《南北互通廉价解决方案-智能dns (黄传贤)》由会员分享,可在线阅读,更多相关《南北互通廉价解决方案-智能dns (黄传贤)(10页珍藏版)》请在金锄头文库上搜索。
1、前言:我们国内数据网是南电信,北网通。由于竞争原因,两网互不畅通,北边的浏览器访问南方的Web网站,响应速度很慢。同理,南方的浏览器访问北方的Web网站,响应速度也很慢。我们使用两网卡,一连电信数据网,另一连网通数据网。使两网都能访问Web。再安一DNS 服务器。对请求访问的客户的IP进行分析,若是网通IP,那Web服务器,就将响应信息通过网通网卡发出。同理,对请求访问的客户的IP进行分析,若是电信IP,就将响应信息通过电信网卡发出。几年来运行效果很好。现介绍给各位。南北互通廉价解决方案智能DNS概述:用一台BIND9作智能DNS服务器的关键是,利用named.conf中的ACL和VIEW选项
2、来匹配不同客户的源地址,不同客户请求,解析为不同的IP,这是非常有效的(比如一台DNS同时对内外网作解析或者多ISP线路智能解析)一. 所需要软件1.下载RPM包地址:http:/isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-9.2.4-16.EL4.i386.rpmhttp:/isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-libs-9.2.4-16.EL4.i386.rpmhttp:/isoredirect.centos.org/centos/4/os/i3
3、86/CentOS/RPMS/bind-utils-9.2.4-16.EL4.i386.rpmhttp:/isoredirect.centos.org/centos/4/os/i386/CentOS/RPMS/bind-devel-9.2.4-16.EL4.i386.rpm2.安装:#rpm -iUvh bind*.rpm3.安装后执行以下命令配置DNS服务开机自启动#chkconfig named on4.安装IP地址段查询工具Ripe-dbase-client-v3:wget http:/ . se-client-v3.tar.gz解压软件包:#tar zxvf ripe-dbase-cl
4、ient-v3.tar.gz#cd whois-3.1#./configure -prefix=/usr#Make;make install5. 建立相关目录及文件mkdir -p /var/named/datamkdir -p /var/named/master/anymkdir -p /var/named/master/cncmkdir -p /var/named/master/telecommkdir -p /var/named/slavesmkdir -p /var/log/namedmkdir -p /var/run/namedtouch /var/named/cnc_acl.con
5、ftouch /var/named/telecom_acl.conftouch /var/log/named/dns_warningtouch /var/log/named/dns_logtouch /var/named/master/any.deftouch /var/named/master/cnc.deftouch /var/named/master/telecom.defwget ftp:/ftp.internic.org/domain/named.rootchown -R named.named /var/named /var/log/named /var/run/namedchmo
6、d -R 770 /var/named /var/log/named /var/run/named6.配置ACL文件设置网通IP列表ACL文件cnc_acl.conf:/usr/bin/whois3 -h -l -i mb MAINT-CNCGROUP | grep descr | grep Reverse | awk -F for if ($2!=) print $2| sort -n | awk BEGINprint acl CNC print $1;ENDprint ; /var/named/cnc_acl.Conf设置电信IP列表ACL文件telecom_acl.conf:/usr/
7、bin/whois3 -h -l -i mb MAINT-CHINANET | grep descr | grep Reverse | awk -F for if ($2!=) print $2| sort -n | awk BEGINprint acl TELECOM print $1;ENDprint ; /var/named/telecom_acl.conf7.配置/etc/named.conf=named.conf begin=acl trusted-lan 127.0.0.1/8; 192.168.0.0/24;options directory /var/named;dump-f
8、ile /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;version ;datasize 40M;allow-transfer trusted-lan;recursion yes; allow-notify trusted-lan;allow-recursion trusted-lan;auth-nxdomain no;forwarders 202.96.209.5;210.22.70.3;logging channel warning file /var/log/named/dns_
9、warning versions 3 size 1240k;severity warning;print-category yes;print-severity yes;print-time yes;channel general_dns file /var/log/named/dns_log versions 3 size 1240k;severity info;print-category yes;print-severity yes;print-time yes;category default warning;category queries general_dns;include c
10、nc_acl.conf;include telecom_acl.conf;view view_cnc match-clients CNC; ;zone . type hint;file named.ca; include master/cnc.def;view view_telecom match-clients TELECOM; ;zone . type hint;file named.ca;include master/telecom.def;view view_any match-clients any; ;zone . type hint;file named.ca;include m
11、aster/any.def;include /etc/rndc.key;=named.conf end=8.增加域名解析配置文件设置网通解析配置文件:#vi /var/named/master/cnc.def=cnc.def begin=zone type master;file master/cnc/;=cnc.def end= 设置电信解析配置文件:#vi /var/named/master/telecom.def=telecom.def begin=zone type master;file master/telecom/;=telecom.def end=设置网通电信以外解析配置文件:
12、# vi /var/named/master/any.def=any.def begin=zone type master;file master/any/;=any.def end=9.增加域名定义文件:设置网通域名定义文件:# vi /var/named/master/cnc/=cnc/ begin=$TTL 3600$ORIGIN . IN SOA . . (2007011701 ;Serial3600 ;Refresh ( seconds )900 ;Retry ( seconds )68400 ;Expire ( seconds )15 ;Minimum TTL for Zone (
13、 seconds ) IN NS . IN A 218.108.238.221ns IN A 218.108.238.221www IN A 218.108.238.221=cnc/ end=设置电信域名定义文件:#vi /var/named/master/telecom/=telecom/ begin=$TTL 3600$ORIGIN . IN SOA . . (2007011701 ;Serial3600 ;Refresh ( seconds )900 ;Retry ( seconds )68400 ;Expire ( seconds )15 ;Minimum TTL for Zone ( seconds ) IN NS . IN A 61.152.241.97ns IN A 61.152.241.97www IN A 61.152.241.97=telecom/ end=设置其它区域域名定义文件:vi /var/named/master/any/=any/ begin=$T
