這是利用view這個功能去判別詢問的來源IP
直接Demo吧
小弟是寫在/etc/bind/name.conf.local
view "internal"{
match-clients {
127.0.0.1/32;
192.168.0.0/16;
};
zone "example.com"{
type master;
file "/etc/bind/example.com-internal.hosts";
};
};
view "external" {
match-clients{
any;
};
zone "example.com" {
type master;
file "/etc/bind/example.com.hosts";
};
};
設定完畢後,重啟就可以試試看了。
首先從內部去dig
~# dig @127.0.0.1 example.com
; <<>> DiG 9.10.3 <<>> @127.0.0.1 example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36134
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 38400 IN A 192.168.0.3
;; AUTHORITY SECTION:
example.com. 38400 IN NS ns.example.com.
example.com. 38400 IN NS ns2.example.com.
;; ADDITIONAL SECTION:
ns.example.com. 38400 IN A 192.168.0.4
ns2.example.com. 38400 IN A 192.168.0.5
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 17 14:42:20 CST 2019
;; MSG SIZE rcvd: 122
那麼如果是從google來問,他是屬於符合Any的view的條件的。
~# dig @8.8.8.8 example.com
; <<>> DiG 9.10.3 <<>> @8.8.8.8 example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27966
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 21599 IN A 123.1.2.3
;; Query time: 25 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 17 14:44:15 CST 2019
;; MSG SIZE rcvd: 51
就是這麼簡單。
那麼後面還有一些問題要解,如果有做Master跟Slave的話。
之後再寫一篇解法。
