大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。
Jetbrains全家桶1年46,售后保障稳定
文章目录
智能dns配置基于bind9
视图语句语法
view view_name [class] {
match-clients { address_match_list } ;
match-destinations { address_match_list } ;
match-recursive-only { yes_or_no } ;
[ view_option; …]
[ zone-statistics yes_or_no ; ]
[ zone_statement; …]
};
视图语义
视图是 BIND9 的强大的新功能,允许名称服务器根据询问者的不同有区别的回答视图语句中定义的域只对匹配视图的用户是可用的。
外部view语句(使用view关键字进行定义),所有的域视图必须会在 view 语句内部产生。
这是一则典型的使用视图语句运行的拆分 DNS 设置
view "internal" {
match-clients { 10.0.0.0/8; };
// 应该与内部网络匹配.
// 只对内部用户提供递归服务.
// 提供 example.com zone 的完全视图
//包括内部主机地址.
recursion yes;
zone "example.com" {
type master;
file "example-internal.db";
};
};
view "external" {
match-clients { any; };
// 拒绝对外部用户提供递归服务
// 提供一个 example.com zone 的受限视图
// 只包括公共可接入主机
recursion no;
zone "example.com" {
type master;
file "example-external.db";
};
};
以上内容来自bind9管理员手册
配置及测试
bind9 name.conf相关配置如下
view "internal"{
match-clients {172.16.0.82;};
recursion yes;
zone "test" {
type master;
file "/var/cache/bind/test.host";
};
zone "." {
type hint;
file "/bind/named/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/bind/named/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/bind/named/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/bind/named/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/bind/named/db.255";
};
zone "asd" {
type master;
file "/var/cache/bind/asd.hosts";
};
zone "ad" {
type master;
file "/var/cache/bind/ad.hosts";
};
};
view "external" {
match-clients {any;};
recursion yes;
zone "test" {
type master;
file "/var/cache/bind/test.db";
};
zone "." {
type hint;
file "/bind/named/db.root";
};
zone "localhost" {
type master;
file "/bind/named/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/bind/named/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/bind/named/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/bind/named/db.255";
};
zone "asd" {
type master;
file "/var/cache/bind/asd.hosts";
};
zone "ad" {
type master;
file "/var/cache/bind/ad.hosts";
};
};
以上内容可以简写将公共域名部分分离到配置文件,然后使用include语句引用,有兴趣的同学可以尝试下
test.host内容如下:
$ttl 38400
test. IN SOA ha1. a.linx.com. (
1525945178
10800
3600
604800
38400 )
test. IN NS ha1.
ha1 IN A 127.0.0.1
www.test. IN A 172.16.0.82
test.db内容如下:
$ttl 38400
test. IN SOA ha1. a.linx.com. (
1525945178
10800
3600
604800
38400 )
test. IN NS ha1.
ha1 IN A 127.0.0.1
www.test. IN A 172.16.0.20
测试
- 使用本机ip测试
[***@localhost ~]$ dig www.test @127.0.0.1
; <<>> DiG 9.8.1-P1 <<>> www.test @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13392
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.test. IN A
;; ANSWER SECTION:
www.test. 38400 IN A 172.16.0.20
;; AUTHORITY SECTION:
test. 38400 IN NS ha1.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 25 15:03:50 2018
;; MSG SIZE rcvd: 59
- 使用172.16.0.82测试
[***@localhost ~]$ dig www.test @172.16.0.22
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.test @172.16.0.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48598
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test. IN A
;; ANSWER SECTION:
www.test. 38400 IN A 172.16.0.82
;; AUTHORITY SECTION:
test. 38400 IN NS ha1.
;; Query time: 0 msec
;; SERVER: 172.16.0.22#53(172.16.0.22)
;; WHEN: 二 9月 25 15:04:35 CST 2018
;; MSG SIZE rcvd: 70
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请联系我们举报,一经查实,本站将立刻删除。
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/213957.html原文链接:https://javaforall.net
![转—如何让前端更安全?——XSS攻击和防御详解[通俗易懂]](https://javaforall.net/wp-content/uploads/2020/11/2020110817443450-480x300.jpg)
