智能DNS的配置主要修改named.conf文件，利用view和acl来实现。

acl文件内容,这里只列出一部分，具体详细的可以参考这个网址

纯真IP库，给出了十分详细的IP地址，下载安装后，打开软件，点击解压就可以获取到txt文本格式的IP地址

IP转换为acl工具下载地址

http://blog.lishixin.net/linux/468.html/attachment/dnstool

按照下面博客中的步骤将IP转换为acl格式

http://blog.lishixin.net/archives/468#more-468

 

注意事项：

只要配置了view的时候，所有的zone都必须包含到view中。

包括下面的这两行

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

 

下面是本配置中需要的，只列出部分IP的acl文件，这个不影响正常使用

mkdir -p /var/named/acl/srcip/

vim /var/named/acl/srcip/AnHui.acl

acl "AnHui.cnc"{36.32.0.0/24;36.32.1.0/24;36.32.2.0/24;};acl "AnHui.telcom"{36.4.0.0/24;36.4.1.0/24;36.4.2.0/24;};acl "AnHui.tietong"{61.235.36.0/24;61.235.37.0/24;61.235.38.0/24;};acl "AnHui.mobile"{101.36.128.0/24;101.36.129.0/24;101.36.130.0/24;};acl "AnHui.cernet"{1.51.64.0/24;1.51.65.0/24;1.51.100.0/24;};

 

vim /var/named/acl/srcip/BeiJing.acl

acl "BeiJing.cnc"{1.25.36.67;1.25.36.68;1.25.36.69;};acl "BeiJing.telcom"{1.92.0.0/16;1.93.0.0;1.93.0.1;};acl "BeiJing.tietong"{36.192.0.0/24;36.192.1.0/24;36.192.2.0/24;};acl "BeiJing.mobile"{36.128.0.0/16;36.129.0.0/16;36.130.0.0/16;};acl "BeiJing.cernet"{42.247.0.128;42.247.0.129;42.247.0.130;};

 

主DNS服务器配置，named.conf，修改后需要重启service named restart

//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//include "/var/named/acl/srcip/AnHui.acl";include "/var/named/acl/srcip/BeiJing.acl";//include "/var/named/include_acl";options {listen-on port 53 { 127.0.0.1; 192.168.1.100; }; //主DNS服务器listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { localhost; 192.168.1.0/24; };allow-transfer { localhost; 192.168.1.101; };    //从DNS服务器allow-query-cache { any; };                        //注意没有这个将无法访问网页recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging {channel default_debug {file "data/named.run";severity dynamic;};};//电信view "telcom-view" {match-clients {AnHui.telcom;BeiJing.telcom;};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type master;file "forward.unixmen"; //正向解析文件名allow-update { none; };};zone"1.168.192.in-addr.arpa" IN {type master;file "reverse.unixmen";//反向解析文件名allow-update { none; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};//联通view "cnc-view" {match-clients {AnHui.cnc;BeiJing.cnc;};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type master;file "forward.unixmen"; //正向解析文件名allow-update { none; };};zone"1.168.192.in-addr.arpa" IN {type master;file "reverse.unixmen";//反向解析文件名allow-update { none; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};//移动view "mobile-view" {match-clients {AnHui.mobile;BeiJing.mobile;};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type master;file "forward.unixmen"; //正向解析文件名allow-update { none; };};zone"1.168.192.in-addr.arpa" IN {type master;file "reverse.unixmen";//反向解析文件名allow-update { none; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};//中国教育与科研网view "cernet-view" {match-clients {AnHui.cernet;BeiJing.cernet;};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type master;file "forward.unixmen"; //正向解析文件名allow-update { none; };};zone"1.168.192.in-addr.arpa" IN {type master;file "reverse.unixmen";//反向解析文件名allow-update { none; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};view "external-view" {match-clients { any; };recursion yes; //需要递归，要不然上不了网。。。zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type master;file "forward.unixmen"; //正向解析文件名allow-update { none; };};zone"1.168.192.in-addr.arpa" IN {type master;file "reverse.unixmen";//反向解析文件名allow-update { none; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};key "rndc-key" {algorithm hmac-md5;secret "VcL5wC2GHCzCU7ju+ajC1Q==";};controls {inet 0.0.0.0 port 953 allow { localhost; 192.168.1.101; } keys { "rndc-key"; };};

 

从DNS服务器named.conf配置,修改后需要重启service named restart

//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//include "/var/named/acl/srcip/AnHui.acl";include "/var/named/acl/srcip/BeiJing.acl";options {listen-on port 53 { 127.0.0.1;192.168.1.101; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { localhost; };allow-query-cache { any; };//注意没有这个将无法访问网页recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging {channel default_debug {file "data/named.run";severity dynamic;};};//电信view "telcom-view" {match-clients {AnHui.telcom;BeiJing.telcom;};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type slave;file "slaves/unixmen.fwd";masters { 192.168.1.100; };#主DNS};zone"1.168.192.in-addr.arpa" IN {type slave;file "slaves/unixmen.rev";masters { 192.168.1.100; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};//联通view "cnc-view" {match-clients {AnHui.cnc;BeiJing.cnc;};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type slave;file "slaves/unixmen.fwd";masters { 192.168.1.100; };#主DNS};zone"1.168.192.in-addr.arpa" IN {type slave;file "slaves/unixmen.rev";masters { 192.168.1.100; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};//移动view "mobile-view" {match-clients {AnHui.mobile;BeiJing.mobile;};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type slave;file "slaves/unixmen.fwd";masters { 192.168.1.100; };#主DNS};zone"1.168.192.in-addr.arpa" IN {type slave;file "slaves/unixmen.rev";masters { 192.168.1.100; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};//中国教育与科研网view "cernet-view" {match-clients {AnHui.cernet;BeiJing.cernet;};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type slave;file "slaves/unixmen.fwd";masters { 192.168.1.100; };#主DNS};zone"1.168.192.in-addr.arpa" IN {type slave;file "slaves/unixmen.rev";masters { 192.168.1.100; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";};view "external-view" {match-clients { any; };recursion yes; //需要递归，要不然上不了网。。。zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type slave;file "slaves/unixmen.fwd";masters { 192.168.1.100; };#主DNS};zone"1.168.192.in-addr.arpa" IN {type slave;file "slaves/unixmen.rev";masters { 192.168.1.100; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";}; key "rndc-key" {algorithm hmac-md5;secret "VcL5wC2GHCzCU7ju+ajC1Q==";};controls {inet * port 953allow { 127.0.0.1;192.168.1.100; } keys { "rndc-key"; };};