目标:
源码包安装DNS服务器,并配置view视图,实现智能DNS。根据访问ip地址不同,域名解析不同的地址
环境:
1.DNS服务器一台,双ip地址(192.168.53.8,192.168.51.8)
2.使用BIND9做智能DNS,自动根据客户端IP来判断,网通的用户解析出网通的IP,电信的解析出电信IP.
测试做的域名
www.sc-linux.com
电信IP:192.168.53.117
网通IP:192.168.51.117
电信用户PING www.sc-linux.com会解析到192.168.53.2
网通用户PING www.sc-linux.com会解析到192.168.51.2
批注:该功能主要是解决了北京某门户网站的南北互不相访的问题.
配置步骤:
1、 软件列表
BIND 9.3.2
ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
2、 安装BIND 9
安装BIND9:
# tar zxvf bind-9.3.2.tar.gz
# cd bind-9.3.2
# ./configure
--prefix=/usr/local/named
--disable-ipv6
# make && make install
建立BIND用户:
# groupadd bind
# useradd -g bind -d /usr/local/named -s /sbin/nologin bind
创建配置文件目录:
# mkdir –p /usr/local/named/etc
# chown bind:bind /usr/local/named/etc
# chmod 700 /usr/local/named/etc
创建主要的配置文件:
[root@nginx_53-85 ~]# cat /usr/local/named/etc/named.conf
acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};
options {
directory "/usr/local/named/etc/";
pid-file "/var/run/named/named.pid";
version "0.0.0";
datasize 40M;
allow-transfer {
"trust-lan";};
recursion yes;
allow-notify {
"trust-lan";
};
allow-recursion {
"trust-lan";
};
auth-nxdomain no;
forwarders {
202.99.160.68;
202.99.168.8;};
};
logging {
channel warning
{ file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns
{ file "/var/log/named/dns_logs" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
zone "." {
type hint;
file "named.root";
};
acl "CNC" {
192.168.51.0/24;
};
view "view_cnc" {
match-clients { CNC; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/cnc.def";
};
acl "TEL" {
192.168.53.0/24;
};
view "view_tel" {
match-clients { TEL; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/tel.def";
};
view "view_any" {
match-clients { any; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/any.def";
};
添加完成后,保存。
更新根区文件:
# cd /usr/local/named/etc/
# wget ftp://ftp.internic.org/domain/named.root
创建PID和日志文件:
# mkdir /var/run/named/
# chmod 777 /var/run/named/
# chown bind:bind /var/run/named/
# mkdir /var/log/named/
# touch /var/log/named/dns_warnings
# touch /var/log/named/dns_logs
# chown bind:bind /var/log/named/*
# mkdir master
# touch master/cnc.def
# touch master/tel.def
# touch master/any.def
生成rndc-key:
# cd /usr/local/named/etc/
# ../sbin/rndc-confgen > rndc.conf
把rndc.conf中:
# Use with the following in named.conf, adjusting the allow list as needed:
后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释
运行测试:
# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf
状态检查:
# /usr/local/named/sbin/rndc status
建立启动脚本:
# vi /etc/init.d/named
#!/bin/bash
#
# named a network name service.
#
#
# chkconfig: 545 35 75
# description: a name server
#
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo BIND9 server started.
fi
;;
stop)
kill `cat /var/run/named/named.pid` && echo . && echo BIND9 server stopped.
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
*)
echo "$0 start | stop | restart"
;;
esac
# chmod 755 /etc/init.d/named
# chown root:root /etc/init.d/named
# chkconfig --add named
# chkconfig named on
到这里bind已经安装完毕 .下面是解析部分.
3、 添加一个NS
平时大家修改域名信息的时候,都会发现有一个DNS信息的修改,里面会有一些类似
ns.sc-linux.com一样的东西。添加这个东西不难,在新网的后台就可以添加。添加
的时候要注意,域名状态设置里面的域名必须不能在锁定状态。
登陆新网的后台->域名管理->注册本域名下的DNS->DNS名字:ns->IP地址*.*.*.*
(按照自己要求修改IP地址)->确定->MyDNS功能->添加新的A记录->ns->IP地址
61.182.49.7->提交。
对于一些收费的(如万网)或者不提供DNS服务器注册的管理后台,我们一样有办法去
解决。首先按照上面的,先添加一个A记录,然后打开
http://domain.cnic.ac.cn/domain/nameserver/createhost.jsp
按照上面的提示注册一下就行。
OK,等待DNS生效吧
4、 添加一个域名
# cd /usr/local/named/etc/master
# mkdir cnc
# mkdir tel
# mkdir any
# vi cnc.def
添加
zone "sc-linux.com" {
type master;
file "master/cnc/sc-linux.com";
};
# vi tel.def
添加
zone "sc-linux.com" {
type master;
file "master/tel/sc-linux.com";
};
# vi any.def
添加
zone "sc-linux.com" {
type master;
file "master/any/sc-linux.com";
};
添加网通的解析,解析到的IP为192.168.51.2
#vi cnc/sc-linux.com
添加
$TTL 3600
$ORIGIN sc-linux.com.
