智能DNS服务器配置

amwdnuff

智能DNS服务器配置



注：对于配置智能DNS，主要用途为：1、解决网通与电信问题 2、实现区域规划（不同区域访问各自最近的服务器），下面以解决网通与电信连接问题的配置。至于实现2的功能，只需稍加更改即可。





一、DNS服务器安装

二、named.conf的配置

三、更新根区文件

四、建立启动脚本

五、添加一个NS

六、添加一个域名

附：获取IP地址范围方法

一、DNS服务器安装


1、 软件列表

BIND 9.3.2

ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

2、 安装BIND 9

安装BIND9：

# tar zxvf bind-9.3.2.tar.gz

# cd bind-9.3.2

# ./configure

--prefix=/usr/local/named

--disable-ipv6

# make && make install

建立BIND用户：

# groupadd bind

# useradd -g bind -d /usr/local/named -s /sbin/nologin bind

创建配置文件目录：

# mkdir –p /usr/local/named/etc

# chown bind:bind /usr/local/named/etc

# chmod 700 /usr/local/named/etc



二、named.conf的配置


创建主要的配置文件：

# vi /usr/local/named/etc/named.conf

===========================named.conf=======================

acl \"trust-lan\" { 127.0.0.1/8; 192.168.0.0/16;};

options {

directory \"/usr/local/named/etc/\";

pid-file \"/var/run/named/named.pid\";

version \"0.0.0\";

datasize 40M;

allow-transfer {

\"trust-lan\";};

recursion yes;

allow-notify {

\"trust-lan\";

};

allow-recursion {

\"trust-lan\";

};

auth-nxdomain no;

forwarders {

202.99.160.68;

202.99.168.8;};

};

logging {

channel warning

{ file \"/var/log/named/dns_warnings\" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns

{ file \"/var/log/named/dns_logs\" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

zone \".\" {

type hint;

file \"named.root\";

};

acl \"CNC\" {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

注：这些根据情况输入IP地址段

};

view \"view_cnc\" {

match-clients { CNC; };

zone \".\" {

type hint;

file \"named.root\";

};

zone \"0.0.127.IN-ADDR.ARPA\" {

type master;

file \"localhost.rev\";

};

include \"master/cnc.def\";

};

view \"view_any\" {

match-clients { any; };

zone \".\" {

type hint;

file \"named.root\";

};

zone \"0.0.127.IN-ADDR.ARPA\" {

type master;

file \"localhost.rev\";

};

include \"master/telecom.def\";

};

添加完成后，保存。



三、更新根区文件：


# cd /usr/local/named/etc/

# wget ftp://ftp.internic.org/domain/named.root

创建PID和日志文件：

# mkdir /var/run/named/

# chmod 777 /var/run/named/

# chown bind:bind /var/run/named/

# mkdir /var/log/named/

# touch /var/log/named/dns_warnings

# touch /var/log/named/dns_logs

# chown bind:bind /var/log/named/*

# mkdir master

# touch master/cnc.def

# touch master/telecom.def

生成rndc-key：

# cd /usr/local/named/etc/

# ../sbin/rndc-confgen > rndc.conf

把rndc.conf中：

# Use with the following in named.conf, adjusting the allow list as needed:

后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释

运行测试：

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

状态检查：

# /usr/local/named/sbin/rndc status





四、建立启动脚本：


# vi /etc/init.d/named

============================== named.sh============================

#!/bin/bash

#

# nameda network name service.

#

#

# chkconfig: 545 35 75

# description: a name server

#

if [ `id -u` -ne 0 ]

then

echo \"ERROR:For bind to port 53,must run as root.\"

exit 1

fi

case \"$1\" in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

fi

;;

stop)

kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

;;

restart)

echo .

echo \"Restart BIND9 server\"

$0 stop

sleep 10

$0 start

;;

*)

echo \"$0 start | stop | restart\"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on





五、添加一个NS


在域名的管理网站上，设定NS服务器为你安装的DNS





六、添加一个域名


# cd /usr/local/named/etc/master

# mkdir cnc

# mkdir telecom

# vi cnc.def

添加

zone \"daoyou.com\" {

type master;

file \"master/cnc/daoyou.com\";

};

# vi telecom.def

添加

zone \"daoyou.com\" {

type master;

file \"master/telecom/daoyou.com\";

};

添加网通的解析，解析到的IP为61.45.55.78

#vi cnc/daoyou.com

添加

$TTL 3600

$ORIGIN daoyou.com.

@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.daoyou.com.

@ IN A 61.45.55.78

www IN A 61.45.55.78

;

;end

添加电信的解析，解析到的IP为210.75.1.178

#vi telecom/daoyou.com

添加

$TTL 3600

$ORIGIN daoyou.com.

