DNS逆向解析域 并设置不同

 
简介:目标要求:DNS对域名逆向解析;实现不同网段在访问同一域名时得到不同的IP,如10.0.0.网段访问www.fbl.com时IP为10.0.0.254。192.168.1.网段在访问该域名时IP为192.168.1.254。步骤: 1、DNS逆向解析域设置 ① 在原有DNS基 ...

目标要求:DNS对域名逆向解析;实现不同网段在访问同一域名时得到不同的IP,如10.0.0.网段访问www.fbl.comIP10.0.0.254192.168.1.网段在访问该域名时IP192.168.1.254

步骤:

1DNS逆向解析域设置

在原有DNS基础上,声明一个逆向解析域,(vim /etc/named/chroot/etc/named.conf

options {

directory "/var/named";

};

#原解析域

zone "fbl.com" IN {

type master ;

file "fbl.com.db";

};

#逆向解析域声明

zone "1.168.192.IN-ADDR.ARPA" IN{

type master;

file "fbl.com.db";

};

/var/named/chroot/var/named/fbl.com.db 中内容的设置:

(说明:@代表要解析的域名,NS前就不用再写了。逆向解析中的127代表127.1.168.192. IN-ADDR.ARPA 。下同)

$TTL 86400

@ SOA dns.fbl.com. root.dsn.fbl.com. (2008051600 3H 15M 1W 1D)

NS dns.fbl.com.

dns.fbl.com. A 192.168.1.127

www.fbl.com. A 192.168.1.127

#逆向解析

127 PTR www.fbl.com.

160 PTR ftp.fbl.com.

254 PTR mail.fbl.com.

③重启DNS,可用host 192.168.1.127测试

2、不同网段的分离

①配置DNS主控文件:vim /etc/named/chroot/etc/named.conf ,设置如下:

options {

directory "/var/named";

};

view "smallnet" {

match-clients {192.168.1.0/24;};

recursion yes;

zone "fbl.com" IN {

type master ;

file "fbl.com.db";

};

zone "1.168.192.IN-ADDR.ARPA" IN{

type master;

file "fbl.com.db";

};

};

view "bignet" {

match-clients {10.0.0.0/24;};

recursion yes;

zone "fbl.com" IN {

type master ;

file "bigfbl.com.db";

};

zone "0.0.10.IN-ADDR.ARPA" IN{

type master;

file "bigfbl.com.db";

};

};

②配置DNS数据库文件 vim /var/named/chroot/var/named/bigfbl.com.db 设置如下:

$TTL 86400

@ SOA dns.fbl.com. root.dsn.fbl.com. (2008051600 3H 15M 1W 1D)

NS dns.fbl.com.

dns.fbl.com. A 10.0.0.254

www.fbl.com. A 10.0.0.254

254 PTR www.fbl.com.

160 PTR ftp.fbl.com.

254 PTR mail.fbl.com.

③重启DNS,用IP192.168.1.网段测试,得到IP192.168.1.127;用IP10.0.0.网段测试,得到IP10.0.0.254

④另外,还可以使用定义acl别名的方式,添加多个网段

acl cnc {

192.168.2.0/24

192.168.3.0/24

……

}

使用: view "bignet" {

match-clients {cnc;};

……

}