@ IN SOA ns.sc-linux.com. root.ns.sc-linux.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.sc-linux.com.
@ IN A 192.168.51.2
www IN A 192.168.51.2
添加电信的解析,解析到的IP为192.168.53.2
#vi tel/sc-linux.com
添加
$TTL 3600
$ORIGIN sc-linux.com.
@ IN SOA ns.sc-linux.com. root.ns.sc-linux.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.sc-linux.com.
@ IN A 192.168.53.2
www IN A 192.168.53.2
添加其他的解析,解析到的IP为218.6.242.216
#vi any/sc-linux.com
$TTL 3600
$ORIGIN sc-linux.com.
@ IN SOA ns.sc-linux.com. root.ns.sc-linux.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.sc-linux.com.
@ IN A 218.6.242.216
www IN A 218.6.242.216
#/usr/local/named/sbin/rndc reload
OK,到此你的DNS服务器就算是跑起来了
验证:
登陆验证机器192.168.51.117
[root@53-117 ~]# vim /etc/resolv.conf
nameserver 192.168.51.8
[root@53-117 ~]# nslookup www.sc-linux.com
Server: 192.168.51.8
Address: 192.168.51.8#53
Name: www.sc-linux.com
Address: 192.168.51.2
登陆验证机器192.168.53.117
[root@53-117 ~]# vim /etc/resolv.conf
nameserver 192.168.53.8
[root@53-117 ~]# nslookup www.sc-linux.com
Server: 192.168.53.8
Address: 192.168.53.8#53
Name: www.sc-linux.com
Address: 192.168.53.2
批注后记:
以下方法可以查询到3个服务商大致的地址范围,不过是否完整还需要大家验证。
下载并编译最新的ripe-dbase-client
#wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz
#tar zxvf ripe-dbase*.gz
#cd whois-3.1
#./configure;make
执行查询并输出结果
#./whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP >/tmp/cnc
#./whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET >/tmp/chinanet
#./whois3 -h whois.apnic.net -l -i mb MAINT-CN-CRTC > /tmp/crtc
如果想得到具体的服务商比如江苏省电信的IP池,就把mb的值改为MAINT-CHINANET-JS,或者是辽宁网通,那就改为MAINT-CNCGROUP-LN
然后用grep 和sed去掉多余的文字就可以得到了
源码包安装DNS服务器,并配置view视图,实现智能DNS。根据访问ip地址不同,域名解析不同的地址
环境:
1.DNS服务器一台,双ip地址(192.168.53.8,192.168.51.8)
2.使用BIND9做智能DNS,自动根据客户端IP来判断,网通的用户解析出网通的IP,电信的解析出电信IP.
测试做的域名
www.sc-linux.com
电信IP:192.168.53.117
网通IP:192.168.51.117
电信用户PING www.sc-linux.com会解析到192.168.53.2
网通用户PING www.sc-linux.com会解析到192.168.51.2
批注:该功能主要是解决了北京某门户网站的南北互不相访的问题.
配置步骤:
1、 软件列表
BIND 9.3.2
ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
2、 安装BIND 9
安装BIND9:
# tar zxvf bind-9.3.2.tar.gz
# cd bind-9.3.2
# ./configure
--prefix=/usr/local/named
--disable-ipv6
# make && make install
建立BIND用户:
# groupadd bind
# useradd -g bind -d /usr/local/named -s /sbin/nologin bind
创建配置文件目录:
# mkdir –p /usr/local/named/etc
# chown bind:bind /usr/local/named/etc
# chmod 700 /usr/local/named/etc
创建主要的配置文件:
[root@nginx_53-85 ~]# cat /usr/local/named/etc/named.conf
acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};
options {
directory "/usr/local/named/etc/";
pid-file "/var/run/named/named.pid";
version "0.0.0";
datasize 40M;
allow-transfer {
"trust-lan";};
recursion yes;
allow-notify {
"trust-lan";
};
allow-recursion {
"trust-lan";
};
auth-nxdomain no;
forwarders {
202.99.160.68;
202.99.168.8;};
};
logging {
channel warning
{ file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns
{ file "/var/log/named/dns_logs" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
zone "." {
type hint;
file "named.root";
};
acl "CNC" {
192.168.51.0/24;
};
view "view_cnc" {
match-clients { CNC; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/cnc.def";
};
acl "TEL" {
192.168.53.0/24;
};
view "view_tel" {
match-clients { TEL; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/tel.def";
};
view "view_any" {
match-clients { any; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/any.def";
};
添加完成后,保存。
更新根区文件:
# cd /usr/local/named/etc/
# wget ftp://ftp.internic.org/domain/named.root
创建PID和日志文件:
# mkdir /var/run/named/
# chmod 777 /var/run/named/
# chown bind:bind /var/run/named/
# mkdir /var/log/named/
# touch /var/log/named/dns_warnings
# touch /var/log/named/dns_logs
# chown bind:bind /var/log/named/*
# mkdir master
# touch master/cnc.def
# touch master/tel.def
# touch master/any.def
生成rndc-key:
# cd /usr/local/named/etc/
# ../sbin/rndc-confgen > rndc.conf
把rndc.conf中:
# Use with the following in named.conf, adjusting the allow list as needed:
后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释
运行测试:
# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf
状态检查:
# /usr/local/named/sbin/rndc status
建立启动脚本:
