多view的DNS服务器,如果没有合理安排配置文件,会存在很多冗余的数据,修改起来重复工作太多,很容易出错.通过合理的安排配置文件,可以最大程度减少冗余,方便管理. 下面以ustc.edu.cn有3个view的服务器来
说明配置文件的组织.
1. 文件acl.cernet,内容为
acl “CERNET” {
58.154.0.0/15;
58.192.0.0/12;
59.64.0.0/12;
116.13.0.0/16;
…
};
2. 文件acl.chinanet,内容为
acl “CHINANET” {
58.30.0.0/15;
58.32.0.0/11;
58.66.192.0/18;
…
};
3. 文件/etc/named.common.conf,存放named.conf中每个view公共的东西,内容为
zone “.” IN { type hint; file “named.ca”; };
zone “localdomain” IN { type master; file “localdomain.zone”; allow-update { none; }; };
zone “localhost” IN { type master; file “localhost.zone”; allow-update { none; }; };
zone “0.0.127.in-addr.arpa” IN { type master; file “named.local”; allow-update { none; }; };
zone “0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN { type master; file “named.ip6.local”; allow-update { none; }; };
zone “255.in-addr.arpa” IN { type master; file “named.broadcast”; allow-update { none; }; };
zone “0.in-addr.arpa” IN { type master; file “named.zero”; allow-update { none;}; };
zone “64.38.202.IN-ADDR.ARPA” in{type master; file “revs/named.202.38.64.rev”;};
…
4. 文件/etc/named.conf,主要内容为
…
include “/var/named/acl.cernet”;
include “/var/named/acl.chinanet”;
…
view “CERNET” {
match-clients { CERNET;};
include “/etc/named.common.conf”;
zone “ustc.edu.cn” in{type master; file “zones/cernet.named.ustc.edu.cn.zone”;};
};
view “CHINANET” {
match-clients { CHINANET;};
include “/etc/named.common.conf”;
zone “ustc.edu.cn” in { type master; file “zones/chinanet.named.ustc.edu.cn.zone”;};
};
view “Other” {
match-clients { any;};
include “/etc/named.common.conf”;
zone “ustc.edu.cn” in { type master; file “zones/other.named.ustc.edu.cn.zone”;};
};
5. 文件common.named.ustc.edu.cn.zone,存放所有view完全一样的东西,内容为
@ IN SOA ns.ustc.edu.cn. james.ustc.edu.cn. (
812
1200 ; refresh (20 min )
300 ; retry (5 min)
7200 ; expire (2 hour)
600 ; minimum (10 min)
)
IN NS ns.ustc.edu.cn.
IN NS mx.ustc.edu.cn.
; 重要服务器
ns IN A 202.38.64.1
mx IN A 202.38.64.56
…
msclub CNAME revproxy
job CNAME revproxy
www.job CNAME revproxy
…
6. 文件cernet.named.ustc.edu.cn.zone,存放CERNET view的信息
$INCLUDE common.named.ustc.edu.cn.zone
revproxy IN A 202.38.64.246
bbs IN A 202.38.64.3
…
7. 文件chinanet.named.ustc.edu.cn.zone,存放ChinaNET view的信息
$INCLUDE common.named.ustc.edu.cn.zone
revproxy IN A 218.22.21.25
bbs IN A 202.141.160.3
…
8. 文件othernet.named.ustc.edu.cn.zone,存放Other view的信息
$INCLUDE common.named.ustc.edu.cn.zone
revproxy IN A 218.104.71.173
bbs IN A 218.104.71.174
…
这样组织以后,每次修改数据,必须要修改common.named.ustc.edu.cn.zone中的序列号. |
One Response
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
好,组织得挺好的!
学习一下。