注:对于配置智能DNS,主要用途为:1、解决网通与电信问题 2、实现区域规划(不同区域访问各自最近的服务器),下面以解决网通与电信连接问题的配置。至于实现2的功能,只需稍加更改即可。
一、DNS服务器安装......................................................................................... 1
二、named.conf的配置....................................................................................... 2
三、更新根区文件:.......................................................................................... 3
四、建立启动脚本:.......................................................................................... 4
五、添加一个NS............................................................................................... 5
六、添加一个域名.............................................................................................. 5
附:获取IP地址范围方法:................................................................................. 7
一、DNS服务器安装
1、 软件列表
BIND 9.3.2
ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
2、 安装BIND 9
安装BIND9:
# tar zxvf bind-9.3.2.tar.gz
# cd bind-9.3.2
# ./configure
--prefix=/usr/local/named
--disable-ipv6
# make && make install
建立BIND用户:
# groupadd bind
# useradd -g bind -d /usr/local/named -s /sbin/nologin bind
创建配置文件目录:
# mkdir –p /usr/local/named/etc
# chown bind:bind /usr/local/named/etc
# chmod 700 /usr/local/named/etc
二、named.conf的配置
创建主要的配置文件:
# vi /usr/local/named/etc/named.conf
===========================named.conf=======================
acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};
options {
directory "/usr/local/named/etc/";
pid-file "/var/run/named/named.pid";
version "0.0.0";
datasize 40M;
allow-transfer {
"trust-lan";};
recursion yes;
allow-notify {
"trust-lan";
};
allow-recursion {
"trust-lan";
};
auth-nxdomain no;
forwarders {
202.99.160.68;
202.99.168.8;};
};
logging {
channel warning
{ file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns
{ file "/var/log/named/dns_logs" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
zone "." {
type hint;
file "named.root";
};
acl "CNC" {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
注:这些根据情况输入IP地址段
};
view "view_cnc" {
match-clients { CNC; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/cnc.def";
};
view "view_any" {
match-clients { any; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/telecom.def";
};
添加完成后,保存。
三、更新根区文件:
# cd /usr/local/named/etc/
# wget ftp://ftp.internic.org/domain/named.root
创建PID和日志文件:
# mkdir /var/run/named/
# chmod 777 /var/run/named/
# chown bind:bind /var/run/named/
# mkdir /var/log/named/
# touch /var/log/named/dns_warnings
# touch /var/log/named/dns_logs
# chown bind:bind /var/log/named/*
# mkdir master
# touch master/cnc.def
# touch master/telecom.def
生成rndc-key:
# cd /usr/local/named/etc/
# ../sbin/rndc-confgen > rndc.conf
把rndc.conf中:
# Use with the following in named.conf, adjusting the allow list as needed:
后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释
运行测试:
# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &
状态检查:
# /usr/local/named/sbin/rndc status
四、建立启动脚本:
# vi /etc/init.d/named
============================== named.sh============================
#!/bin/bash
#
# named a network name service.
#
#
# chkconfig: 545 35 75
# description: a name server
#
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo ‘BIND9 server started.‘
fi
;;
stop)
kill `cat /var/run/named/pid` && echo . && echo ‘BIND9 server stopped.‘
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
*)
echo "$0 start | stop | restart"
;;
esac
===============================named.sh============================
# chmod 755 /etc/init.d/named
# chown root:root /etc/init.d/named
# chkconfig --add named
# chkconfig named on
五、添加一个NS
在域名的管理网站上,设定NS服务器为你安装的DNS
六、添加一个域名
# cd /usr/local/named/etc/master
# mkdir cnc
# mkdir telecom
# vi cnc.def
添加
zone "daoyou.com" {
type master;
file "master/cnc/daoyou.com";
};
# vi telecom.def
添加
zone "daoyou.com" {
type master;
file "master/telecom/daoyou.com";
};
添加网通的解析,解析到的IP为61.45.55.78
#vi cnc/daoyou.com
添加
$TTL 3600
$ORIGIN daoyou.com.
@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.daoyou.com.
@ IN A 61.45.55.78
www IN A 61.45.55.78
;
;end
添加电信的解析,解析到的IP为210.75.1.178
#vi telecom/daoyou.com
添加
$TTL 3600
$ORIGIN daoyou.com.
@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.daoyou.com.
@ IN A 210.75.1.178
www IN A 210.75.1.178
;
;end
#/usr/local/named/sbin/rndc reload
OK,到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.
附:获取IP地址范围方法:
1、 利用shell程序获取IP地址段
#!/bin/sh
FILE=/root/study/apnic/ip_apnic
rm -f $FILE
wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE
grep ‘apnic|CN|ipv4|‘ $FILE | cut -f 4,5 -d‘|‘|sed -e ‘s/|/ /g‘ | while read ip cnt
do
echo $ip:$cnt
mask=$(cat << EOF | bc | tail -1
pow=32;
define log2(x) {
if (x<=1) return (pow);
pow--;
return(log2(x/2));
}
log2($cnt)
EOF)
echo $ip/$mask>> cn.net
NETNAME=`whois $ip@whois.apnic.net | sed -e ‘/./{H;$!d;}‘ -e ‘x;/netnum/!d‘ |grep ^netname | sed -e ‘s/.*: \(.*\)/\1/g‘ | sed -e ‘s/-.*//g‘`
case $NETNAME in
CNC)
echo $ip/$mask >> CNCGROUP
;;
CHINANET|CNCGROUP)
echo $ip/$mask >> $NETNAME
;;
CHINANET|CNCGROUP)
echo $ip/$mask >> $NETNAME
;;
CHINATELECOM)
echo $ip/$mask >> CHINANET
;;
*)
echo $ip/$mask >> OTHER
;;
esac
done
2、 可以利用网上的资料,下面是最新的信息,然后利awk行成地址段即可。
wget http://218.66.103.230/vpn_route/cnc.new 新的网通路由表
wget http://218.66.103.230/vpn_route/chinanet.new 新的电信路由表
- 上一篇:基于视图的DNS解析
- 下一篇:阿迪达斯取回adidas520.com域名