070401;
                        3H;
                        10M;
                        1W;
                        1H );
@      IN     NS     ns1.www.haiyun.me.
ns1     IN     A     184.164.141.188
www     IN     A     184.164.141.188