# vi /etc/init.d/named
#!/bin/bash
#
# named a network name service.
#
#
# chkconfig: 545 35 75
# description: a name server
#
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo BIND9 server started.
fi
;;
stop)
kill `cat /var/run/named/named.pid` && echo . && echo BIND9 server stopped.
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
*)
echo "$0 start | stop | restart"
;;
esac
# chmod 755 /etc/init.d/named
# chown root:root /etc/init.d/named
# chkconfig --add named
# chkconfig named on
到这里bind已经安装完毕 .下面是解析部分.
3、 添加一个NS
平时大家修改域名信息的时候,都会发现有一个DNS信息的修改,里面会有一些类似
ns.sc-linux.com一样的东西。添加这个东西不难,在新网的后台就可以添加。添加
的时候要注意,域名状态设置里面的域名必须不能在锁定状态。
登陆新网的后台->域名管理->注册本域名下的DNS->DNS名字:ns->IP地址*.*.*.*
(按照自己要求修改IP地址)->确定->MyDNS功能->添加新的A记录->ns->IP地址
61.182.49.7->提交。
对于一些收费的(如万网)或者不提供DNS服务器注册的管理后台,我们一样有办法去
解决。首先按照上面的,先添加一个A记录,然后打开
http://domain.cnic.ac.cn/domain/nameserver/createhost.jsp
按照上面的提示注册一下就行。
OK,等待DNS生效吧
4、 添加一个域名
# cd /usr/local/named/etc/master
# mkdir cnc
# mkdir tel
# mkdir any
# vi cnc.def
添加
zone "sc-linux.com" {
type master;
file "master/cnc/sc-linux.com";
};
# vi tel.def
添加
zone "sc-linux.com" {
type master;
file "master/tel/sc-linux.com";
};
# vi any.def
添加
zone "sc-linux.com" {
type master;
file "master/any/sc-linux.com";
};
添加网通的解析,解析到的IP为192.168.51.2
#vi cnc/sc-linux.com
添加
$TTL 3600
$ORIGIN sc-linux.com.
@ IN SOA ns.sc-linux.com. root.ns.sc-linux.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.sc-linux.com.
@ IN A 192.168.51.2
www IN A 192.168.51.2
添加电信的解析,解析到的IP为192.168.53.2
#vi tel/sc-linux.com
添加
$TTL 3600
$ORIGIN sc-linux.com.
@ IN SOA ns.sc-linux.com. root.ns.sc-linux.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.sc-linux.com.
@ IN A 192.168.53.2
www IN A 192.168.53.2
添加其他的解析,解析到的IP为218.6.242.216
#vi any/sc-linux.com
$TTL 3600
$ORIGIN sc-linux.com.
@ IN SOA ns.sc-linux.com. root.ns.sc-linux.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.sc-linux.com.
@ IN A 218.6.242.216
www IN A 218.6.242.216
#/usr/local/named/sbin/rndc reload
OK,到此你的DNS服务器就算是跑起来了
验证:
登陆验证机器192.168.51.117
[root@53-117 ~]# vim /etc/resolv.conf
nameserver 192.168.51.8
[root@53-117 ~]# nslookup www.sc-linux.com
Server: 192.168.51.8
Address: 192.168.51.8#53
Name: www.sc-linux.com
Address: 192.168.51.2
登陆验证机器192.168.53.117
[root@53-117 ~]# vim /etc/resolv.conf
nameserver 192.168.53.8
[root@53-117 ~]# nslookup www.sc-linux.com
Server: 192.168.53.8
Address: 192.168.53.8#53
Name: www.sc-linux.com
Address: 192.168.53.2
批注后记:
以下方法可以查询到3个服务商大致的地址范围,不过是否完整还需要大家验证。
下载并编译最新的ripe-dbase-client
#wget http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz
#tar zxvf ripe-dbase*.gz
#cd whois-3.1
#./configure;make
执行查询并输出结果
#./whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP >/tmp/cnc
#./whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET >/tmp/chinanet
#./whois3 -h whois.apnic.net -l -i mb MAINT-CN-CRTC > /tmp/crtc
如果想得到具体的服务商比如江苏省电信的IP池,就把mb的值改为MAINT-CHINANET-JS,或者是辽宁网通,那就改为MAINT-CNCGROUP-LN
然后用grep 和sed去掉多余的文字就可以得到了