Bind 9 以後的版本有提供view 的功能
view 的功能就是可以區分內外網來回應不同的名稱解析
也就是[見人說人話,見鬼說鬼話]
達成目標:
內網網段: 192.168.3.0/24
內部查詢blog.pmail.idv.tw 回應 192.168.3.12
外部查詢blog.pmail.idv.tw 回應 59.12X.15X.23X
設定方式如下
修改/etc/named.conf
————————————————————————————
// Red Hat BIND Configuration Tool
//
// Default initial “Caching Only” name server configuration
//
options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
view “wan”{
match-clients{
!192.168.3.0/24;
any;
};
zone “pmail.idv.tw.”IN{
type master;
file “pmail.wan”;
};
zone “.” IN {
type hint;
file “named.root”;
};
};
view “lan”{
match-clients{
192.168.3.0/24;
};
zone “pmail.idv.tw.”IN{
type master;
file “pmail.lan”;
};
};
include “/etc/rndc.key”;
——————————————————————
zone file 檔案 pmail.wan & pmail.lan 放置路徑 /var/named (zone file設定不在說明)
設定說明
1.view wan 是外部查詢, match-clients 設定 !192.168.3.0/24表示除了192.168.3.0/24 外都用這個view
2. view lan 是內部查詢, match-clients 設定 192.168.3.0/24表示都用這個view
測試
內部查詢
外部查詢
本篇瀏覽人數: 2197
