当前位置:文档之家› LINUX系统下智能DNS的配置之实例篇

LINUX系统下智能DNS的配置之实例篇

LINUX系统下智能DNS的配置之实例篇
LINUX系统下智能DNS的配置之实例篇

LINUX系统下智能DNS的配置之实例篇

LINUX, 智能, 系统, DNS, 实例

实施步骤:

1.电信和网通各一台服务器

2.使用BIND9做智能DNS,自动根据客户端IP来判断,网通的用户解析出网通的IP,电信的解析出电信IP.

3.将其中一台服务器做成反向代理,这样数据就可以同步了,不需要为同步数据麻烦.

注意:

如果你想让自己的服务器不同线路访问不同的服务器,

或者某个区域访问自己区域的服务器使用该view功能就可以实现

比如:国外的访问国外服务器国内访问国内服务器.

测试做的域名

https://www.doczj.com/doc/5816891885.html,

电信IP218.6.242.216

网通IP61.182.49.7

电信用户PING https://www.doczj.com/doc/5816891885.html,会解析到218.6.242.216

网通用户PING https://www.doczj.com/doc/5816891885.html,会解析到61.182.49.7

批注:该功能主要是解决了北京某门户网站的南北互不相访的问题.

于2006-4-4日,北京 by https://www.doczj.com/doc/5816891885.html,.

配置步骤:

1、软件列表

BIND 9.3.2

ftp://https://www.doczj.com/doc/5816891885.html,/isc/bind9/9.3.2/bind-9.3.2.tar.gz

2、安装BIND 9

安装BIND9:

# tar zxvf bind-9.3.2.tar.gz

# cd bind-9.3.2

# ./configure

--prefix=/usr/local/named

--disable-ipv6

# make && make install

建立BIND用户:

# groupadd bind

# useradd -g bind -d /usr/local/named -s /sbin/nologin bind

创建配置文件目录:

# mkdir –p /usr/local/named/etc

# chown bind:bind /usr/local/named/etc

# chmod 700 /usr/local/named/etc

创建主要的配置文件:

# vi /usr/local/named/etc/named.conf

===========================named.conf======================= acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};

options {

directory "/usr/local/named/etc/";

pid-file "/var/run/named/named.pid";

version "0.0.0";

datasize 40M;

allow-transfer {

"trust-lan";};

recursion yes;

allow-notify {

"trust-lan";

};

allow-recursion {

"trust-lan";

};

auth-nxdomain no;

forwarders {

202.99.160.68;

202.99.168.8;};

};

logging {

channel warning

{ file "/var/log/named/dns_warnings" versions 3 size 1240k; severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns

{ file "/var/log/named/dns_logs" versions 3 size 1240k; severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

zone "." {

type hint;

file "named.root";

};

acl "CNC" {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

58.22.0.0/15;

58.240.0.0/15;

58.242.0.0/15;

58.244.0.0/15;

58.246.0.0/15;

58.248.0.0/13;

60.8.0.0/15; 60.10.0.0/16; 60.11.0.0/16; 60.12.0.0/16; 60.13.0.0/18; 60.13.128.0/17;

60.14.0.0/15; 60.16.0.0/13; 60.24.0.0/14; 60.30.0.0/16; 60.31.0.0/16; 60.208.0.0/13;

60.216.0.0/15;

60.218.0.0/15;

60.220.0.0/14;

61.48.0.0/13; 61.133.0.0/17;

61.134.96.0/19;

61.134.128.0/17;

61.135.0.0/16;

61.137.128.0/17;

61.138.0.0/17;

61.138.128.0/18;

61.139.128.0/18;

61.148.0.0/15;

61.156.0.0/16;

61.159.0.0/18;

61.161.0.0/18;

61.161.128.0/17;

61.162.0.0/16;

61.163.0.0/16;

61.167.0.0/16;

61.168.0.0/16;

61.176.0.0/16;

61.179.0.0/16;

61.182.0.0/16; 61.189.0.0/17; 125.32.0.0/16; 125.40.0.0/13; 202.96.0.0/18; 202.96.64.0/21; 202.96.72.0/21; 202.97.128.0/18; 202.97.224.0/21; 202.97.240.0/20; 202.98.0.0/21; 202.98.8.0/21; 202.99.64.0/19; 202.99.96.0/21; 202.99.128.0/19; 202.99.160.0/21; 202.99.168.0/21; 202.99.176.0/20; 202.99.208.0/20; 202.99.224.0/21; 202.99.232.0/21; 202.99.240.0/20; 202.102.128.0/21; 202.102.224.0/21; 202.102.232.0/21; 202.106.0.0/16; 202.107.0.0/17; 202.108.0.0/16; 202.110.0.0/17; 202.111.128.0/18; 203.93.8.0/24; 203.93.192.0/18; 210.13.128.0/17; 210.14.160.0/19; 210.14.192.0/19;

