(三) view(视图),实现访问控制
当来自不同ip的主机访问时,我将其解析到不同的地方。比如,来自192.168.0.0/24网段的主机访问,我将其解析到192.168.0.15。来自172.16.0.0/16网段的主机访问,我将其解析到172.16.100.1。
- #vim /etc/named.conf
- ---------------------
- acl internal {
- 192.168.0.0/24;
- 127.0.0.0/8;
- };
- acl external {
- 172.16.0.0/16;
- };
- options {
- directory "/var/named";
- }
- view "INNET" {
- match-clients { internal; };
- recursion yes;
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "a.org" IN {
- type master;
- file "a.org.internal";
- };
- };
- view "EXNET" {
- match-clients { external; };
- recursion no;
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "a.org" IN {
- type master;
- file "a.org.external";
- };
- };
- ---------------------------
- #vim a.org.internal
- ---------------
- $TTL 86400
- @ IN SOA ns1.a.org. admin.a.org. (
- 2011081701
- 1H
- 10M
- 7D
- 1D )
- @ IN NS ns1.a.org.
- @ IN MX 10 mail.a.org.
- ns1.a.org. IN A 192.168.0.15
- www.a.org. IN A 192.168.0.15
- ftp.a.org. IN A 192.168.0.12
- --------
- #vim a.org.external
- --------
- $TTL 86400
- @ IN SOA ns1.a.org. admin.a.org. (
- 2011081701
- 1H
- 10M
- 7D
- 1D )
- @ IN NS ns1.a.org.
- @ IN MX 10 mail.a.org.
- ns1.a.org. IN A 172.16.100.1
- www.a.org. IN A 172.16.100.1
- ftp.a.org. IN A 172.16.100.2