@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.daoyou.com.

@ IN A 210.75.1.178

www IN A 210.75.1.178

;

;end

#/usr/local/named/sbin/rndc reload

OK，到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.





附：获取IP地址范围方法:
1、利用shell程序获取IP地址段



#!/bin/sh

FILE=/root/study/apnic/ip_apnic

rm -f $FILE

wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE

grep 'apnic|CN|ipv4|' $FILE | cut -f 4,5 -d'|'|sed -e 's/|/ /g' | while read ip cnt

do

echo $ip:$cnt

mask=$(cat << EOF | bc | tail -1

pow=32;

define log2(x) {

if (x<=1) return (pow);

pow--;

return(log2(x/2));

}

log2($cnt)

EOF)

echo $ip/$mask>> cn.net

NETNAME=`whois $ip@whois.apnic.net | sed -e &#39;/./{H;$!d;}&#39; -e &#39;x;/netnum/!d&#39; |grep ^netname | sed -e &#39;s/.*:\\(.*\\)/\\1/g&#39; | sed -e &#39;s/-.*//g&#39;`

case $NETNAME in

CNC)

echo $ip/$mask >> CNCGROUP

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINATELECOM)

echo $ip/$mask >> CHINANET

;;

*)

echo $ip/$mask >> OTHER

;;

esac

done

guo9844

感谢楼主对服务器技术版块的支持v！

amwdnuff

智能DNS服务器配置



注：对于配置智能DNS，主要用途为：1、解决网通与电信问题 2、实现区域规划（不同区域访问各自最近的服务器），下面以解决网通与电信连接问题的配置。至于实现2的功能，只需稍加更改即可。





一、DNS服务器安装

二、named.conf的配置

三、更新根区文件

四、建立启动脚本

五、添加一个NS

六、添加一个域名

附：获取IP地址范围方法

一、DNS服务器安装


1、 软件列表

BIND 9.3.2

ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

2、 安装BIND 9

安装BIND9：

# tar zxvf bind-9.3.2.tar.gz

# cd bind-9.3.2

# ./configure

--prefix=/usr/local/named

--disable-ipv6

# make && make install

建立BIND用户：

# groupadd bind

# useradd -g bind -d /usr/local/named -s /sbin/nologin bind

创建配置文件目录：

# mkdir –p /usr/local/named/etc

# chown bind:bind /usr/local/named/etc

# chmod 700 /usr/local/named/etc



二、named.conf的配置


创建主要的配置文件：

# vi /usr/local/named/etc/named.conf

===========================named.conf=======================

acl \"trust-lan\" { 127.0.0.1/8; 192.168.0.0/16;};

options {

directory \"/usr/local/named/etc/\";

pid-file \"/var/run/named/named.pid\";

version \"0.0.0\";

datasize 40M;

allow-transfer {

\"trust-lan\";};

recursion yes;

allow-notify {

\"trust-lan\";

};

allow-recursion {

\"trust-lan\";

};

auth-nxdomain no;

forwarders {

202.99.160.68;

202.99.168.8;};

};

logging {

channel warning

{ file \"/var/log/named/dns_warnings\" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns

{ file \"/var/log/named/dns_logs\" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

zone \".\" {

type hint;

file \"named.root\";

};

acl \"CNC\" {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

注：这些根据情况输入IP地址段

};

view \"view_cnc\" {

match-clients { CNC; };

zone \".\" {

type hint;

file \"named.root\";

};

zone \"0.0.127.IN-ADDR.ARPA\" {

type master;

file \"localhost.rev\";

};

include \"master/cnc.def\";

};

view \"view_any\" {

match-clients { any; };

zone \".\" {

type hint;

file \"named.root\";

};

zone \"0.0.127.IN-ADDR.ARPA\" {

type master;

file \"localhost.rev\";

};

include \"master/telecom.def\";

};

添加完成后，保存。



三、更新根区文件：


# cd /usr/local/named/etc/

# wget ftp://ftp.internic.org/domain/named.root

创建PID和日志文件：

# mkdir /var/run/named/

# chmod 777 /var/run/named/

# chown bind:bind /var/run/named/

# mkdir /var/log/named/

# touch /var/log/named/dns_warnings

# touch /var/log/named/dns_logs

# chown bind:bind /var/log/named/*

# mkdir master

# touch master/cnc.def

# touch master/telecom.def

生成rndc-key：

# cd /usr/local/named/etc/

# ../sbin/rndc-confgen > rndc.conf

把rndc.conf中：

# Use with the following in named.conf, adjusting the allow list as needed:

后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释

运行测试：

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

状态检查：

# /usr/local/named/sbin/rndc status





四、建立启动脚本：


# vi /etc/init.d/named

============================== named.sh============================

#!/bin/bash

#

# nameda network name service.

#

#

# chkconfig: 545 35 75

# description: a name server

#

if [ `id -u` -ne 0 ]

then

echo \"ERROR:For bind to port 53,must run as root.\"

exit 1

fi

case \"$1\" in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo &#39;BIND9 server started.&#39;

fi

;;

stop)

kill `cat /var/run/named/pid` && echo . && echo &#39;BIND9 server stopped.&#39;

