Chinaunix首页 | 论坛 | 博客
  • 博客访问: 247165
  • 博文数量: 41
  • 博客积分: 1523
  • 博客等级: 上尉
  • 技术积分: 579
  • 用 户 组: 普通用户
  • 注册时间: 2007-02-05 21:23
文章分类

全部博文(41)

文章存档

2014年(1)

2013年(2)

2012年(1)

2011年(2)

2010年(3)

2009年(1)

2008年(20)

2007年(11)

分类: LINUX

2008-02-23 00:13:36

3 DNS
    看了前面的应该知道,由于访问量大,地域分布广,这里假设使用了3加运营商介入,分别是网通,电信,还有一个其他接入方式。先分析一下网络情况,现在我们是3根线路接入,网络用户分别来自不同的地方,不同地方的线路速度是不同的,如果电信的用户一定要从网通的线路来访问 我的站点那就会变得非常缓慢,所以第一个目的就是让电信的用户通过电信线路,网通的用户通过网通线路来访问,用户访问只是通过在浏览器中输入域名来访问, 没有办法处理线路上的问题,而数据发出后经过N多路由到达我们的网站,路由会自动选择最经济路由,我们也没办法处理,那我们只有在域名上想想办法了。这里 使用bind的view功能,配置也不复杂,作用就是根据ip的来源不同解析到不同的ip上去。
    安装就不多说了,网上有很多。
    配置named.conf,因为涉及到隐私问题,这里就不写实际地址了,用伪地址代替,下面涉及到的一些查询权限,zone传输,slave服务器配置等大家使用的时候根据实际情况修改。
named.conf

 

//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
        /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */
        query-source address * port 53;
// query-source-v6 port 53;

        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file "data/cache_dump.db";
        statistics-file "data/named_stats.txt";
        memstatistics-file "data/named_mem_stats.txt";
        datasize 100M;
        allow-query {
192.168.0.0/24; 2xx.1xx.2xx.0/24; 1xx.1xx.1xx.192/24; };
};
logging
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
acl "zero-transfer" {
192.168.0.0/24; 2xx.1xx.2xx.0/24; 1xx.1xx.1xx.192/24; };
acl "slave-updata" {
192.168.0.0/24; 2xx.1xx.2xx.0/24; 1xx.1xx.1xx.192/24; };
include "/etc/zone.conf";

#-----------------------------------------#
view "internal" {
        match-clients { 127.0.0.1; };
        recursion no;
        zone "localhost" {
                type master;
                file "localhost.zone";
        };
        zone "0.0.127.IN-ADDR.ARPA" {
                type master;
                file "named.local";
        };
};
#-----------------------------------------#
view "cnc" {
        match-clients { CNC; };
        match-destinations { any; };
        recursion yes;
        include "/etc/cnc.zones";
        include "/etc/cnc.local";
};
view "telecom" {
        match-clients { CHINANET; };
        match-destinations { any; };
        recursion yes;
        include "/etc/telecom.zones";
        include "/etc/telecom.local";
};

view "other" {

        match-clients { any; };
        match-destinations { any; };
        recursion yes;
        include "/etc/other.zones";
        include "/etc/other.local";
};

#-----------------------------------------#

include "/etc/rndc.key";


zone.conf:

acl "CNC" {
117.8.0.0/13;
……
123.112.0.0/12;
};
acl "CHINANET" {
222.222.0.0/15
……
222.86.0.0/15
};

*.zones为正向解析配置文件,*.local为反向解析文件,同dns的标准配置。

#-------------------------------------------#
zone "." {
        type hint;
        file "/var/named/named.root";
};
#------------------------------------------#
zone "56hr.com" IN {
        type master;
        file "cnc/xinyv.com.ndb";
        allow-query { any; };
        allow-transfer { zero-transfer; };
        allow-update { slave-updata; };
};
#-----------------------------------------#

然后分别在不同的文件夹建立相应的ndb数据文件即可。
2、slave dns配置
在配置dns view的时候slave dns的配置要有一些小小的改动。named.conf除了allow-query 一般设置any 以外没有什么变化。主要是在*.zones中要制定同步用的源地址。

cnc.zones

#---------------------------------------#
zone "." {
        type hint;
        file "/var/named/named.root";
};
#---------------------------------------#
zone "56hr.com" IN {
        type slave;
        file "cnc/xinyv.com.ndb";
        allow-query { any; };
        allow-transfer { zero-transfer; };
        transfer-source 192.168.0.205;
        masters { 192.168.0.204; };
};
#---------------------------------------#

cnc.local

#------------------------------------------#
zone "58.112.202.in-addr.arpa" IN {
        type master;
        file "cnc/xinyv.com.local";
        allow-query { any; };
        allow-update { slave-updata; };
        allow-transfer { zero-transfer; };
};

大家可能发现我多了一个zone.conf文件,这个文件是那里来的呢?这个是用一个脚本产生出啦的。

#! /bin/bash

# Source function library.

. /etc/init.d/functions
[ ! -f /etc/sysconfig/network ] && exit 1
. /etc/sysconfig/network
[ "${NETWORKING}" = "no" ] && exit 0
[ -z $1 ] && { echo "$0 cnc $0 chinanet"; exit 1; }
FILE="/dev/shm/ip_apnic"
rm -f $FILE
echo "acl $1 {" >>_zone.conf
wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -o /dev/null -O $FILE
grep 'apnic|CN|ipv4|' $FILE | awk -F'|' '{print $4" "$5}'|while read _IP _MASK
    do
    MASK=$(cat << EOF | bc | tail -1
          pow=32;
          define log2(x) {
          if (x<=1) return (pow);
          pow--;
          return(log2(x/2));
          }
          log2($_MASK)
EOF)
whois $_IP@whois.apnic.net |grep ^netname |uniq|sed -e 's/^netname://g'|grep -qi $1 && echo $_IP/$MASK\; >>/dev/shm/_zone.conf
   done
echo "};" >>_zone.conf

这样dns服务器就算配置完了.
阅读(1114) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~