bind9.10.1p1源码安装和AnyCast
源码包官网下载地址 https://www.isc.org/downloads/
其中Current-Stable是当前稳定版 Development是开发版 Current-Stable, ESV是当前扩展支持稳定版
安装步骤:
#wget ftp://ftp.isc.org/isc/bind9/9.10.1-P1/bind-9.10.1-P1.tar.gz
#yum install gcc gcc-c++ openssl openssl-dev*
#tar -zxvf bind-9.10.1-P1.tar.gz
#cd bind-9.10.1-P1
下面命令参数为:指定路径 多线程功能 大文件支持 DNSSEC支持
#./configure --prefix=/usr/local/named --enable-threads --enable-largefile --with-tuning=large --with-openssl
#useradd -d /usr/local/named -s /sbin/nologin named
#cd /usr/local/named/etc
#/usr/local/named/sbin/rndc-confgen > rndc.conf
#tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
#vim named.conf
options {
listen-on port 53 { 127.0.0.1; };
directory "/usr/local/named/var"; //域名文件存放的绝对路径
pid-file "named.pid";
recursion yes;
allow-query { any; };
recursive-clients 30000;
query-source *.*.*.*; //如果查不到要解析地址,将会查询其它域名服务器
notify-source *.*.*.*; //使用本地的源地址和可选的UDP端口,用于发送NOTIFY消息
};
logging {
channel query_log { //查询日志
file "/var/log/named/query.log" versions 20 size 300m;
severity info;
print-time yes;
print-category yes;
};
channel error_log { //报错日志
file "/var/log/named/error.log" versions 3 size 10m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { query_log; };
category default { error_log; };
};
zone "." IN {
type hint;
file "named.root"; //存放在//usr/local/named/var目录
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
#cd /usr/local/named/var
#dig @a.root-servers.net . ns > named.root
#vim localhost.zone
$TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1
#vim named.local
$TTL 86400 @ IN SOA localhost. root.localhost. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. 1 IN PTR localhost.
#vi /etc/rc.d/init.d/named //服务启停脚本
#!/bin/bash # named a network name service. # chkconfig: 345 35 75 # description: a name server if [ `id -u` -ne 0 ] then echo -e "\e[31mERROR:For bind to port 53,must run as root.\e[0m" exit 1 fi case "$1" in start) if [ -x /usr/local/named/sbin/named ]; then /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -u named && echo . && echo -e 'BIND9 server \e[32mstarted\e[0m' fi ;; stop) kill `cat /usr/local/named/var/named.pid` && echo . && echo -e 'BIND9 server \e[33mstopped\e[0m' ;; restart) echo . echo "Restart BIND9 server" $0 stop sleep 1 echo -n "." && sleep 2 && echo -n "." && sleep 2 && echo -n "." && sleep 2 $0 start ;; reload) /usr/local/named/sbin/rndc reload ;; status) /usr/local/named/sbin/rndc status ;; *) echo "$0 start | stop | restart |reload |status" ;; esac
#chmod 755 /etc/rc.d/init.d/named
#chkconfig --add named
#chown -R named.named /usr/local/named/
#ln -s /usr/local/named/sbin/named /sbin
#mkdir /var/log/named/
#chown -R named.named /var/log/named/
#named -g //调试模式启动
#chkconfig named on && service named start
Anycast实质上是一种网络技术,它借助于网络中动态路由协议实现服务的负载均衡和冗余,从实现类型上分,可以分为subnet Anycast和Global Anycas: Subnet Anycast是指所有目的主机都位于同一网段,此方式仅提供负载均衡和冗余,对安全度提升没有实质效果; Global Anycast是指目的主机处于不同网段,可能处于不同城市,甚至分布在全球各地,在实际应用中Global Anycast中目标主机的部署除地理位置的考虑外,多接入不同自治域的网络中
Anycast采用将一个单播地址分配到处于Internet中多个不同物理位置的主机上,发送到这个主机的报文被网络路由到路由协议度量的“最近”的目标主机上
anycast技术来负载均衡dns
#vim /etc/rc.local 定义两个vip来对外提供服务
ifconfig lo:0 *.*.*.* netmask 255.255.255.255 up
ifconfig lo:1 #.#.#.# netmask 255.255.255.255 up
#yum install quagga telnet
#cp /etc/quagga/zebra.conf{.sample,}
#cp /etc/quagga/ospfd.conf{.sample,}
#chkconfig zebra on && service zebra restart
#chkconfig ospfd on && service ospfd restart
#telnet 127.0.0.1 2604 //开始配置软路由器的路由