;;

restart)

echo .

echo \"Restart BIND9 server\"

$0 stop

sleep 10

$0 start

;;

*)

echo \"$0 start | stop | restart\"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on





五、添加一个NS


在域名的管理网站上，设定NS服务器为你安装的DNS





六、添加一个域名


# cd /usr/local/named/etc/master

# mkdir cnc

# mkdir telecom

# vi cnc.def

添加

zone \"daoyou.com\" {

type master;

file \"master/cnc/daoyou.com\";

};

# vi telecom.def

添加

zone \"daoyou.com\" {

type master;

file \"master/telecom/daoyou.com\";

};

添加网通的解析，解析到的IP为61.45.55.78

#vi cnc/daoyou.com

添加

$TTL 3600

$ORIGIN daoyou.com.

@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.daoyou.com.

@ IN A 61.45.55.78

www IN A 61.45.55.78

;

;end

添加电信的解析，解析到的IP为210.75.1.178

#vi telecom/daoyou.com

添加

$TTL 3600

$ORIGIN daoyou.com.

@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.daoyou.com.

@ IN A 210.75.1.178

www IN A 210.75.1.178

;

;end

#/usr/local/named/sbin/rndc reload

OK，到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.





附：获取IP地址范围方法:
1、利用shell程序获取IP地址段



#!/bin/sh

FILE=/root/study/apnic/ip_apnic

rm -f $FILE

wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE

grep &#39;apnic|CN|ipv4|&#39; $FILE | cut -f 4,5 -d&#39;|&#39;|sed -e &#39;s/|/ /g&#39; | while read ip cnt

do

echo $ip:$cnt

mask=$(cat << EOF | bc | tail -1

pow=32;

define log2(x) {

if (x<=1) return (pow);

pow--;

return(log2(x/2));

}

log2($cnt)

EOF)

echo $ip/$mask>> cn.net

NETNAME=`whois $ip@whois.apnic.net | sed -e &#39;/./{H;$!d;}&#39; -e &#39;x;/netnum/!d&#39; |grep ^netname | sed -e &#39;s/.*:\\(.*\\)/\\1/g&#39; | sed -e &#39;s/-.*//g&#39;`

case $NETNAME in

CNC)

echo $ip/$mask >> CNCGROUP

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINATELECOM)

echo $ip/$mask >> CHINANET

;;

*)

echo $ip/$mask >> OTHER

;;

esac

done

amwdnuff

智能DNS服务器配置



注：对于配置智能DNS，主要用途为：1、解决网通与电信问题 2、实现区域规划（不同区域访问各自最近的服务器），下面以解决网通与电信连接问题的配置。至于实现2的功能，只需稍加更改即可。





一、DNS服务器安装

二、named.conf的配置

三、更新根区文件

四、建立启动脚本

五、添加一个NS

六、添加一个域名

附：获取IP地址范围方法

一、DNS服务器安装


1、 软件列表

BIND 9.3.2

ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

2、 安装BIND 9

安装BIND9：

# tar zxvf bind-9.3.2.tar.gz

# cd bind-9.3.2

# ./configure

--prefix=/usr/local/named

--disable-ipv6

# make && make install

建立BIND用户：

# groupadd bind

# useradd -g bind -d /usr/local/named -s /sbin/nologin bind

创建配置文件目录：

# mkdir –p /usr/local/named/etc

# chown bind:bind /usr/local/named/etc

# chmod 700 /usr/local/named/etc



二、named.conf的配置


创建主要的配置文件：

# vi /usr/local/named/etc/named.conf

===========================named.conf=======================

acl \"trust-lan\" { 127.0.0.1/8; 192.168.0.0/16;};

options {

directory \"/usr/local/named/etc/\";

pid-file \"/var/run/named/named.pid\";

version \"0.0.0\";

datasize 40M;

allow-transfer {

\"trust-lan\";};

recursion yes;

allow-notify {

\"trust-lan\";

};

allow-recursion {

\"trust-lan\";

};

auth-nxdomain no;

forwarders {

202.99.160.68;

