ProHoster > Blag > Riarachán > Mikrotik split-dns: rinne siad é

Mikrotik split-dns: rinne siad é

Níos lú ná 10 mbliana ina dhiaidh sin, chuir forbróirí RoS (i cobhsaí 6.47) feidhmiúlacht leis a ligeann duit fiosruithe DNS a atreorú de réir rialacha speisialta. Más rud é go raibh sé riachtanach níos luaithe a sheachaint le rialacha Sraith-7 sa bhalla dóiteáin, anois déantar é seo go simplí agus go galánta:

/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD

Níl a fhios ag mo sonas aon teorainn!

Cad a chuireann sé seo i mbaol sinn?

Ar a laghad, faighimid réidh le struchtúir NAT aisteach mar an gceann seo:


/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp

Agus ní hé sin go léir, anois is féidir leat roinnt seoltóirí a chlárú, rud a chuideoidh le dns failover a dhéanamh.
Le próiseáil Chliste DNS beidh sé indéanta ipv6 a thabhairt isteach i líonra na cuideachta. Roimhe sin, ní dhearna mé é seo, is é an chúis gur ghá dom roinnt ainmneacha dns a réiteach chuig seoltaí áitiúla, agus in ipv6 ní fhéadfaí é seo a dhéanamh gan crutches sách mór.

Foinse: will.com