3 DNS
看了前面的应该知道,由于访问量大,地域分布广,这里假设使用了3加运营商介入,分别是网通,电信,还有一个其他接入方式。
先分析一下网络情况,现在我们是3根线路接入,网络用户分别来自不同的地方,不同地方的线路速度是不同的,如果电信的用户一定要从网通的线路来访问
我的站点那就会变得非常缓慢,所以第一个目的就是让电信的用户通过电信线路,网通的用户通过网通线路来访问,用户访问只是通过在浏览器中输入域名来访问,
没有办法处理线路上的问题,而数据发出后经过N多路由到达我们的网站,路由会自动选择最经济路由,我们也没办法处理,那我们只有在域名上想想办法了。这里
使用bind的view功能,配置也不复杂,作用就是根据ip的来源不同解析到不同的ip上去。
安装就不多说了,网上有很多。
配置named.conf,因为涉及到隐私问题,这里就不写实际地址了,用伪地址代替,下面涉及到的一些查询权限,zone传输,slave服务器配置等大家使用的时候根据实际情况修改。
named.conf
//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
query-source address * port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
datasize 100M;
allow-query { 192.168.0.0/24; 2xx.1xx.2xx.0/24; 1xx.1xx.1xx.192/24; };
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
acl "zero-transfer" { 192.168.0.0/24; 2xx.1xx.2xx.0/24; 1xx.1xx.1xx.192/24; };
acl "slave-updata" { 192.168.0.0/24; 2xx.1xx.2xx.0/24; 1xx.1xx.1xx.192/24; };
include "/etc/zone.conf";
#-----------------------------------------#
view "internal" {
match-clients { 127.0.0.1; };
recursion no;
zone "localhost" {
type master;
file "localhost.zone";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "named.local";
};
};
#-----------------------------------------#
view "cnc" {
match-clients { CNC; };
match-destinations { any; };
recursion yes;
include "/etc/cnc.zones";
include "/etc/cnc.local";
};
view "telecom" {
match-clients { CHINANET; };
match-destinations { any; };
recursion yes;
include "/etc/telecom.zones";
include "/etc/telecom.local";
};
view "other" {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/other.zones";
include "/etc/other.local";
};
#-----------------------------------------#
include "/etc/rndc.key";
|
zone.conf:
acl "CNC" {
117.8.0.0/13;
……
123.112.0.0/12;
};
acl "CHINANET" {
222.222.0.0/15
……
222.86.0.0/15
};
|
*.zones为正向解析配置文件,*.local为反向解析文件,同dns的标准配置。
#-------------------------------------------#
zone "." {
type hint;
file "/var/named/named.root";
};
#------------------------------------------#
zone "56hr.com" IN {
type master;
file "cnc/xinyv.com.ndb";
allow-query { any; };
allow-transfer { zero-transfer; };
allow-update { slave-updata; };
};
#-----------------------------------------#
|
然后分别在不同的文件夹建立相应的ndb数据文件即可。
2、slave dns配置
在配置dns view的时候slave dns的配置要有一些小小的改动。named.conf除了
allow-query 一般设置any 以外没有什么变化。主要是在*.zones中要制定同步用的源地址。
cnc.zones
#---------------------------------------#
zone "." {
type hint;
file "/var/named/named.root";
};
#---------------------------------------#
zone "56hr.com" IN {
type slave;
file "cnc/xinyv.com.ndb";
allow-query { any; };
allow-transfer { zero-transfer; };
transfer-source 192.168.0.205;
masters { 192.168.0.204; };
};
#---------------------------------------#
cnc.local #------------------------------------------#
zone "58.112.202.in-addr.arpa" IN {
type master;
file "cnc/xinyv.com.local";
allow-query { any; };
allow-update { slave-updata; };
allow-transfer { zero-transfer; };
};
|
大家可能发现我多了一个zone.conf文件,这个文件是那里来的呢?这个是用一个脚本产生出啦的。
#! /bin/bash
# Source function library.
. /etc/init.d/functions
[ ! -f /etc/sysconfig/network ] && exit 1
. /etc/sysconfig/network
[ "${NETWORKING}" = "no" ] && exit 0
[ -z $1 ] && { echo "$0 cnc $0 chinanet"; exit 1; }
FILE="/dev/shm/ip_apnic"
rm -f $FILE
echo "acl $1 {" >>_zone.conf
wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -o /dev/null -O $FILE
grep 'apnic|CN|ipv4|' $FILE | awk -F'|' '{print $4" "$5}'|while read _IP _MASK
do
MASK=$(cat << EOF | bc | tail -1
pow=32;
define log2(x) {
if (x<=1) return (pow);
pow--;
return(log2(x/2));
}
log2($_MASK)
EOF)
whois $_IP@whois.apnic.net |grep ^netname |uniq|sed -e 's/^netname://g'|grep -qi $1 && echo $_IP/$MASK\; >>/dev/shm/_zone.conf
done
echo "};" >>_zone.conf
|
这样dns服务器就算配置完了.
阅读(1107) | 评论(0) | 转发(0) |
