分类: LINUX
2011-05-05 17:31:45
简易CDN 之智能DNS 搭建
作者:pkfeiyang
一:CDN介绍
CDN的全称是Content Delivery Network,即内容分发网络。其目的是通过在现有的Internet中增加一层新的网络架构,将网站的内容发布到最接近用户的网络"边缘",使用户可以就近取得所需的内容,解决 Internet的状况,提高用户访问网站的响应速度。从技术上全面解决由于网络带宽小、用户访问量大、网点分布不均等原因所造成的用户访问网站响应速度慢的问题。 (也就是一个的内容,平均分部到多个服务器上,服务器智能识别,让用户获取离用户最近的服务器,提高速度。过多的就不介绍了,自行gg吧。
二:实现原理
主要用来缓解后端网络的压力,根据不同用户访问的地址不同,选择性的为客户提供最快速的浏览效果,从而减小用户浏览等待的时间,并减轻了后端带宽和服务器的压力。
三:环境介绍
Centos 5.5 32bit
Bind 版本bind-9.8.0.tar.gz
DNS :192.168.1.222
Web1 :192.168.1.218
Web2::12.168.1.219
Web3:192.168.1.215
Client 192.168.1.12 (模拟网通)
Client 192.168.1.138 (模拟电信)
测试域名为:pkfeiyang.cn
#主配置文件
/usr/local/named/etc/named.conf
#网通地址池列表
/usr/local/named/cnc_acl.conf
#电信地址池列表
/usr/local/named/ telecom_acl.conf
#不同域名配置
/usr/local/named/cnc.conf #网通
/usr/local/named/telecom.conf# 电信
/usr/local/named/any.conf #其他
#域名解析
/usr/local/named/cnc/pkfeiyang.cn
/usr/local/named/telecom/pkfeiyang.cn
/usr/local/named/any/pkfeiyang.cn
四:安装
Wget
解压bind包
./configure '--prefix=/usr/local/named' '--disable-openssl-version-check'
Make && make install
# cd /usr/local/named/etc/
# ../sbin/rndc-confgen > rndc.conf
修改name.conf 和 vi etc/rndc.conf 中 rndc-key 一致(也可以不做)
DNSsec-keygen -a hmac-md5 -b 128 -n HOST cnc
DNSsec-keygen -a hmac-md5 -b 128 -n HOST telecom
DNSsec-keygen -a hmac-md5 -b 128 -n HOST any
将生成的key 添加到named.conf中
2.配置主配置文件 named.conf
options {
listen-on port 53 { any; };
allow-query { any; };
allow-query-cache { any; };
directory "/usr/local/named";
};
key "rndc-key" {
algorithm hmac-md5;
secret "VMLxTZLHd4tEnaZ3q1+GKA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
#?志?录镁
logging {
channel warning {
file "/usr/local/log/dns_warning" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/usr/local/log/dns_log" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category confault {
warning;
};
category queries {
general_dns;
};
};
###这一段key可加可不加
30 ### KEYS FOR TSIG ####
31 key telecomkey {
32 algorithm hmac-md5;
33 secret "LaA4Y1MHlFSTTMz1mzwarA==";
34 };
35
36 key cnckey {
37 algorithm hmac-md5;
38 secret "l/rlorcG+7hhabIFKe8Kjg==";
39 };
46 key anykey {
47 algorithm hmac-md5;
48 secret "YMXXBAck4i5Sb4PlUg00Uw==";
49 };
#网通和电信网段文件
include "cnc_acl.conf";
include "telecom_acl.conf";
#网通域名配置文件和地址池
view "view_cnc" {
match-clients {
CNC; };
zone "." {
type hint;
file "named.ca";
};
include "cnc.conf";
};
#电信
view "view_telecom" {
match-clients {
TELECOM;//选?telecom?碌?"TELECOM"ACL
};
zone "." {
type hint;
file "named.ca";
};
include "telecom.conf";
};
#其他不是这两个网段
view "view_any" {
match-clients {
any;
};
zone "." {
type hint;
file "named.ca";
};
include "any.conf";
};
3.设置地址池
网通
Vi /usr/local/named/cnc_acl.conf
acl "CNC" {
192.168.1.12;
};
电信
Vi /usr/local/named/telecom_acl.conf
acl "TELECOM" {
192.168.1.138;
};
4.设置域名配置文件
设置网通解析列表
Vi /usr/local/named/cnc.conf
zone "pkfeiyang.cn"{
type master;
file "cnc/pkfeiyang.cn"; #域名解析文件路径
};
设置电信解析列表
Vi /usr/local/named/telecom.conf
zone "pkfeiyang.cn"{
type master;
file "telecom/pkfeiyang.cn"; 文件路径
};
其他网段
Vi /usr/local/named/any.conf
zone "pkfeiyang.cn"{
type master;
file "any/pkfeiyang.cn";
};
5.设置域名解析
网通
cat cnc/pkfeiyang.cn
$TTL 3600
@ IN SOA feiyang.cn. root.feiyang.cn. (
2008080901; Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 ; Minimum TTL for Zone ( seconds )
)
@ IN NS feiyang.cn.
