本次主要学习通过BIND 9的view功能实现不同地址解析不同的IP,即智能DNS。首先安装BIND9,不懂的请看BIND DNS服务器的安装与主从DNS配置的安装部分安装。
acl文件配置
在配置智能DNS之前,我们需要获取联通电信最新的IP段,并制作成acl文件,这里提供直接提供文件下载,并上传到主从两台dns的/usr/local/bind/etc/目录下。
电信:CHINANET.acl
联通:CNC.acl
当然如果你想获取更新的IP段,可以根据这个脚本实现。http://devops.webres.wang/2012/02/automatic-get-unicom-chinanet-new-ip-ranges/
主DNS配置
named.conf配置
首先生成一个控制key,和三个用于主从同步的key。
- rndc-confgen -a
- rndc-confgen -a -c /etc/cnc.key -k cnc
- rndc-confgen -a -c /etc/chinanet.key -k chinanet
- rndc-confgen -a -c /etc/any.key -k any
并也把生成的/etc/cnc.key,/etc/chinanet.key和/etc/any.key传到从服务器。
然后创建named.conf。
- vi /usr/local/bind/etc/named.conf
写入如下代码:
- include "/etc/rndc.key";//加载rndc.key用于rndc命令
- //下面加载的三个key文件用在三个视图里的zone的主从同步。
- include "/etc/cnc.key";
- include "/etc/chinanet.key";
- include "/etc/any.key";
- controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey"; }; };//定义controls以能使用rndc命令管理bind。
- include "/usr/local/bind/etc/CNC.acl"; //cnc acl
- include "/usr/local/bind/etc/CHINANET.acl"; //chinanet acl
- //定义bind日志
- logging {
- channel default_syslog { syslog local2; severity notice; };
- channel audit_log { file "/var/log/bind.log"; severity notice; print-time yes; };
- category default { default_syslog; };
- category general { default_syslog; };
- category security { audit_log; default_syslog; };
- category config { default_syslog; };
- category resolver { audit_log; };
- category xfer-in { audit_log; };
- category xfer-out { audit_log; };
- category notify { audit_log; };
- category client { audit_log; };
- category network { audit_log; };
- category update { audit_log; };
- category queries { audit_log; };
- category lame-servers { audit_log; };
- };
- options {
- directory "/usr/local/bind/etc";
- pid-file "/usr/local/bind/var/run/bind.pid";
- transfer-format many-answers;
- interface-interval 0;
- allow-query { any; };
- };
- view "view_CNC" {
- match-clients { key cnc;CNC; };//匹配带key cnc或CNC里的IP段
- server 23.19.81.194 {keys cnc;}; //向从服务器发送消息时,用 cnc 加密
- zone "qbtop.com" {
- type master;
- file "qbtop.com.cnc.zone";
- allow-transfer { key cnc; };//只允许用 cnc加密过的 zone transfer 请求
- };
- };
- view "view_CHINANET" {
- match-clients { key chinanet;CHINANET; };
- server 23.19.81.194 {keys chinanet;};
- zone "qbtop.com" {
- type master;
- file "qbtop.com.chinanet.zone";
- allow-transfer { key chinanet; };
- };
- };
- view “view_any” {
- match-clients { key any;any; };
- server 23.19.81.194 {keys any;};
- zone "qbtop.com" {
- type master;
- file "qbtop.com.any.zone";
- allow-transfer { key any; };
- };
- };
zone文件配置
分别在/usr/local/bind/etc/目录下创建三个文件,qbtop.com.cnc.zone,qbtop.com.chinanet.zone,qbtop.com.any.zone,分别对应联通zone,电信zone和其它zone。
zone内容如下,唯一区别的是IP的不同。
- $TTL 3600
- @ IN SOA ns1.qbtop.com. hostmaster.qbtop.com. (
- 2012022301 ; Serial
- 3600 ; Refresh
- 900 ; Retry
- 3600000 ; Expire
- 3600 ) ; Minimum
- @ IN NS ns1.qbtop.com.
- @ IN NS ns2.qbtop.com.
- ns1 IN A 23.19.81.191
- ns2 IN A 23.19.81.194
- @ IN A 1.1.1.1
- www IN A 1.1.1.1
从DNS配置
创建目录slaves
- mkdir /usr/local/bind/etc/slaves
创建named.conf文件。
- vi /usr/local/bind/etc/named.conf
写入如下代码:
- include "/etc/cnc.key";
- include "/etc/chinanet.key";
- include "/etc/any.key";
- include "/usr/local/bind/etc/CNC.acl"; //cnc acl
- include "/usr/local/bind/etc/CHINANET.acl"; //chinanet acl
- logging {
- channel default_syslog { syslog local2; severity notice; };
- channel audit_log { file "/var/log/bind.log"; severity notice; print-time yes; };
- category default { default_syslog; };
- category general { default_syslog; };
- category security { audit_log; default_syslog; };
- category config { default_syslog; };
- category resolver { audit_log; };
- category xfer-in { audit_log; };
- category xfer-out { audit_log; };
- category notify { audit_log; };
- category client { audit_log; };
- category network { audit_log; };
- category update { audit_log; };
- category queries { audit_log; };
- category lame-servers { audit_log; };
- };
- options {
- directory "/usr/local/bind/etc";
- pid-file "/usr/local/bind/var/run/bind.pid";
- transfer-format many-answers;
- interface-interval 0;
- allow-query { any; };
- };
- view "view_CNC" {
- match-clients { key cnc;CNC; };
- server 23.19.81.191 {keys cnc;};
- zone "qbtop.com" {
- type slave;
- file "slaves/qbtop.com.cnc.zone";
- masters { 23.19.81.191; };
- };
- };
- view "view_CHINANET" {
- match-clients { key chinanet;CHINANET; };
- server 23.19.81.191 {keys chinanet;};
- zone "qbtop.com" {
- type slave;
- file "slaves/qbtop.com.chinanet.zone";
- masters { 23.19.81.191; };
- };
- };
- view “view_any” {
- match-clients { key any;any; };
- server 23.19.81.191 {keys any;};
- zone "qbtop.com" {
- type slave;
- file "slaves/qbtop.com.any.zone";
- masters { 23.19.81.191; };
- };
- };
至此,联通电信主从智能DNS已经配置完成,你可以使用如下多线路ping工具检测:
http://ping.chinaz.com/
http://www.webkaka.com/Ping.aspx
http://17ce.com/
http://ping.aizhan.com/