基于视图的DNS解析
系统要求:AS4,DNS为系统自带的。
目的:根据来自不同网络用户的访问请求,对相同的域名解析成不同的IP,使用户可以访问离他最近的那台服务器,以增加用户的访问速度。
实现:在lidoo.com,newlido.com域中。name.conf中增加不同的视图来判断,来访者的IP是属于那个网络
所有涉及到的文件
/var/named/chroot/var/named/newlido.zone #newlido.com域在电信的解析文件
/var/named/chroot/var/named/newlido.zone.cnc #newlido.com域在网通的解析文件
/var/named/chroot/var/named/lidoo.zone.cnc #lidoo.com域在电信的解析文件
/var/named/chroot/var/named/lidoo.zone # newlido.com域在网通的解析文件
/var/named/chroot/etc/cn_ip/CHINANET #电信IP段配置文件
/var/named/chroot/etc/cn_ip/CNCGROUP #网通IP段配置文件
/var/named/chroot/etc/cn_ip/cn_isp.sh #动态更新电信、网通IP段到配置文件中的脚本,可以放在crontab中每个月或每个星期凌晨时段运行一次。
/var/named/chroot/etc/named_common.conf #公用配置文件
/var/named/chroot/etc/named.conf #主配置文件
下面是网通DNS中的相关配置文件。
编辑 /var/named/chroot/etc/named.conf
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db"; #解析后的缓冲文件
statistics-file "/var/named/data/named_stats.txt";
pid-file "/var/run/named/named.pid";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
//acl "china_netcom" { #使用acl定义包含下列IP段的是属于那个网络的。
// 61.207.0.0/16;
// 168.160.224.0/19;
// 210.51.0.0/16;
//};
include "/etc/cn_ip/CNCGROUP"; #如IP段很多的话为了界面清楚及更新方便可以定义在单独的一个文件中 (文件格式见附件)
//acl "china_telecom" {
// 202.96.0.0/16;
// 218.0.0.0/8;
// 61.151.0.0/16;
// 222.73.0.0/16;
//};
include "/etc/cn_ip/CHINANET";
view "for_cnc" { #建立对应的视图,根据来访IP的不同使用不同的解析文件(如果还需增加对不同的网络用户进行解析,可以在增加这样的视图)
match-clients { china_netcom; };
recursion yes;
include "/etc/named_common.conf"; #公用的本地解析文件 (文件见附件)
zone "lidoo.com" IN { #具体的域名解析文件
type master;
file "lidoo.zone.cnc";
allow-update { none; };
};
zone "newlido.com" IN { #具体的域名解析文件
type master;
file "newlido.zone.cnc";
allow-update { none; };
};
};
view "for_ctc_and_all" {
match-clients { china_telecom; any; }; #any代表其它未包含在定义好IP段中的所有IP
recursion yes;
include "/etc/named_common.conf";
zone "lidoo.com" IN {
type master;
file "lidoo.zone";
allow-update { none; };
};
zone "newlido.com" IN {
type master;
file "newlido.zone";
allow-update { none; };
};
};
include "/etc/rndc.key";
编辑 /var/named/chroot/var/named/lido.zone.cnc
$TTL 86400
@ IN SOA @ root.lidoo.com (
2006071701 ; serial (d. adams) #更新ID,最好每次更改DNS配置都在原有基础上增大一点
3H ; refresh #3小时更新一次本地DNS
15M ; retry #如果更新失败就在15分钟后重试
1W ; expiry #DNS缓存在1周后过期
1D ) ; minimum #最小过期为1天,即使其它地方的DNS更新了缓存中也不更新
IN NS dns1 #DNS地址域名
IN NS dns2 #DNS地址域名
IN MX 10 mail #有mail的话需要有MX 标记,数字10是权重,可以是其它数字,这里可以设置其它的带有 MX标记的名字,利用权重用来表示优先级,只有MX标记可以设置权重。
IN A 210.51.22.149 #该域默认的IP,lidoo.com
dns1 IN A 222.73.254.218 #DNS1 在上级ISP那注册的 DNS
dns2 IN A 210.51.22.149 #DNS2 在上级ISP那注册的 DNS
xbrl IN A 210.51.22.147 #目前和电信的配置文件相比就这里的IP不一样
mail IN A 61.151.244.162
www IN A 61.151.244.162
service IN A 61.151.244.166
said IN A 61.151.244.167
lidoinfo IN A 61.151.244.164
quote IN A 61.151.244.165
quote1 IN A 61.129.43.11
quote2 IN A 222.73.254.220
quote3 IN A 222.73.254.224
quote5 IN A 210.51.22.136
(要增加不同的主机名就在这里增加)
编辑 /var/named/chroot/var/named/newlido.zone.cnc
$TTL 86400
@ IN SOA @ root.newlido.com (
2006071701 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1
IN NS dns2
IN MX 10 mail.lidoo.com.