210.15.96.0/19; 210.15.128.0/18; 210.21.0.0/16; 210.52.128.0/17; 210.53.0.0/17; 210.53.128.0/17; 210.74.96.0/19; 210.74.128.0/19; 210.82.0.0/15; 218.8.0.0/14; 218.12.0.0/16; 218.21.128.0/17; 218.24.0.0/14; 218.56.0.0/14; 218.60.0.0/15; 218.67.128.0/17; 218.68.0.0/15; 218.104.0.0/14; 219.154.0.0/15; 219.156.0.0/15; 219.158.0.0/17; 219.158.128.0/17; 219.159.0.0/18; 220.252.0.0/16; 221.0.0.0/15; 221.2.0.0/16; 221.3.0.0/17; 221.3.128.0/17; 221.4.0.0/16; 221.5.0.0/17; 221.5.128.0/17; 221.6.0.0/16; 221.7.0.0/19; 221.7.32.0/19; 221.7.64.0/19;

221.8.0.0/15; 221.10.0.0/16; 221.11.0.0/17; 221.11.128.0/18; 221.11.192.0/19; 221.12.0.0/17; 221.12.128.0/18; 221.13.0.0/18; 221.13.64.0/19; 221.13.96.0/19; 221.13.128.0/17; 221.14.0.0/15; 221.192.0.0/15; 221.194.0.0/16; 221.195.0.0/16; 221.196.0.0/15; 221.198.0.0/16; 221.199.0.0/19; 221.199.32.0/20; 221.199.128.0/18; 221.199.192.0/20; 221.200.0.0/14; 221.204.0.0/15; 221.206.0.0/16; 221.207.0.0/18; 221.207.64.0/18; 221.207.128.0/17; 221.208.0.0/14; 221.212.0.0/16; 221.213.0.0/16; 221.216.0.0/13; 222.128.0.0/14; 222.132.0.0/14; 222.136.0.0/13; 222.160.0.0/15;

222.163.0.0/19;

222.163.32.0/19;

222.163.64.0/18;

222.163.128.0/17;

};

view "view_cnc" {

match-clients { CNC; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/cnc.def";

};

view "view_any" {

match-clients { any; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/telecom.def";

};

添加完成后,保存。

更新根区文件:

# cd /usr/local/named/etc/

# wget ftp://https://www.doczj.com/doc/5816891885.html,/domain/named.root

创建PID和日志文件:

# mkdir /var/run/named/

# chmod 777 /var/run/named/

# chown bind:bind /var/run/named/

# mkdir /var/log/named/

# touch /var/log/named/dns_warnings

# touch /var/log/named/dns_logs

# chown bind:bind /var/log/named/*

# mkdir master

# touch master/cnc.def

# touch master/telecom.def

生成rndc-key:

# cd /usr/local/named/etc/

# ../sbin/rndc-confgen > rndc.conf

把rndc.conf中:

# Use with the following in named.conf, adjusting the allow list as needed: 后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释

运行测试:

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

状态检查:

# /usr/local/named/sbin/rndc status

建立启动脚本:

# vi /etc/init.d/named

============================== named.sh============================

#!/bin/bash

#

# named a network name service.

#

#

# chkconfig: 545 35 75

# description: a name server

#

if [ `id -u` -ne 0 ]

then

echo "ERROR:For bind to port 53,must run as root."

exit 1

fi

case "" in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

fi

;;

stop)

kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.' ;;

restart)

echo .

echo "Restart BIND9 server"

stop

sleep 10

start

;;

*)

echo " start | stop | restart"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on

到这里bind已经安装完毕 .下面是解析部分.

3、添加一个NS

平时大家修改域名信息的时候,都会发现有一个DNS信息的修改,里面会有一些类似https://www.doczj.com/doc/5816891885.html,一样的东西。添加这个东西不难,在新网的后台就可以添加。添加的时候要注意,域名状态设置里面的域名必须不能在锁定状态。

登陆新网的后台->域名管理->注册本域名下的DNS->DNS名字:ns->IP地址*.*.*.* (按照自己要求修改IP地址)->确定->MyDNS功能->添加新的A记录->ns->IP地址

61.182.49.7->提交。

对于一些收费的(如万网)或者不提供DNS服务器注册的管理后台,我们一样有办法去

解决。首先按照上面的,先添加一个A记录,然后打开

https://www.doczj.com/doc/5816891885.html,/domain/nameserver/createhost.jsp

按照上面的提示注册一下就行。

OK,等待DNS生效吧

4、添加一个域名

# cd /usr/local/named/etc/master

# mkdir cnc

# mkdir telecom

# vi cnc.def

添加

zone "https://www.doczj.com/doc/5816891885.html," {

type master;

file "master/cnc/https://www.doczj.com/doc/5816891885.html,";

};

# vi telecom.def

添加

zone "https://www.doczj.com/doc/5816891885.html," {

type master;

file "master/telecom/https://www.doczj.com/doc/5816891885.html,";

};

添加网通的解析,解析到的IP为61.182.49.7

#vi cnc/https://www.doczj.com/doc/5816891885.html,

添加

$TTL 3600

$ORIGIN https://www.doczj.com/doc/5816891885.html,.

@ IN SOA https://www.doczj.com/doc/5816891885.html,. https://www.doczj.com/doc/5816891885.html,.( 2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS https://www.doczj.com/doc/5816891885.html,.

