如何配置BIND 9 dns服务器视图以允许DMZ中的单个名称服务器使不同的数据集可用于不同的客户端集？
例如，Id喜欢运行递归，LAN用户(192.168.1.0/24)需要一些其他数据，而Internet用户Id想要显示有限的DNS数据而不需要递归。
如何配置视图以对外部(Internet)和内部(LAN)DNS信息进行分区？

您需要编辑/etc/named.conf或者/var/named/chroot/etc/named.conf文件，然后运行(以下配置已在FreeBSD和RHEL 5.x BIND 9服务器上经过测试)：

# vi /var/named/chroot/etc/named.conf

追加以下内容并定义内部子网(具有完全访问权限和递归的192.168.1.0/24和localhost)：

acl internal {
   192.168.1.0/24;
   localhost;
};

根据您的要求定义区域和其他数据：

//
// Lan zone recursion is the default 
// 
view "internal-view" {
  match-clients { internal; };
  zone "." IN {
    type hint;
    file "db.cache";
  };
  zone "internal.theitroad.com " IN {
    type master;
    file "zones/lan.master.theitroad.com";
    allow-transfer { key TRANSFER; };
  };
};
//
// external zone w/o recursion
//
view "external-view" {
  match-clients { any; };
  recursion no;
  zone "theitroad.com " IN {
    type master;
    file "zones/internet.master.theitroad.com";
    allow-transfer { key TRANSFER; };
  };
};

确保按照此处所述配置TSIG。

创建区域文件

首先，创建所需的目录，执行：

# mkdir -p /var/named/chroot/var/named/zones
# chown named:named /var/named/chroot/var/named/zones

使用LAN IP数据创建内部区域

编辑/var/named/chroot/var/named/zones/lan.master.theitroad.com，运行：

# vi /var/named/chroot/var/named/zones/lan.master.theitroad.com

追加数据，执行：

$ORIGIN theitroad.com.
$TTL 3h
@        IN SOA ns1.theitroad.com. Hyman.theitroad.com. (
                       20080703328        ; Serial yyyymmddnn
                       3h                ; Refresh After 3 hours
                       1h                ; Retry Retry after 1 hour
                       1h                ; Expire after 1 week 1w
                       1h)             ; Minimum negative caching of 1 hour

@                          IN NS    ns1.theitroad.com.
@                          IN NS    ns2.theitroad.com.

@                      3600	IN MX 10 mail1.theitroad.com.
@                      3600     IN MX 20 mail2.theitroad.com.

@                      3600    IN A     208.43.79.236
ns1                    3600    IN A     208.43.138.52
ns2                    3600    IN A     75.126.168.152
mail1                  3600    IN A     208.43.79.236
mail2                  3600    IN A     67.228.49.229
out-router             3600    IN A     208.43.79.100
; lan data
wks1                   3600    IN A     192.168.1.5
wks2                   3600    IN A     192.168.1.5
wks3                   3600    IN A     192.168.1.5
in-router              3600    IN A     192.168.1.254
; add other lan specifc data below

编辑/var/named/chroot/var/named/zones/internet.master.theitroad.com，运行：

# vi /var/named/chroot/var/named/zones/internet.master.theitroad.com

与上述相同，但没有内部数据：

$ORIGIN theitroad.com.
$TTL 3h
@        IN SOA ns1.theitroad.com. Hyman.theitroad.com. (
                       20080703328        ; Serial yyyymmddnn
                       3h                ; Refresh After 3 hours
                       1h                ; Retry Retry after 1 hour
                       1h                ; Expire after 1 week 1w
                       1h)             ; Minimum negative caching of 1 hour

@                          IN NS    ns1.theitroad.com.
@                          IN NS    ns2.theitroad.com.

@                      3600	IN MX 10 mail1.theitroad.com.
@                      3600     IN MX 20 mail2.theitroad.com.

@                      3600    IN A     208.43.79.236
ns1                    3600    IN A     208.43.138.52
ns2                    3600    IN A     75.126.168.152
mail1                  3600    IN A     208.43.79.236
mail2                  3600    IN A     67.228.49.229
out-router             3600    IN A     208.43.79.100

最后，重新加载数据：

# rndc reload

测试一下，执行：

$ ping in-router.theitroad.com
$ ping out-router.theitroad.com