IN A 210.51.22.149
dns1 IN A 222.73.254.218
dns2 IN A 210.51.22.149
www IN A 61.151.244.166
编辑 /var/named/chroot/var/named/lido.zone
$TTL 86400
@ IN SOA @ root.lidoo.com (
2006071701 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1
IN NS dns2
IN MX 10 mail
IN A 222.73.254.218
dns1 IN A 222.73.254.218
dns2 IN A 210.51.22.149
xbrl IN A 222.73.249.51 #目前和网通的配置文件相比就这里的IP不一样
mail IN A 61.151.244.162
www IN A 61.151.244.162
service IN A 61.151.244.166
said IN A 61.151.244.167
lidoinfo IN A 61.151.244.164
quote IN A 61.151.244.165
quote1 IN A 61.129.43.11
quote2 IN A 222.73.254.220
quote3 IN A 222.73.254.224
quote5 IN A 210.51.22.136
编辑 /var/named/chroot/var/named/newlido.zone
$TTL 86400
@ IN SOA @ root.newlido.com (
2006071701 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1
IN NS dns2
IN MX 10 mail.lidoo.com.
IN A 222.73.254.218
dns1 IN A 222.73.254.218
dns2 IN A 210.51.22.149
www IN A 61.151.244.166
附件
编辑 /var/named/chroot/etc/named_common.conf
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
编辑 /var/named/chroot/etc/cn_ip/CNCGROUP (只列部分,IP)
# /var/named/chroot/etc/cn_ip/CHINANET 内容和网通的格式是一样的。这面就不列出了。
acl "china_netcom" {
58.16.0.0/16;
58.17.0.0/17;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
221.200.0.0/14;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
};
[root@dns218 cn_ip]# cat cn_isp.sh
#!/bin/sh
FILE=ip_apnic
rm -f $FILE
rm -f cn.net CNCGROUP CHINANET UNICOM CERNET OTHER
wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE
echo "acl \"china_netcom\" {" > CNCGROUP
echo "acl \"china_telecom\" {" > CHINANET
echo "acl \"china_unicom\" {" > UNICOM
echo "acl \"china_cernet\" {" > CERNET
grep ‘apnic|CN|ipv4|‘ $FILE | cut -f 4,5 -d‘|‘|sed -e ‘s/|/ /g‘ | while read ip cnt
do
echo $ip:$cnt
mask=$(cat << EOF | bc | tail -1
pow=32;
define log2(x) {
if (x<=1) return (pow);
pow--;
return(log2(x/2));
}
log2($cnt)
EOF)
echo $ip/$mask>> cn.net
NETNAME=`whois $ip@whois.apnic.net | sed -e ‘/./{H;$!d;}‘ -e ‘x;/netnum/!d‘ |grep ^netname | sed -e ‘s/.*: \(.*\)/\1/g‘ | sed -e ‘s/-.*//g‘`
case $NETNAME in
CNC)
echo -e "\t$ip/$mask;" >> CNCGROUP
;;
CHINANET|CNCGROUP)
echo -e "\t$ip/$mask;" >> $NETNAME
;;
CHINATELECOM)
echo -e "\t$ip/$mask;" >> CHINANET
;;
UNICOM)
echo -e "\t$ip/$mask;" >> UNICOM
echo $ip/$mask >> OTHER
;;
CERN|CERNET|CERBKB)
echo -e "\t$ip/$mask;" >> CERNET
echo $ip/$mask >> OTHER
;;
*)
echo $ip/$mask >> OTHER
;;
esac
done
echo "};" >> CNCGROUP
echo "};" >> CHINANET
echo "};" >> UNICOM
echo "};" >> CERNET
.