@ IN A 61.182.49.7

www IN A 61.182.49.7

;

;end

添加电信的解析,解析到的IP为218.6.242.216

#vi telecom/https://www.doczj.com/doc/5816891885.html,

添加

$TTL 3600

$ORIGIN https://www.doczj.com/doc/5816891885.html,.

@ IN SOA https://www.doczj.com/doc/5816891885.html,. https://www.doczj.com/doc/5816891885.html,.( 2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS https://www.doczj.com/doc/5816891885.html,.

@ IN A 218.6.242.216

www IN A 218.6.242.216

;

;end

#/usr/local/named/sbin/rndc reload

OK,到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.

批注后记:

以下方法可以查询到3个服务商大致的地址范围,不过是否完整还需要大家验证。

下载并编译最新的ripe-dbase-client

# wget https://www.doczj.com/doc/5816891885.html,/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz #tar zxvf ripe-dbase*.gz

#cd whois-3.1

#./configure;make

执行查询并输出结果

#./whois3 -h https://www.doczj.com/doc/5816891885.html, -l -i mb MAINT-CNCGROUP >/tmp/cnc

#./whois3 -h https://www.doczj.com/doc/5816891885.html, -l -i mb MAINT-CHINANET >/tmp/chinanet

#./whois3 -h https://www.doczj.com/doc/5816891885.html, -l -i mb MAINT-CN-CRTC > /tmp/crtc

如果想得到具体的服务商比如江苏省电信的IP池,就把mb的值改为

MAINT-CHINANET-JS,或者是辽宁网通,那就改为MAINT-CNCGROUP-LN

然后用grep 和sed去掉多余的文字就可以得到了。

start | stop | restart"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on

到这里bind已经安装完毕 .下面是解析部分.

3、添加一个NS

平时大家修改域名信息的时候,都会发现有一个DNS信息的修改,里面会有一些类似https://www.doczj.com/doc/5816891885.html,一样的东西。添加这个东西不难,在新网的后台就可以添加。添加的时候要注意,域名状态设置里面的域名必须不能在锁定状态。

登陆新网的后台->域名管理->注册本域名下的DNS->DNS名字:ns->IP地址*.*.*.* (按照自己要求修改IP地址)->确定->MyDNS功能->添加新的A记录->ns->IP地址

61.182.49.7->提交。

对于一些收费的(如万网)或者不提供DNS服务器注册的管理后台,我们一样有办法

解决。首先按照上面的,先添加一个A记录,然后打开

https://www.doczj.com/doc/5816891885.html,/domain/nameserver/createhost.jsp 按照上面的提示注册一下就行。

OK,等待DNS生效吧

4、添加一个域名

# cd /usr/local/named/etc/master

# mkdir cnc

# mkdir telecom

# vi cnc.def

添加

zone "https://www.doczj.com/doc/5816891885.html," {

type master;

file "master/cnc/https://www.doczj.com/doc/5816891885.html,";

};

# vi telecom.def

添加

zone "https://www.doczj.com/doc/5816891885.html," {

type master;

file "master/telecom/https://www.doczj.com/doc/5816891885.html,";

};

添加网通的解析,解析到的IP为61.182.49.7

#vi cnc/https://www.doczj.com/doc/5816891885.html,

添加

$TTL 3600

$ORIGIN https://www.doczj.com/doc/5816891885.html,.

@ IN SOA https://www.doczj.com/doc/5816891885.html,. https://www.doczj.com/doc/5816891885.html,.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS https://www.doczj.com/doc/5816891885.html,.

@ IN A 61.182.49.7

www IN A 61.182.49.7

;

;end

添加电信的解析,解析到的IP为218.6.242.216

#vi telecom/https://www.doczj.com/doc/5816891885.html,

添加

$TTL 3600

$ORIGIN https://www.doczj.com/doc/5816891885.html,.

@ IN SOA https://www.doczj.com/doc/5816891885.html,. https://www.doczj.com/doc/5816891885.html,.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS https://www.doczj.com/doc/5816891885.html,.

@ IN A 218.6.242.216

www IN A 218.6.242.216

;

;end

#/usr/local/named/sbin/rndc reload

OK,到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.

批注后记:

以下方法可以查询到3个服务商大致的地址范围,不过是否完整还需要大家验证。

下载并编译最新的ripe-dbase-client

# wget https://www.doczj.com/doc/5816891885.html,/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz #tar zxvf ripe-dbase*.gz

#cd whois-3.1

#./configure;make

执行查询并输出结果

#./whois3 -h https://www.doczj.com/doc/5816891885.html, -l -i mb MAINT-CNCGROUP >/tmp/cnc

#./whois3 -h https://www.doczj.com/doc/5816891885.html, -l -i mb MAINT-CHINANET >/tmp/chinanet

#./whois3 -h https://www.doczj.com/doc/5816891885.html, -l -i mb MAINT-CN-CRTC > /tmp/crtc

如果想得到具体的服务商比如江苏省电信的IP池,就把mb的值改为

MAINT-CHINANET-JS,或者是辽宁网通,那就改为MAINT-CNCGROUP-LN

相关主题
文本预览
相关文档 最新文档