解析转发
CentOS 6.x配置
通常解析转发是配合acl、view实现智能DNS的,所以贴个智能DNS的配置
[root@aliyun-server ~]# cat /etc/named.conf
acl innet {
127.0.0.0/8;
192.168.2.20/32;
};
options {
listen-on port 53 { 192.168.2.20; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view in {
match-clients { innet; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "lotus.com" IN {
type master;
file "lotus.com.zone";
allow-transfer { none; };
allow-update { none; };
};
};
view out {
match-clients { any; };
recursion yes;
zone "lotus.com" IN {
type forward;
forwarders { 233.5.5.5; };
};
};
[root@aliyun-server ~]# cat /var/named/lotus.com.zone
$TTL 7200
@ IN SOA lotus.com. da.lotus.com. (222 1H 15M 1W 1D)
@ IN NS dns1.lotus.com.
dns1 IN A 192.168.2.20
www IN A 192.168.1.150
test IN CNAME www
Ubuntu 14.04 配置
拉取镜像
# docker pull sameersbn/bind
启动容器
# docker run --name bind -d --restart=always --publish 53:53/tcp --publish 53:53/udp --publish 10000:10000/tcp --volume /srv/docker/bind:/data sameersbn/bind
修改named.conf默认配置
# cd /srv/docker/bind/bind/etc
# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
//include "/etc/bind/named.conf.default-zones";
修改named.conf.options配置
# cat named.conf.options
acl intranet {
localhost;
101.201.30.225;
116.113.127.122;
45.121.65.171;
39.107.25.235;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { any; };
dnssec-enable yes;
listen-on-v6 { any; };
};
添加views文件
# cat named.conf.views
view in {
match-clients { intranet; };
recursion yes;
zone "." IN {
type hint;
file "/etc/bind/db.root";
};
zone "lotus.com" IN {
type master;
file "lotus.com.zone";
allow-transfer { none; };
allow-update { none; };
};
};
view out {
match-clients { any; };
recursion yes;
zone "lotus.com" IN {
type forward;
forwarders { 233.5.5.5; };
forward only;
};
};
添加域名区域文件
# cat lotus.com.zone
$TTL 7200
@ IN SOA lotus.com. da.lotus.com. (222 1H 15M 1W 1D)
@ IN NS dns1.lotus.com.
dns1 IN A 192.168.2.20
www IN A 192.168.1.150
拷贝区域文件到容器内,并重载配置
# docker cp lotus.com.zone bind:/var/cache/bind
# docker exec -it bind /etc/init.d/bind9 reload
检查日志
# docker logs -f bind
测试