系统要求:AS4,DNS为系统自带的。
目的:根据来自不同网络用户的访问请求,对相同的域名解析成不同的IP,使用户可以访问离他最近的那台服务器,以增加用户的访问速度。
实现:在lidoo.com,newlido.com域中。name.conf中增加不同的视图来判断,来访者的IP是属于那个网络
所有涉及到的文件
/var/named/chroot/var/named/newlido.zone #newlido.com域在电信的解析文件
/var/named/chroot/var/named/newlido.zone.cnc #newlido.com域在网通的解析文件
/var/named/chroot/var/named/lidoo.zone.cnc #lidoo.com域在电信的解析文件
/var/named/chroot/var/named/lidoo.zone # newlido.com域在网通的解析文件
/var/named/chroot/etc/cn_ip/CHINANET #电信IP段配置文件
/var/named/chroot/etc/cn_ip/CNCGROUP #网通IP段配置文件
/var/named/chroot/etc/cn_ip/cn_isp.sh #动态更新电信、网通IP段到配置文件中的脚本,可以放在crontab中每个月或每个星期凌晨时段运行一次。
/var/named/chroot/etc/named_common.conf #公用配置文件
/var/named/chroot/etc/named.conf #主配置文件
下面是网通DNS中的相关配置文件。
编辑 /var/named/chroot/etc/named.conf
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db"; #解析后的缓冲文件
statistics-file "/var/named/data/named_stats.txt";
pid-file "/var/run/named/named.pid";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
//acl "china_netcom" { #使用acl定义包含下列IP段的是属于那个网络的。
// 61.207.0.0/16;
// 168.160.224.0/19;
// 210.51.0.0/16;
//};
include "/etc/cn_ip/CNCGROUP"; #如IP段很多的话为了界面清楚及更新方便可以定义在单独的一个文件中 (文件格式见附件)
//acl "china_telecom" {
// 202.96.0.0/16;
// 218.0.0.0/8;
// 61.151.0.0/16;
// 222.73.0.0/16;
//};
include "/etc/cn_ip/CHINANET";
view "for_cnc" { #建立对应的视图,根据来访IP的不同使用不同的解析文件(如果还需增加对不同的网络用户进行解析,可以在增加这样的视图)
match-clients { china_netcom; };
recursion yes;
include "/etc/named_common.conf"; #公用的本地解析文件 (文件见附件)
zone "lidoo.com" IN { #具体的域名解析文件
type master;
file "lidoo.zone.cnc";
allow-update { none; };
};
zone "newlido.com" IN { #具体的域名解析文件
type master;
file "newlido.zone.cnc";
allow-update { none; };
};
};
view "for_ctc_and_all" {
match-clients { china_telecom; any; }; #any代表其它未包含在定义好IP段中的所有IP
recursion yes;
include "/etc/named_common.conf";
zone "lidoo.com" IN {
type master;
file "lidoo.zone";
allow-update { none; };
};
zone "newlido.com" IN {
type master;
file "newlido.zone";
allow-update { none; };
};
};
include "/etc/rndc.key";
编辑 /var/named/chroot/var/named/lido.zone.cnc
$TTL 86400
@ IN SOA @ root.lidoo.com (
2006071701 ; serial (d. adams) #更新ID,最好每次更改DNS配置都在原有基础上增大一点
3H ; refresh #3小时更新一次本地DNS
15M ; retry #如果更新失败就在15分钟后重试
1W ; expiry #DNS缓存在1周后过期
1D ) ; minimum #最小过期为1天,即使其它地方的DNS更新了缓存中也不更新
IN NS dns1 #DNS地址域名
IN NS dns2 #DNS地址域名
IN MX 10 mail #有mail的话需要有MX 标记,数字10是权重,可以是其它数字,这里可以设置其它的带有 MX标记的名字,利用权重用来表示优先级,只有MX标记可以设置权重。
IN A 210.51.22.149 #该域默认的IP,lidoo.com
dns1 IN A 222.73.254.218 #DNS1 在上级ISP那注册的 DNS
dns2 IN A 210.51.22.149 #DNS2 在上级ISP那注册的 DNS
xbrl IN A 210.51.22.147 #目前和电信的配置文件相比就这里的IP不一样
mail IN A 61.151.244.162
www IN A 61.151.244.162
service IN A 61.151.244.166
said IN A 61.151.244.167
lidoinfo IN A 61.151.244.164
quote IN A 61.151.244.165
quote1 IN A 61.129.43.11
quote2 IN A 222.73.254.220
quote3 IN A 222.73.254.224
quote5 IN A 210.51.22.136
(要增加不同的主机名就在这里增加)
编辑 /var/named/chroot/var/named/newlido.zone.cnc
$TTL 86400
@ IN SOA @ root.newlido.com (
2006071701 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1
IN NS dns2
IN MX 10 mail.lidoo.com.
