智能DNS服务器配置详解
一、前言
对于配置智能DNS,主要用途为:1、解决网通与电信问题 2、实现区域规划(不同区域访问各自最近的服务器),下面以解决网通与电信连接问题的配置。至于实现2的功能,只需稍加更改即可。
本文基于centos6.0。
二、安装dns组件
#yum install bind*
建立目录及文件
mkdir -p /var/named/data mkdir -p /var/named/master/any mkdir -p /var/named/master/unicom mkdir -p /var/named/master/telecom mkdir -p /var/named/slaves mkdir -p /var/log/named mkdir -p /var/run/named touch /var/named/unicom_acl.conf touch /var/named/telecom_acl.conf touch /var/log/named/dns_warning touch /var/log/named/dns_log touch /var/named/master/any.def touch /var/named/master/unicom.def touch /var/named/master/telecom.def dig>/var/named/named.ca chown �CR named.named /var/named chmod �CR 770 /var/named
筛选联通、电信、其他IP的脚本
#!/bin/sh
FILE=/root/apnic/ip_apnic
rm -f $FILE
wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE
grep 'apnic|CN|ipv4|' $FILE | cut -f 4,5 -d'|'|sed -e 's/|/ /g' | while read ip cnt
do
echo $ip:$cnt
mask=$(cat << EOF | bc | tail -1
pow=32;
define log2(x) {
if (x<=1) return (pow);
pow--;
return(log2(x/2));
}
log2($cnt)
EOF)
echo $ip/$mask>> cn.net
if whois [email protected] | grep -i ".*chinanet.*\|.*telecom.*">/dev/null;then
echo $ip/$mask >> chinanet
elif whois [email protected] | grep -i ".*unicom.*">/dev/null;then
echo $ip/$mask >> unicom
else
echo $ip/$mask >> others
fi
done
配置ACL文件
/var/named/unicom_acl.conf
acl "UNICOM" {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
192.168.7.0/24;
};
/var/named/telecom_acl.conf
acl "TELECOM" {
192.168.6.0/24;
};
配置named.conf
acl "trusted-lan"{
127.0.0.1/8;
192.168.6.0/24;
};
options{
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
version "";
datasize 40M;
allow-transfer{
"trusted-lan";
};
recursion yes;
allow-notify{
"trusted-lan";
};
allow-recursion{
"trusted-lan";
};
auth-nxdomain no;
forwarders{
202.96.209.5;
210.22.70.3;
};
};
logging{
channel warning{
file "/var/log/named/dns_warning" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns{
file "/var/log/named/dns_log" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default{
warning;
};
category queries{
general_dns;
};
};
include "unicom_acl.conf";
include "telecom_acl.conf";
view "view_unicom"{
match-clients{
UNICOM;
};
zone "."{
type hint;
file "named.ca";
};
include "master/unicom.def";
};
view "view_telecom"{
match-clients{
TELECOM;
};
zone "."{
type hint;
file "named.ca";
};
include "master/telecom.def";
};
view "view_any"{
match-clients{
any;
};
zone "."{
type hint;
file "named.ca";
};
include "master/any.def";
};
# include "/etc/rndc.key";
key "rndc-key" {
algorithm hmac-md5;
secret "f5qNd1H1nLdyhWcKO79PMw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
生成rndc-key:
cd /var/named
/usr/sbin/rndc-confgen>rndc.conf
把rndc.conf中:# Use with the following in named.conf,adjusting the allow list as needed:后面的部分加到named.conf中,并去掉注释。
运行测试:
named �Cgc/etc/named.conf
添加一个NS
在域名的管理网站上,设定NS服务器为你安装的DNS
增加域名解析配置文件
设置网通解析配置文件:
vi /var/named/master/unicom.def
==========unicom.conf begin==========
zone "entage.net"{
type master;
file "master/unicom/entage.net";
};
==========unicom.conf end============
设置电信解析配置文件
vi /var/named/master/telecom.def
==========telecom.conf begin==========
zone "entage.net"{
type master;
file "master/telecom/entage.net";
};
==========telecom.conf end============
设置网通电信以外的解析配置文件:
vi /var/named/master/any.def
==========any.conf begin==========
zone "entage.net"{
type master;
file "master/any/entage.net";
};
==========any.conf end============
增加域名定义文件
设置网通域名定义文件:
vi /var/named/master/unicom/entage.net
==========unicom/entage.net begin==========
$TTL 3360
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net.(
2007011701;serial
3600; Refresh(seconds)
900; Retry(seconds)
68400; Expire(seconds)
15; Minimum TTL for Zone(seconds)
)
@ IN NS ns.entage.net.
@ IN A 192.168.6.101
ns IN A 192.168.6.101
www IN A 192.168.6.101
;
;end
==========unicom/entage.net end============
设置电信域名定义文件
vi /var/named/master/telecom/entage.net
==========telecom/entage.net begin==========
$TTL 3360
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net.(
2007011701;serial
3600; Refresh(seconds)
900; Retry(seconds)
68400; Expire(seconds)
15; Minimum TTL for Zone(seconds)
)
@ IN NS ns.entage.net.
@ IN A 192.168.6.201
ns IN A 192.168.6.201
www IN A 192.168.6.201
;
;end
==========telecom/entage.net end============
设置其他区域域名定义文件
vi /var/named/master/any/entage.net
==========any/entage.net begin==========
$TTL 3360
$ORIGIN entage.net.
@ IN SOA ns.entage.net. root.entage.net.(
2007011701;serial
3600; Refresh(seconds)
900; Retry(seconds)
68400; Expire(seconds)
15; Minimum TTL for Zone(seconds)
)
@ IN NS ns.entage.net.
@ IN A 192.168.6.254
ns IN A 192.168.6.254
www IN A 192.168.6.254
;
;end
==========any/entage.net end============