基于debian和bind9的动态域名解析

| 1 Comment | No TrackBacks
也可以说是架构根据clientIP自动解析不同的IP的DNS服务器
 鄙人参考了几位大牛的建议和网上的文档,总结出来的
废话少说:
硬件环境: Dell Poweredge 2950 XEON 5110 @1.60GHZ  双核x2 
2.00GBmem 73GB (说实话拿DELL跑NameServer很是令人不放心,而且大才小用,我宁愿给我个IBM的老机器来跑FreeBSD)
软件环境: Debian Etch 4.0r1, Bind 9.3.4
NameServer: NS已经在国内上注册了,但是由于伟大的GFW,NSrecord没法在Internic上面查到。
实现方式:Bind的VIEW功能
前提条件:bind安装OK,在此掠过不提,不懂者请直接apt-get install bind9
目标:因为网站的域名解析已经到了自己的手里,那么自然由我们自己的NS来解析。我们对web和p2p root& tracker进行镜像,通过分析client来访的IP来源,向其返回最快的镜像,以期获得最快的速度。
下面开始详细的说说实现过程:
bind9已经安装好了,then
shell> cd /etc/bind/
shell> mv named.conf named.conf.default
shell> mkdir acl
shell> mkdir -p master/{CNC,CTC,CERNET}
shell> cd acl
shell> touch CERNET.acl CNC.acl CTC.acl
shell> cd ../master
shell> touch CNC.def CTC.def CERNET.def
OK~
Bind的view命令我就不讲了,原理在这里,这里有本推荐书籍
shell> pwd
shell> /etc/bind
shell> vim named.conf
然后把下面的代码copy进去,然后:wq保存退出

/////////////////////////////////////////////////////////
////////         Start Here        
//Aptitude DNS
//Copyright www.renwenyue.com
//Powered by suchasplus
//Modified @ 20071113


include "/etc/bind/named.conf.options";

//import CNC/CTC/CERNET's ACL
include "/etc/bind/acl/CNC.acl";
include "/etc/bind/acl/CTC.acl";
include "/etc/bind/acl/CERNET.acl";


//View Of CTC
view "view_CTC" {

match-clients { CTC; };
zone "." {
         type hint;
         file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
         file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
  type master;
         file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
         type master;
         file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
         type master;
         file "/etc/bind/db.255";
};
include "/etc/bind/master/CTC.def";
};

//View Of CNC
view "view_CNC" {

match-clients { CNC; };
zone "." {
         type hint;
         file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
         file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
  type master;
         file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
         type master;
         file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
         type master;
         file "/etc/bind/db.255";
};
include "/etc/bind/master/CNC.def";
};

//View Of CERNET
view "view_CERNET" {

match-clients { CERNET; };
zone "." {
         type hint;
         file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
         file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
  type master;
         file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
         type master;
         file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
         type master;
         file "/etc/bind/db.255";
};
include "/etc/bind/master/CERNET.def";
};

//View Of OtherIP => FELLOW CTC IP LIST
view "view_any" {

match-clients { any; };
zone "." {
         type hint;
         file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
         file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
  type master;
         file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
         type master;
         file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
         type master;
         file "/etc/bind/db.255";
};
include "/etc/bind/master/CTC.def";
};

include "/etc/bind/named.conf.local";

////////End Here

然后去修改/etc/bind/master下面的三个def文件
以CERNET.def为例 内容为: zone "example.com" { type master; file "/etc/bind/master/CERNET/db.example.com"; };
保存退出,
剩下的CNC.def & CTC.def依此类推,
只需要修改file中的路径
然后就去CNC/CTC/CERNET添加相关解析文件,如db.example.com,格式在网上有很多,可以参考 GNU/Linux 高级网络应用服务指南,就是这本书不太好找。
最后去修改/etc/bind/acl中的三个acl(AccessControlList)文件
格式为: acl "CERNET" { 123.123.0.0/16; };
注意除了acl "CERNET"行外,
行末都要加分号,
IP段必须是mask-mode ok,到此就配置完毕了.
shell> /usr/sbin/named -gc /etc/bind/named.conf &
启动named并显示相关启动信息
shell> nslookup
> server localhost
> www.example.com
blablabla
如果nslookup查找不到相关的域名=>IP信息,请检查你的解析文件 nslookup的使用文档在这里 至此一切ok ===========================================================
对于named.conf中view的顺序问题,大家按照自己的需求来找,比如我,主站点就是放在电信的,教育网和网通都有镜像, 所以在named.conf中的顺序是CTC/CNC/CERNET,识别不出来的就扔给CTC。 对于ACL,我手里的ACL是某人给我的,不方便透漏,而且也不是太准确。 教育网的IP段可以去http://www.nic.edu.cn查看,不过貌似只能在教育网内访问nic.edu.cn 这里有份清华的windtear同学整理的教育网IP网段-20070328版本 对于CTC&CNC&other,这里有个帖子,已经说的很完善了,偶就不发明轮子了,另外佩服一下这篇文章实现的算法。 ==========================================================
如果服务器很多,再像godaddy一样做个比较完善的cpanel,有点IDC资源,或许就可以搞自己的CDN了,以前被动态域名解析给唬住了,其实就是个根据IP地址解析么..在bind中添加多个A指向记录就是DNS轮询,所谓的负载均衡不就是这个么..-_-#! 最后BS一下万网,设置一个NS还要收费10元,其实,设置了NS服务器的A记录之后,这里可以直接免费申请NS记录。

No TrackBacks

TrackBack URL: http://blog.suchasplus.com/mt/mt-tb.cgi/155

1 Comment

遮遮掩掩,不如不贴出来。

Leave a comment

About this Entry

This page contains a single entry by suchasplus published on November 13, 2007 9:42 PM.

Lost connection to MySQL server during query 的解决方案 was the previous entry in this blog.

动态域名解析的局限性 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.7