IN A 210.51.22.149
dns1 IN A 222.73.254.218
dns2 IN A 210.51.22.149
www IN A 61.151.244.166
编辑 /var/named/chroot/var/named/lido.zone
$TTL 86400
@ IN SOA @ root.lidoo.com (
2006071701 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1
IN NS dns2
IN MX 10 mail
IN A 222.73.254.218
dns1 IN A 222.73.254.218
dns2 IN A 210.51.22.149
xbrl IN A 222.73.249.51 #目前和网通的配置文件相比就这里的IP不一样
mail IN A 61.151.244.162
www IN A 61.151.244.162
service IN A 61.151.244.166
said IN A 61.151.244.167
lidoinfo IN A 61.151.244.164
quote IN A 61.151.244.165
quote1 IN A 61.129.43.11
quote2 IN A 222.73.254.220
quote3 IN A 222.73.254.224
quote5 IN A 210.51.22.136
编辑 /var/named/chroot/var/named/newlido.zone
$TTL 86400
@ IN SOA @ root.newlido.com (
2006071701 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1
IN NS dns2
IN MX 10 mail.lidoo.com.
IN A 222.73.254.218
dns1 IN A 222.73.254.218
dns2 IN A 210.51.22.149
www IN A 61.151.244.166
附件
编辑 /var/named/chroot/etc/named_common.conf
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
编辑 /var/named/chroot/etc/cn_ip/CNCGROUP (只列部分,IP)
# /var/named/chroot/etc/cn_ip/CHINANET 内容和网通的格式是一样的。这面就不列出了。
acl "china_netcom" {
58.16.0.0/16;
58.17.0.0/17;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
221.200.0.0/14;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
};
[root@dns218 cn_ip]# cat cn_isp.sh
#!/bin/sh
FILE=ip_apnic
rm -f $FILE
rm -f cn.net CNCGROUP CHINANET UNICOM CERNET OTHER
wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE
echo "acl \"china_netcom\" {" > CNCGROUP
echo "acl \"china_telecom\" {" > CHINANET
echo "acl \"china_unicom\" {" > UNICOM
echo "acl \"china_cernet\" {" > CERNET
grep ‘apnic|CN|ipv4|‘ $FILE | cut -f 4,5 -d‘|‘|sed -e ‘s/|/ /g‘ | while read ip cnt
do
echo $ip:$cnt
mask=$(cat << EOF | bc | tail -1
pow=32;
define log2(x) {
if (x<=1) return (pow);
pow--;
return(log2(x/2));
}
log2($cnt)
EOF)
echo $ip/$mask>> cn.net
NETNAME=`whois $ip@whois.apnic.net | sed -e ‘/./{H;$!d;}‘ -e ‘x;/netnum/!d‘ |grep ^netname | sed -e ‘s/.*: \(.*\)/\1/g‘ | sed -e ‘s/-.*//g‘`
case $NETNAME in
CNC)
echo -e "\t$ip/$mask;" >> CNCGROUP
;;
CHINANET|CNCGROUP)
echo -e "\t$ip/$mask;" >> $NETNAME
;;
CHINATELECOM)
echo -e "\t$ip/$mask;" >> CHINANET
;;
UNICOM)
echo -e "\t$ip/$mask;" >> UNICOM
echo $ip/$mask >> OTHER
;;
CERN|CERNET|CERBKB)
echo -e "\t$ip/$mask;" >> CERNET
echo $ip/$mask >> OTHER
;;
*)
echo $ip/$mask >> OTHER
;;
esac
done
echo "};" >> CNCGROUP
echo "};" >> CHINANET
echo "};" >> UNICOM
echo "};" >> CERNET
- 上一篇:DNS-bind安装与配置
- 下一篇:智能DNS服务器配置详解