DNS management functions
Do you have such thoughts, just want to let an IP address or an IP terminal access, access control function. DNS service provides us with a good solution.
1, Options
|
| The allow-Query {}; | Host allow the query, equivalent to the white list
| allow-transfer {}; | allows the host zone transfers
| allow-recursion {}; | allow recursive hosts, this option is recommended in options use
| allow-update {}; | allowed to update the database content area
2、acl
acl: is the end of an IP or IP into one collection, through a unified name calling; this can be understood as a function bash function.
(1) acl built-in options
|
| None | not a host |
| the any | any host |
| localhost | native |
| the localnet | masking operation with the IP to give the machine a network address |
Note: acl must first define reuse; recommends that the general definition and then options above.
(2) Example
[root@localhost ~]# vim /etc/named.conf
Then restart the service in the unit test[root@localhost ~]# dig www.test.com @127.0.0.1
Since we set up acl function, all the machine can not be visited. Achieve our desired results.
view
A child go to Internet cafes when we have not encountered such a problem, if you play and asked to play in the telecommunications 1, and your network is China Unicom's network, so start the process of playing the game, our reaction will slow screen, very frequently high; but the network provides a network transfer large columns DNS access control and intelligent DNS change the program, if you switch to a telecommunications network, asked the games run smoothly; this is equivalent here view function. DNS resolution can only be achieved, but we do not need to manually switch networks.
(1) bind a server can define a plurality of view; Each view can define multiple zone. Each view match a set of clients.
(2) If a zone with multiple view of parse, using a different zone file parsing library.
Real
If we have two DNS servers in Beijing and Guangzhou, Beijing and Guangzhou users to access www.test.com time, I would like to visit Beijing in Beijing directly resolve DNS and returns, Guangzhou and it is the same, how ah?
Since my computer has two different IP, to achieve this functionality on a single machine in a
(A) modify the /etc/named.conffile
(B) create /etc/named.rfc1912.zones.testand /etc/named.rfc1912.zones.appare modified
(3) create a zone file /var/named/app.com.zoneand /var/named/app.com.zoneare modified
(4) Restart dns service[root@localhost named]# service named restart
Clinet tests on the client (IP 192.168.4.148 and 172.18.253.86)