www IN A 192.168.1.218
* IN A 192.168.1.218
电信
cat telecom/pkfeiyang.cn
$TTL 3600
@ IN SOA feiyang.cn. root.feiyang.cn. (
2008080901; Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 ; Minimum TTL for Zone ( seconds )
)
@ IN NS feiyang.cn.
www IN A 192.168.1.219
* IN A 192.168.1.219
其他
cat any/pkfeiyang.cn
$TTL 3600
@ IN SOA feiyang.cn. root.feiyang.cn. (
2008080901; Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 ; Minimum TTL for Zone ( seconds )
)
@ IN NS feiyang.cn.
ns IN A 192.168.1.222
www IN A 192.168.1.219
* IN A 192.168.1.219
6.启动dns
/usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &
启动rndc
/usr/local/named/sbin/rndc reload
06-May-2011 01:10:10.558 received control channel command 'reload'
06-May-2011 01:10:10.558 loading configuration from '/usr/local/named/etc/named.conf'
06-May-2011 01:10:10.559 reading built-in trusted keys from file '/usr/local/named/etc/bind.keys'
06-May-2011 01:10:10.560 using confault UDP/IPv4 port range: [1024, 65535]
06-May-2011 01:10:10.561 using confault UDP/IPv6 port range: [1024, 65535]
06-May-2011 01:10:10.563 zone '1.168.192.in-addr.arpa' allows updates by IP address, which is insecure
06-May-2011 01:10:10.566 zone '1.168.192.in-addr.arpa' allows updates by IP address, which is insecure
06-May-2011 01:10:10.568 ignoring config file logging statement due to -g option
06-May-2011 01:10:10.568 reloading configuration succeeded
06-May-2011 01:10:10.569 zone pkfeiyang.cn/IN/view_any: loaded serial 2008080901
06-May-2011 01:10:10.569 reloading zones succeeded
server reload successful
/usr/local/named/sbin/rndc status
version: 9.8.0
number of zones: 53
debug level: 0
xfers running: 0
xfers conferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
出现上面说明dns 启动ok
五:测试
在client 端加上192.168.1.222 的dns
利用nslookup 测试
#nslookup
Server: 192.168.1.222
Address: 192.168.1.222#53
Name:
Address: 192.168.1.218
#nslookup 192.168.1.218
Server: 192.168.1.222
Address: 192.168.1.222#53
218.1.168.192.in-addr.arpa name = pkfeiyang.cn.
218.1.168.192.in-addr.arpa name = .
说明ok
在网页输入 dns服务器日志会显示相应的日志
如:其他网段访问
06-May-2011 01:11:49.966 client 192.168.1.232#42519: view view_any: query: IN A + (192.168.1.222)
六:错误集合
详见:http://blog.chinaunix.net/space.php?uid=21868571&do=blog&id=292150