202.99.168.8;};

};

logging {

channel warning

{ file \"/var/log/named/dns_warnings\" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns

{ file \"/var/log/named/dns_logs\" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

zone \".\" {

type hint;

file \"named.root\";

};

acl \"CNC\" {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

注：这些根据情况输入IP地址段

};

view \"view_cnc\" {

match-clients { CNC; };

zone \".\" {

type hint;

file \"named.root\";

};

zone \"0.0.127.IN-ADDR.ARPA\" {

type master;

file \"localhost.rev\";

};

include \"master/cnc.def\";

};

view \"view_any\" {

match-clients { any; };

zone \".\" {

type hint;

file \"named.root\";

};

zone \"0.0.127.IN-ADDR.ARPA\" {

type master;

file \"localhost.rev\";

};

include \"master/telecom.def\";

};

添加完成后，保存。



三、更新根区文件：


# cd /usr/local/named/etc/

# wget ftp://ftp.internic.org/domain/named.root

创建PID和日志文件：

# mkdir /var/run/named/

# chmod 777 /var/run/named/

# chown bind:bind /var/run/named/

# mkdir /var/log/named/

# touch /var/log/named/dns_warnings

# touch /var/log/named/dns_logs

# chown bind:bind /var/log/named/*

# mkdir master

# touch master/cnc.def

# touch master/telecom.def

生成rndc-key：

# cd /usr/local/named/etc/

# ../sbin/rndc-confgen > rndc.conf

把rndc.conf中：

# Use with the following in named.conf, adjusting the allow list as needed:

后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释

运行测试：

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

状态检查：

# /usr/local/named/sbin/rndc status





四、建立启动脚本：


# vi /etc/init.d/named

============================== named.sh============================

#!/bin/bash

#

# nameda network name service.

#

#

# chkconfig: 545 35 75

# description: a name server

#

if [ `id -u` -ne 0 ]

then

echo \"ERROR:For bind to port 53,must run as root.\"

exit 1

fi

case \"$1\" in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo &#39;BIND9 server started.&#39;

fi

;;

stop)

kill `cat /var/run/named/pid` && echo . && echo &#39;BIND9 server stopped.&#39;

;;

restart)

echo .

echo \"Restart BIND9 server\"

$0 stop

sleep 10

$0 start

;;

*)

echo \"$0 start | stop | restart\"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on





五、添加一个NS


在域名的管理网站上，设定NS服务器为你安装的DNS





六、添加一个域名


# cd /usr/local/named/etc/master

# mkdir cnc

# mkdir telecom

# vi cnc.def

添加

zone \"daoyou.com\" {

type master;

file \"master/cnc/daoyou.com\";

};

# vi telecom.def

添加

zone \"daoyou.com\" {

type master;

file \"master/telecom/daoyou.com\";

};

添加网通的解析，解析到的IP为61.45.55.78

#vi cnc/daoyou.com

添加

$TTL 3600

$ORIGIN daoyou.com.

@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.daoyou.com.

@ IN A 61.45.55.78

www IN A 61.45.55.78

;

;end

添加电信的解析，解析到的IP为210.75.1.178

#vi telecom/daoyou.com

添加

$TTL 3600

$ORIGIN daoyou.com.

@ IN SOA ns.daoyou.com. root.ns.daoyou.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.daoyou.com.

@ IN A 210.75.1.178

www IN A 210.75.1.178

;

;end

#/usr/local/named/sbin/rndc reload

OK，到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.





附：获取IP地址范围方法:
1、利用shell程序获取IP地址段



#!/bin/sh

FILE=/root/study/apnic/ip_apnic

rm -f $FILE

wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE

grep &#39;apnic|CN|ipv4|&#39; $FILE | cut -f 4,5 -d&#39;|&#39;|sed -e &#39;s/|/ /g&#39; | while read ip cnt

do

echo $ip:$cnt

mask=$(cat << EOF | bc | tail -1

pow=32;

define log2(x) {

if (x<=1) return (pow);

pow--;

return(log2(x/2));

}

log2($cnt)

EOF)

echo $ip/$mask>> cn.net

NETNAME=`whois $ip@whois.apnic.net | sed -e &#39;/./{H;$!d;}&#39; -e &#39;x;/netnum/!d&#39; |grep ^netname | sed -e &#39;s/.*:\\(.*\\)/\\1/g&#39; | sed -e &#39;s/-.*//g&#39;`

case $NETNAME in

CNC)

echo $ip/$mask >> CNCGROUP

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINATELECOM)

echo $ip/$mask >> CHINANET

;;

*)

echo $ip/$mask >> OTHER

;;

esac

done